Replies: 5 comments 4 replies
-
Doesn't API gateway easily allow for transforms/manipulation of traffic going through the aws gateway (either via a aws gateway integration, or a lambda?). Is there any oppurtunity to use AWS Gateway instead of just AWS ALB if traffic needs adjusted? This could make routing everything easier since it is all going to AWS stuff (EKS or other entities living in AWS) |
Beta Was this translation helpful? Give feedback.
-
Is this statement true? The last I heard this was being discussed on how to go about it. Maybe this RFC IS that discussion? |
Beta Was this translation helpful? Give feedback.
-
No comments, I'm just dropping this link in case folks aren't familiar with AWS ALB (I had to Google it): https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html |
Beta Was this translation helpful? Give feedback.
-
Moved to #39990 |
Beta Was this translation helpful? Give feedback.
-
RFCs have been moved to: https://github.com/department-of-veterans-affairs/va.gov-platform-architecture |
Beta Was this translation helpful? Give feedback.
-
Summary
We intend to separate the Lighthouse API (and give control of the associated domains *-api.va.gov and api.va.gov to Lighthouse) from the APIs hosted in the vets-api process, as well as any other internal API services that are hosted within the DSVA AWS account.
To this end, we need to determine what will route the traffic to vets-api and any other internal API services hosted in the DSVA account.
Motivation
In order to ensure proper routing of traffic to the vets-api (and any other services, or future services) APIs, we will need something to replace the functionality that is currently controlled by a combination of the revproxy and/or Kong.
In addition, if a team wanted to bring up an API that was not inside of vets-api, it would be nice to be able to offer an easy path to integrating that API into the existing set of APIs without a lot of hassle.
Possible Options
Currently, the Lighthouse team has a Kong (modified nginx) server which routes requests which are routed from the revproxy to the lighthouse APIs. Some of these requests appear to eventually make it back to the vets-api hosted services as well, we are investigating the Kong routes currently.
Once the Lighthouse team has transitioned to the Google Apigee software, they will no longer need (or want!) to maintain the Kong instances in the DSVA DVP subnets. This presents the platform with a decision to be made.
It is possible that we could just use some routing rules on an AWS ALB to send the traffic to the correct instances (and in the future, to the EKS cluster) This supposes that there is no need for manipulation of the traffic between the time it enters from the endpoint and when it reaches the internal endpoints (vets-api). It is my assumption that this will not be technically feasible and that some manipulation will need to be done.
If it is determined that the plain ALB is not a sufficient solution, we are presented with various options. All of these options initially take ingress traffic from an AWS ALB.
Beta Was this translation helpful? Give feedback.
All reactions