WARNING: The resources created in this guide will cost about $70.00/month. The actual price might depend on its usage, but make sure to delete the resources as described in Step 5 Deinstallation when you do not need them anymore.
NOTE: If you find anything in this guide which is out of date (e.g. needs a version number increased) or doesn't work anymore, please help us by telling us in this ticket #15 or by opening a pull request with a fix 🙌
This example expects you to have the following cli tools setup.
# First we'll need a cluster, you can create one using the eksctl cli.
# This will take a couple of minutes
eksctl create cluster \
--name multi-juicer \
--nodegroup-name standard-workers \
--node-type t3.medium \
--nodes 2 \
--nodes-min 1 \
--nodes-max 4
# After completion verify that your kubectl context has been updated:
# Should print something like: Administrator@multi-juicer.eu-central-1.eksctl.io
kubectl config current-contexthelm install multi-juicer oci://ghcr.io/juice-shop/multi-juicer/helm/multi-juicer
# kubernetes will now spin up the pods
# to verify every thing is starting up, run:
kubectl get pods
# This should show you two pods a balancer pod and a progress-watchdog pod
# Wait until both pods are readyThis step is optional, but helpful to catch errors quicker.
# lets test out if the app is working correctly before proceeding
# for that we can port forward the JuiceBalancer service to your local machine
kubectl port-forward service/balancer 8080:8080
# Open up your browser for localhost:8080
# You should be able to see the MultiJuicer Balancer UI
# Try to create a team and see if everything works correctly
# You should be able to access a JuiceShop instances after a few seconds after creating a team,
# and after clicking the "Start Hacking" Button
# You can also try out if the admin UI works correctly
# Go back to localhost:8080/balancer
# To log in as the admin log in as the team "admin"
# The password for the team gets autogenerated if not specified, you can extract it from the kubernetes secret:
kubectl get secrets balancer-secret -o=jsonpath='{.data.adminPassword}' | base64 --decodeCreate a loadbalancer which is exposed is achieved by running the following command:
kubectl create -f https://raw.githubusercontent.com/juice-shop/multi-juicer/main/guides/aws/loadbalancer.yamlYou can get the LoadBalancer's DNS record either from the AWS console, or by running:
kubectl get services
# NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
# balancer ClusterIP 10.100.29.23 <none> 3000/TCP 3m14s
# kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 11h
# multi-juicer-service-loadbalancer LoadBalancer 10.100.134.210 YOUR_DNS_RECORD_WILL_BE_HERE.eu-north-1.elb.amazonaws.com 80:32111/TCP 3m13sUse kubectl get podsto see the pods you have successfully running, which should be similar to
kubectl get pods
# NAME READY STATUS RESTARTS AGE
# cleanup-job-ID-ID 0/1 Completed 0 48m
# balancer-ID-ID 1/1 Running 0 80m
# progress-watchdog-ID-ID 1/1 Running 0 80m
kubectl get pods -n kube-system
# NAME READY STATUS RESTARTS AGE
# alb-ingress-controller-ID-ID 1/1 Running 0 30s
# aws-node-ID 1/1 Running 0 59m
# aws-node-ID 1/1 Running 0 59m
# coredns-ID-ID 1/1 Running 0 65m
# coredns-ID-ID 1/1 Running 0 65m
# kube-proxy-ID 1/1 Running 0 59m
# kube-proxy-ID 1/1 Running 0 59mhelm delete multi-juicer
# Delete the loadbalancer setup
kubectl delete -f https://raw.githubusercontent.com/juice-shop/multi-juicer/main/guides/aws/loadbalancer.yaml
# Delete the kubernetes cluster
eksctl delete cluster multi-juicerIn order to nuke the whole account, e.g. resources like the created security groups or VPCs, consider to run the destructive aws-nuke.