[GitHub] [incubator-sdap-nexus] fgreg commented on a change in pull request #91: SDAP-221: Add Helm configuration value to enable/disable nginx-ingress subchart installation

Thu, 27 Feb 2020 12:25:21 -0800 

fgreg commented on a change in pull request #91: SDAP-221: Add Helm 
configuration value to enable/disable nginx-ingress subchart installation
URL: 
https://github.com/apache/incubator-sdap-nexus/pull/91#discussion_r385327561
 
 

 ##########
 File path: ingress-setup.md
 ##########
 @@ -0,0 +1,117 @@
+# AWS ELB and ingress controller setup (for system admins)
+
+## 0. Prerequisites
+1. `aws-login-pub.py` script is installed, and you are authenticated in a 
master role
+2. SSL cert created
+3. ELB security group created
+
+## 1. Make sure Helm is installed
+Check if whether Helm is installed by running `helm version`. The response 
should look something like this:
+```
+version.BuildInfo{Version:"v3.1.1", 
GitCommit:"afe70585407b420d0097d07b21c47dc511525ac8", GitTreeState:"clean", 
GoVersion:"go1.13.8"}
+```
+If this is not the case, follow the guide for installing Helm on EKS: 
https://eksworkshop.com/beginner/060_helm/helm_intro/install. 
+
+## 2. Create the ingress namespace and the Nexus namespace
+You will need to create two namespaces: one for the ELB and ingress 
controller, and one for Nexus. The ingress namespace should follow the format 
`ingress-<environment>`, e.g. `ingress-sit` for the SIT environment. Similarly, 
the Nexus namespace should follow `nexus-<environment>`, e.g. `nexus-sit`. 
+Run the following to create the two namespaces, substituting `<environment>` 
for the appropriate value:
+
+```
+export ENV=<environment>
+kubectl create namespace ingress-$ENV
+kubectl create namespace nexus-$ENV
+```
+## 3. Create the configuration file for the nginx-ingress Helm chart
+
+Before installing the `nginx-ingress` Helm chart, you will need to create a 
yaml file with the desired configuration values for the ELB and the ingress 
controller. Find the ARN of the desired SSL certificate to use for the ELB, and 
the ID of the load balancer security group you want to use, and run the 
following: 
+```
+export ARN=<arn>
+export SG=<security group ID>
+```
+`<arn>` and `<security group ID>` should be replaced by the appropriate 
values, e.g. 
`arn:aws:acm:us-west-2:012345678912:certificate/2a67b6b9-eb8d-48e8-a88b-297b1a32f343`
 and `sg-037d227ba1e23eb43`, respectively.
+
+Now, create the yaml config file by running:
+```
+cat <<EOF > ingress-$ENV.yaml
+defaultBackend:
+  enabled: false
+controller:
+  scope:
+    enabled: true
+    namespace: nexus-$ENV 
+  kind: DaemonSet
+  service:
+    # Include this if you want to restrict access to the load balancer
+    loadBalancerSourceRanges:
+      - 137.78.0.0/16
 
 Review comment:
   These address block ranges should not be checked in to github. Describe what 
they are for instead.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to