Skip to main content
This document describes the necessary steps for installing Apinizer on Amazon EKS (Elastic Kubernetes Service). In the first 6 sections, AWS EKS installation, resource creation and usage steps are described step by step from the beginning. If there is a ready EKS cluster on AWS, you can start directly from section 7.

1. Introduction

Minimum System Requirements

For Apinizer installation on AWS EKS Cluster, the total CPU Cores of Compute Nodes to be defined in the Node Group must be at least 6 cores.

t3.medium Example

If t3.medium type server is selected, 3 are required.

t3.xlarge Example

If you add t3.xlarge type server, 2 will be sufficient.

What is AWS EKS (Elastic Kubernetes Service)?

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service you can use to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes Control Plane (Master) or nodes (Worker Nodes). Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.
Amazon EKS Overview

2. Configure EKS VPC and Subnets

What is AWS VPC and Subnet?

Amazon AWS VPC (Virtual Private Cloud) is a private virtual network within AWS. In other words, it can be called AWS’s network infrastructure component. It is an advanced virtual network infrastructure developed by Amazon AWS for all components to be created on AWS to communicate with each other. Within VPC, we can create networks, subnets, gateways specific to our own use. Connections between different networks and subnets can be provided with Route tables belonging to them.
VPC Topology
VPC Subnet: After creating a specific network on AWS, subnets belonging to this network can be created. By following the steps below, subnets can be created on AWS VPC.
VPC Subnets
VPC and Subnets for EKS need to be set correctly and subnets need to be defined as specified in AWS documentation. If you don’t know VPC and subnet definition, you can use AWS’s ready template. For details: AWS EKS VPC Documentation

Creating and Configuring AWS VPC

By following the steps below, the network structure suitable for EKS will be installed automatically. For details: AWS CloudFormation Console
AWS CloudFormation Console

3. Configure EKS IAM Roles

What is AWS Identity and Access Management (IAM) Role?

Using AWS Identity and Access Management (IAM), you can determine who can access AWS services and resources under what conditions. IAM is a feature of your AWS account and is provided at no additional charge. IAM is not something running like an instance or a database in terms of structure, but entirely manages permissions for us, managing all users who have access to the AWS account used, from who can access which service in what way. IAM manages 6 main topics in terms of main concept:
  • Users
  • Groups
  • Roles
  • IAM Access Policies
  • API Keys
  • Password policy, MFA
IAM Overview
For detailed information: What is AWS IAM?

Creating and Configuring AWS IAM

Go to the Roles page from the left menu and create a new Role.
IAM Roles Page
In this section, we need to create two Roles. The first is the Role to be used for EKS cluster, and the second is the Role information that Worker Node Groups within EKS will use.

1. Creating the Role to be Used by EKS Cluster

To create a role, the operations in the given images should be performed in order.
IAM Roles
Create Role
EKS Service
Permissions
Continue on the incoming page without entering any key-value information.
Review
The IAM role to be used by the EKS cluster should be created. This role should contain the necessary permissions for the EKS cluster to access AWS services.

2. Creating the Role to be Used by EKS Cluster Worker Node Groups

Worker Node Role
Worker Policies
The following Policies should be selected for this Role.
Worker Policies Alt
The IAM role to be used by Worker Node Groups should be created. This role should contain the necessary permissions for worker nodes to access AWS services (EC2, EBS, ELB, etc.).

4. Installing EKS Master Node

Creating and Configuring AWS EKS (Elastic Kubernetes Service)

After completing the above steps, AWS EKS installation can be started. Continue the process by typing EKS in the search section.
EKS Search
EKS Create
Select the cluster name, the kubernetes version we want to use, and the IAM role we created earlier.
1

Configure cluster

Select cluster name, Kubernetes version and IAM role.
Cluster Config
2

Specify network communication

Select VPC and subnets. It is recommended to select at least 2 subnets for EKS.
Subnet
Network
Security Group
3

Configure logging

Select CloudWatch Log Group or create a new log group. This section can be configured as desired.
Logging
4

Review and create

Finally, the defined information is displayed. At this stage, no error is seen. Start creating the cluster by saying Create.
Creating
Review
The EKS Cluster is being created. This process takes approximately 5 minutes. While this process continues, we can download and configure the necessary tools to access and manage EKS from our Client computer.

5. Installing and Configuring AWS CLI and kubectl

Download the necessary tools from the addresses below. Since Windows will be used as the Client computer in this document, versions suitable for Windows are downloaded.

AWS CLI Installation

After installing the downloaded .msi tool, configure it according to your Cluster information as follows. For details: AWS CLI Getting Started Guide
1

Getting credential information by going to IAM service

Access Key and Secret Key information are obtained from IAM Console.
IAM User
Go to Access information by clicking the Manage access keys button from the incoming screen.
Manage Access Keys
Access Key Dialog
Access Key and Secret information are displayed in the window below. This information should be saved somewhere before closing the window.
Access Key Secret
2

Making AWS configuration in Windows CLI

aws configure
Start the configuration process by entering the Access Key and Secret information recorded earlier.
AWS CLI Access Key

KUBECTL Installation

Kubectl should be downloaded to match the cluster version. For details: AWS EKS kubectl Installation Guide
1

Downloading KUBECTL

Kubectl is downloaded for Windows and added to PATH.
2

Defining necessary information to connect to EKS Cluster on Windows client machine

# Example Configuration Command
aws eks update-kubeconfig --region [EKS_Region] --name [EKS_Cluster_Name]
Here, region information can be obtained from the top menu as seen in the image below. Similarly, the cluster name can be obtained by going to the EKS page.
The section we need is eu-central-1.
AWS Region
EKS Cluster Name
To check cluster status: 
aws eks --region eu-central-1 describe-cluster --name apinizer-eks-cluster1 --query cluster.status
If multiple clusters are managed, kubeconfig information should be updated as follows: 
aws eks --region eu-central-1 update-kubeconfig --name apinizer-eks-cluster2

6. Creating EKS Worker Nodes

This section describes the creation of Worker Nodes for EKS. Go to AWS Console again and apply the following steps.
1

Creating Node Group

Create a new node group with the “Add Node Group” option from EKS Console.
Node Group Create
2

Node Group Configuration

For node group:
  • Node group name
  • IAM role (worker node role created earlier)
  • Instance type (e.g.: t3.medium, t3.xlarge)
  • Disk size
are selected.
Node Group Config
Node Group Config Alt
3

Setting Compute and Scaling Configuration

Minimum, maximum and desired node numbers are determined for node group.
Node Group Scaling
Node Group Scaling Alt
4

Specifying Network Communication

Subnets are selected and SSH key pair is determined.
Node Group Network
5

Review and Create

Finally, the defined information is displayed. If no error is seen at this stage, start creating the cluster by saying Create.
Node Group Review
Node Group Creating
This process takes approximately 5 minutes. After the installation is completed and activated, deployment etc. operations can be done with the previously configured kubectl. The image showing that Node Group installation is completed is below:
Node Group Ready Alt
Node Group Ready

7. EKS Installation Test and Sample Deployment

From this stage, checking the kubernetes cluster with kubectl whose installation and definitions were made earlier and testing it with a sample nginx application is described.

AWS EKS Environment Test

Kubernetes cluster resources should be checked by following the commands below. 
aws eks --region eu-central-1 describe-cluster --name apinizer-eks-cluster --query cluster.status
aws eks --region eu-central-1 update-kubeconfig --name apinizer-eks-cluster
kubectl get nodes
AWS CLI Configure

Loading and Testing Sample Application

In this section, loading the Nginx application defined in the .yaml file below as an example to the kubernetes cluster is described and tested after being exposed. 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-nginx
spec:
  selector:
    matchLabels:
      run: my-nginx
  replicas: 4
  template:
    metadata:
      labels:
        run: my-nginx
    spec:
      containers:
      - name: my-nginx
        image: nginx
        ports:
        - containerPort: 80

kubectl apply -f nginx.yaml
kubectl get pods
The application is seen to be successfully loaded to the kubernetes cluster. Open the application as a service with the following command: 
kubectl expose deployment/my-nginx --port=80 --target-port=80 --name=my-nginx-service --type=LoadBalancer
kubectl get svc
For testing: 
curl -k <EXTERNAL-IP>

8. Installing Apinizer on EKS

What is described under this heading describes the definition of opening Apinizer as a service, different from Apinizer installation documents.

Apinizer Management Console installation

A .yaml file should be created for Apinizer and loaded to AWS EKS cluster. As stated in the Installation and Configuration document, Replicaset MongoDB and Elasticsearch are needed.
  • For MongoDB, go to MongoDB Atlas and create an account, and it can be used free of charge up to a limited DB size. Apinizer does not need a large database because it only keeps configuration definitions in MongoDB.
  • Similarly, for Elasticsearch, Apinizer can be defined by going to Elastic Cloud and using an elastic service in the cloud environment.
Or you can install Replicaset MongoDB and Elasticsearch on an EC2 server in AWS and define them. Example apinizer-deployment.yaml file settings are below: 
apiVersion: v1
kind: Namespace
metadata:
  name: apinizer
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: manager
  namespace: apinizer
spec:
  replicas: 1
  selector:
    matchLabels:
      app: manager
      version: 'v1'
  template:
    metadata:
      labels:
        app: manager
        version: 'v1'
    spec:
      containers:
      - name: manager
        image: apinizercloud/manager:2023.01.1
        imagePullPolicy: IfNotPresent
        env:
        - name: SPRING_PROFILES_ACTIVE
          value: prod
        - name: SPRING_DATA_MONGODB_DATABASE
          value: apinizerdb-aws
        - name: SPRING_DATA_MONGODB_URI
          value: 'YOUR_MONGODB_URL'
        - name: JAVA_OPTS
          value: ' -Xmx1400m -Xms1400m'
        resources:
          requests:
            memory: '2Gi'
            cpu: '1'
          limits:
            memory: '2Gi'
            cpu: '1'
        ports:
        - name: http
          containerPort: 8080

kubectl apply -f apinizer-deployment.yaml
kubectl get pods -n apinizer
After Apinizer Management Console is loaded to EKS environment, a database named apinizerdb will be created in MongoDB database. The license key provided to you by Apinizer should be entered into the general_settings table. The following permissions should be defined for Apinizer Management Console to access and manage Kubernetes resources. Example service.yaml file settings are below: 
apiVersion: v1
kind: Namespace
metadata:
  name: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
Example adminuser.yaml file settings are below: 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

kubectl apply -f service.yaml
kubectl apply -f adminuser.yaml
kubectl create clusterrolebinding permissive-binding --clusterrole=cluster-admin --user=admin --user=kubelet --group=system:serviceaccounts
kubectl create clusterrolebinding apinizer -n kube-system --clusterrole=cluster-admin --serviceaccount=kube-system:apinizer

Creating Access Service for Apinizer Management Console

After the installation is completed, a service is needed to access Apinizer Management Console. A service is created by following the steps below. It may take a minute or two to get the external IP sometimes. 
kubectl expose -n apinizer deployment.apps/manager --port=80 --target-port=8080 --name=apinizer-console-service --type=LoadBalancer
kubectl get svc -n apinizer
After the service is created, Apinizer Management Console can be accessed from the EXTERNAL-IP address.

Apinizer Management Console Login

Login is made by writing the service access address in step 2 to the browser’s address bar. You can contact Apinizer support team for default username password.
Apinizer Console Login

9. Apinizer Configurations

Defining Log Servers

Apinizer stores API traffic and metric information in Elasticsearch database. To continue the installation process, Elasticsearch cluster definitions need to be made. Go to Administration → Server Management → Elasticsearch Clusters page from the menu in Apinizer Management Console application. The image containing Elasticsearch cluster definition settings is given below:
Elasticsearch Cluster
Test Connection button can be used to test Elasticsearch server connection with Apinizer.
Elasticsearch Test

Environment Definition

At least one environment needs to be loaded (deploy) for an API Proxy to be accessible. Apinizer also allows an API Proxy to be loaded to multiple environments. Go to Administration → Server Management → Gateway Environment page from the menu in Apinizer Management Console application. The image containing environment definition settings is given below:
Gateway Environment
The following values are the default values of the servers. They can be changed according to your cluster resources.
Environment Config
The environment definition process is completed by clicking the Create Environment button. When environments are listed, the Prod type environment is deployed to EKS by clicking the Unpublished button showing the status of the relevant environment on the screen and then the Publish button.
Environment Publish
The environment loading process will be loaded to EKS in approximately 3 minutes.
For detailed information about Gateway Runtime environment definition and publishing operations, see Gateway Runtimes page.

Opening Environment as Service

Finally, a service needs to be created to access APIs that will run in the Environment we published. 
kubectl expose -n prod deployment.apps/worker --port=80 --target-port=8091 --name=apinizer-worker-service --type=LoadBalancer
kubectl get svc -n prod
The LoadBalancer (EXTERNAL-IP) value produced by AWS should be assigned as the Access URL value of the defined Prod Environment. First, click the edit button in the Environment Info table of the page where the environment is edited.
Environment Edit
Then, click the edit button and change the Access URL information of the environment.
Environment Access URL

10. Publishing and Testing the First API in Apinizer

In the last step, opening an API to Apinizer as an API Proxy through a sample API definition file is described. The project where the API Proxy will be registered is selected from the navbar menu.
API Proxy Project
Go to Development → API Proxies page from the project menu in Apinizer Management Console application. Click the + Proxy button to define a new API Proxy.
Add Proxy
Select the source from which the API Proxy will be created with the selected link in the image below.
API Source
Enter the link of the API Definition file and Parse it.
API Parse
Enter API Proxy information and click the Save button.
API Save
The Deploy button selected in the image below is used to load (deploy) the API Proxy.
API Deploy
The loading process is confirmed.
API Deploy Confirm
Come to the endpoint (endpoint) you want to test from the Develop tab of the API Proxy and click the Test Endpoint button.
API Test Endpoint
The image containing the test dialog is given below.
API Test Dialog
For detailed information about API Proxy, see Developer Guide.For detailed information about Test Console, see Test Console page.