diff --git a/README.md b/README.md index d43687b4a..3fb1a983b 100644 --- a/README.md +++ b/README.md @@ -10,13 +10,12 @@ - [ ] configure persistent & shared storage between nodes - [x] reproduce setup locally - -## Install Minikube, kubectl +## Minikube There are many Kubernetes distributions, but if you're just getting started, Minikube is a tool that you can use to get your feet wet. [Install Minikube](https://kubernetes.io/docs/tasks/tools/install-minikube/) -# Open minikube dashboard +### Open minikube dashboard ``` $ minikube dashboard ``` @@ -25,63 +24,98 @@ Some of the steps below need some timing to make ressources available to other dependent deployments. Keeping an eye on the dashboard is a great way to check that. -## Create a namespace locally -```shell -$ kubectl create -f namespace-staging.yml -``` -Switch to the namespace `staging` in your kubernetes dashboard. +### Access exposed services -## Setup config maps -```shell -$ cp db-migration-worker.template.yml config/db-migration-worker.yml -# edit all variables according to the setup of the remote legacy server +Follow the installation instruction below. Just at the end, expose the +`nitro-web` service on your host system with: -$ kubectl apply -f config/ +```shell +$ minikube service nitro-web --namespace=staging ``` -## Setup secrets and deploy themn +## Digital Ocean + +Install the kubernetes dashboard first: +```sh +$ kubectl apply -f dashboard/ +``` +Proxy localhost to the remote kubernetes dashboard: +```sh +kubectl proxy +``` +Get your token on the command line: +```sh +$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') +``` +It should print something like: +``` +Name: admin-user-token-6gl6l +Namespace: kube-system +Labels: +Annotations: kubernetes.io/service-account.name=admin-user + kubernetes.io/service-account.uid=b16afba9-dfec-11e7-bbb9-901b0e532516 + +Type: kubernetes.io/service-account-token + +Data +==== +ca.crt: 1025 bytes +namespace: 11 bytes +token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTZnbDZsIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiMTZhZmJhOS1kZmVjLTExZTctYmJiOS05MDFiMGU1MzI1MTYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.M70CU3lbu3PP4OjhFms8PVL5pQKj-jj4RNSLA4YmQfTXpPUuxqXjiTf094_Rzr0fgN_IVX6gC4fiNUL5ynx9KU-lkPfk0HnX8scxfJNzypL039mpGt0bbe1IXKSIRaq_9VW59Xz-yBUhycYcKPO9RM2Qa1Ax29nqNVko4vLn1_1wPqJ6XSq3GYI8anTzV8Fku4jasUwjrws6Cn6_sPEGmL54sq5R4Z5afUtv-mItTmqZZdxnkRqcJLlg2Y8WbCPogErbsaCDJoABQ7ppaqHetwfM_0yMun6ABOQbIwwl8pspJhpplKwyo700OSpvTT9zlBsu-b35lzXGBRHzv5g_RA + +``` +Grab the token and paste it into the login screen at [http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/](http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/) + + +## Installation with kubernetes (minikube + Digital Ocean) + +You have to do some prerequisites and change some secrets according to your own setup. + +#### Setup config maps +```shell +$ cp db-migration-worker.template.yml staging/config/db-migration-worker.yml +``` +Edit all variables according to the setup of the remote legacy server. + +#### Setup secrets and deploy themn + +```sh +$ cp secrets.yml.template staging/secrets.yml +``` +Change all secrets as needed. + If you want to edit secrets, you have to `base64` encode them. See [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/secret/#creating-a-secret-manually). ```shell # example how to base64 a string: $ echo -n 'admin' | base64 YWRtaW4= +``` +Those secrets get `base64` decoded in a kubernetes pod. -$ cp secrets.yml.template secrets.yml -# change all variables as needed and deploy them +#### Create a namespace locally +```shell +$ kubectl create -f namespace-staging.yml +``` +Switch to the namespace `staging` in your kubernetes dashboard. + +### Run the configuration +```shell +$ cd staging/ $ kubectl apply -f secrets.yml -``` - -## Create volumes -```shell +$ kubectl apply -f config/ $ kubectl apply -f volumes/ -``` - -## Expose the services - -```shell $ kubectl apply -f services/ -``` -Wait until persistent volumes and services become available. - -## Create deployments -```shell $ kubectl apply -f deployments/ ``` + This can take a while because kubernetes will download the docker images. Sit back and relax and have a look into your kubernetes dashboard. Wait until all pods turn green and they don't show a warning `Waiting: ContainerCreating` anymore. -## Access the services - -```shell -$ minikube service nitro-web --namespace=staging -``` - - -## Provision db-migration-worker +### Provision db-migration-worker Copy your private ssh key and the `.known-hosts` file of your remote legacy server. ```shell diff --git a/dashboard/admin-user.yml b/dashboard/admin-user.yml new file mode 100644 index 000000000..27b6bb802 --- /dev/null +++ b/dashboard/admin-user.yml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: admin-user + namespace: kube-system diff --git a/dashboard/role-binding.yml b/dashboard/role-binding.yml new file mode 100644 index 000000000..faa8927a2 --- /dev/null +++ b/dashboard/role-binding.yml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: admin-user +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: admin-user + namespace: kube-system diff --git a/staging/namespace-staging.yml b/namespace-staging.yml similarity index 100% rename from staging/namespace-staging.yml rename to namespace-staging.yml