{"id":49024,"date":"2025-04-08T06:24:29","date_gmt":"2025-04-08T06:24:29","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=49024"},"modified":"2025-04-08T06:24:29","modified_gmt":"2025-04-08T06:24:29","slug":"aws-tutorials-aws-gateway-api-controller-setup-verification-checklist-on-eks","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/aws-tutorials-aws-gateway-api-controller-setup-verification-checklist-on-eks\/","title":{"rendered":"AWS Tutorials: AWS Gateway API Controller Setup Verification Checklist on EKS"},"content":{"rendered":"\n<p><strong>\u2705 AWS Gateway API Controller Setup Verification Checklist for Kubernetes Gateway API (EKS)<\/strong><\/p>\n\n\n\n<p>This guide ensures a full production-ready setup for AWS Gateway API Controller integrated with Amazon VPC Lattice and Kubernetes Gateway API. It includes installation, configuration, network validation, and health check debugging.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">\u2705 AWS Gateway API Controller Setup Verification Checklist<\/h1>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udce6 A. <strong>Cluster &amp; Core Setup<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Checkpoint<\/th><th>Command<\/th><th>Expected Output<\/th><\/tr><\/thead><tbody><tr><td>\u2705 EKS cluster is running<\/td><td><code>kubectl get nodes<\/code><\/td><td>Shows Ready nodes<\/td><\/tr><tr><td>\u2705 Correct context set<\/td><td><code>kubectl config current-context<\/code><\/td><td>Matches your EKS cluster<\/td><\/tr><tr><td>\u2705 Kubernetes version<\/td><td><code>kubectl version --short<\/code><\/td><td>Server &gt;= 1.24<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83e\uddf1 B. <strong>Kubernetes Gateway API Installed<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Checkpoint<\/th><th>Command<\/th><th>Expected Output<\/th><\/tr><\/thead><tbody><tr><td>\u2705 Gateway CRDs installed<\/td><td>`kubectl get crds<\/td><td>grep gateway.networking.k8s.io`<\/td><\/tr><tr><td>\u2705 Gateway API version supported<\/td><td><code>kubectl get gatewayclass<\/code><\/td><td>Returns valid list<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd0c C. <strong>AWS Gateway API Controller Installed<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Checkpoint<\/th><th>Command<\/th><th>Expected Output<\/th><\/tr><\/thead><tbody><tr><td>\u2705 Controller pods running<\/td><td><code>kubectl get pods -n aws-application-networking-system<\/code><\/td><td>Pods show <code>Running<\/code><\/td><\/tr><tr><td>\u2705 Helm chart installed<\/td><td><code>helm list -n aws-application-networking-system<\/code><\/td><td>Includes <code>gateway-api-controller<\/code><\/td><\/tr><tr><td>\u2705 GatewayClass registered<\/td><td><code>kubectl get gatewayclass<\/code><\/td><td>Name: <code>amazon-vpc-lattice<\/code>, Controller: <code>application-networking.k8s.aws\/gateway-api-controller<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd10 D. <strong>IAM \/ IRSA \/ Permissions<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Checkpoint<\/th><th>Command<\/th><th>Expected Output<\/th><\/tr><\/thead><tbody><tr><td>\u2705 OIDC provider enabled<\/td><td><code>eksctl utils associate-iam-oidc-provider ...<\/code><\/td><td>OIDC provider is associated<\/td><\/tr><tr><td>\u2705 IAM policy created<\/td><td>`aws iam list-policies<\/td><td>grep VPCLatticeControllerIAMPolicy`<\/td><\/tr><tr><td>\u2705 IAM role for controller exists<\/td><td><code>kubectl describe sa -n aws-application-networking-system<\/code><\/td><td>Linked with correct role<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83c\udf10 E. <strong>VPC Lattice-Specific Setup<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Checkpoint<\/th><th>Command<\/th><th>Expected Output<\/th><\/tr><\/thead><tbody><tr><td>\u2705 CRDs installed<\/td><td>`kubectl get crds<\/td><td>grep servicenetwork`<\/td><\/tr><tr><td>\u2705 <code>ServiceNetwork<\/code> exists<\/td><td><code>kubectl get servicenetworks.application-networking.k8s.aws<\/code><\/td><td><code>my-hotel<\/code> or similar<\/td><\/tr><tr><td>\u2705 Gateway references Service Network<\/td><td><code>kubectl get servicenetworkattachments.application-networking.k8s.aws<\/code><\/td><td>Shows status <code>Active<\/code><\/td><\/tr><tr><td>\u2705 Gateway programmed<\/td><td><code>kubectl get gateway &lt;name&gt; -o yaml<\/code><\/td><td><code>status.Programmed: True<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83e\uddea F. <strong>DNS + Public Access<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Checkpoint<\/th><th>Command<\/th><th>Expected Output<\/th><\/tr><\/thead><tbody><tr><td>\u2705 VPC Lattice service DNS created<\/td><td><code>aws vpc-lattice list-services<\/code> + <code>get-service<\/code><\/td><td>Shows <code>dnsEntry.domainName<\/code><\/td><\/tr><tr><td>\u2705 DNS reachable<\/td><td><code>nslookup &lt;lattice-dns-name&gt;<\/code> or <code>dig<\/code><\/td><td>Resolves to public IP<\/td><\/tr><tr><td>\u2705 TLS termination (optional)<\/td><td>Check if <code>tls.mode: Terminate<\/code> &amp; ACM cert used<\/td><td>HTTPS enabled<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udee0\ufe0f G. <strong>Readiness for Sample App<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Checkpoint<\/th><th>Notes<\/th><\/tr><\/thead><tbody><tr><td>\u2705 <code>Deployment<\/code> and <code>Service<\/code> manifest ready<\/td><td>Your app must have a Kubernetes <code>Service<\/code> pointing to the <code>Pod<\/code><\/td><\/tr><tr><td>\u2705 <code>GRPCRoute<\/code> or <code>HTTPRoute<\/code> ready<\/td><td>Should match the Gateway and backend service<\/td><\/tr><tr><td>\u2705 Port and Protocols correct<\/td><td>gRPC \u2192 <code>port: 443<\/code>, <code>protocol: GRPC<\/code>, TLS: <code>Passthrough<\/code> or <code>Terminate<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\u2705 You&#8217;re Now Production Ready!<\/h3>\n\n\n\n<p>Your AWS Gateway API Controller setup is now complete, secure, and operational with VPC Lattice. Perfect for gRPC, HTTP, and future service-to-service connectivity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u2705 AWS Gateway API Controller Setup Verification Checklist for Kubernetes Gateway API (EKS) This guide ensures a full production-ready setup for AWS Gateway API Controller integrated with Amazon VPC Lattice&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-49024","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/49024","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=49024"}],"version-history":[{"count":1,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/49024\/revisions"}],"predecessor-version":[{"id":49025,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/49024\/revisions\/49025"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=49024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=49024"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=49024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}