Merge pull request #13 from Dohbedoh/DOCS-1199

[DOCS-1199] Add examples for EKS ingress
cloudbees · Dec 2, 2019 · 16424c4 · 16424c4
2 parents 48fe7da + 30eac94
commit 16424c4
Show file tree

Hide file tree

Showing 4 changed files with 137 additions and 0 deletions.
diff --git a/helm-custom-value-file-examples/eks-elb-l4-example.yaml b/helm-custom-value-file-examples/eks-elb-l4-example.yaml
@@ -0,0 +1,28 @@
+# A helm example values file for an AWS install with nginx-ingress controller and ELB layer 4
+# Install an nginx-ingress controller 
+nginx-ingress:
+  Enabled: true
+  rbac:
+    create: true
+  controller:
+    ingressClass: "nginx"
+    config:
+      use-proxy-protocol: "true"
+    service:
+      targetPorts:
+        http: http
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
+        service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
+        # Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
+        # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
+        # increased to '3600' to avoid any potential issues.
+        service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
+      externalTrafficPolicy: "Local"
+OperationsCenter:
+  # Set the platform to aws, so that ELBs are created
+  platform: 'aws'
+  # Set the HostName for the Operation Center
+  HostName: 'cloudbees-core.example.com'
+  # Setting ServiceType to ClusterIP creates ingress
+  ServiceType: ClusterIP
diff --git a/helm-custom-value-file-examples/eks-elb-l4-tls-and-external-example.yaml b/helm-custom-value-file-examples/eks-elb-l4-tls-and-external-example.yaml
@@ -0,0 +1,47 @@
+# A helm example values file for an AWS install with nginx-ingress controller, TLS termination at ELB layer 4 and JNLP external communication enabled.
+# Install an nginx-ingress controller 
+nginx-ingress:
+  Enabled: true
+  rbac:
+    create: true
+  controller:
+    ingressClass: "nginx"
+    config:
+      use-proxy-protocol: "true"
+      http-snippet: |
+        map '' $pass_access_scheme {
+            default          https;
+        }
+        map '' $pass_port {
+            default          443;
+        }
+        server {
+          listen 8080 proxy_protocol;
+          return 301 https://$host$request_uri;
+        }
+    service:
+      targetPorts:
+        # 8080 used for redirection
+        http: 8080
+        https: http
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
+        service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
+        # The ARN reference 'arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX' must be replaced by the actual ARN of the
+        # ACM certificate used to do the TLS termination.
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: "ELBSecurityPolicy-TLS-1-2-2017-01"
+        # Increase the connection idle timeout for external communication (should be greater than the Ping Thread)
+        service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
+      externalTrafficPolicy: "Local"
+  # Allow external communication to the Operations Center through JNLP
+  tcp:
+    50000: "{{ .Release.Namespace }}/cjoc:50000:PROXY"
+OperationsCenter:
+  # Set the platform to aws, so that ELBs are created
+  platform: 'aws'
+  # Set the HostName for the Operation Center
+  HostName: 'cloudbees-core.example.com'
+  # Setting ServiceType to ClusterIP creates ingress
+  ServiceType: ClusterIP
diff --git a/helm-custom-value-file-examples/eks-elb-l7-example.yaml b/helm-custom-value-file-examples/eks-elb-l7-example.yaml
@@ -0,0 +1,28 @@
+# A helm example values file for an AWS install with nginx-ingress controller and ELB layer 7
+# Install an nginx-ingress controller 
+nginx-ingress:
+  Enabled: true
+  rbac:
+    create: true
+  controller:
+    ingressClass: "nginx"
+    config:
+      use-proxy-protocol: "false"
+      use-forwarded-headers: "true"
+      proxy-real-ip-cidr: "0.0.0.0/0" # restrict this to the IP addresses of ELB (or VPC / subnet CIDR)
+    service:
+      targetPorts:
+        http: http
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
+        # Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
+        # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
+        # increased to '3600' to avoid any potential issues.
+        service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
+OperationsCenter:
+  # Set the platform to aws, so that ELBs are created
+  platform: 'aws'
+  # Set the HostName for the Operation Center
+  HostName: 'cloudbees-core.example.com'
+  # Setting ServiceType to ClusterIP creates ingress
+  ServiceType: ClusterIP
diff --git a/helm-custom-value-file-examples/eks-elb-l7-tls-example.yaml b/helm-custom-value-file-examples/eks-elb-l7-tls-example.yaml
@@ -0,0 +1,34 @@
+# A helm example values file for an AWS install with nginx-ingress controller, TLS termination at ELB layer 7 and JNLP external communication enabled.
+# Install an nginx-ingress controller 
+nginx-ingress:
+  Enabled: true
+  rbac:
+    create: true
+  controller:
+    ingressClass: "nginx"
+    config:
+      use-proxy-protocol: "false"
+      use-forwarded-headers: "true"
+      proxy-real-ip-cidr: "0.0.0.0/0" # restrict this to the IP addresses of ELB (or VPC / subnet CIDR)
+    service:
+      targetPorts:
+        http: http
+        https: http
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
+        # The ARN reference 'arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX' must be replaced by the actual ARN of the
+        # ACM certificate used to do the TLS termination.
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: "ELBSecurityPolicy-TLS-1-2-2017-01"
+OperationsCenter:
+  # Set the platform to aws, so that ELBs are created
+  platform: 'aws'
+  # Set the HostName for the Operation Center
+  HostName: 'cloudbees-core.example.com'
+  # Setting ServiceType to ClusterIP creates ingress
+  ServiceType: ClusterIP
+  # Set Ingress annotation for redirection
+  Ingress:
+    Annotations:
+      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"