Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add default AWS LB annotations #62

Merged
merged 3 commits into from
Nov 17, 2023
Merged

Add default AWS LB annotations #62

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
afbec81
🧑‍💻 feat(helm): Add default AWS LB annotations
MfCrizz Oct 11, 2023
97101a4
🧑‍💻 feat(helm): Add default AWS LB annotations to aws.yaml
MfCrizz Oct 11, 2023
d87f79a
📝 docs: Improve documentation for installation of Unguard on AWS EKS …
MfCrizz Oct 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 36 additions & 1 deletion chart/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,9 +115,44 @@ helm install unguard -f aws.yaml oci://ghcr.io/dynatrace-oss/unguard/chart/ungua

The above command applies the values from `aws.yaml` which creates and configures an ingress for EKS deployment.


> **Tip**: You can use the default [values.yaml](values.yaml)


## Installation on an AWS EKS cluster

> **Warning** \
> Unguard is **insecure** by design and a careless installation will leave you exposed to severe security vulnerabilities. \
> When installing Unguard with the `aws.enabled=true` value set, an ingress gets created. Please make sure to review its configuration.

> **Note**:\
These steps assume that an AWS Load Balancer Controller is installed. See https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.6/ for more information.

This Chart is prepared to install Unguard on an AWS EKS cluster. \
To install Unguard on an AWS EKS cluster running an AWS load balancer, you can run the following `helm` command:

```sh
helm install unguard oci://ghcr.io/dynatrace-oss/unguard/chart/unguard --set localDev.enabled=false,aws.enabled=true
```

This creates an ingress and adds the following default annotations:

```yaml
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/load-balancer-name: "unguard-lb"
```

These annotations can be adjusted by modifying and extending the `aws.yaml` values file and then passing it to the Unguard helm install command like shown bellow.

```sh
helm install unguard -f aws.yaml oci://ghcr.io/dynatrace-oss/unguard/chart/unguard
```

> **Note**:\
Passing the `aws.yaml` values file removes and overrides ALL default annotations.


## Tracing and Jaeger

To enable tracing, provide the YAML file [tracing.yaml](tracing.yaml) during installation. **Unguard is configured for Jaeger tracing.** \
Expand Down
3 changes: 2 additions & 1 deletion chart/aws.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,6 @@ aws:
ingress:
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/load-balancer-name: "unguard-lb"
4 changes: 4 additions & 0 deletions chart/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@ aws:
enabled: false
ingress:
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/load-balancer-name: "unguard-lb"

# Ingress
ingress:
Expand Down
Loading