fgreg commented on a change in pull request #91: SDAP-221: Add Helm
configuration value to enable/disable nginx-ingress subchart installation
URL:
https://github.com/apache/incubator-sdap-nexus/pull/91#discussion_r385327561
##########
File path: ingress-setup.md
##########
@@ -0,0 +1,117 @@
+# AWS ELB and ingress controller setup (for system admins)
+
+## 0. Prerequisites
+1. `aws-login-pub.py` script is installed, and you are authenticated in a
master role
+2. SSL cert created
+3. ELB security group created
+
+## 1. Make sure Helm is installed
+Check if whether Helm is installed by running `helm version`. The response
should look something like this:
+```
+version.BuildInfo{Version:"v3.1.1",
GitCommit:"afe70585407b420d0097d07b21c47dc511525ac8", GitTreeState:"clean",
GoVersion:"go1.13.8"}
+```
+If this is not the case, follow the guide for installing Helm on EKS:
https://eksworkshop.com/beginner/060_helm/helm_intro/install.
+
+## 2. Create the ingress namespace and the Nexus namespace
+You will need to create two namespaces: one for the ELB and ingress
controller, and one for Nexus. The ingress namespace should follow the format
`ingress-<environment>`, e.g. `ingress-sit` for the SIT environment. Similarly,
the Nexus namespace should follow `nexus-<environment>`, e.g. `nexus-sit`.
+Run the following to create the two namespaces, substituting `<environment>`
for the appropriate value:
+
+```
+export ENV=<environment>
+kubectl create namespace ingress-$ENV
+kubectl create namespace nexus-$ENV
+```
+## 3. Create the configuration file for the nginx-ingress Helm chart
+
+Before installing the `nginx-ingress` Helm chart, you will need to create a
yaml file with the desired configuration values for the ELB and the ingress
controller. Find the ARN of the desired SSL certificate to use for the ELB, and
the ID of the load balancer security group you want to use, and run the
following:
+```
+export ARN=<arn>
+export SG=<security group ID>
+```
+`<arn>` and `<security group ID>` should be replaced by the appropriate
values, e.g.
`arn:aws:acm:us-west-2:012345678912:certificate/2a67b6b9-eb8d-48e8-a88b-297b1a32f343`
and `sg-037d227ba1e23eb43`, respectively.
+
+Now, create the yaml config file by running:
+```
+cat <<EOF > ingress-$ENV.yaml
+defaultBackend:
+ enabled: false
+controller:
+ scope:
+ enabled: true
+ namespace: nexus-$ENV
+ kind: DaemonSet
+ service:
+ # Include this if you want to restrict access to the load balancer
+ loadBalancerSourceRanges:
+ - 137.78.0.0/16
Review comment:
These address block ranges should not be checked in to github. Describe what
they are for instead.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
