From b742f071e52c92f9453c387e586c4cf5832bfa12 Mon Sep 17 00:00:00 2001 From: Orangecola Date: Fri, 10 Jan 2020 14:37:24 +0800 Subject: [PATCH 1/6] AWS Guide Added a declarative kubectl and eksctl config to make installation easier Edited AWS Guide Edited aws-ingress.yaml to set the load balancer connect to pods directly --- guides/aws/alb-ingress-controller.yaml | 70 ++++++++++++++++++++++++++ guides/aws/aws-ingress.yaml | 1 + guides/aws/aws.md | 37 +++++++++++--- guides/aws/cluster-iam.yaml | 15 ++++++ 4 files changed, 115 insertions(+), 8 deletions(-) create mode 100644 guides/aws/alb-ingress-controller.yaml create mode 100644 guides/aws/cluster-iam.yaml diff --git a/guides/aws/alb-ingress-controller.yaml b/guides/aws/alb-ingress-controller.yaml new file mode 100644 index 00000000..95343ad4 --- /dev/null +++ b/guides/aws/alb-ingress-controller.yaml @@ -0,0 +1,70 @@ +# Application Load Balancer (ALB) Ingress Controller Deployment Manifest. +# This manifest details sensible defaults for deploying an ALB Ingress Controller. +# GitHub: https://github.com/kubernetes-sigs/aws-alb-ingress-controller +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: alb-ingress-controller + name: alb-ingress-controller + # Namespace the ALB Ingress Controller should run in. Does not impact which + # namespaces it's able to resolve ingress resource for. For limiting ingress + # namespace scope, see --watch-namespace. + namespace: kube-system +spec: + selector: + matchLabels: + app.kubernetes.io/name: alb-ingress-controller + template: + metadata: + labels: + app.kubernetes.io/name: alb-ingress-controller + spec: + containers: + - name: alb-ingress-controller + args: + # Limit the namespace where this ALB Ingress Controller deployment will + # resolve ingress resources. If left commented, all namespaces are used. + # - --watch-namespace=your-k8s-namespace + + # Setting the ingress-class flag below ensures that only ingress resources with the + # annotation kubernetes.io/ingress.class: "alb" are respected by the controller. You may + # choose any class you'd like for this controller to respect. + - --ingress-class=alb + - --cluster-name=multi-juicer + # REQUIRED + # Name of your cluster. Used when naming resources created + # by the ALB Ingress Controller, providing distinction between + # clusters. + # - --cluster-name=devCluster + + # AWS VPC ID this ingress controller will use to create AWS resources. + # If unspecified, it will be discovered from ec2metadata. + # - --aws-vpc-id=vpc-xxxxxx + + # AWS region this ingress controller will operate in. + # If unspecified, it will be discovered from ec2metadata. + # List of regions: http://docs.aws.amazon.com/general/latest/gr/rande.html#vpc_region + # - --aws-region=us-west-1 + + # Enables logging on all outbound requests sent to the AWS API. + # If logging is desired, set to true. + # - --aws-api-debug + # Maximum number of times to retry the aws calls. + # defaults to 10. + # - --aws-max-retries=10 + # env: + # AWS key id for authenticating with the AWS API. + # This is only here for examples. It's recommended you instead use + # a project like kube2iam for granting access. + #- name: AWS_ACCESS_KEY_ID + # value: KEYVALUE + + # AWS key secret for authenticating with the AWS API. + # This is only here for examples. It's recommended you instead use + # a project like kube2iam for granting access. + #- name: AWS_SECRET_ACCESS_KEY + # value: SECRETVALUE + # Repository location of the ALB Ingress Controller. + image: docker.io/amazon/aws-alb-ingress-controller:v1.1.4 + serviceAccountName: alb-ingress-controller diff --git a/guides/aws/aws-ingress.yaml b/guides/aws/aws-ingress.yaml index baf33a4a..e26a15c3 100644 --- a/guides/aws/aws-ingress.yaml +++ b/guides/aws/aws-ingress.yaml @@ -6,6 +6,7 @@ metadata: annotations: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/target-type: ip labels: app: juice-balancer-ingress spec: diff --git a/guides/aws/aws.md b/guides/aws/aws.md index e9760ffb..6168f012 100644 --- a/guides/aws/aws.md +++ b/guides/aws/aws.md @@ -1,6 +1,6 @@ # [WIP] Example Setup with AWS -**NOTE:** This Guide is still a "Work in Progress", if you got any recommendations or issues with it, please post them into the related issue: https://github.com/iteratec/multi-juicer/issues/15 +**NOTE:** This Guide is still a "Work in Progress", if you got any recommendations or issues with it, please post them into the related issue: **WARNING:** The resources created in this guide will cost about \$70.00/month. The actual price might depend on its usage, but make sure to delete the resources as described in Step 5 Deinstallation when you do not need them anymore. @@ -14,7 +14,7 @@ This example expects you to have the following cli tools setup. 4. [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-on-macos) ```sh -# First we'll need a cluster, you can create one using the DigitalOcean cli. +# First we'll need a cluster, you can create one using the eksctl cli. # This will take a couple of minutes eksctl create cluster \ --name multi-juicer \ @@ -75,11 +75,33 @@ kubectl get secrets juice-balancer-secret -o=jsonpath='{.data.adminPassword}' | ## Step 4. Add Ingress to expose the app to the world -**WARNING:** I, as a AWS Noob, haven't yet figured out how to get it working correctly. -The Guide below shows **how I thing it should work** but it doesn't. At least not for me. If you are a AWS Pro please please send me a message / open up an issue / pull request correcting this section. +First, we need to create an iam policy which gives permissions to create the load balancer. -AWS let's you create LoadBalancer by adding a new ingress config to you cluster. -To set this up follow the **To deploy the ALB Ingress Controller to an Amazon EKS cluster** guide on https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html closely. This will walk you through setting up and configuring the ingress. +```sh +#Take note of the ARN of the Policy +aws iam create-policy \ +--policy-name ALBIngressControllerIAMPolicy \ +--policy-document https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/iam-policy.json +``` + +Next, we will integrate Kubernetes with AWS, allowing the Kubernetes to provision an Application load balancer on our behalf. + +```sh +#Associate IAM OIDC Provider +wget https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/cluster-iam.yaml +eksctl utils associate-iam-oidc-provider --config-file=cluster-iam.yaml --approve + +#Create Kubernetes Service Account and bind it to Ingress Controller +kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/rbac-role.yaml + +#Create IAM Role to attach to Service Account +eksctl create iamserviceaccount --config-file=cluster-iam.yaml --approve --override-existing-serviceaccounts + +#Create Ingress Controller +wget https://raw.githubusercontent.com/iteratec/multi-juicer/master/guides/aws/alb-ingress-controller.yaml +#Edit line 15 - Place the ARN of the policy you created in the attachPolicyARNs field +kubectl apply -f alb-ingress-controller.yaml +``` After you have set that up we can now create a ingress config for our the MultiJuicer Stack. @@ -91,9 +113,8 @@ kubectl apply -f aws-ingress.yaml ## Step 5. Deinstallation -helm delete multi-juicer - ```sh +helm delete multi-juicer # helm will not delete the persistent volumes for redis! # delete them by running: kubectl delete persistentvolumeclaims redis-data-multi-juicer-redis-master-0 redis-data-multi-juicer-redis-slave-0 diff --git a/guides/aws/cluster-iam.yaml b/guides/aws/cluster-iam.yaml new file mode 100644 index 00000000..83ea5d7f --- /dev/null +++ b/guides/aws/cluster-iam.yaml @@ -0,0 +1,15 @@ +apiVersion: eksctl.io/v1alpha5 +kind: ClusterConfig + +metadata: + name: multi-juicer + region: ap-southeast-1 + +iam: + withOIDC: true + serviceAccounts: + - metadata: + name: alb-ingress-controller + namespace: kube-system + attachPolicyARNs: + - "" \ No newline at end of file From 609b61e8e48ca77274d179a0b8f21569dc022df8 Mon Sep 17 00:00:00 2001 From: Joel Teo Date: Mon, 13 Jan 2020 12:09:15 +0800 Subject: [PATCH 2/6] Made fixes to download links --- guides/aws/aws.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/guides/aws/aws.md b/guides/aws/aws.md index 6168f012..7bfb2b31 100644 --- a/guides/aws/aws.md +++ b/guides/aws/aws.md @@ -18,7 +18,7 @@ This example expects you to have the following cli tools setup. # This will take a couple of minutes eksctl create cluster \ --name multi-juicer \ ---version 1.13 \ +--version 1.14 \ --nodegroup-name standard-workers \ --node-type t3.medium \ --nodes 2 \ @@ -88,7 +88,8 @@ Next, we will integrate Kubernetes with AWS, allowing the Kubernetes to provisio ```sh #Associate IAM OIDC Provider -wget https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/cluster-iam.yaml +wget https://raw.githubusercontent.com/iteratec/multi-juicer/master/guides/aws/cluster-iam.yaml +#Edit line 15 - Place the ARN of the policy you created in the attachPolicyARNs field eksctl utils associate-iam-oidc-provider --config-file=cluster-iam.yaml --approve #Create Kubernetes Service Account and bind it to Ingress Controller @@ -99,7 +100,6 @@ eksctl create iamserviceaccount --config-file=cluster-iam.yaml --approve --overr #Create Ingress Controller wget https://raw.githubusercontent.com/iteratec/multi-juicer/master/guides/aws/alb-ingress-controller.yaml -#Edit line 15 - Place the ARN of the policy you created in the attachPolicyARNs field kubectl apply -f alb-ingress-controller.yaml ``` From bfdcdeb4d25917d71a9119b3bf2d925bf04c2e5a Mon Sep 17 00:00:00 2001 From: J12934 <13718901+J12934@users.noreply.github.com> Date: Sat, 18 Jan 2020 16:17:58 +0100 Subject: [PATCH 3/6] Add note to update the aws region in file --- guides/aws/aws.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guides/aws/aws.md b/guides/aws/aws.md index 7bfb2b31..ea2dede3 100644 --- a/guides/aws/aws.md +++ b/guides/aws/aws.md @@ -89,7 +89,7 @@ Next, we will integrate Kubernetes with AWS, allowing the Kubernetes to provisio ```sh #Associate IAM OIDC Provider wget https://raw.githubusercontent.com/iteratec/multi-juicer/master/guides/aws/cluster-iam.yaml -#Edit line 15 - Place the ARN of the policy you created in the attachPolicyARNs field +#Edit line 15 - Place the ARN of the policy you created in the attachPolicyARNs field and update your aws region in the metadata section. eksctl utils associate-iam-oidc-provider --config-file=cluster-iam.yaml --approve #Create Kubernetes Service Account and bind it to Ingress Controller From b212551fed49edd970e959cfee95a0b3558f886b Mon Sep 17 00:00:00 2001 From: J12934 <13718901+J12934@users.noreply.github.com> Date: Sat, 18 Jan 2020 16:20:02 +0100 Subject: [PATCH 4/6] Apply yamls directly --- guides/aws/aws.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/guides/aws/aws.md b/guides/aws/aws.md index ea2dede3..e9f53f1a 100644 --- a/guides/aws/aws.md +++ b/guides/aws/aws.md @@ -99,16 +99,14 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingre eksctl create iamserviceaccount --config-file=cluster-iam.yaml --approve --override-existing-serviceaccounts #Create Ingress Controller -wget https://raw.githubusercontent.com/iteratec/multi-juicer/master/guides/aws/alb-ingress-controller.yaml -kubectl apply -f alb-ingress-controller.yaml +kubectl apply -f https://raw.githubusercontent.com/iteratec/multi-juicer/master/guides/aws/alb-ingress-controller.yaml ``` After you have set that up we can now create a ingress config for our the MultiJuicer Stack. ```sh # create the ingress for the JuiceBalancer service -wget https://raw.githubusercontent.com/iteratec/multi-juicer/master/guides/aws/aws-ingress.yaml -kubectl apply -f aws-ingress.yaml +kubectl apply -f https://raw.githubusercontent.com/iteratec/multi-juicer/master/guides/aws/aws-ingress.yaml ``` ## Step 5. Deinstallation From 77e889ebe8f94fc6cfe9045732d68a4dd3db3e0a Mon Sep 17 00:00:00 2001 From: J12934 <13718901+J12934@users.noreply.github.com> Date: Sat, 18 Jan 2020 16:28:15 +0100 Subject: [PATCH 5/6] Update deletetion section to match creation section --- guides/aws/aws.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/guides/aws/aws.md b/guides/aws/aws.md index e9f53f1a..0f820629 100644 --- a/guides/aws/aws.md +++ b/guides/aws/aws.md @@ -117,8 +117,9 @@ helm delete multi-juicer # delete them by running: kubectl delete persistentvolumeclaims redis-data-multi-juicer-redis-master-0 redis-data-multi-juicer-redis-slave-0 -# Delete the loadbalancer -kubectl delete -f aws-ingress.yaml +# Delete the ingress setup +kubectl delete -f https://raw.githubusercontent.com/iteratec/multi-juicer/master/guides/aws/aws-ingress.yaml +kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/rbac-role.yaml # Delete the kubernetes cluster eksctl delete cluster multi-juicer From d31712220b161fc013298fa2e213976854972bce Mon Sep 17 00:00:00 2001 From: J12934 <13718901+J12934@users.noreply.github.com> Date: Sat, 18 Jan 2020 16:29:53 +0100 Subject: [PATCH 6/6] Promote AWS Guide to the "stable" guides --- guides/aws/aws.md | 4 +--- readme.md | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/guides/aws/aws.md b/guides/aws/aws.md index 0f820629..334f9862 100644 --- a/guides/aws/aws.md +++ b/guides/aws/aws.md @@ -1,6 +1,4 @@ -# [WIP] Example Setup with AWS - -**NOTE:** This Guide is still a "Work in Progress", if you got any recommendations or issues with it, please post them into the related issue: +# Example Setup with AWS **WARNING:** The resources created in this guide will cost about \$70.00/month. The actual price might depend on its usage, but make sure to delete the resources as described in Step 5 Deinstallation when you do not need them anymore. diff --git a/readme.md b/readme.md index e93b4e26..d40cd97e 100644 --- a/readme.md +++ b/readme.md @@ -41,8 +41,8 @@ Generally MultiJuicer runs on pretty much any kubernetes cluster, but to make it - [Digital Ocean](./guides/digital-ocean/digital-ocean.md) - [OpenShift](./guides/openshift/openshift.md) +- [Azure](./guides/azure/azure.md) - [\[WIP\] AWS](./guides/aws/aws.md) -- [\[WIP\] Azure](./guides/azure/azure.md) ### Customizing the Setup