diff --git a/README.md b/README.md index 88b8e215..a4c85fd2 100644 --- a/README.md +++ b/README.md @@ -2,11 +2,66 @@ ## Description -This repository contains a kubernetes dev infrastructure, providing: - -- Logging -- Metrics -- Tracing -- Service discovery -- Elastic stack -- Secret management +This repository contains a `kubernetes` dev infrastructure, providing both crosscutting concerns as well as Saas infrastructure. All this is provided through `terraform` deploying `helm` charts and custom configuration. + +| Category | Service | Description | +| :-------------- | ----------------------- | ------------------------ | +| Networking | traefik | Reverse Proxy | +| Networking | linkerd | Service Mesh | +| Networking | cert-manager | Certificates | +| Monitoring | seq | Logging | +| Monitoring | loki | Logging | +| Monitoring | jaeger | Tracing | +| Monitoring | tempo | Tracing | +| Monitoring | prometheus | Metrics | +| Monitoring | metrics-server | Metrics | +| Monitoring | opentelemetry-collector | Ingestion | +| Saas Cloud | localstack | AWS emulator | +| Saas Config | etcd | Key-Value service | +| Saas Config | vault | Secrets management | +| Saas Database | mongodb | Document database | +| Saas Database | mariadb | Relational database | +| Saas Database | mysql | Relational database | +| Saas Database | oracle | Relational database | +| Saas Database | postgres | Relational database | +| Saas Database | sqlserver | Relational database | +| Saas Deployment | fluxcd | GitOps | +| Saas Deployment | argocd | GitOps | +| Saas Messaging | rabbitmq | Message Broker | +| Saas Search | elasticsearch | Search Engine | +| Saas Auth | identityserver | IDP | +| Saas Auth | keycloak | IDP | +| Saas Storage | minio | S3 compatible storage | +| Saas Storage | azurite | Azure compatible storage | + +## Deploy + +### Quick Start + +- Install Tooling + - Install Docker: [Docker desktop](https://www.docker.com/products/docker-desktop/) or [Rancher desktop](https://rancherdesktop.io/) + - Install [Lens](https://k8slens.dev/) (K8S GUI) + - Install tooling [prerequisites](./docs/preparation.md) +- Create a local `k8s` cluster + - Edit your `hosts`: add domain names + - Check the docker network subnet range (adjust in main.tf -> variable) so there is no overlap with an existing one. + - Generate mkcert as admin + - Run generate certificates.ps1 + - Creation local cluster + - cluster k3d: terraform init + apply + - cluster kind: terraform init + apply +- Deploy + - edit `terraform.tfvars` + - deploy services: terraform init + apply + +### Documentation + +The docs are available at [Github Pages](https://bravecobra.github.io/k8s-dev-infrastructure/) + +#### Build the docs locally + +```shell +pip install --user -f requirements.txt +mkdocs build +mkdocs serve +``` diff --git a/docs/images/docker-desktop-kubernetes-settings.png b/docs/images/docker-desktop-kubernetes-settings.png index b74ed67f..79c56d8f 100644 Binary files a/docs/images/docker-desktop-kubernetes-settings.png and b/docs/images/docker-desktop-kubernetes-settings.png differ diff --git a/docs/images/docker-desktop-settings.png b/docs/images/docker-desktop-settings.png index db05809e..24c891f0 100644 Binary files a/docs/images/docker-desktop-settings.png and b/docs/images/docker-desktop-settings.png differ diff --git a/docs/images/rancher-desktop-settings.png b/docs/images/rancher-desktop-settings.png new file mode 100644 index 00000000..540804b8 Binary files /dev/null and b/docs/images/rancher-desktop-settings.png differ diff --git a/docs/index.md b/docs/index.md index 01c08095..6b6077f2 100644 --- a/docs/index.md +++ b/docs/index.md @@ -2,24 +2,36 @@ ## Description -This repository contains a kubernetes dev infrastructure, providing both crosscutting concerns as well as Saas infrastructure. All this is provided through terraform deploying helm charts and custom configuration. +This repository contains a `kubernetes` dev infrastructure, providing both crosscutting concerns as well as Saas infrastructure. All this is provided through `terraform` deploying `helm` charts and custom configuration. -### Cross-cutting concerns +## Components -- Certificates (cert-manager) -- Reverse proxy (traefik) -- Logging (seq/fluent or loki/promtail) -- Metrics (prometheus) -- Tracing (jaeger) -- Service Mesh (linkerd) -- Dashboards (grafana) - -### Saas - -- Elastic stack (elasticsearch, kibana) -- Secret management (vault) -- Identity Provider (IdentityServer4 or Keycloak) -- Configuration management/KV (etcd) -- ArgoCD (CI/CD) -- Storage (Minio/Azurite) -- Messaging (RabbitMQ) +| Category | Service | Description | +| :-------------- | ----------------------- | ------------------------ | +| Networking | traefik | Reverse Proxy | +| Networking | linkerd | Service Mesh | +| Networking | cert-manager | Certificates | +| Monitoring | seq | Logging | +| Monitoring | loki | Logging | +| Monitoring | jaeger | Tracing | +| Monitoring | tempo | Tracing | +| Monitoring | prometheus | Metrics | +| Monitoring | metrics-server | Metrics | +| Monitoring | opentelemetry-collector | Ingestion | +| Saas Cloud | localstack | AWS emulator | +| Saas Config | etcd | Key-Value service | +| Saas Config | vault | Secrets management | +| Saas Database | mongodb | Document database | +| Saas Database | mariadb | Relational database | +| Saas Database | mysql | Relational database | +| Saas Database | oracle | Relational database | +| Saas Database | postgres | Relational database | +| Saas Database | sqlserver | Relational database | +| Saas Deployment | fluxcd | GitOps | +| Saas Deployment | argocd | GitOps | +| Saas Messaging | rabbitmq | Message Broker | +| Saas Search | elasticsearch | Search Engine | +| Saas Auth | identityserver | IDP | +| Saas Auth | keycloak | IDP | +| Saas Storage | minio | S3 compatible storage | +| Saas Storage | azurite | Azure compatible storage | diff --git a/docs/installation-terraform.md b/docs/installation-terraform.md index 0621823f..ae679dd4 100644 --- a/docs/installation-terraform.md +++ b/docs/installation-terraform.md @@ -3,7 +3,9 @@ ## Prerequisites -Check you have all the [cli tools](./preparation/cli.md) installed and that you can connect to a running cluster. +Check you've done all the [preparation](./preparation.md) and that you can connect to a running cluster. You should have all the required CLI tools and a running local cluster (using either `k3d`, `kind`, `docker desktop`, `rancher desktop` or `minikube`). + +To check: ```bash kubectl cluster-info --context @@ -23,10 +25,8 @@ On Windows, open `C:\Windows\system32\drivers\etc\hosts` in an editor as `Admini On Linux edit your `/etc/hosts` file as root. ```text - 127.0.0.1 k8s.local infrastructure.k8s.local traefik.infrastructure.k8s.local traefik.k8s.local -127.0.0.1 jaeger.infrastructure.k8s.local prometheus.infrastructure.k8s.local seq.infrastructure.k8s.local -127.0.0.1 grafana.infrastructure.k8s.local +127.0.0.1 jaeger.infrastructure.k8s.local prometheus.infrastructure.k8s.local seq.infrastructure.k8s.local grafana.infrastructure.k8s.local 127.0.0.1 consul.infrastructure.k8s.local vault.infrastructure.k8s.local 127.0.0.1 es.infrastructure.k8s.local kibana.infrastructure.k8s.local 127.0.0.1 login.k8s.local admin.login.k8s.local api.login.k8s.local @@ -37,30 +37,58 @@ On Linux edit your `/etc/hosts` file as root. 127.0.0.1 keycloak.k8s.local auth.k8s.local 127.0.0.1 etcd.infrastructure.k8s.local 127.0.0.1 minio.infrastructure.k8s.local console.minio.infrastructure.k8s.local +127.0.0.1 azurite.infrastructure.k8s.local 127.0.0.1 rabbitmq.infrastructure.k8s.local 127.0.0.1 localstack.infrastructure.k8s.local 127.0.0.1 flux.infrastructure.k8s.local +127.0.0.1 kafka.infrastructure.k8s.local +127.0.0.1 mysql.infrastructure.k8s.local +127.0.0.1 mariadb.infrastructure.k8s.local +127.0.0.1 postgres.infrastructure.k8s.local +127.0.0.1 mssql.infrastructure.k8s.local +127.0.0.1 oracle.infrastructure.k8s.local +127.0.0.1 mongo.infrastructure.k8s.local +127.0.0.1 oracle.infrastructure.k8s.local ``` -## Installer +## Generate a root certificate + +=== "Windows" + + ```bash + cd src/terraform + ./generate-certificate.ps1 + ``` === "Linux/WSL" Next run the installer in a Linux/WSL shell: ```bash - helm repo update cd src/terraform ./generate-certificate.sh + ``` + +## Installer + +Edit the `terraform.tfvars` as you see fit. + +=== "Windows" + + ```bash + cd src/terraform + helm repo update terraform init terraform apply -auto-approve ``` -=== "Windows" +=== "Linux/WSL" + + Next run the installer in a Linux/WSL shell: ```bash cd src/terraform - ./generate-certificate.ps1 + helm repo update terraform init terraform apply -auto-approve ``` diff --git a/docs/introduction.md b/docs/introduction.md deleted file mode 100644 index 16402ba2..00000000 --- a/docs/introduction.md +++ /dev/null @@ -1,20 +0,0 @@ -# Introduction - -Using proven opensource software projects, this repo builds a coherent dev environment that offers similar services that the big cloud providers also offer: - -| Capability | Type | This repo | AWS | Azure | Google | -| --------------- | ---- | --------------------------- | ---------------------- | ---------------------- | ------ | -| Logging | Core | loki/promtail or seq/fluent | CloudWatch | AppInsights | | -| Tracing | Core | jaeger | X-Ray | AppInsights | | -| Metrics | Core | prometheus + metrics-server | CloudWatch | AppInsights | | -| Dashboards | Core | grafana | CloudWatch | AppInsights | | -| Service Mesh | Core | linkerd | AppMesh | Open Service Mesh | | -| Ingress | Core | traefik | CloudFront/API Gateway | Azure FrontDoor | | -| Certificates | Core | cert-manager | Certificate Manager | Management Certificate | | -| Secrets | Saas | vault | SSM | Azure Vault | | -| Storage | Saas | minio / azurite | S3 | Azure Storage | | -| Config | Saas | etcd | Parameter Store | App Config | | -| Appl Deployment | Saas | argocd | / | / | | -| Search | Saas | elasticsearch | Opensearch Service | Elastic | | -| Auth | Saas | keycloak/identityserver4 | IAM | IAM | | -| Messaging | Saas | rabbitmq | SNS/SQS | | | diff --git a/docs/preparation.md b/docs/preparation.md new file mode 100644 index 00000000..f3a1bf96 --- /dev/null +++ b/docs/preparation.md @@ -0,0 +1,226 @@ + +# Preparation + +## Installing commandline tools + +Install/download the CLIs. + +=== "Windows" + + ```powershell + choco install kind + choco install k3d + choco install base64 + choco install mkcert + choco install kubernetes-cli + choco install kubernetes-helm + choco install linkerd2 + choco install argocd-cli + choco install flux + choco install terraform + ``` + +=== "Linux" + + ```bash + sudo apt-get update + sudo apt-get install -y apt-transport-https ca-certificates curl wget libnss3-tools cl-base64 + + # kind (if needed) (https://kind.sigs.k8s.io/docs/user/quick-start/#installing-from-release-binaries) + curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.17.0/kind-linux-amd64 + chmod +x ./kind + mv ./kind /usr/local/bin/kind + + # mkcert (if needed) (https://github.com/FiloSottile/mkcert#linux) + curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64" + chmod +x mkcert-v*-linux-amd64 + sudo cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert + + # kubctl (https://helm.sh/docs/intro/install/#from-apt-debianubuntu) + sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg + echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list + sudo apt-get update + sudo apt-get install -y kubectl + + # helm (https://helm.sh/docs/intro/install/#from-apt-debianubuntu) + curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null + sudo apt-get install apt-transport-https --yes + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list + sudo apt-get update + sudo apt-get install helm + + # argocd (if needed) (https://argo-cd.readthedocs.io/en/stable/cli_installation/#download-latest-version) + curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 + sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd + rm argocd-linux-amd64 + + # flux (https://fluxcd.io/flux/installation/#install-the-flux-cli) + curl -s https://fluxcd.io/install.sh | sudo bash + + #linkerd (https://linkerd.io/2.12/getting-started/#step-1-install-the-cli) + curl -sL https://run.linkerd.io/install | sh + export PATH=$PATH:~/.linkerd2/bin + + #k3d (if needed) (https://k3d.io/v5.4.6/#install-script) + wget -q -O - https://raw.githubusercontent.com/rancher/k3d/main/install.sh | bash + + # terraform (https://developer.hashicorp.com/terraform/downloads) + wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg + echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list + sudo apt update && sudo apt install terraform + ``` + +## Docker environment + +### Docker Desktop + +!!!Warning + To use `Docker Desktop` commercially you'll need a [commercial license](https://www.docker.com/pricing/). + +Run the installer from [Docker Desktop](https://www.docker.com/products/docker-desktop/). +To add WSL2 support to your k8s cluster of `Docker Desktop`, read the details in the [official blog](https://kubernetes.io/blog/2020/05/21/wsl-docker-kubernetes-on-the-windows-desktop/) + +After installation, make sure you enable `WSL2` in the settings + +![enable wsl2](./images/docker-desktop-settings.png) + +### Rancher Desktop + +Just run the installer from [Rancher Desktop](https://rancherdesktop.io/). + +## Local K8S cluster installation + +### K3D (preferred) + +Edit `./src/clusters/k3d/terraform.tfvars` to your needs. By default it will create a 3-node cluster on a custom `Docker` network. Then run to create the cluster, run: + +```shell +cd ./src/clusters/k3d +terraform init +terraform apply --auto-approve +``` + +!!! Note + When using `WSL2` (Windows Subsystem for Linux), you need to copy the context configuration to your `.kubeconfig` file on the `WSL2` home directory or the other way round, depending on which shell you use to run the `terraform` code. + + ```powershell + cp /mnt/c/users/$(whoami)/.kube/config ~/.kube/config + ``` + + or + + ```powershell + cp ~/.kube/config /mnt/c/users/$(whoami)/.kube/config + ``` + +The cluster creation automatically add configuration to your `kubectl` contexts connect to so you can connect to the new cluster + +```powershell +kubectl cluster-info --context k3d-devinfra +``` + +To delete the cluster again, just run + +```shell +terraform destroy --auto-approve +``` + +### KinD + +#### Creating a cluster with `terraform` + +Edit `terraform.tfvars` to your needs. Then run `terraform apply` to create the cluster. + +```shell +cd ./src/clusters/kind +terraform init +terraform apply --auto-approve +``` + +Verify with + +```hell +kubectl cluster-info --context kind-devinfra +``` + +#### Creating a 3-node k8s-cluster manually + +An example of running a multi-node cluster on docker can be done with `kind`. There are some restrictions with Windows. The provided config `./src/clusters/kind/config-devinfra.yaml` provides a 3-node cluster. There is also a `traefik` ingress test setup to verify your networking configuration. + +To fire up the cluster, run the following: + +```powershell +kind create cluster --name=devinfra --config ./src/clusters/kind/config-devinfra.yaml +``` + +We specifically expose ports 80, 443 and 8100 to this cluster on ip `127.0.0.1`. Think carefully what ports to expose. `kind` has no update strategy to change this afterwards. + +![kind cluster creation](./images/kind-cluster-creation.png) + +The cluster creation automatically add configuration to connect to the new cluster + +```powershell +kubectl cluster-info --context kind-devinfra +``` + +To delete the cluster again + +```powershell +kind delete cluster --name devinfra +``` + +When using WSL (Windows Subsystem for Linux), you need to copy the context configuration to your .kubeconfig file on the WSL home directory. + +```powershell +cp /mnt/c/users/$(whoami)/.kube/config ~/.kube/config +``` + +### Docker Desktop K8s + +!!!Warning + `Docker Desktop` creates a single-node `k8s` cluster. +Enable `kubernetes` in the settings: + +![enable k8s](./images/docker-desktop-kubernetes-settings.png) + +### Rancher Desktop K8S + +!!!Warning + `Rancher Desktop` creates a single-node `k8s` cluster. + +If you want to use the kubernetes version of Rancher Desktop itself, just check the checkbox in the settings, but leave the `Traefik` checkbox empty as we will deploy our own version: + +![enable k8s](./images/rancher-desktop-settings.png) + +### Minikube + +!!!Warning + `Minikube` creates a single-node `k8s` cluster. + +Basically there are 2 options, which look fairly the same. Either, + +- run `minikube ` op windows with the `docker` driver and thus WSL2 and make it accessible in your WSL2 distro. +- run `minikube` on WSL2 directly following the [official blog](https://kubernetes.io/blog/2020/05/21/wsl-docker-kubernetes-on-the-windows-desktop/) + +#### On Windows + +> **Warning** +> `minikube` only provide a 1-node cluster + +Fire up your cluster + +```shell +minikube start +``` + +![minikube windows](./images/minikube-windows.png) + +The cluster creation automatically add configuration to connect to the new cluster + +```powershell +kubectl cluster-info --context minikube +``` + +#### On WSL2 + +To run `minikube` from WSL2, try this [blog post](https://hellokube.dev/posts/configure-minikube-ingress-on-wsl2/) or this [blog post](https://matheja.me/2020/04/08/getting-started-with-minikube-on-wsl2.html) diff --git a/docs/preparation/cli.md b/docs/preparation/cli.md deleted file mode 100644 index d118a005..00000000 --- a/docs/preparation/cli.md +++ /dev/null @@ -1,58 +0,0 @@ -# Installing commandline tools - -Install/download the CLIs. - -=== "Windows" - - ```powershell - choco install kind - choco install base64 - choco install mkcert - choco install kubernetes-cli - choco install kubernetes-helm - choco install linkerd2 - choco install k3d - choco install argocd-cli - choco install terraform - ``` - -=== "Linux" - - ```bash - sudo apt-get update - sudo apt-get install -y apt-transport-https ca-certificates curl wget libnss3-tools cl-base64 - - # kind (if needed) - curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.15.0/kind-linux-amd64 - chmod +x ./kind - mv ./kind /usr/local/bin/kind - - # mkcert (if needed) - wget -O mkcert https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64 - sudo mv mkcert-v1.4.4-linux-amd64 /usr/local/bin/mkcert - sudo chmod +x /usr/local/bin/mkcert - - # kubctl - sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg - echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list - sudo apt-get update - sudo apt-get install -y kubectl - - # helm - curl https://baltocdn.com/helm/signing.asc | sudo apt-key add - - sudo apt-get install apt-transport-https --yes - echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list - sudo apt-get update - sudo apt-get install helm - - # argocd (if needed) - sudo curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 - sudo chmod +x /usr/local/bin/argocd - - #linkerd - curl -sL https://run.linkerd.io/install | sh - export PATH=$PATH:~/.linkerd2/bin - - #k3d (if needed) - wget -q -O - https://raw.githubusercontent.com/rancher/k3d/main/install.sh | bash - ``` diff --git a/docs/preparation/docker-desktop.md b/docs/preparation/docker-desktop.md deleted file mode 100644 index 440b09d5..00000000 --- a/docs/preparation/docker-desktop.md +++ /dev/null @@ -1,13 +0,0 @@ -# Docker desktop - -To add WSL2 support to your k8s cluster of `Docker Desktop`, read the details in the [official blog](https://kubernetes.io/blog/2020/05/21/wsl-docker-kubernetes-on-the-windows-desktop/) - -After installation, make sure you enable `WSL2` in the settings - -![enable wsl2](../images/docker-desktop-settings.png) - -and you enable `kubernetes` of course: - -![enable k8s](../images/docker-desktop-kubernetes-settings.png) - -`Docker Desktop` creates a single-node cluster. diff --git a/docs/preparation/k3d.md b/docs/preparation/k3d.md deleted file mode 100644 index 54d2ef3d..00000000 --- a/docs/preparation/k3d.md +++ /dev/null @@ -1,53 +0,0 @@ - -# K3D - -## K3D installation - -### K3D CLI installation - -=== "Windows" - - ```Powershell - choco install k3d - ``` - -=== "Linux" - - ```bash - wget -q -O - https://raw.githubusercontent.com/rancher/k3d/main/install.sh | bash - ``` - -### Creating a cluster with terraform - -Edit `terraform.tfvars` to your needs. By default it will create a 3-node cluster on a custom `Docker` network. Then run to create the cluster, run: - -```shell -cd ./src/clusters/k3d -terraform init -terraform apply --auto-approve -``` - -!!! Note - When using `WSL2` (Windows Subsystem for Linux), you need to copy the context configuration to your `.kubeconfig` file on the `WSL2` home directory or the other way round, depending on which shell you use to run the terraform code. - - ```powershell - cp /mnt/c/users/$(whoami)/.kube/config ~/.kube/config - ``` - - or - - ```powershell - cp ~/.kube/config /mnt/c/users/$(whoami)/.kube/config - ``` - -The cluster creation automatically add configuration to your `kubectl` contexts connect to so you can connect to the new cluster - -```powershell -kubectl cluster-info --context k3d-devinfra -``` - -To delete the cluster again, just run - -```shell -terraform destroy --auto-approve -``` diff --git a/docs/preparation/kind.md b/docs/preparation/kind.md deleted file mode 100644 index d7042566..00000000 --- a/docs/preparation/kind.md +++ /dev/null @@ -1,68 +0,0 @@ - -# KinD - -## KinD installation - -Following the [quick-start](https://kind.sigs.k8s.io/docs/user/quick-start/), installing `kind` is fairly straightforward. - -=== "Windows" - - ```Powershell - choco install kind - ``` - -=== "Linux" - - ```bash - curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 - chmod +x ./kind - mv ./kind /some-dir-in-your-PATH/kind - ``` - -### Creating a cluster with `terraform` - -Edit `terraform.tfvars` to your needs. Then run `terraform apply` to create the cluster. - -```shell -cd ./src/clusters/kind -terraform init -terraform apply --auto-approve -``` - -Verify with - -```hell -kubectl cluster-info --context kind-devinfra -``` - -### Creating a 3-node k8s-cluster - -An example of running a multi-node cluster on docker can be done with `kind`. There are some restrictions with Windows. The provided config `./src/clusters/kind/config-devinfra.yaml` provides a 3-node cluster. There is also a `traefik` ingress test setup to verify your networking configuration. - -To fire up the cluster, run the following: - -```powershell -kind create cluster --name=devinfra --config ./src/clusters/kind/config-devinfra.yaml -``` - -We specifically expose ports 80, 443 and 8100 to this cluster on ip `127.0.0.1`. Think carefully what ports to expose. `kind` has no update strategy to change this afterwards. - -![kind cluster creation](../images/kind-cluster-creation.png) - -The cluster creation automatically add configuration to connect to the new cluster - -```powershell -kubectl cluster-info --context kind-devinfra -``` - -To delete the cluster again - -```powershell -kind delete cluster --name devinfra -``` - -When using WSL (Windows Subsystem for Linux), you need to copy the context configuration to your .kubeconfig file on the WSL home directory. - -```powershell -cp /mnt/c/users/$(whoami)/.kube/config ~/.kube/config -``` diff --git a/docs/preparation/minikube.md b/docs/preparation/minikube.md deleted file mode 100644 index c00129a1..00000000 --- a/docs/preparation/minikube.md +++ /dev/null @@ -1,28 +0,0 @@ -# Minikube - -Basically there are 2 options, which look fairly the same. Either, - -- run `minikube ` op windows with the `docker` driver and thus WSL2 and make it accessible in your WSL2 distro. -- run `minikube` on WSL2 directly following the [official blog](https://kubernetes.io/blog/2020/05/21/wsl-docker-kubernetes-on-the-windows-desktop/) - -## On Windows - -- Installing `minikube` is easy enough. - -```Powershell -choco install minikube -``` - -Next fire up your cluster - -![minikube windows](../images/minikube-windows.png) - -The cluster creation automatically add configuration to connect to the new cluster - -```powershell -kubectl cluster-info --context minikube -``` - -## On WSL2 - -To run `minikube` from WSL2, try this [blog post](https://hellokube.dev/posts/configure-minikube-ingress-on-wsl2/) or this [blog post](https://matheja.me/2020/04/08/getting-started-with-minikube-on-wsl2.html) diff --git a/docs/preparation/test-ingress-controller.md b/docs/preparation/test-ingress-controller.md deleted file mode 100644 index 4557cec8..00000000 --- a/docs/preparation/test-ingress-controller.md +++ /dev/null @@ -1,25 +0,0 @@ -# Testing an ingress controller on the cluster - -To test we can have a working ingress, we can deploy `traefik`: - -First we fetch the ip of the master node: - -```powershell -kubectl get nodes -o wide -``` - -Grab the IP of the node and adapt the `externalIps` entry in `003-ingressroute.yaml`. - -Next we apply the traefik installation - -```powershell -kubectl apply -f ./test-traefik-ingress/ -``` - -You should now be able to surf to the `traefik` admin dashboard on [http://localhost:8100] - -Make sure you delete this test ingress before proceeding - -```powershell -kubectl delete -f ./test-traefik-ingress/ -``` diff --git a/docs/release-notes.md b/docs/release-notes.md deleted file mode 100644 index e69de29b..00000000 diff --git a/mkdocs.yml b/mkdocs.yml index 00b8d298..ae6c0c6e 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -5,21 +5,10 @@ theme: - content.tabs.link nav: - Home: 'index.md' - - Introduction: 'introduction.md' - - Installing: - - Preparation: - - CLI: './preparation/cli.md' - - K8s cluster: - - Docker desktop: './preparation/docker-desktop.md' - - Minikube: './preparation/minikube.md' - - Kind: './preparation/kind.md' - - K3D: './preparation/k3d.md' - - Testing Ingress: './preparation/test-ingress-controller.md' - - Install: - - Terraform: './installation-terraform.md' + - Preparation: './preparation.md' + - Install: './installation-terraform.md' - About: - 'License': 'license.md' - - 'Release Notes': 'release-notes.md' dev_addr: '0.0.0.0:8080' markdown_extensions: diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 00000000..fe548b89 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,9 @@ +mkdocs +mkdocs-material +mkdocs-exclude +markdown-include +mkdocs-awesome-pages-plugin +mkdocs-material-extensions +mkdocs-minify-plugin +mkdocs-git-authors-plugin +mkdocs-git-revision-date-plugin \ No newline at end of file diff --git a/src/clusters/test-traefik-ingress/001-rbac.yaml b/src/clusters/test-traefik-ingress/001-rbac.yaml deleted file mode 100644 index cf4ba007..00000000 --- a/src/clusters/test-traefik-ingress/001-rbac.yaml +++ /dev/null @@ -1,132 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ingressroutes.traefik.containo.us - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: IngressRoute - plural: ingressroutes - singular: ingressroute - scope: Namespaced - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ingressroutetcps.traefik.containo.us - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: IngressRouteTCP - plural: ingressroutetcps - singular: ingressroutetcp - scope: Namespaced - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: middlewares.traefik.containo.us - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: Middleware - plural: middlewares - singular: middleware - scope: Namespaced - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: tlsoptions.traefik.containo.us - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: TLSOption - plural: tlsoptions - singular: tlsoption - scope: Namespaced - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: traefikservices.traefik.containo.us - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: TraefikService - plural: traefikservices - singular: traefikservice - scope: Namespaced - - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: traefik-ingress-controller -rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - traefik.containo.us - resources: - - middlewares - - ingressroutes - - traefikservices - - ingressroutetcps - - tlsoptions - verbs: - - get - - list - - watch - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: traefik-ingress-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: traefik-ingress-controller -subjects: - - kind: ServiceAccount - name: traefik - namespace: kube-system \ No newline at end of file diff --git a/src/clusters/test-traefik-ingress/002-deployment.yaml b/src/clusters/test-traefik-ingress/002-deployment.yaml deleted file mode 100644 index a4a21f5c..00000000 --- a/src/clusters/test-traefik-ingress/002-deployment.yaml +++ /dev/null @@ -1,86 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: traefik - release: traefik - name: traefik - namespace: kube-system - -spec: - replicas: 1 - selector: - matchLabels: - app: traefik - release: traefik - template: - metadata: - labels: - app: traefik - release: traefik - spec: - containers: - - args: - - --api.insecure - - --accesslog - - --global.checknewversion=true - - --entryPoints.traefik.address=:8100 - - --entryPoints.web.address=:80 - - --entryPoints.websecure.address=:443 - - --certificatesresolvers.default.acme.tlschallenge - # Please note that this is the staging Let's Encrypt server configuration. - # Once you get things working, you should remove that following line. - - --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory - - --certificatesresolvers.default.acme.email={YOUR-E-MAIL} - - --certificatesresolvers.default.acme.storage=acme.json - - --api.dashboard=true - - --ping=true - - --providers.kubernetescrd - # Use log level= INFO or DEBUG - - --log.level=INFO - image: traefik:2.1.4 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /ping - port: 8100 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - name: traefik - ports: - - containerPort: 8100 - name: admin - protocol: TCP - - containerPort: 80 - name: web - protocol: TCP - - containerPort: 443 - name: websecure - protocol: TCP - readinessProbe: - failureThreshold: 1 - httpGet: - path: /ping - port: 8100 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - resources: - limits: - memory: "128Mi" - cpu: "500m" - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - serviceAccount: traefik - serviceAccountName: traefik - terminationGracePeriodSeconds: 60 \ No newline at end of file diff --git a/src/clusters/test-traefik-ingress/003-ingressroute.yaml b/src/clusters/test-traefik-ingress/003-ingressroute.yaml deleted file mode 100644 index 6c489998..00000000 --- a/src/clusters/test-traefik-ingress/003-ingressroute.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# ServiceAccount ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: traefik - namespace: kube-system - -# Service ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: traefik - release: traefik - name: traefik - namespace: kube-system -spec: - externalIPs: - - 172.18.0.2 - externalTrafficPolicy: Cluster - ports: - - name: web - nodePort: 31909 - port: 80 - protocol: TCP - targetPort: 80 - - name: websecure - nodePort: 30584 - port: 443 - protocol: TCP - targetPort: 443 - - name: admin - nodePort: 32316 - port: 8100 - protocol: TCP - targetPort: 8100 - selector: - app: traefik - release: traefik - sessionAffinity: None - type: LoadBalancer -status: - loadBalancer: {} \ No newline at end of file diff --git a/src/clusters/test-traefik-ingress/004-test-deploy.yaml b/src/clusters/test-traefik-ingress/004-test-deploy.yaml deleted file mode 100644 index c04fc92e..00000000 --- a/src/clusters/test-traefik-ingress/004-test-deploy.yaml +++ /dev/null @@ -1,64 +0,0 @@ -kind: Pod -apiVersion: v1 -metadata: - name: foo-app - labels: - app: foo -spec: - containers: - - name: foo-app - image: hashicorp/http-echo:0.2.3 - args: - - "-text=foo" ---- -kind: Service -apiVersion: v1 -metadata: - name: foo-service -spec: - selector: - app: foo - ports: - # Default port used by the image - - port: 5678 ---- -kind: Pod -apiVersion: v1 -metadata: - name: bar-app - labels: - app: bar -spec: - containers: - - name: bar-app - image: hashicorp/http-echo:0.2.3 - args: - - "-text=bar" ---- -kind: Service -apiVersion: v1 -metadata: - name: bar-service -spec: - selector: - app: bar - ports: - # Default port used by the image - - port: 5678 ---- -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: - name: example-ingress -spec: - rules: - - http: - paths: - - path: /foo - backend: - serviceName: foo-service - servicePort: 5678 - - path: /bar - backend: - serviceName: bar-service - servicePort: 5678 \ No newline at end of file diff --git a/src/clusters/test-traefik-ingress/005-testdeploy-route.yaml b/src/clusters/test-traefik-ingress/005-testdeploy-route.yaml deleted file mode 100644 index 53d79bad..00000000 --- a/src/clusters/test-traefik-ingress/005-testdeploy-route.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: "testdeploy-foo-ingressroute" - namespace: default -spec: - entryPoints: - - web - routes: - - match: PathPrefix(`/foo`) - kind: Rule - namespace: infrastructure - services: - - name: foo-service - port: 5678 - path: / ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: "testdeploy-bar-ingressroute" - namespace: default -spec: - entryPoints: - - web - routes: - - match: PathPrefix(`/bar`) - kind: Rule - namespace: infrastructure - services: - - name: bar-service - port: 5678 - path: /