From e08c6d13f8b2c2b150b00e9a3650c34768889269 Mon Sep 17 00:00:00 2001 From: "simeon.zhekov" Date: Thu, 15 Aug 2024 13:36:32 +0300 Subject: [PATCH] Fix formatting and comments --- examples/aws/ingress/README.md | 6 +++++- examples/aws/ingress/values.yaml | 9 ++++++++- examples/aws/ingress/values_https.yaml | 16 +++++++++++++--- examples/aws/lb-example/values.yaml | 7 ++++++- examples/aws/lb-example/values_https.yaml | 14 +++++++++++--- examples/aws/service-account/README.md | 3 ++- examples/aws/service-account/values.yaml | 4 ++-- examples/azure/ingress/README.md | 8 +++++--- examples/azure/ingress/values.yaml | 4 +++- examples/azure/ingress/values_https.yaml | 10 +++++++--- examples/azure/lb-example/README.md | 11 ++--------- examples/azure/lb-example/values.yaml | 9 +-------- examples/azure/lb-example/values_https.yaml | 19 ------------------- examples/azure/service-account/README.md | 6 ++++-- examples/azure/service-account/values.yaml | 1 - 15 files changed, 69 insertions(+), 58 deletions(-) delete mode 100644 examples/azure/lb-example/values_https.yaml diff --git a/examples/aws/ingress/README.md b/examples/aws/ingress/README.md index f17f48c6..4a9ecf09 100644 --- a/examples/aws/ingress/README.md +++ b/examples/aws/ingress/README.md @@ -17,4 +17,8 @@ This document describes the steps on how to configure the GraphDB Helm chart to ## Note -After you deploy and the ingress is created please change the externalUrl value to the DNS name of the ALB or Route53. +After you deploy the GraphDB chart you should either point an DNS name to the ALB and set +the externalUrl property in the chart and re-apply it, or the other option you can use nip.io and map it's +public ip address to nip.io. In order to do that use the kubectl get ingress commands and copy the Public IP +for the GraphDB ingress, then go to the values file and set the externalUrl property to http://ip.address.nip.io/. +Otherwise Workbench won't be accessible. diff --git a/examples/aws/ingress/values.yaml b/examples/aws/ingress/values.yaml index a85e3b70..3fedc2f6 100644 --- a/examples/aws/ingress/values.yaml +++ b/examples/aws/ingress/values.yaml @@ -1,14 +1,21 @@ # This example shows how to deploy and expose GraphDB with AWS Load Balancer Controller Ingress without SSL. configuration: - externalUrl: http://graphdb-example-dns-name.com/ # Change this to your ALB DNS name or Route53 if you use it. + # Change this to your AzureDNS domain name or use nip.io which you can do after you deploy the chart since you + # need to map the public IP address of the Application Gateway to the nip.io. + externalUrl: http://ip.address.nip.io/ ingress: enabled: true className: alb annotations: + # Define name of the Load Ingress alb.ingress.kubernetes.io/load-balancer-name: graphdb-ingress + # Define target type for the Ingress alb.ingress.kubernetes.io/target-type: ip + # This ensures the load balancer is public alb.ingress.kubernetes.io/scheme: internet-facing + # Allowed CIDRs to access the load balancer alb.ingress.kubernetes.io/inbound-cidrs: "0.0.0.0/0" + # Define the ports on which the Ingress should create listener alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' diff --git a/examples/aws/ingress/values_https.yaml b/examples/aws/ingress/values_https.yaml index 93e45da1..ac012e91 100644 --- a/examples/aws/ingress/values_https.yaml +++ b/examples/aws/ingress/values_https.yaml @@ -1,17 +1,27 @@ # This example shows how to deploy and expose GraphDB with AWS Load Balancer Controller Ingress with SSL enabled. configuration: - externalUrl: https://graphdb-example-dns-name.com/ # Change this to your ALB DNS name or Route53 if you use it. + # Change this to your AzureDNS domain name or use nip.io which you can do after you deploy the chart since you + # need to map the public IP address of the Application Gateway to the nip.io. + externalUrl: https://ip.address.nip.io ingress: enabled: true className: alb annotations: + # Define name of the Load Ingress alb.ingress.kubernetes.io/load-balancer-name: graphdb-ingress + # Define target type for the Ingress alb.ingress.kubernetes.io/target-type: ip + # This ensures the load balancer is public alb.ingress.kubernetes.io/scheme: internet-facing + # Allowed CIDRs to access the load balancer alb.ingress.kubernetes.io/inbound-cidrs: "0.0.0.0/0" + # Define the ports on which the Ingress should create listener alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' - alb.ingress.kubernetes.io/certificate-arn: "" # ARN of the ACM SSL Certificate that will be used + # ARN of the ACM SSL Certificate that will be used + alb.ingress.kubernetes.io/certificate-arn: "" + # TLS Policy alb.ingress.kubernetes.io/ssl-policy: "ELBSecurityPolicy-TLS13-1-2-2021-06" - alb.ingress.kubernetes.io/ssl-redirect: '443' + # Enable SSL redirect on the listener + alb.ingress.kubernetes.io/ssl-redirect: '443' \ No newline at end of file diff --git a/examples/aws/lb-example/values.yaml b/examples/aws/lb-example/values.yaml index f89288c0..22737603 100644 --- a/examples/aws/lb-example/values.yaml +++ b/examples/aws/lb-example/values.yaml @@ -7,8 +7,13 @@ service: type: LoadBalancer loadBalancerClass: "service.k8s.aws/nlb" annotations: + # Define name of the Load Balancer service.beta.kubernetes.io/aws-load-balancer-name: "graphdb-lb" + # Define target type for the Load Balancer service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" + # Enable cross zone load balancing for the Load Balancer service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" # This ensures the load balancer is internet-facing + # This ensures the load balancer is public + service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" + # Allowed CIDRs to access the load balancer service.beta.kubernetes.io/load-balancer-source-ranges: "0.0.0.0/0" diff --git a/examples/aws/lb-example/values_https.yaml b/examples/aws/lb-example/values_https.yaml index 8d2ee145..f0694294 100644 --- a/examples/aws/lb-example/values_https.yaml +++ b/examples/aws/lb-example/values_https.yaml @@ -7,11 +7,19 @@ service: type: LoadBalancer loadBalancerClass: "service.k8s.aws/nlb" annotations: + # Define name of the Load Balancer service.beta.kubernetes.io/aws-load-balancer-name: "graphdb-lb" + # Define target type for the Load Balancer service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" + # Enable cross zone load balancing for the Load Balancer service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" # This ensures the load balancer is internet-facing + # This ensures the load balancer is public + service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" + # Allowed CIDRs to access the load balancer service.beta.kubernetes.io/load-balancer-source-ranges: "0.0.0.0/0" - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "" # ARN of the ACM SSL Certificate that will be used - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" # Ports to be used for the SSL + # ARN of the ACM SSL Certificate that will be used + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "" + # Ports to be used for the SSL + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" + # TLS Policy service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: "ELBSecurityPolicy-TLS13-1-2-2021-06" diff --git a/examples/aws/service-account/README.md b/examples/aws/service-account/README.md index 5ad2d55d..80242277 100644 --- a/examples/aws/service-account/README.md +++ b/examples/aws/service-account/README.md @@ -2,7 +2,8 @@ This folder contains examples of using GraphDB with the Service account to gain access to the AWS services. -The main reason that we want to use service accounts is that GraphDB relies on S3 for the Cloud Backups. But you can use that service account to use other AWS services from the EKS cluster as well, +The main reason that we want to use service accounts is that GraphDB relies on S3 for the Cloud Backups. +But you can use that service account to use other AWS services from the EKS cluster as well, when you have configured your IAM policies properly. ## Pre-requisites diff --git a/examples/aws/service-account/values.yaml b/examples/aws/service-account/values.yaml index 545cc0e9..03eca26b 100644 --- a/examples/aws/service-account/values.yaml +++ b/examples/aws/service-account/values.yaml @@ -1,5 +1,5 @@ serviceAccount: create: true - name: graphdb annotations: - eks.amazonaws.com/role-arn: arn:aws:iam:::role/eks-service-account-role # Example ARN Role, replace with your actual IAM Role ARN + # Example ARN Role, replace with your actual IAM Role ARN + eks.amazonaws.com/role-arn: arn:aws:iam:::role/eks-service-account-role diff --git a/examples/azure/ingress/README.md b/examples/azure/ingress/README.md index d3ce0da7..75654792 100644 --- a/examples/azure/ingress/README.md +++ b/examples/azure/ingress/README.md @@ -6,6 +6,7 @@ This document describes the steps on how to configure the GraphDB Helm chart to * AKS Cluster: Ensure you have an AKS cluster up and running. * [Enable application gateway ingress on existing AKS cluster](https://learn.microsoft.com/en-us/azure/application-gateway/tutorial-ingress-controller-add-on-new) +* [Application Gateway supported annotations](https://azure.github.io/application-gateway-kubernetes-ingress/annotations/) ## Example @@ -14,7 +15,8 @@ This document describes the steps on how to configure the GraphDB Helm chart to ## Note -After you deploy the GraphDB chart you should either point an DNS name to the Application Gateway and set the externalUrl property in the chart and re-apply it, or the other option you can use nip.io -and map it's public ip address to nip.io. -In order to do that use the kubectl get ingress commands and copy the Public IP for the GraphDB ingress, then go to the values file and set the externalUrl property to http://ip.address.nip.io/. +After you deploy the GraphDB chart you should either point an DNS name to the Application Gateway and set +the externalUrl property in the chart and re-apply it, or the other option you can use nip.io and map it's +public ip address to nip.io. In order to do that use the kubectl get ingress commands and copy the Public IP +for the GraphDB ingress, then go to the values file and set the externalUrl property to http://ip.address.nip.io/. Otherwise Workbench won't be accessible. diff --git a/examples/azure/ingress/values.yaml b/examples/azure/ingress/values.yaml index 9155485e..e3ef3c44 100644 --- a/examples/azure/ingress/values.yaml +++ b/examples/azure/ingress/values.yaml @@ -1,7 +1,9 @@ # This example shows how to deploy and expose GraphDB with Application Gateway Ingress without SSL. configuration: - externalUrl: http://ip.address.nip.io/ # Change this to your AzureDNS domain name or use nip.io which you can do after you deploy the chart since you need to map the public IP address of the Application Gateway to the nip.io. + # Change this to your AzureDNS domain name or use nip.io which you can do after you deploy the chart since you + # need to map the public IP address of the Application Gateway to the nip.io. + externalUrl: http://ip.address.nip.io/ ingress: enabled: true diff --git a/examples/azure/ingress/values_https.yaml b/examples/azure/ingress/values_https.yaml index 7e51b650..a1e85f57 100644 --- a/examples/azure/ingress/values_https.yaml +++ b/examples/azure/ingress/values_https.yaml @@ -1,11 +1,15 @@ # This example shows how to deploy and expose GraphDB with Application Gateway Ingress with SSL certificate hosted in the KeyVault Service. configuration: - externalUrl: https://ip.address.nip.io/ # Change this to your AzureDNS domain name or use nip.io which you can do after you deploy the chart since you need to map the public IP address of the Application Gateway to the nip.io. + # Change this to your AzureDNS domain name or use nip.io which you can do after you deploy the chart since you + # need to map the public IP address of the Application Gateway to the nip.io. + externalUrl: https://ip.address.nip.io/ ingress: enabled: true className: azure-application-gateway annotations: - appgw.ingress.kubernetes.io/appgw-ssl-certificate: "name-of-appgw-installed-certificate" # Set the name of the SSL certificate that you have in the KeyVault Service - appgw.ingress.kubernetes.io/ssl-redirect: "true" + # Set the name of the SSL certificate that you have in the KeyVault Service + appgw.ingress.kubernetes.io/appgw-ssl-certificate: "name-of-appgw-installed-certificate" + # Enable SSL redirect on the listener + appgw.ingress.kubernetes.io/ssl-redirect: "true" diff --git a/examples/azure/lb-example/README.md b/examples/azure/lb-example/README.md index a58cc292..2cf8ab7d 100644 --- a/examples/azure/lb-example/README.md +++ b/examples/azure/lb-example/README.md @@ -7,15 +7,8 @@ This folder contains examples of using GraphDB with the Azure Load Balancer and * AKS Cluster: Ensure you have an AKS cluster up and running. * [Use a public standard load balancer in Azure Kubernetes Service (AKS)](https://learn.microsoft.com/en-us/azure/aks/load-balancer-standard) * [Expose an AKS service over HTTP or HTTPS using Application Gateway](https://learn.microsoft.com/en-us/azure/application-gateway/ingress-controller-expose-service-over-http-https) +* [Azure Kubernetes Service Type Load Balancer supported annotations](https://cloud-provider-azure.sigs.k8s.io/topics/loadbalancer/#loadbalancer-annotations) ## Example -* [values.yaml](values.yaml) - Example of how to deploy and expose GraphDB with Load Balancer and Application Gateway Ingress without SSL enabled. -* [values_https.yaml](values_https.yaml) - Example of how to deploy and expose GraphDB with Load Balancer and Application Gateway Ingress with SSL enabled. - -## Note - -After you deploy the GraphDB chart you should either point an DNS name to the Application Gateway and set the externalUrl property in the chart and re-apply it, or the other option you can use nip.io -and map it's public ip address to nip.io. -In order to do that use the kubectl get ingress commands and copy the Public IP for the GraphDB ingress, then go to the values file and set the externalUrl property to http://ip.address.nip.io/. -Otherwise Workbench won't be accessible. +* [values.yaml](values.yaml) - Example of how to deploy and expose GraphDB with Azure Load Balancer. diff --git a/examples/azure/lb-example/values.yaml b/examples/azure/lb-example/values.yaml index f35d5268..b5ffa487 100644 --- a/examples/azure/lb-example/values.yaml +++ b/examples/azure/lb-example/values.yaml @@ -1,16 +1,9 @@ # This example shows how to deploy and expose GraphDB with Application Gateway Ingress and Service Type Load Balancer without SSL enabled. -configuration: - externalUrl: http://ip.address.nip.io/ # Change this to your AzureDNS domain name or use nip.io which you can do after you deploy the chart since you need to map the public IP address of the Application Gateway to the nip.io. - -ingress: - enabled: true - className: azure-application-gateway - service: enabled: true ports: http: 80 type: LoadBalancer annotations: - service.beta.kubernetes.io/azure-load-balancer-internal: "true" + service.beta.kubernetes.io/azure-load-balancer-internal: "false" diff --git a/examples/azure/lb-example/values_https.yaml b/examples/azure/lb-example/values_https.yaml deleted file mode 100644 index a989dde3..00000000 --- a/examples/azure/lb-example/values_https.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This example shows how to deploy and expose GraphDB with Application Gateway Ingress and Service Type Load Balancer with SSL enabled. - -configuration: - externalUrl: https://ip.address.nip.io/ # Change this to your AzureDNS domain name or use nip.io which you can do after you deploy the chart since you need to map the public IP address of the Application Gateway to the nip.io.. - -ingress: - enabled: true - className: azure-application-gateway - annotations: - appgw.ingress.kubernetes.io/appgw-ssl-certificate: "name-of-appgw-installed-certificate" # Set the name of the SSL certificate that you have in the KeyVault Service - appgw.ingress.kubernetes.io/ssl-redirect: "true" - -service: - enabled: true - ports: - http: 443 - type: LoadBalancer - annotations: - service.beta.kubernetes.io/azure-load-balancer-internal: "true" diff --git a/examples/azure/service-account/README.md b/examples/azure/service-account/README.md index facb3775..a43b2c4a 100644 --- a/examples/azure/service-account/README.md +++ b/examples/azure/service-account/README.md @@ -2,13 +2,15 @@ This folder contains examples of using GraphDB with the Service account to gain access to the Azure services. -The main reason that we want to use service accounts is that GraphDB relies on Azure Storage Account for the Cloud Backups. But you can use that service account to use other Azure services from the AKS cluster as well, +The main reason that we want to use service accounts is that GraphDB relies on Azure Storage Account +for the Cloud Backups. But you can use that service account to use other Azure services from the AKS cluster as well, when you have configured your IAM Role Assignments properly. ## Pre-requisites * AKS Cluster: Ensure you have an AKS cluster up and running. -* Before starting with the service account setup you should have an IAM Role assignment that should have access to the Azure Storage Account Service. +* Before starting with the service account setup you should have an IAM Role assignment that should + have access to the Azure Storage Account Service. * [Best practices for authentication and authorization in Azure Kubernetes Service (AKS)](https://learn.microsoft.com/en-us/azure/aks/operator-best-practices-identity) * [Azure Login using identity](https://learn.microsoft.com/en-us/cli/azure/authenticate-azure-cli-managed-identity) * [Deploy and configure workload identity on an Azure Kubernetes Service (AKS) cluster](https://learn.microsoft.com/en-us/azure/aks/workload-identity-deploy-cluster) diff --git a/examples/azure/service-account/values.yaml b/examples/azure/service-account/values.yaml index 55f209e9..a4e00886 100644 --- a/examples/azure/service-account/values.yaml +++ b/examples/azure/service-account/values.yaml @@ -1,5 +1,4 @@ serviceAccount: create: true - name: graphdb annotations: azure.workload.identity/client-id: