koudaiii/file0.txt

## file0.txt
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "acm:DescribeCertificate",
        "acm:ListCertificates",
        "acm:GetCertificate"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ec2:AuthorizeSecurityGroupIngress",
        "ec2:CreateSecurityGroup",
        "ec2:CreateTags",
        "ec2:DeleteTags",
        "ec2:DeleteSecurityGroup",
        "ec2:DescribeAccountAttributes",
        "ec2:DescribeAddresses",
        "ec2:DescribeInstances",
        "ec2:DescribeInstanceStatus",
        "ec2:DescribeInternetGateways",
        "ec2:DescribeNetworkInterfaces",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeSubnets",
        "ec2:DescribeTags",
        "ec2:DescribeVpcs",
        "ec2:ModifyInstanceAttribute",
        "ec2:ModifyNetworkInterfaceAttribute",
        "ec2:RevokeSecurityGroupIngress"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "elasticloadbalancing:AddListenerCertificates",
        "elasticloadbalancing:AddTags",
        "elasticloadbalancing:CreateListener",
        "elasticloadbalancing:CreateLoadBalancer",
        "elasticloadbalancing:CreateRule",
        "elasticloadbalancing:CreateTargetGroup",
        "elasticloadbalancing:DeleteListener",
        "elasticloadbalancing:DeleteLoadBalancer",
        "elasticloadbalancing:DeleteRule",
        "elasticloadbalancing:DeleteTargetGroup",
        "elasticloadbalancing:DeregisterTargets",
        "elasticloadbalancing:DescribeListenerCertificates",
        "elasticloadbalancing:DescribeListeners",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeLoadBalancerAttributes",
        "elasticloadbalancing:DescribeRules",
        "elasticloadbalancing:DescribeSSLPolicies",
        "elasticloadbalancing:DescribeTags",
        "elasticloadbalancing:DescribeTargetGroups",
        "elasticloadbalancing:DescribeTargetGroupAttributes",
        "elasticloadbalancing:DescribeTargetHealth",
        "elasticloadbalancing:ModifyListener",
        "elasticloadbalancing:ModifyLoadBalancerAttributes",
        "elasticloadbalancing:ModifyRule",
        "elasticloadbalancing:ModifyTargetGroup",
        "elasticloadbalancing:ModifyTargetGroupAttributes",
        "elasticloadbalancing:RegisterTargets",
        "elasticloadbalancing:RemoveListenerCertificates",
        "elasticloadbalancing:RemoveTags",
        "elasticloadbalancing:SetIpAddressType",
        "elasticloadbalancing:SetSecurityGroups",
        "elasticloadbalancing:SetSubnets",
        "elasticloadbalancing:SetWebACL"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "iam:CreateServiceLinkedRole",
        "iam:GetServerCertificate",
        "iam:ListServerCertificates"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "waf-regional:GetWebACLForResource",
        "waf-regional:GetWebACL",
        "waf-regional:AssociateWebACL",
        "waf-regional:DisassociateWebACL"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "tag:GetResources",
        "tag:TagResources"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "waf:GetWebACL"
      ],
      "Resource": "*"
    }
  ]
}

## file1.txt
$ k8sec set alb-ingress-controller KEY=VALUE -n kube-system

## file10.yml
        - name: AWS_DEBUG
          value: "false"

## file11.txt
$ kubectl apply -f https://raw.githubusercontent.com/coreos/alb-ingress-controller/master/examples/echoservice/echoserver-namespace.yaml &&\
kubectl apply -f https://raw.githubusercontent.com/coreos/alb-ingress-controller/master/examples/echoservice/echoserver-service.yaml &&\
kubectl apply -f https://raw.githubusercontent.com/coreos/alb-ingress-controller/master/examples/echoservice/echoserver-deployment.yaml

## file12.txt
$ kubectl get all -n echoserver
NAME                             READY     STATUS    RESTARTS   AGE
po/echoserver-2241665424-xm1rt   1/1       Running   0          10m

NAME             TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
svc/echoserver   NodePort   100.65.13.23   <none>        80:31509/TCP   10m

NAME                DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
deploy/echoserver   1         1         1            1           10m

NAME                       DESIRED   CURRENT   READY     AGE
rs/echoserver-2241665424   1         1         1         10m

## file13.txt
wget https://raw.githubusercontent.com/coreos/alb-ingress-controller/master/examples/echoservice/echoserver-ingress.yaml

## file14.yml
alb.ingress.kubernetes.io/scheme: internet-facing # or 'internal'
alb.ingress.kubernetes.io/connection-idle-timeout: # Defauflt 60
alb.ingress.kubernetes.io/subnets: # subnet ID か Name
alb.ingress.kubernetes.io/security-groups: # sg ID か Name (Default 適当な名前で 0.0.0.0/0 inboundで作られる)
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]' # Default 80
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-northeast-1:hoge:certificate/UUID # ACM 利用する場合
alb.ingress.kubernetes.io/healthcheck-path: # Default "/"
alb.ingress.kubernetes.io/healthcheck-port: # Default Traffic port
alb.ingress.kubernetes.io/healthcheck-interval-seconds: # Default 15
alb.ingress.kubernetes.io/healthcheck-protocol: # Default HTTP
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: # Default 5
alb.ingress.kubernetes.io/healthy-threshold-count: # Default 2
alb.ingress.kubernetes.io/unhealthy-threshold-count: # Default 2
alb.ingress.kubernetes.io/successCodes: # Default 200
alb.ingress.kubernetes.io/tags:  # Tag を入れる

## file15.txt
$ kubectl apply -f echoserver-ingress.yaml

## file16.txt
$ kubectl apply -f https://raw.githubusercontent.com/coreos/alb-ingress-controller/master/examples/echoservice/echoserver-ingress.yaml

## file17.txt
$ kubectl logs -n kube-system \
  $(kubectl get po -n kube-system | \
  egrep -o alb-ingress[a-zA-Z0-9-]+) | \
  egrep -o '\[ALB-INGRESS.*$' | \
  grep 'echoserver\/echoserver'

## file18.txt
[ALB-INGRESS] [echoserver/echoserver] [INFO]: Start ELBV2 (ALB) creation.
[ALB-INGRESS] [echoserver/echoserver] [INFO]: Completed ELBV2 (ALB) creation. Name: hogefuga-echoserver-ech-2ad7 | ARN: arn:aws:elasticloadbalancing:ap-northeast-1:0000:loadbalancer/app/hogefuga-echoserver-ech-2ad7/17fd1481cb40fcc2
[ALB-INGRESS] [echoserver/echoserver] [INFO]: Start TargetGroup creation.
[ALB-INGRESS] [echoserver/echoserver] [INFO]: Succeeded TargetGroup creation. ARN: arn:aws:elasticloadbalancing:ap-northeast-1:0000:targetgroup/hogefuga-31509-HTTP-c3a0606/9914a217042c4006 | Name: hogefuga-31509-HTTP-c3a0606.
[ALB-INGRESS] [echoserver/echoserver] [INFO]: Start Listener creation.
[ALB-INGRESS] [echoserver/echoserver] [INFO]: Completed Listener creation. ARN: arn:aws:elasticloadbalancing:ap-northeast-1:0000:listener/app/hogefuga-echoserver-ech-2ad7/17fd1481cb40fcc2/0fe42e9436e45013 | Port: 80 | Proto: HTTP.
[ALB-INGRESS] [echoserver/echoserver] [INFO]: Start Rule creation.
[ALB-INGRESS] [echoserver/echoserver] [INFO]: Completed Rule creation. Rule Priority: "1" | Condition: [{    Field: "host-header",    Values: ["echoserver.example.com"]  },{    Field: "path-pattern",    Values: ["/"]  }]
[ALB-INGRESS] [echoserver/echoserver] [INFO]: Fetching Targets for Target Group arn:aws:elasticloadbalancing:ap-northeast-1:0000:targetgroup/hogefuga-31509-HTTP-c3a0606/9914a217042c4006
[ALB-INGRESS] [echoserver/echoserver] [INFO]: Fetching Rules for Listener arn:aws:elasticloadbalancing:ap-northeast-1:0000:listener/app/hogefuga-echoserver-ech-2ad7/17fd1481cb40fcc2/0fe42e9436e45013
[ALB-INGRESS] [echoserver/echoserver] [INFO]: Ingress rebuilt from existing ALB in AWS

## file19.txt
$ kubectl describe ing -n echoserver echoserver
Name:             echoserver
Namespace:        echoserver
Address:          hogefuga-echoserver-ech-2ad7-126540505.ap-northeast-1.elb.amazonaws.com
Default backend:  default-http-backend:80 (100.96.27.7:8080)
Rules:
  Host                    Path  Backends
  ----                    ----  --------
  echoserver.example.com
                          /   echoserver:80 (<none>)
Annotations:
Events:
  Type    Reason  Age   From                Message
  ----    ------  ----  ----                -------
  Normal  CREATE  2m    ingress-controller  Ingress echoserver/echoserver
  Normal  CREATE  2m    ingress-controller  hogefuga-echoserver-ech-2ad7 created
  Normal  CREATE  2m    ingress-controller  hogefuga-31509-HTTP-c3a0606 target group created
  Normal  CREATE  2m    ingress-controller  80 listener created
  Normal  CREATE  2m    ingress-controller  1 rule created
  Normal  UPDATE  2m    ingress-controller  Ingress echoserver/echoserver

## file2.txt
$ k8sec list alb-ingress-controller -n kube-system
NAME            TYPE    KEY         VALUE
alb-ingress-controller  Opaque  AWS_ACCESS_KEY_ID   "hoge"
alb-ingress-controller  Opaque  AWS_SECRET_ACCESS_KEY   "fuga"
alb-ingress-controller  Opaque  CLUSTER_NAME        "Ooops"

## file20.txt
$ curl hogefuga-echoserver-ech-2ad7-126540505.ap-northeast-1.elb.amazonaws.com
CLIENT VALUES:
client_address=10.1.93.88
command=GET
real path=/
query=nil
request_version=1.1
request_uri=http://hogefuga-echoserver-ech-2ad7-126540505.ap-northeast-1.elb.amazonaws.com:8080/

SERVER VALUES:
server_version=nginx: 1.10.0 - lua: 10001

HEADERS RECEIVED:
accept=*/*
host=hogefuga-echoserver-ech-2ad7-126540505.ap-northeast-1.elb.amazonaws.com
user-agent=curl/7.43.0
x-amzn-trace-id=Root=1-5a2d4e2f-5545b75b74003cd80e5134bb
x-forwarded-for=192.168.100.10
x-forwarded-port=80
x-forwarded-proto=http
BODY:
-no body in request-

## file21.txt
$ kubectl delete ns echoserver
namespace "echoserver" deleted

## file22.txt
$ curl hogefuga-echoserver-ech-2ad7-126540505.ap-northeast-1.elb.amazonaws.com
curl: (6) Could not resolve host: hogefuga-echoserver-ech-2ad7-126540505.ap-northeast-1.elb.amazonaws.com

## file3.txt
$ kubectl create -f https://raw.githubusercontent.com/coreos/alb-ingress-controller/master/examples/default-backend.yaml

## file4.txt
$ wget https://raw.githubusercontent.com/coreos/alb-ingress-controller/master/examples/alb-ingress-controller.yaml

## file5.yml
        envFrom:
        - secretRef:
            name: alb-ingress-controller

## file6.yml
- name: AWS_REGION
  value: ap-northeast-1

## file7.txt
$ kubectl apply -f alb-ingress-controller.yaml

## file8.txt
$ kubectl logs -n kube-system \
    $(kubectl get po -n kube-system | \
    egrep -o alb-ingress[a-zA-Z0-9-]+) | \
    egrep -o '\[ALB-INGRESS.*$'

## file9.txt
[ALB-INGRESS] [controller] [INFO]: Log level read as "", defaulting to INFO. To change, set LOG_LEVEL environment variable to WARN, ERROR, or DEBUG.
[ALB-INGRESS] [controller] [INFO]: Ingress class set to alb
[ALB-INGRESS] [ingresses] [INFO]: Build up list of existing ingresses
[ALB-INGRESS] [ingresses] [INFO]: Assembled 0 ingresses from existing AWS resources
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"acm:DescribeCertificate",
	"acm:ListCertificates",
	"acm:GetCertificate"
	],
	"Resource": "*"
	},
	{
	"Effect": "Allow",
	"Action": [
	"ec2:AuthorizeSecurityGroupIngress",
	"ec2:CreateSecurityGroup",
	"ec2:CreateTags",
	"ec2:DeleteTags",
	"ec2:DeleteSecurityGroup",
	"ec2:DescribeAccountAttributes",
	"ec2:DescribeAddresses",
	"ec2:DescribeInstances",
	"ec2:DescribeInstanceStatus",
	"ec2:DescribeInternetGateways",
	"ec2:DescribeNetworkInterfaces",
	"ec2:DescribeSecurityGroups",
	"ec2:DescribeSubnets",
	"ec2:DescribeTags",
	"ec2:DescribeVpcs",
	"ec2:ModifyInstanceAttribute",
	"ec2:ModifyNetworkInterfaceAttribute",
	"ec2:RevokeSecurityGroupIngress"
	],
	"Resource": "*"
	},
	{
	"Effect": "Allow",
	"Action": [
	"elasticloadbalancing:AddListenerCertificates",
	"elasticloadbalancing:AddTags",
	"elasticloadbalancing:CreateListener",
	"elasticloadbalancing:CreateLoadBalancer",
	"elasticloadbalancing:CreateRule",
	"elasticloadbalancing:CreateTargetGroup",
	"elasticloadbalancing:DeleteListener",
	"elasticloadbalancing:DeleteLoadBalancer",
	"elasticloadbalancing:DeleteRule",
	"elasticloadbalancing:DeleteTargetGroup",
	"elasticloadbalancing:DeregisterTargets",
	"elasticloadbalancing:DescribeListenerCertificates",
	"elasticloadbalancing:DescribeListeners",
	"elasticloadbalancing:DescribeLoadBalancers",
	"elasticloadbalancing:DescribeLoadBalancerAttributes",
	"elasticloadbalancing:DescribeRules",
	"elasticloadbalancing:DescribeSSLPolicies",
	"elasticloadbalancing:DescribeTags",
	"elasticloadbalancing:DescribeTargetGroups",
	"elasticloadbalancing:DescribeTargetGroupAttributes",
	"elasticloadbalancing:DescribeTargetHealth",
	"elasticloadbalancing:ModifyListener",
	"elasticloadbalancing:ModifyLoadBalancerAttributes",
	"elasticloadbalancing:ModifyRule",
	"elasticloadbalancing:ModifyTargetGroup",
	"elasticloadbalancing:ModifyTargetGroupAttributes",
	"elasticloadbalancing:RegisterTargets",
	"elasticloadbalancing:RemoveListenerCertificates",
	"elasticloadbalancing:RemoveTags",
	"elasticloadbalancing:SetIpAddressType",
	"elasticloadbalancing:SetSecurityGroups",
	"elasticloadbalancing:SetSubnets",
	"elasticloadbalancing:SetWebACL"
	],
	"Resource": "*"
	},
	{
	"Effect": "Allow",
	"Action": [
	"iam:CreateServiceLinkedRole",
	"iam:GetServerCertificate",
	"iam:ListServerCertificates"
	],
	"Resource": "*"
	},
	{
	"Effect": "Allow",
	"Action": [
	"waf-regional:GetWebACLForResource",
	"waf-regional:GetWebACL",
	"waf-regional:AssociateWebACL",
	"waf-regional:DisassociateWebACL"
	],
	"Resource": "*"
	},
	{
	"Effect": "Allow",
	"Action": [
	"tag:GetResources",
	"tag:TagResources"
	],
	"Resource": "*"
	},
	{
	"Effect": "Allow",
	"Action": [
	"waf:GetWebACL"
	],
	"Resource": "*"
	}
	]
	}
	$ kubectl apply -f https://raw.githubusercontent.com/coreos/alb-ingress-controller/master/examples/echoservice/echoserver-namespace.yaml &&\
	kubectl apply -f https://raw.githubusercontent.com/coreos/alb-ingress-controller/master/examples/echoservice/echoserver-service.yaml &&\
	kubectl apply -f https://raw.githubusercontent.com/coreos/alb-ingress-controller/master/examples/echoservice/echoserver-deployment.yaml
	$ kubectl get all -n echoserver
	NAME READY STATUS RESTARTS AGE
	po/echoserver-2241665424-xm1rt 1/1 Running 0 10m

	NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
	svc/echoserver NodePort 100.65.13.23 <none> 80:31509/TCP 10m

	NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
	deploy/echoserver 1 1 1 1 10m

	NAME DESIRED CURRENT READY AGE
	rs/echoserver-2241665424 1 1 1 10m
	alb.ingress.kubernetes.io/scheme: internet-facing # or 'internal'
	alb.ingress.kubernetes.io/connection-idle-timeout: # Defauflt 60
	alb.ingress.kubernetes.io/subnets: # subnet ID か Name
	alb.ingress.kubernetes.io/security-groups: # sg ID か Name (Default 適当な名前で 0.0.0.0/0 inboundで作られる)
	alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]' # Default 80
	alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-northeast-1:hoge:certificate/UUID # ACM 利用する場合
	alb.ingress.kubernetes.io/healthcheck-path: # Default "/"
	alb.ingress.kubernetes.io/healthcheck-port: # Default Traffic port
	alb.ingress.kubernetes.io/healthcheck-interval-seconds: # Default 15
	alb.ingress.kubernetes.io/healthcheck-protocol: # Default HTTP
	alb.ingress.kubernetes.io/healthcheck-timeout-seconds: # Default 5
	alb.ingress.kubernetes.io/healthy-threshold-count: # Default 2
	alb.ingress.kubernetes.io/unhealthy-threshold-count: # Default 2
	alb.ingress.kubernetes.io/successCodes: # Default 200
	alb.ingress.kubernetes.io/tags: # Tag を入れる
	$ kubectl logs -n kube-system \
	$(kubectl get po -n kube-system \| \
	egrep -o alb-ingress[a-zA-Z0-9-]+) \| \
	egrep -o '\[ALB-INGRESS.*$' \| \
	grep 'echoserver\/echoserver'
	[ALB-INGRESS] [echoserver/echoserver] [INFO]: Start ELBV2 (ALB) creation.
	[ALB-INGRESS] [echoserver/echoserver] [INFO]: Completed ELBV2 (ALB) creation. Name: hogefuga-echoserver-ech-2ad7 \| ARN: arn:aws:elasticloadbalancing:ap-northeast-1:0000:loadbalancer/app/hogefuga-echoserver-ech-2ad7/17fd1481cb40fcc2
	[ALB-INGRESS] [echoserver/echoserver] [INFO]: Start TargetGroup creation.
	[ALB-INGRESS] [echoserver/echoserver] [INFO]: Succeeded TargetGroup creation. ARN: arn:aws:elasticloadbalancing:ap-northeast-1:0000:targetgroup/hogefuga-31509-HTTP-c3a0606/9914a217042c4006 \| Name: hogefuga-31509-HTTP-c3a0606.
	[ALB-INGRESS] [echoserver/echoserver] [INFO]: Start Listener creation.
	[ALB-INGRESS] [echoserver/echoserver] [INFO]: Completed Listener creation. ARN: arn:aws:elasticloadbalancing:ap-northeast-1:0000:listener/app/hogefuga-echoserver-ech-2ad7/17fd1481cb40fcc2/0fe42e9436e45013 \| Port: 80 \| Proto: HTTP.
	[ALB-INGRESS] [echoserver/echoserver] [INFO]: Start Rule creation.
	[ALB-INGRESS] [echoserver/echoserver] [INFO]: Completed Rule creation. Rule Priority: "1" \| Condition: [{ Field: "host-header", Values: ["echoserver.example.com"] },{ Field: "path-pattern", Values: ["/"] }]
	[ALB-INGRESS] [echoserver/echoserver] [INFO]: Fetching Targets for Target Group arn:aws:elasticloadbalancing:ap-northeast-1:0000:targetgroup/hogefuga-31509-HTTP-c3a0606/9914a217042c4006
	[ALB-INGRESS] [echoserver/echoserver] [INFO]: Fetching Rules for Listener arn:aws:elasticloadbalancing:ap-northeast-1:0000:listener/app/hogefuga-echoserver-ech-2ad7/17fd1481cb40fcc2/0fe42e9436e45013
	[ALB-INGRESS] [echoserver/echoserver] [INFO]: Ingress rebuilt from existing ALB in AWS
	$ kubectl describe ing -n echoserver echoserver
	Name: echoserver
	Namespace: echoserver
	Address: hogefuga-echoserver-ech-2ad7-126540505.ap-northeast-1.elb.amazonaws.com
	Default backend: default-http-backend:80 (100.96.27.7:8080)
	Rules:
	Host Path Backends
	---- ---- --------
	echoserver.example.com
	/ echoserver:80 (<none>)
	Annotations:
	Events:
	Type Reason Age From Message
	---- ------ ---- ---- -------
	Normal CREATE 2m ingress-controller Ingress echoserver/echoserver
	Normal CREATE 2m ingress-controller hogefuga-echoserver-ech-2ad7 created
	Normal CREATE 2m ingress-controller hogefuga-31509-HTTP-c3a0606 target group created
	Normal CREATE 2m ingress-controller 80 listener created
	Normal CREATE 2m ingress-controller 1 rule created
	Normal UPDATE 2m ingress-controller Ingress echoserver/echoserver
	$ k8sec list alb-ingress-controller -n kube-system
	NAME TYPE KEY VALUE
	alb-ingress-controller Opaque AWS_ACCESS_KEY_ID "hoge"
	alb-ingress-controller Opaque AWS_SECRET_ACCESS_KEY "fuga"
	alb-ingress-controller Opaque CLUSTER_NAME "Ooops"
	$ curl hogefuga-echoserver-ech-2ad7-126540505.ap-northeast-1.elb.amazonaws.com
	CLIENT VALUES:
	client_address=10.1.93.88
	command=GET
	real path=/
	query=nil
	request_version=1.1
	request_uri=http://hogefuga-echoserver-ech-2ad7-126540505.ap-northeast-1.elb.amazonaws.com:8080/

	SERVER VALUES:
	server_version=nginx: 1.10.0 - lua: 10001

	HEADERS RECEIVED:
	accept=/
	host=hogefuga-echoserver-ech-2ad7-126540505.ap-northeast-1.elb.amazonaws.com
	user-agent=curl/7.43.0
	x-amzn-trace-id=Root=1-5a2d4e2f-5545b75b74003cd80e5134bb
	x-forwarded-for=192.168.100.10
	x-forwarded-port=80
	x-forwarded-proto=http
	BODY:
	-no body in request-
	$ kubectl delete ns echoserver
	namespace "echoserver" deleted