From bc14b1c4cb928f240671c5820fee0fd130d82d02 Mon Sep 17 00:00:00 2001
From: "simeon.zhekov" <simeon.zhekov@ontotext.com>
Date: Mon, 5 Aug 2024 15:13:36 +0300
Subject: [PATCH 1/2] Added examples for NLB, ALB ingress and service account

---
 examples/aws/ingress/README.md            | 19 +++++++++++++++++++
 examples/aws/ingress/values.yaml          | 14 ++++++++++++++
 examples/aws/ingress/values_https.yaml    | 17 +++++++++++++++++
 examples/aws/lb-example/README.md         | 14 ++++++++++++++
 examples/aws/lb-example/values.yaml       | 14 ++++++++++++++
 examples/aws/lb-example/values_https.yaml | 17 +++++++++++++++++
 examples/aws/service-account/README.md    | 18 ++++++++++++++++++
 examples/aws/service-account/values.yaml  |  5 +++++
 8 files changed, 118 insertions(+)
 create mode 100644 examples/aws/ingress/README.md
 create mode 100644 examples/aws/ingress/values.yaml
 create mode 100644 examples/aws/ingress/values_https.yaml
 create mode 100644 examples/aws/lb-example/README.md
 create mode 100644 examples/aws/lb-example/values.yaml
 create mode 100644 examples/aws/lb-example/values_https.yaml
 create mode 100644 examples/aws/service-account/README.md
 create mode 100644 examples/aws/service-account/values.yaml

diff --git a/examples/aws/ingress/README.md b/examples/aws/ingress/README.md
new file mode 100644
index 00000000..d561f271
--- /dev/null
+++ b/examples/aws/ingress/README.md
@@ -0,0 +1,19 @@
+# Overview 
+
+This document describes the steps on how to configure the GraphDB Helm chart to use Ingress on AWS EKS.
+
+## Prerequisites
+
+* EKS Cluster: Ensure you have an EKS cluster up and running.
+* [Installing AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/deploy/installation/)
+* [Ingress Setup](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html)
+* [Ingress Class](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/ingress_class/)
+* [Exposing kubernetes applications via ingress](https://aws.amazon.com/blogs/containers/exposing-kubernetes-applications-part-1-service-and-ingress-resources/)
+
+## Example
+
+* [values.yaml](values.yaml) - Example of how to deploy and expose GraphDB with Ingress without SSL enabled.
+* [values_https.yaml](values_https.yaml) - Example of how to deploy and expose GraphDB with Ingress with SSL enabled.
+
+## Note
+After you deploy and the ingress is created please change the externalUrl value to the DNS name of the ALB or Route53.
diff --git a/examples/aws/ingress/values.yaml b/examples/aws/ingress/values.yaml
new file mode 100644
index 00000000..a85e3b70
--- /dev/null
+++ b/examples/aws/ingress/values.yaml
@@ -0,0 +1,14 @@
+# This example shows how to deploy and expose GraphDB with AWS Load Balancer Controller Ingress without SSL.
+
+configuration:
+  externalUrl: http://graphdb-example-dns-name.com/ # Change this to your ALB DNS name or Route53 if you use it.
+
+ingress:
+  enabled: true
+  className: alb
+  annotations:
+   alb.ingress.kubernetes.io/load-balancer-name: graphdb-ingress
+   alb.ingress.kubernetes.io/target-type: ip
+   alb.ingress.kubernetes.io/scheme: internet-facing
+   alb.ingress.kubernetes.io/inbound-cidrs: "0.0.0.0/0"
+   alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
diff --git a/examples/aws/ingress/values_https.yaml b/examples/aws/ingress/values_https.yaml
new file mode 100644
index 00000000..93e45da1
--- /dev/null
+++ b/examples/aws/ingress/values_https.yaml
@@ -0,0 +1,17 @@
+# This example shows how to deploy and expose GraphDB with AWS Load Balancer Controller Ingress with SSL enabled.
+
+configuration:
+  externalUrl: https://graphdb-example-dns-name.com/ # Change this to your ALB DNS name or Route53 if you use it.
+
+ingress:
+  enabled: true
+  className: alb
+  annotations:
+   alb.ingress.kubernetes.io/load-balancer-name: graphdb-ingress
+   alb.ingress.kubernetes.io/target-type: ip
+   alb.ingress.kubernetes.io/scheme: internet-facing
+   alb.ingress.kubernetes.io/inbound-cidrs: "0.0.0.0/0"
+   alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+   alb.ingress.kubernetes.io/certificate-arn: "" # ARN of the ACM SSL Certificate that will be used
+   alb.ingress.kubernetes.io/ssl-policy: "ELBSecurityPolicy-TLS13-1-2-2021-06"
+   alb.ingress.kubernetes.io/ssl-redirect: '443'
diff --git a/examples/aws/lb-example/README.md b/examples/aws/lb-example/README.md
new file mode 100644
index 00000000..c5d95169
--- /dev/null
+++ b/examples/aws/lb-example/README.md
@@ -0,0 +1,14 @@
+# EKS Load Balancer Type Deployment
+
+This folder contains examples of using GraphDB with the AWS Network Load Balancer.
+
+## Pre-requisites 
+
+* EKS Cluster: Ensure you have an EKS cluster up and running.
+* [Installing AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/deploy/installation/)
+* [AWS Documentation - Route TCP and UDP traffic with Network Load Balancers](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html)
+
+## Example
+
+* [values.yaml](values.yaml) - Example of how to deploy and expose GraphDB with Network Load Balancer without SSL enabled.
+* [values_https.yaml] - Example of how to deploy and expose GraphDB with Network Load Balancer with SSL enabled.
\ No newline at end of file
diff --git a/examples/aws/lb-example/values.yaml b/examples/aws/lb-example/values.yaml
new file mode 100644
index 00000000..f89288c0
--- /dev/null
+++ b/examples/aws/lb-example/values.yaml
@@ -0,0 +1,14 @@
+# This example shows how to deploy and expose GraphDB with Network Load Balancer without SSL enabled.
+
+service:
+  enabled: true
+  ports:
+   http: 80
+  type: LoadBalancer
+  loadBalancerClass: "service.k8s.aws/nlb"
+  annotations:
+   service.beta.kubernetes.io/aws-load-balancer-name: "graphdb-lb"
+   service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
+   service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+   service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"  # This ensures the load balancer is internet-facing
+   service.beta.kubernetes.io/load-balancer-source-ranges: "0.0.0.0/0"
diff --git a/examples/aws/lb-example/values_https.yaml b/examples/aws/lb-example/values_https.yaml
new file mode 100644
index 00000000..d8182135
--- /dev/null
+++ b/examples/aws/lb-example/values_https.yaml
@@ -0,0 +1,17 @@
+# This example shows how to deploy and expose GraphDB with Network Load Balancer with SSL enabled.
+
+service:
+  enabled: true
+  ports:
+   http: 443
+  type: LoadBalancer
+  loadBalancerClass: "service.k8s.aws/nlb"
+  annotations:
+   service.beta.kubernetes.io/aws-load-balancer-name: "graphdb-lb"
+   service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
+   service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+   service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"  # This ensures the load balancer is internet-facing
+   service.beta.kubernetes.io/load-balancer-source-ranges: "0.0.0.0/0"
+   service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "" # ARN of the ACM SSL Certificate that will be used
+   service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" # Ports to be used for the SSL
+   service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: "ELBSecurityPolicy-TLS13-1-2-2021-06"
\ No newline at end of file
diff --git a/examples/aws/service-account/README.md b/examples/aws/service-account/README.md
new file mode 100644
index 00000000..92133e1f
--- /dev/null
+++ b/examples/aws/service-account/README.md
@@ -0,0 +1,18 @@
+# AWS Service Account Examples
+
+This folder contains examples of using GraphDB with the Service account to gain access to the AWS services.
+
+The main reason that we want to use service accounts is that GraphDB relies on S3 for the Cloud Backups. But you can use that service account to use other AWS services from the EKS cluster as well, 
+when you have configured your IAM policies properly.
+
+## Pre-requisites
+
+* EKS Cluster: Ensure you have an EKS cluster up and running.
+* Before starting with the service account setup you should have an IAM Role that should have access to the S3 Service.
+* [IAM Roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html)
+* [IAM Policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-policies-s3.html)
+
+## Example
+
+* [values.yaml](values.yaml) - Example of how to deploy the service account.
+
diff --git a/examples/aws/service-account/values.yaml b/examples/aws/service-account/values.yaml
new file mode 100644
index 00000000..545cc0e9
--- /dev/null
+++ b/examples/aws/service-account/values.yaml
@@ -0,0 +1,5 @@
+serviceAccount:
+  create: true
+  name: graphdb
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::<AWS_ACCOUNT_ID>:role/eks-service-account-role # Example ARN Role, replace with your actual IAM Role ARN

From 8897e5dfd2cc443e03ad0ae3572ff9bc5a499bc5 Mon Sep 17 00:00:00 2001
From: "simeon.zhekov" <simeon.zhekov@ontotext.com>
Date: Wed, 7 Aug 2024 09:45:37 +0300
Subject: [PATCH 2/2] Fixed formatting

---
 examples/aws/ingress/README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/examples/aws/ingress/README.md b/examples/aws/ingress/README.md
index d561f271..f17f48c6 100644
--- a/examples/aws/ingress/README.md
+++ b/examples/aws/ingress/README.md
@@ -16,4 +16,5 @@ This document describes the steps on how to configure the GraphDB Helm chart to
 * [values_https.yaml](values_https.yaml) - Example of how to deploy and expose GraphDB with Ingress with SSL enabled.
 
 ## Note
+
 After you deploy and the ingress is created please change the externalUrl value to the DNS name of the ALB or Route53.