Added AWS Guide

guides/aws/alb-ingress-controller.yaml

@@ -0,0 +1,70 @@
+# Application Load Balancer (ALB) Ingress Controller Deployment Manifest.
+# This manifest details sensible defaults for deploying an ALB Ingress Controller.
+# GitHub: https://github.com/kubernetes-sigs/aws-alb-ingress-controller
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: alb-ingress-controller
+  name: alb-ingress-controller
+  # Namespace the ALB Ingress Controller should run in. Does not impact which
+  # namespaces it's able to resolve ingress resource for. For limiting ingress
+  # namespace scope, see --watch-namespace.
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: alb-ingress-controller
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: alb-ingress-controller
+    spec:
+      containers:
+        - name: alb-ingress-controller
+          args:
+            # Limit the namespace where this ALB Ingress Controller deployment will
+            # resolve ingress resources. If left commented, all namespaces are used.
+            # - --watch-namespace=your-k8s-namespace
+
+            # Setting the ingress-class flag below ensures that only ingress resources with the
+            # annotation kubernetes.io/ingress.class: "alb" are respected by the controller. You may
+            # choose any class you'd like for this controller to respect.
+            - --ingress-class=alb
+            - --cluster-name=multi-juicer
+            # REQUIRED
+            # Name of your cluster. Used when naming resources created
+            # by the ALB Ingress Controller, providing distinction between
+            # clusters.
+            # - --cluster-name=devCluster
+
+            # AWS VPC ID this ingress controller will use to create AWS resources.
+            # If unspecified, it will be discovered from ec2metadata.
+            # - --aws-vpc-id=vpc-xxxxxx
+
+            # AWS region this ingress controller will operate in.
+            # If unspecified, it will be discovered from ec2metadata.
+            # List of regions: http://docs.aws.amazon.com/general/latest/gr/rande.html#vpc_region
+            # - --aws-region=us-west-1
+
+            # Enables logging on all outbound requests sent to the AWS API.
+            # If logging is desired, set to true.
+            # - --aws-api-debug
+            # Maximum number of times to retry the aws calls.
+            # defaults to 10.
+            # - --aws-max-retries=10
+          # env:
+            # AWS key id for authenticating with the AWS API.
+            # This is only here for examples. It's recommended you instead use
+            # a project like kube2iam for granting access.
+            #- name: AWS_ACCESS_KEY_ID
+            #  value: KEYVALUE
+
+            # AWS key secret for authenticating with the AWS API.
+            # This is only here for examples. It's recommended you instead use
+            # a project like kube2iam for granting access.
+            #- name: AWS_SECRET_ACCESS_KEY
+            #  value: SECRETVALUE
+          # Repository location of the ALB Ingress Controller.
+          image: docker.io/amazon/aws-alb-ingress-controller:v1.1.4
+      serviceAccountName: alb-ingress-controller

guides/aws/aws-ingress.yaml

@@ -6,6 +6,7 @@ metadata:
   annotations:
     kubernetes.io/ingress.class: alb
     alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: ip
   labels:
     app: juice-balancer-ingress
 spec:

guides/aws/aws.md

@@ -1,6 +1,6 @@
 # [WIP] Example Setup with AWS
 
-**NOTE:** This Guide is still a "Work in Progress", if you got any recommendations or issues with it, please post them into the related issue: https://github.com/iteratec/multi-juicer/issues/15
+**NOTE:** This Guide is still a "Work in Progress", if you got any recommendations or issues with it, please post them into the related issue: <https://github.com/iteratec/multi-juicer/issues/15>
 
 **WARNING:** The resources created in this guide will cost about \$70.00/month. The actual price might depend on its usage, but make sure to delete the resources as described in Step 5 Deinstallation when you do not need them anymore.
 
@@ -14,7 +14,7 @@ This example expects you to have the following cli tools setup.
 4. [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-on-macos)
 
 ```sh
-# First we'll need a cluster, you can create one using the DigitalOcean cli.
+# First we'll need a cluster, you can create one using the eksctl cli.
 # This will take a couple of minutes
 eksctl create cluster \
 --name multi-juicer \
@@ -75,11 +75,33 @@ kubectl get secrets juice-balancer-secret -o=jsonpath='{.data.adminPassword}' |
 
 ## Step 4. Add Ingress to expose the app to the world
 
-**WARNING:** I, as a AWS Noob, haven't yet figured out how to get it working correctly.
-The Guide below shows **how I thing it should work** but it doesn't. At least not for me. If you are a AWS Pro please please send me a message / open up an issue / pull request correcting this section.
+First, we need to create an iam policy which gives permissions to create the load balancer.
 
-AWS let's you create LoadBalancer by adding a new ingress config to you cluster.
-To set this up follow the **To deploy the ALB Ingress Controller to an Amazon EKS cluster** guide on https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html closely. This will walk you through setting up and configuring the ingress.
+```sh
+#Take note of the ARN of the Policy
+aws iam create-policy \
+--policy-name ALBIngressControllerIAMPolicy \
+--policy-document https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/iam-policy.json
+```
+
+Next, we will integrate Kubernetes with AWS, allowing the Kubernetes to provision an Application load balancer on our behalf.
+
+```sh
+#Associate IAM OIDC Provider
+wget https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/cluster-iam.yaml
+eksctl utils associate-iam-oidc-provider --config-file=cluster-iam.yaml --approve
+
+#Create Kubernetes Service Account and bind it to Ingress Controller
+kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/rbac-role.yaml
+
+#Create IAM Role to attach to Service Account
+eksctl create iamserviceaccount --config-file=cluster-iam.yaml --approve --override-existing-serviceaccounts
+
+#Create Ingress Controller
+wget https://raw.githubusercontent.com/iteratec/multi-juicer/master/guides/aws/alb-ingress-controller.yaml
+#Edit line 15 - Place the ARN of the policy you created in the attachPolicyARNs field
+kubectl apply -f alb-ingress-controller.yaml
+```
 
 After you have set that up we can now create a ingress config for our the MultiJuicer Stack.
 
@@ -91,9 +113,8 @@ kubectl apply -f aws-ingress.yaml
 
 ## Step 5. Deinstallation
 
-helm delete multi-juicer
-
 ```sh
+helm delete multi-juicer
 # helm will not delete the persistent volumes for redis!
 # delete them by running:
 kubectl delete persistentvolumeclaims redis-data-multi-juicer-redis-master-0 redis-data-multi-juicer-redis-slave-0

guides/aws/cluster-iam.yaml

@@ -0,0 +1,15 @@
+apiVersion: eksctl.io/v1alpha5
+kind: ClusterConfig
+
+metadata:
+    name: multi-juicer
+    region: ap-southeast-1
+
+iam:
+    withOIDC: true
+    serviceAccounts:
+    - metadata:
+        name: alb-ingress-controller
+        namespace: kube-system
+      attachPolicyARNs:
+      - ""