From 0b57547fddfab866331ee3b38651c2a0d29bd042 Mon Sep 17 00:00:00 2001 From: Rares Matei Date: Tue, 23 Apr 2024 15:17:05 +0100 Subject: [PATCH 1/3] add aws policy tag suggestion --- aws-guide/AWS-GUIDE.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/aws-guide/AWS-GUIDE.md b/aws-guide/AWS-GUIDE.md index cfca37d..098aac6 100644 --- a/aws-guide/AWS-GUIDE.md +++ b/aws-guide/AWS-GUIDE.md @@ -253,4 +253,6 @@ eksctl create iamserviceaccount \ - If that doesn't work, try changing the [`alb.ingress.kubernetes.io/target-type`](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/#traffic-routing) to `ip` 2. If you experience S3 permissions issues when trying to retrieve an artefact with the NxCloud runner: - 3. If your bucket is encrypted, you need to add the `kms:GenerateDataKey` to the S3 access policy \ No newline at end of file + 3. If your bucket is encrypted, you need to add the `kms:GenerateDataKey` to the S3 access policy + +3. If you don't see a Load Balancer EC2 instance being created, you might need crated in step 3.1. above [like this](https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/3399#issuecomment-1733186035) \ No newline at end of file From 122f85e63407bcfb79b266aab5471ff18740ea7f Mon Sep 17 00:00:00 2001 From: Rares Matei Date: Tue, 23 Apr 2024 19:49:57 +0100 Subject: [PATCH 2/3] add new aws annotations --- aws-guide/helm-values.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/aws-guide/helm-values.yml b/aws-guide/helm-values.yml index b17011b..ed66a0e 100644 --- a/aws-guide/helm-values.yml +++ b/aws-guide/helm-values.yml @@ -4,10 +4,11 @@ image: nxCloudAppURL: 'https://your-domain-nx-cloud.com' # <-- if you are using HTTPS and you know your domain name, change this value now. Otherwise, we'll configure it later below. ingress: - class: 'alb' - albScheme: 'internet-facing' - albListenPorts: '[{"HTTPS":443}]' # this can also be "HTTP":80 if you skipped the certificate part above - albCertificateArn: 'arn:aws:acm:us-east-1:411686525067:certificate/8adf7812-a1af-4eae-af1b-ea425a238a67' # your certificate ARN here which you copied above. Remove this option if you only want HTTP. + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:411686525067:certificate/8adf7812-a1af-4eae-af1b-ea425a238a67 + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443, "HTTP": 80}]' # this can also be "HTTP":80 if you skipped the certificate part above + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/target-type: ip secret: name: 'nx-cloud-k8s-secret' From a32d9ba5527251f7702db11f4cf66b1d1f299086 Mon Sep 17 00:00:00 2001 From: Rares Matei Date: Wed, 24 Apr 2024 11:24:14 +0100 Subject: [PATCH 3/3] mention possibility to use nodeport services --- aws-guide/AWS-GUIDE.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/aws-guide/AWS-GUIDE.md b/aws-guide/AWS-GUIDE.md index 098aac6..ce5f560 100644 --- a/aws-guide/AWS-GUIDE.md +++ b/aws-guide/AWS-GUIDE.md @@ -255,4 +255,5 @@ eksctl create iamserviceaccount \ 2. If you experience S3 permissions issues when trying to retrieve an artefact with the NxCloud runner: 3. If your bucket is encrypted, you need to add the `kms:GenerateDataKey` to the S3 access policy -3. If you don't see a Load Balancer EC2 instance being created, you might need crated in step 3.1. above [like this](https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/3399#issuecomment-1733186035) \ No newline at end of file +3. If you don't see a Load Balancer EC2 instance being created, you might need crated in step 3.1. above [like this](https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/3399#issuecomment-1733186035) + - You can also try setting your [frontend service type to be NodePort](https://github.com/nrwl/nx-cloud-helm/blob/main/charts/nx-cloud/values.yaml#L35) as well as the [nx-api service type to be NodePort](https://github.com/nrwl/nx-cloud-helm/blob/main/charts/nx-cloud/values.yaml#L59) \ No newline at end of file