Merge pull request #1544 from wallrj/aws-eks-route53-letsencrypt-tuto…

…rial

[VC-35411] AWS + EKS + Route53 + Let's Encrypt tutorial

.spelling

@@ -353,6 +353,7 @@ enablement
 erikgb
 errored
 erroring
+ExternalDNS
 external-dns
 finalizer
 finalizers

content/docs/configuration/acme/dns01/route53.md

@@ -8,8 +8,12 @@ Route53 to solve DNS01 ACME challenges. It's advised you read the [DNS01
 Challenge Provider](./README.md) page first for a more general understanding of
 how cert-manager handles DNS01 challenges.
 
-> Note: This guide assumes that your cluster is hosted on Amazon Web Services
+> ℹ️ This guide assumes that your cluster is hosted on Amazon Web Services
 > (AWS) and that you already have a hosted zone in Route53.
+>
+> 📖 Read
+> [Tutorial: Deploy cert-manager on Amazon Elastic Kubernetes (EKS) and use Let's Encrypt to sign a certificate for an HTTPS website](../../../tutorials/getting-started-aws-letsencrypt/README.md),
+> which contains end-to-end instructions for those who are new to cert-manager and AWS.
 
 ## Set up an IAM Role
 
@@ -188,7 +192,7 @@ Note that, as mentioned above, the pod is using `arn:aws:iam::XXXXXXXXXXX:role/c
 
 While [`kiam`](https://github.com/uswitch/kiam) / [`kube2iam`](https://github.com/jtblin/kube2iam) work directly with cert-manager, some special attention is needed for using the [IAM Roles for Service Accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) feature available on EKS.
 
-This feature uses Kubernetes `ServiceAccount` tokens to authenticate with AWS using the [API_AssumeRoleWithWebIdentity](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html). 
+This feature uses Kubernetes `ServiceAccount` tokens to authenticate with AWS using the [API_AssumeRoleWithWebIdentity](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html).
 
 > **Note**: For using IRSA with cert-manager you must first enable the feature for your cluster. You can do this by
 > following the [official documentation(https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html).
@@ -265,7 +269,7 @@ securityContext:
 
 **Note:** If you're following the Cross Account example above, modify the `ClusterIssuer` in the same way as above with the role from Account Y.
 
-### Referencing your own ServiceAccount within Issuer/ClusterIssuer config 
+### Referencing your own ServiceAccount within Issuer/ClusterIssuer config
 
 In this configuration you can reference your own `ServiceAccounts` within your `Issuer`/`ClusterIssuer` and cert-manager will issue itself temporary credentials using these `ServiceAccounts`. Because each issuer can reference a different `ServiceAccount` you can lock down permissions much more, with each `ServiceAccount` mapped to an IAM role that only has permission on the zones it needs for that particular issuer.
 
@@ -379,6 +383,6 @@ spec:
           role: <iam-role-arn> # This must be set so cert-manager what role to attempt to authenticate with
           auth:
             kubernetes:
-              serviceAccountRef: 
+              serviceAccountRef:
                 name: <service-account-name> # The name of the service account created
-```
+```

content/docs/getting-started/README.md

@@ -34,3 +34,14 @@ description: Quick start guides for cert-manager
             title="Let's Encrypt" />
         Learn how to deploy cert-manager on **Azure Kubernetes Service (AKS)** and how to configure it to get certificates for an HTTPS web server, from **Let's Encrypt**.
 </a>
+
+<a style={{float: "left", marginBottom: "20px", padding: "10px", boxShadow: "0px 4px 15px rgba(0, 0, 0, 0.1)", textDecoration: "none"}}
+    href="../tutorials/getting-started-aws-letsencrypt">
+        <img style={{margin: "0", clear: "right", float: "right", width: "64px"}}
+            alt="Amazon Elastic Kubernetes Services icon" src="/images/icons/amazon_elastic_kubernetes_service.svg"
+            title="Amazon Elastic Kubernetes Service (EKS)" />
+        <img style={{margin: "0", clear: "right", float: "right", width: "64px"}}
+            alt="Let&#039;s Encrypt icon 292Jacob, CC BY-SA 4.0 &lt;https://creativecommons.org/licenses/by-sa/4.0&gt;, via Wikimedia Commons" src="/images/icons/lets_encrypt.svg"
+            title="Let's Encrypt" />
+        Learn how to deploy cert-manager on **Amazon Elastic Kubernetes Service (EKS)** and how to configure it to get certificates for an HTTPS web server, from **Let's Encrypt**.
+</a>

content/docs/manifest.json

@@ -18,7 +18,7 @@
             {
               "title": "Supported Releases",
               "path": "/docs/releases/README.md"
-          },
+            },
             {
               "title": "1.15",
               "path": "/docs/releases/release-notes/release-notes-1.15.md"
@@ -598,6 +598,10 @@
               "title": "AKS + LoadBalancer + Let's Encrypt",
               "path": "/docs/tutorials/getting-started-aks-letsencrypt/README.md"
             },
+            {
+              "title": "AWS + LoadBalancer + Let's Encrypt",
+              "path": "/docs/tutorials/getting-started-aws-letsencrypt/README.md"
+            },
             {
               "title": "Migrating from Kube-LEGO",
               "path": "/docs/tutorials/acme/migrating-from-kube-lego.md"

content/docs/tutorials/README.md

@@ -12,6 +12,8 @@ for you to learn from. Take a look!
   Learn how to deploy cert-manager on Google Kubernetes Engine and how to configure it to get certificates for Ingress, from Let's Encrypt.
 - [AKS + LoadBalancer + Let's Encrypt](getting-started-aks-letsencrypt/README.md):
   Learn how to deploy cert-manager on Azure Kubernetes Service (AKS) and how to configure it to get certificates for an HTTPS web server, from Let's Encrypt.
+- [EKS + LoadBalancer + Let's Encrypt](getting-started-aws-letsencrypt/README.md):
+  Learn how to deploy cert-manager on Amazon Elastic Kubernetes Service (EKS) and how to configure it to get certificates for an HTTPS web server, from Let's Encrypt.
 - [Pomerium Ingress](./acme/pomerium-ingress.md): Tutorial on using the Pomerium Ingress Controller with cert-manager.
 - [Issuing an ACME Certificate using DNS Validation](./acme/dns-validation.md):
   Tutorial on how to resolve DNS ownership validation using DNS01 challenges.