Adding cluster setup

.gitignore

@@ -76,3 +76,6 @@ $RECYCLE.BIN/
 
 # Custom rules (everything added below won't be overriden by 'Generate .gitignore File' if you use 'Update' option)
 
+*.crt
+*.key
+*.p12

.markdownlint.json

@@ -0,0 +1,4 @@
+{
+    "MD038": false,
+    "MD013": false
+}

README.md

@@ -11,3 +11,7 @@ This repository contains a kubernetes dev infrastructure, providing:
 - Secret management
 
 Each component is intended to be optional.
+
+## Quickstart
+
+To get started quicky, have a look at the [quickstart](./docs/quickstart.md)

docs/index.md

@@ -11,3 +11,7 @@ This repository contains a kubernetes dev infrastructure, providing:
 - Secret management
 
 Each component is intended to be optional.
+
+## Quickstart
+
+To get started quicky, have a look at the [quickstart](quickstart.md)

docs/installation.md

@@ -0,0 +1,10 @@
+# Installation
+
+Edit your variables to connect to the correct cluster
+
+```powershell
+cd src\terraform
+terraform init
+terraform plan
+terraform apply -var-file="configuration.tfvars"
+```

docs/introduction.md

@@ -0,0 +1,13 @@
+# Introduction
+
+Using proven opensource software projects, this repo builds a coherent dev environment that offers similar services that the big cloud providers also offer:
+
+| Provides | Used | AWS | Azure | Google |
+|---|---|---|---|---|
+| Logging | seq  | CloudWatch |   |   |
+| Tracing | jaeger | X-Ray | AppInsights  |   |
+| Metrics | prometheus | CloudWatch |   |   |
+| Dashboards | grafana | CloudWatch |   |   |
+| Service Mesh | consul | AppMesh |   |   |
+| Ingress | traefik | CloudFront |   |   |
+| Secrets | vault | SSM | Azure Vault  |   |

docs/preparation/cli.md

@@ -0,0 +1,10 @@
+# Installing commandline tools
+
+Install/download the CLIs.
+
+```powershell
+choco install mkcert
+choco install terraform
+choco install kubernetes-cli
+choco install kubernetes-helm
+```

docs/preparation/docker-desktop.md

@@ -0,0 +1,11 @@
+# Docker desktop
+
+To add WSL2 support to your k8s cluster of Docker desktop, read the details in the [official blog](https://kubernetes.io/blog/2020/05/21/wsl-docker-kubernetes-on-the-windows-desktop/)
+
+After installation, make sure you enable `WSL2` in the settings
+
+![enable wsl2](..\images\docker-desktop-settings.png)
+
+and you enable `kubernetes` of course:
+
+![enable k8s](..\images\docker-desktop-kubernetes-settings.png)

docs/preparation/kind.md

@@ -0,0 +1,30 @@
+# KinD
+
+## KinD installation
+
+Following the [quick-start](https://kind.sigs.k8s.io/docs/user/quick-start/), installing `kind` in fairly straightforward.
+
+```Powershell
+choco install kind
+```
+
+### Creating a 3-node k8s-cluster
+
+An example of running a multi-node cluster on docker can be done with `kind`. There are some restrictions with Windows. The provided config `./src/clusters/kind/config-devinfra.yaml` provides a 3-node cluster. There is also a `traefik` ingress test setup to verify your networking configuration.
+
+To fire up the cluster, run the following:
+
+```powershell
+cd ./src/clusters/kind/
+kind create cluster --name=devinfra --config .\config-devinfra.yaml
+```
+
+We specifically expose ports 80, 443 and 8100 to this cluster on ip `127.0.0.1`. Think carefully what ports to expose. `kind` has no update strategy to change this afterwards.
+
+![kind cluster creation](..\images\kind-cluster-creation.png)
+
+The cluster creation automatically add configuration to connect to the new cluster
+
+```powershell
+kubectl cluster-info --context kind-devinfra
+```

docs/preparation/minikube.md

@@ -0,0 +1,28 @@
+# Minikube
+
+Basically there are 2 options, which look fairly the same. Either,
+
+- run `minikube ` op windows with the `docker` driver and thus WSL2 and make it accessible in your WSL2 distro.
+- run `minikube` on WSL2 directly following the [official blog](https://kubernetes.io/blog/2020/05/21/wsl-docker-kubernetes-on-the-windows-desktop/)
+
+## On Windows
+
+- Installing `minikube` is easy enough.
+
+```Powershell
+choco install minikube
+```
+
+Next fire up your cluster
+
+![minikube windows](..\images\minikube-windows.png)
+
+The cluster creation automatically add configuration to connect to the new cluster
+
+```powershell
+kubectl cluster-info --context minikube
+```
+
+## On WSL2
+
+To run `minikube` from WSL2, try this [blog post](https://hellokube.dev/posts/configure-minikube-ingress-on-wsl2/) or this [blog post](https://matheja.me/2020/04/08/getting-started-with-minikube-on-wsl2.html)

docs/preparation/test-ingress-controller.md

@@ -0,0 +1,25 @@
+# Testing an ingress controller on the cluster
+
+To test we can have a working ingress, we can deploy `traefik`:
+
+First we fetch the ip of the master node:
+
+```powershell
+kubectl get nodes -o wide
+```
+
+Grab the IP of the node and adapt the `externalIps` entry in `003-ingressroute.yaml`.
+
+Next we apply the traefik installation
+
+```powershell
+kubectl apply -f ./test-traefik-ingress/
+```
+
+You should now be able to surf to the `traefik` admin dashboard on [http://localhost:8100]
+
+Make sure you delete this test ingress before proceeding
+
+```powershell
+kubectl delete -f ./test-traefik-ingress/
+```

docs/quickstart.md

@@ -0,0 +1,10 @@
+# Quickstart
+
+## Prerequisites
+
+```powershell
+choco install mkcert
+choco install terraform
+choco install kubernetes-cli
+choco install kubernetes-helm
+```

mkdocs.yml

@@ -3,6 +3,16 @@ theme:
   name: material
 nav:
     - Home: 'index.md'
+    - Introduction: 'introduction.md'
+    - Installing:
+      - Preparation:
+        - CLI: './preparation/cli.md'
+        - K8s cluster:
+          - Docker desktop: './preparation/docker-desktop.md'
+          - Minikube: './preparation/minikube.md'
+          - Kind: './preparation/kind.md'
+        - Testing Ingress: './preparation/test-ingress-controller.md'
+      - Install: './installation.md'
     - About:
         - 'License': 'license.md'
         - 'Release Notes': 'release-notes.md'

src/clusters/kind/config-devinfra.yaml

@@ -0,0 +1,28 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+networking:
+  ipFamily: ipv4
+  apiServerAddress: 127.0.0.1
+nodes:
+- role: control-plane
+  kubeadmConfigPatches:
+  - |
+    kind: InitConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        node-labels: "ingress-ready=true"
+  extraPortMappings:
+  - containerPort: 80
+    hostPort: 80
+    protocol: TCP
+    listenAddress: "127.0.0.1"
+  - containerPort: 443
+    hostPort: 443
+    protocol: TCP
+    listenAddress: "127.0.0.1"
+  - containerPort: 8100
+    hostPort: 8100
+    protocol: TCP
+    listenAddress: "127.0.0.1"
+- role: worker
+- role: worker

src/clusters/test-traefik-ingress/001-rbac.yaml

@@ -0,0 +1,132 @@
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ingressroutes.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: IngressRoute
+    plural: ingressroutes
+    singular: ingressroute
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ingressroutetcps.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: IngressRouteTCP
+    plural: ingressroutetcps
+    singular: ingressroutetcp
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: middlewares.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: Middleware
+    plural: middlewares
+    singular: middleware
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: tlsoptions.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TLSOption
+    plural: tlsoptions
+    singular: tlsoption
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: traefikservices.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TraefikService
+    plural: traefikservices
+    singular: traefikservice
+  scope: Namespaced
+
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: traefik-ingress-controller
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - endpoints
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses/status
+    verbs:
+      - update
+  - apiGroups:
+      - traefik.containo.us
+    resources:
+      - middlewares
+      - ingressroutes
+      - traefikservices
+      - ingressroutetcps
+      - tlsoptions
+    verbs:
+      - get
+      - list
+      - watch
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: traefik-ingress-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: traefik-ingress-controller
+subjects:
+  - kind: ServiceAccount
+    name: traefik
+    namespace: kube-system