Ontotext-AD · Aug 7, 2024 · Aug 5, 2024 · Aug 7, 2024
diff --git a/examples/aws/ingress/README.md b/examples/aws/ingress/README.md
@@ -0,0 +1,20 @@
+# Overview 
+
+This document describes the steps on how to configure the GraphDB Helm chart to use Ingress on AWS EKS.
+
+## Prerequisites
+
+* EKS Cluster: Ensure you have an EKS cluster up and running.
+* [Installing AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/deploy/installation/)
+* [Ingress Setup](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html)
+* [Ingress Class](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/ingress_class/)
+* [Exposing kubernetes applications via ingress](https://aws.amazon.com/blogs/containers/exposing-kubernetes-applications-part-1-service-and-ingress-resources/)
+
+## Example
+
+* [values.yaml](values.yaml) - Example of how to deploy and expose GraphDB with Ingress without SSL enabled.
+* [values_https.yaml](values_https.yaml) - Example of how to deploy and expose GraphDB with Ingress with SSL enabled.
+
+## Note
+
+After you deploy and the ingress is created please change the externalUrl value to the DNS name of the ALB or Route53.
diff --git a/examples/aws/ingress/values.yaml b/examples/aws/ingress/values.yaml
@@ -0,0 +1,14 @@
+# This example shows how to deploy and expose GraphDB with AWS Load Balancer Controller Ingress without SSL.
+
+configuration:
+  externalUrl: http://graphdb-example-dns-name.com/ # Change this to your ALB DNS name or Route53 if you use it.
+
+ingress:
+  enabled: true
+  className: alb
+  annotations:
+   alb.ingress.kubernetes.io/load-balancer-name: graphdb-ingress
+   alb.ingress.kubernetes.io/target-type: ip
+   alb.ingress.kubernetes.io/scheme: internet-facing
+   alb.ingress.kubernetes.io/inbound-cidrs: "0.0.0.0/0"
+   alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
diff --git a/examples/aws/ingress/values_https.yaml b/examples/aws/ingress/values_https.yaml
@@ -0,0 +1,17 @@
+# This example shows how to deploy and expose GraphDB with AWS Load Balancer Controller Ingress with SSL enabled.
+
+configuration:
+  externalUrl: https://graphdb-example-dns-name.com/ # Change this to your ALB DNS name or Route53 if you use it.
+
+ingress:
+  enabled: true
+  className: alb
+  annotations:
+   alb.ingress.kubernetes.io/load-balancer-name: graphdb-ingress
+   alb.ingress.kubernetes.io/target-type: ip
+   alb.ingress.kubernetes.io/scheme: internet-facing
+   alb.ingress.kubernetes.io/inbound-cidrs: "0.0.0.0/0"
+   alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+   alb.ingress.kubernetes.io/certificate-arn: "" # ARN of the ACM SSL Certificate that will be used
+   alb.ingress.kubernetes.io/ssl-policy: "ELBSecurityPolicy-TLS13-1-2-2021-06"
+   alb.ingress.kubernetes.io/ssl-redirect: '443'
diff --git a/examples/aws/lb-example/README.md b/examples/aws/lb-example/README.md
@@ -0,0 +1,14 @@
+# EKS Load Balancer Type Deployment
+
+This folder contains examples of using GraphDB with the AWS Network Load Balancer.
+
+## Pre-requisites 
+
+* EKS Cluster: Ensure you have an EKS cluster up and running.
+* [Installing AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/deploy/installation/)
+* [AWS Documentation - Route TCP and UDP traffic with Network Load Balancers](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html)
+
+## Example
+
+* [values.yaml](values.yaml) - Example of how to deploy and expose GraphDB with Network Load Balancer without SSL enabled.
+* [values_https.yaml] - Example of how to deploy and expose GraphDB with Network Load Balancer with SSL enabled.
diff --git a/examples/aws/lb-example/values.yaml b/examples/aws/lb-example/values.yaml
@@ -0,0 +1,14 @@
+# This example shows how to deploy and expose GraphDB with Network Load Balancer without SSL enabled.
+
+service:
+  enabled: true
+  ports:
+   http: 80
+  type: LoadBalancer
+  loadBalancerClass: "service.k8s.aws/nlb"
+  annotations:
+   service.beta.kubernetes.io/aws-load-balancer-name: "graphdb-lb"
+   service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
+   service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+   service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"  # This ensures the load balancer is internet-facing
+   service.beta.kubernetes.io/load-balancer-source-ranges: "0.0.0.0/0"
diff --git a/examples/aws/lb-example/values_https.yaml b/examples/aws/lb-example/values_https.yaml
@@ -0,0 +1,17 @@
+# This example shows how to deploy and expose GraphDB with Network Load Balancer with SSL enabled.
+
+service:
+  enabled: true
+  ports:
+   http: 443
+  type: LoadBalancer
+  loadBalancerClass: "service.k8s.aws/nlb"
+  annotations:
+   service.beta.kubernetes.io/aws-load-balancer-name: "graphdb-lb"
+   service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
+   service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+   service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"  # This ensures the load balancer is internet-facing
+   service.beta.kubernetes.io/load-balancer-source-ranges: "0.0.0.0/0"
+   service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "" # ARN of the ACM SSL Certificate that will be used
+   service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" # Ports to be used for the SSL
+   service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: "ELBSecurityPolicy-TLS13-1-2-2021-06"
diff --git a/examples/aws/service-account/README.md b/examples/aws/service-account/README.md
@@ -0,0 +1,18 @@
+# AWS Service Account Examples
+
+This folder contains examples of using GraphDB with the Service account to gain access to the AWS services.
+
+The main reason that we want to use service accounts is that GraphDB relies on S3 for the Cloud Backups. But you can use that service account to use other AWS services from the EKS cluster as well, 
+when you have configured your IAM policies properly.
+
+## Pre-requisites
+
+* EKS Cluster: Ensure you have an EKS cluster up and running.
+* Before starting with the service account setup you should have an IAM Role that should have access to the S3 Service.
+* [IAM Roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html)
+* [IAM Policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-policies-s3.html)
+
+## Example
+
+* [values.yaml](values.yaml) - Example of how to deploy the service account.
+
diff --git a/examples/aws/service-account/values.yaml b/examples/aws/service-account/values.yaml
@@ -0,0 +1,5 @@
+serviceAccount:
+  create: true
+  name: graphdb
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::<AWS_ACCOUNT_ID>:role/eks-service-account-role # Example ARN Role, replace with your actual IAM Role ARN