Merge pull request cloudforet-io#28 from whdalsrnt/master

Update README and Examples

README.md

@@ -5,7 +5,7 @@ A Helm Chart for Cloudforet `1.11.5`.
 - Kubernetes 1.21+
 - Helm 3.2.0+
 - Service Domain & SSL Certificate (optional)
-  - Console: `*.console.example.com`
+  - Console: `console.example.com`
   - REST API: `*.api.example.com`
   - gRPC API: `*.grpc.example.com`
   - Webhook: `webhook.example.com`

docs/ingress/aws.md

@@ -5,39 +5,50 @@ If you want to learn more about the **_Pod IP based Load Balancing_**, please re
 - Traffic Modes in [Application load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) 
 
 ## Configuration
+[Kubernetes Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) is a resource that manages external access to the services in a cluster, typically HTTP.
+
 You can create the ingress using the following steps.
 
-### 1) Install ALB Ingress Controller and External DNS  
+### 1) Create Hosted Zone in Route53
+First, you need to purchase the service domain. (e.g. `example.com`)
+
+After that, [create a public hosted zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingHostedZone.html) in Route53 and delegate the nameserver from the provider to Route53.
+
+### 2) Install ALB Ingress Controller and External DNS
+The ALB Ingress Controller and External DNS are required to automatically create DNS records and ALB through the `kubernetes ingress`.
+
 - [ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/)
 - [External DNS](https://github.com/kubernetes-sigs/external-dns)
-
-### 2) Create Route53 Hosted Zone
-- [Creating a Public Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingHostedZone.html)
 
-> Before creating the hosted zone, you need to purchase a domain and delegate nameserver from the provider to Route53. 
+### 3) Create Certificate in AWS Certificate Manager
+You need to create a public certificate for the ALB to use HTTPS.
 
-### 3) Create ACM Certificate
-- [Request a public certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html)
-
-When creating a certificate, you need to add the following FQDN.
-- `*.console.example.com`
+[Request a public certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html) and add the following FQDN.
+- `console.example.com`
 - `*.api.example.com`
-- `*.grpc.example.com`
-- `webhook.example.com`
+- `*.grpc.example.com` (optional)
+- `webhook.example.com` (optional)
+
+> When creating a certificate, you need to copy the certificate ARN and use it when creating the ingress.
 
 ### 4) Create Ingress
+First, you need to download all the ingress files and replace the `certificate-arn` and `hostname` with your own.
+
 - Console: [console_ingress.yaml](../../examples/ingress/aws/console_ingress.yaml)
 - REST API: [rest_api_ingress.yaml](../../examples/ingress/aws/rest_api_ingress.yaml)
 - gRPC API: [grpc_api_ingress.yaml](../../examples/ingress/aws/grpc_api_ingress.yaml)
 - Monitoring Webhook: [monitoring_webhook_ingress.yaml](../../examples/ingress/aws/monitoring_webhook_ingress.yaml)
 
+And then, apply the ingress files.
 ```bash
 kubectl apply -f console_ingress.yaml -n spaceone
 kubectl apply -f console_api_ingress.yaml -n spaceone
 kubectl apply -f grpc_api_ingress.yaml -n spaceone
-kubectl apply -f monitoring_webhook_ingress.yaml -n spaceone  // If you want to enable monitoring webhook, apply this.
+kubectl apply -f monitoring_webhook_ingress.yaml -n spaceone
 ```
 
+> `gRPC API` and `Monitoring Webhook` are optional. If you don't need it, you don't need to apply it.
+
 ### 5) Connect to the Console
 You can access the console using the following URL.
-- https://spaceone.console.example.com
+- https://console.example.com

docs/ingress/on_premise.md

@@ -2,17 +2,20 @@
 ![On-premise Architecture](../images/on_premise_architecture.png)
 
 ## Configuration
+[Kubernetes Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) is a resource that manages external access to the services in a cluster, typically HTTP.
+
 You can create the ingress using the following steps.
 
-### 1) Install Nginx Ingress Controller  
+### 1) Install Nginx Ingress Controller
+Nginx Ingress Controller is required to automatically create the load balancer through the `kubernetes ingress`.
 - [Nginx Ingress Controller](https://kubernetes.github.io/ingress-nginx/deploy/)
 
 ### 2) Prepare Certificates and Create Secret
 First, you need to prepare the certificate for the following FQDN.
-- `*.console.example.com`
+- `console.example.com`
 - `*.api.example.com`
-- `*.grpc.example.com`
-- `webhook.example.com`
+- `*.grpc.example.com` (optional)
+- `webhook.example.com` (optional)
 
 After that, download the [certificate_secret.yaml](../../examples/ingress/on_premise/certificate_secret.yaml) and replace the certificate and key with your own.
 
@@ -21,18 +24,22 @@ kubectl apply -f certificate_secret.yaml -n spaceone
 ```
 
 ### 3) Create Ingress
-- Console: [console_ingress.yaml](../../examples/ingress/aws/console_ingress.yaml)
-- REST API: [rest_api_ingress.yaml](../../examples/ingress/aws/rest_api_ingress.yaml)
-- gRPC API: [grpc_api_ingress.yaml](../../examples/ingress/aws/grpc_api_ingress.yaml)
-- Monitoring Webhook: [monitoring_webhook_ingress.yaml](../../examples/ingress/aws/monitoring_webhook_ingress.yaml)
+First, you need to download all the ingress files and replace the `hostname` with your own.
+
+- Console: [console_ingress.yaml](../../examples/ingress/on_premise/console_ingress.yaml)
+- REST API: [rest_api_ingress.yaml](../../examples/ingress/on_premise/rest_api_ingress.yaml)
+- gRPC API: [grpc_api_ingress.yaml](../../examples/ingress/on_premise/grpc_api_ingress.yaml)
+- Monitoring Webhook: [monitoring_webhook_ingress.yaml](../../examples/ingress/on_premise/monitoring_webhook_ingress.yaml)
 
 ```bash
 kubectl apply -f console_ingress.yaml -n spaceone
 kubectl apply -f console_api_ingress.yaml -n spaceone
 kubectl apply -f grpc_api_ingress.yaml -n spaceone
-kubectl apply -f monitoring_webhook_ingress.yaml -n spaceone  // If you want to enable monitoring webhook, apply this.
+kubectl apply -f monitoring_webhook_ingress.yaml -n spaceone
 ```
 
+> `gRPC API` and `Monitoring Webhook` are optional. If you don't need it, you don't need to apply it.
+
 ### 4) Connect to the Console
 You can access the console using the following URL.
-- https://spaceone.console.example.com
+- https://console.example.com

examples/ingress/aws/console_ingress.yaml

@@ -15,7 +15,7 @@ metadata:
     alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:..."  # Change the certificate-arn
     alb.ingress.kubernetes.io/success-codes: 200-399
     alb.ingress.kubernetes.io/load-balancer-name: spaceone-console-ingress
-    external-dns.alpha.kubernetes.io/hostname: "*.console.example.com"  # Change the domain
+    external-dns.alpha.kubernetes.io/hostname: "console.example.com"  # Change the hostname
 spec:
   ingressClassName: alb
   rules:
@@ -29,7 +29,7 @@ spec:
                 port:
                   name: use-annotation
 
-    - host: "*.console.example.com"  # Change the domain
+    - host: "console.example.com"  # Change the hostname
       http:
         paths:
           - path: /*

examples/ingress/aws/grpc_api_ingress.yaml

@@ -15,11 +15,11 @@ metadata:
     alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
     alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:..."  # Change the certificate-arn
     alb.ingress.kubernetes.io/load-balancer-name: spaceone-grpc-ingress
-    external-dns.alpha.kubernetes.io/hostname: "*.grpc.example.com"  # Change the domain
+    external-dns.alpha.kubernetes.io/hostname: "*.grpc.example.com"  # Change the hostname
 spec:
   ingressClassName: alb
   rules:
-  - host: identity.grpc.example.com  # Change the domain
+  - host: identity.grpc.example.com  # Change the hostname
     http:
       paths:
         - backend:
@@ -36,7 +36,7 @@ spec:
                 number: 50051
           path: /*
           pathType: ImplementationSpecific
-  - host: inventory.grpc.example.com  # Change the domain
+  - host: inventory.grpc.example.com  # Change the hostname
     http:
       paths:
         - backend:
@@ -53,7 +53,7 @@ spec:
                 number: 50051
           path: /*
           pathType: ImplementationSpecific
-  - host: repository.grpc.example.com  # Change the domain
+  - host: repository.grpc.example.com  # Change the hostname
     http:
       paths:
         - backend:
@@ -70,7 +70,7 @@ spec:
                 number: 50051
           path: /*
           pathType: ImplementationSpecific
-  - host: monitoring.grpc.example.com  # Change the domain
+  - host: monitoring.grpc.example.com  # Change the hostname
     http:
       paths:
         - backend:
@@ -87,7 +87,7 @@ spec:
                 number: 50051
           path: /*
           pathType: ImplementationSpecific
-  - host: config.grpc.example.com  # Change the domain
+  - host: config.grpc.example.com  # Change the hostname
     http:
       paths:
         - backend:
@@ -104,7 +104,7 @@ spec:
                 number: 50051
           path: /*
           pathType: ImplementationSpecific
-  - host: plugin.grpc.example.com  # Change the domain
+  - host: plugin.grpc.example.com  # Change the hostname
     http:
       paths:
         - backend:
@@ -121,7 +121,7 @@ spec:
                 number: 50051
           path: /*
           pathType: ImplementationSpecific
-  - host: statistics.grpc.example.com  # Change the domain
+  - host: statistics.grpc.example.com  # Change the hostname
     http:
       paths:
         - backend:
@@ -138,7 +138,7 @@ spec:
                 number: 50051
           path: /*
           pathType: ImplementationSpecific
-  - host: notification.grpc.example.com  # Change the domain
+  - host: notification.grpc.example.com  # Change the hostname
     http:
       paths:
         - backend:
@@ -155,7 +155,7 @@ spec:
                 number: 50051
           path: /*
           pathType: ImplementationSpecific
-  - host: cost-analysis.grpc.example.com  # Change the domain
+  - host: cost-analysis.grpc.example.com  # Change the hostname
     http:
       paths:
         - backend:
@@ -172,7 +172,7 @@ spec:
                 number: 50051
           path: /*
           pathType: ImplementationSpecific
-  - host: board.grpc.example.com  # Change the domain
+  - host: board.grpc.example.com  # Change the hostname
     http:
       paths:
         - backend:
@@ -189,7 +189,7 @@ spec:
                 number: 50051
           path: /*
           pathType: ImplementationSpecific
-  - host: dashboard.grpc.example.com  # Change the domain
+  - host: dashboard.grpc.example.com  # Change the hostname
     http:
       paths:
         - backend:

examples/ingress/aws/monitoring_webhook_ingress.yaml

@@ -14,7 +14,7 @@ metadata:
     alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:..."  # Change the certificate-arn
     alb.ingress.kubernetes.io/success-codes: 200-399
     alb.ingress.kubernetes.io/load-balancer-name: spaceone-monitoring-webhook-ingress
-    external-dns.alpha.kubernetes.io/hostname: "webhook.example.com"  # Change the domain
+    external-dns.alpha.kubernetes.io/hostname: "webhook.example.com"  # Change the hostname
 spec:
   ingressClassName: alb
   rules:
@@ -28,7 +28,7 @@ spec:
                 port:
                   name: use-annotation
 
-    - host: "webhook.example.com"  # Change the domain
+    - host: "webhook.example.com"  # Change the hostname
       http:
         paths:
           - path: /*

examples/ingress/aws/rest_api_ingress.yaml

@@ -15,7 +15,7 @@ metadata:
     alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:..."  # Change the certificate-arn
     alb.ingress.kubernetes.io/success-codes: 200-399
     alb.ingress.kubernetes.io/load-balancer-name: spaceone-console-api-ingress
-    external-dns.alpha.kubernetes.io/hostname: "console.api.example.com"  # Change the domain
+    external-dns.alpha.kubernetes.io/hostname: "console.api.example.com"  # Change the hostname
 spec:
   ingressClassName: alb
   rules:
@@ -29,7 +29,7 @@ spec:
                 port:
                   name: use-annotation
 
-    - host: "console.api.example.com"  # Change the domain
+    - host: "console.api.example.com"  # Change the hostname
       http:
         paths:
           - path: /*
@@ -56,7 +56,7 @@ metadata:
     alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:..."  # Change the certificate-arn
     alb.ingress.kubernetes.io/success-codes: 200-399
     alb.ingress.kubernetes.io/load-balancer-name: spaceone-console-api-v2-ingress
-    external-dns.alpha.kubernetes.io/hostname: "console-v2.api.example.com"  # Change the domain
+    external-dns.alpha.kubernetes.io/hostname: "console-v2.api.example.com"  # Change the hostname
 spec:
   ingressClassName: alb
   rules:
@@ -70,8 +70,7 @@ spec:
                 port:
                   name: use-annotation
 
-
-    - host: "console-v2.api.example.com"  # Change the domain
+    - host: "console-v2.api.example.com"  # Change the hostname
       http:
         paths:
           - path: /*

examples/ingress/on_premise/console_ingress.yaml

@@ -8,10 +8,10 @@ spec:
   ingressClassName: nginx
   tls:
     - hosts:
-        - "*.console.example.com"  # Change the domain
+        - "console.example.com"  # Change the hostname
       secretName: spaceone-tls
   rules:
-    - host: "*.console.example.com"  # Change the domain
+    - host: "console.example.com"  # Change the hostname
       http:
         paths:
           - path: /