-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added examples for NLB, ALB ingress and service account
- Loading branch information
1 parent
90aa4fe
commit b7ef112
Showing
8 changed files
with
118 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| # Overview | ||
|
|
||
| This document describes the steps on how to configure the GraphDB Helm chart to use Ingress on AWS EKS. | ||
|
|
||
| ## Prerequisites | ||
|
|
||
| * EKS Cluster: Ensure you have an EKS cluster up and running. | ||
| * [Installing AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/deploy/installation/) | ||
| * [Ingress Setup](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) | ||
| * [Ingress Class](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/ingress_class/) | ||
| * [Exposing kubernetes applications via ingress](https://aws.amazon.com/blogs/containers/exposing-kubernetes-applications-part-1-service-and-ingress-resources/) | ||
|
|
||
| ## Example | ||
|
|
||
| * [values.yaml](values.yaml) - Example of how to deploy and expose GraphDB with Ingress without SSL enabled. | ||
| * [values_https.yaml](values_https.yaml) - Example of how to deploy and expose GraphDB with Ingress with SSL enabled. | ||
|
|
||
| ## Note | ||
| After you deploy and the ingress is created please change the externalUrl value to the DNS name of the ALB or Route53. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| # This example shows how to deploy and expose GraphDB with AWS Load Balancer Controller Ingress without SSL. | ||
|
|
||
| configuration: | ||
| externalUrl: http://graphdb-example-dns-name.com/ # Change this to your ALB DNS name or Route53 if you use it. | ||
|
|
||
| ingress: | ||
| enabled: true | ||
| className: "alb" | ||
| annotations: | ||
| alb.ingress.kubernetes.io/load-balancer-name: graphdb-ingress | ||
| alb.ingress.kubernetes.io/target-type: ip | ||
| alb.ingress.kubernetes.io/scheme: internet-facing | ||
| alb.ingress.kubernetes.io/inbound-cidrs: "0.0.0.0/0" | ||
| alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # This example shows how to deploy and expose GraphDB with AWS Load Balancer Controller Ingress with SSL enabled. | ||
|
|
||
| configuration: | ||
| externalUrl: https://graphdb-example-dns-name.com/ # Change this to your ALB DNS name or Route53 if you use it. | ||
|
|
||
| ingress: | ||
| enabled: true | ||
| className: "alb" | ||
| annotations: | ||
| alb.ingress.kubernetes.io/load-balancer-name: graphdb-ingress | ||
| alb.ingress.kubernetes.io/target-type: ip | ||
| alb.ingress.kubernetes.io/scheme: internet-facing | ||
| alb.ingress.kubernetes.io/inbound-cidrs: "0.0.0.0/0" | ||
| alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' | ||
| alb.ingress.kubernetes.io/certificate-arn: "" # ARN of the ACM SSL Certificate that will be used | ||
| alb.ingress.kubernetes.io/ssl-policy: "ELBSecurityPolicy-TLS13-1-2-2021-06" | ||
| alb.ingress.kubernetes.io/ssl-redirect: '443' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| # EKS Load Balancer Type Deployment | ||
|
|
||
| This folder contains examples of using GraphDB with the AWS Network Load Balancer. | ||
|
|
||
| ## Pre-requisites | ||
|
|
||
| * EKS Cluster: Ensure you have an EKS cluster up and running. | ||
| * [Installing AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/deploy/installation/) | ||
| * [AWS Documentation - Route TCP and UDP traffic with Network Load Balancers](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html) | ||
|
|
||
| ## Example | ||
|
|
||
| * [values.yaml](values.yaml) - Example of how to deploy and expose GraphDB with Network Load Balancer without SSL enabled. | ||
| * [values_https.yaml] - Example of how to deploy and expose GraphDB with Network Load Balancer with SSL enabled. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| # This example shows how to deploy and expose GraphDB with Network Load Balancer without SSL enabled. | ||
|
|
||
| service: | ||
| enabled: true | ||
| ports: | ||
| http: 80 | ||
| type: LoadBalancer | ||
| loadBalancerClass: "service.k8s.aws/nlb" | ||
| annotations: | ||
| service.beta.kubernetes.io/aws-load-balancer-name: "graphdb-lb" | ||
| service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" | ||
| service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" | ||
| service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" # This ensures the load balancer is internet-facing | ||
| service.beta.kubernetes.io/load-balancer-source-ranges: "0.0.0.0/0" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # This example shows how to deploy and expose GraphDB with Network Load Balancer with SSL enabled. | ||
|
|
||
| service: | ||
| enabled: true | ||
| ports: | ||
| http: 443 | ||
| type: LoadBalancer | ||
| loadBalancerClass: "service.k8s.aws/nlb" | ||
| annotations: | ||
| service.beta.kubernetes.io/aws-load-balancer-name: "graphdb-lb" | ||
| service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" | ||
| service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" | ||
| service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" # This ensures the load balancer is internet-facing | ||
| service.beta.kubernetes.io/load-balancer-source-ranges: "0.0.0.0/0" | ||
| service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "" # ARN of the ACM SSL Certificate that will be used | ||
| service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" # Ports to be used for the SSL | ||
| service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: "ELBSecurityPolicy-TLS13-1-2-2021-06" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # AWS Service Account Examples | ||
|
|
||
| This folder contains examples of using GraphDB with the Service account to gain access to the AWS services. | ||
|
|
||
| The main reason that we want to use service accounts is that GraphDB relies on S3 for the Cloud Backups. But you can use that service account to use other AWS services from the EKS cluster as well, | ||
| when you have configured your IAM policies properly. | ||
|
|
||
| ## Pre-requisites | ||
|
|
||
| * EKS Cluster: Ensure you have an EKS cluster up and running. | ||
| * Before starting with the service account setup you should have an IAM Role that should have access to the S3 Service. | ||
| * [IAM Roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) | ||
| * [IAM Policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-policies-s3.html) | ||
|
|
||
| ## Example | ||
|
|
||
| * [values.yaml](values.yaml) - Example of how to deploy the service account. | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| serviceAccount: | ||
| create: true | ||
| name: graphdb | ||
| annotations: | ||
| eks.amazonaws.com/role-arn: arn:aws:iam::<AWS_ACCOUNT_ID>:role/eks-service-account-role # Example ARN Role, replace with your actual IAM Role ARN |