diff --git a/SUMMARY.md b/SUMMARY.md index dbd9e4299..937b2b06b 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -23,6 +23,8 @@ * [Kubernetes Deployment](deployment/README.md) * [Minikube](deployment/minikube/README.md) * [Digital Ocean](deployment/digital-ocean/README.md) + * [Kubernetes Dashboard](deployment/digital-ocean/dashboard/README.md) + * [HTTPS](deployment/digital-ocean/https/README.md) * [Neo4J DB Backup](deployment/backup.md) * [Maintenance](maintenance/README.md) * [Feature Specification](cypress/features.md) diff --git a/deployment/README.md b/deployment/README.md index a288cdce7..77e03e722 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -46,60 +46,6 @@ $ kubectl apply -f human-connection/ This can take a while because kubernetes will download the docker images. Sit back and relax and have a look into your kubernetes dashboard. Wait until all pods turn green and they don't show a warning `Waiting: ContainerCreating` anymore. -#### Setup Ingress and HTTPS - -Follow [this quick start guide](https://docs.cert-manager.io/en/latest/tutorials/acme/quick-start/index.html) and install certmanager via helm and tiller: - -```text -$ kubectl create serviceaccount tiller --namespace=kube-system -$ kubectl create clusterrolebinding tiller-admin --serviceaccount=kube-system:tiller --clusterrole=cluster-admin -$ helm init --service-account=tiller -$ helm repo update -$ helm install stable/nginx-ingress -$ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml -$ helm install --name cert-manager --namespace cert-manager stable/cert-manager -``` - -Create letsencrypt issuers. _Change the email address_ in these files before running this command. - -```bash -$ kubectl apply -f human-connection/https/ -``` - -Create an ingress service in namespace `human-connection`. _Change the domain name_ according to your needs: - -```bash -$ kubectl apply -f human-connection/ingress/ -``` - -Check the ingress server is working correctly: - -```bash -$ curl -kivL -H 'Host: ' 'https://' -``` - -If the response looks good, configure your domain registrar for the new IP address and the domain. - -Now let's get a valid HTTPS certificate. According to the tutorial above, check your tls certificate for staging: - -```bash -$ kubectl describe --namespace=human-connection certificate tls -$ kubectl describe --namespace=human-connection secret tls -``` - -If everything looks good, update the issuer of your ingress. Change the annotation `certmanager.k8s.io/issuer` from `letsencrypt-staging` to `letsencrypt-prod` in your ingress configuration in `human-connection/ingress/ingress.yaml`. - -```bash -$ kubectl apply -f human-connection/ingress/ingress.yaml -``` - -Delete the former secret to force a refresh: - -```text -$ kubectl --namespace=human-connection delete secret tls -``` - -Now, HTTPS should be configured on your domain. Congrats. #### Legacy data migration diff --git a/deployment/digital-ocean/README.md b/deployment/digital-ocean/README.md index 5431d6338..12c272691 100644 --- a/deployment/digital-ocean/README.md +++ b/deployment/digital-ocean/README.md @@ -20,56 +20,7 @@ nifty-driscoll-uusn Ready 69d v1.13.2 If you got the steps right above and see your nodes you can continue. -## Install kubernetes dashboard - -The kubernetes dashboard is optional but very helpful for debugging. If you want to install it, you have to do so only **once** per cluster: - -```bash -$ kubectl apply -f dashboard/ -$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml -``` - -### Login to your dashboard - -Proxy the remote kubernetes dashboard to localhost: - -```bash -$ kubectl proxy -``` - -Visit: - -[http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/](http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/) - -You should see a login screen. - -To get your token for the dashboard you can run this command: - -```bash -$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') -``` - -It should print something like: - -```text -Name: admin-user-token-6gl6l -Namespace: kube-system -Labels: -Annotations: kubernetes.io/service-account.name=admin-user - kubernetes.io/service-account.uid=b16afba9-dfec-11e7-bbb9-901b0e532516 - -Type: kubernetes.io/service-account-token - -Data -==== -ca.crt: 1025 bytes -namespace: 11 bytes -token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTZnbDZsIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiMTZhZmJhOS1kZmVjLTExZTctYmJiOS05MDFiMGU1MzI1MTYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.M70CU3lbu3PP4OjhFms8PVL5pQKj-jj4RNSLA4YmQfTXpPUuxqXjiTf094_Rzr0fgN_IVX6gC4fiNUL5ynx9KU-lkPfk0HnX8scxfJNzypL039mpGt0bbe1IXKSIRaq_9VW59Xz-yBUhycYcKPO9RM2Qa1Ax29nqNVko4vLn1_1wPqJ6XSq3GYI8anTzV8Fku4jasUwjrws6Cn6_sPEGmL54sq5R4Z5afUtv-mItTmqZZdxnkRqcJLlg2Y8WbCPogErbsaCDJoABQ7ppaqHetwfM_0yMun6ABOQbIwwl8pspJhpplKwyo700OSpvTT9zlBsu-b35lzXGBRHzv5g_RA -``` - -Grab the token from above and paste it into the [login screen](http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/) - -When you are logged in, you should see sth. like: -![Dashboard](./dashboard-screenshot.png) - -Feel free to save the login token from above in your password manager. Unlike the `kubeconfig` file, this token does not expire. +Digital Ocean kubernetes clusters don't have a graphical interface, so I suggest +to setup the [kubernetes dashboard](./dashboard/README.md) as a next step. +Configuring [HTTPS](./https/README.md) is bit tricky and therefore I suggest to +do this as a last step. diff --git a/deployment/digital-ocean/dashboard/README.md b/deployment/digital-ocean/dashboard/README.md new file mode 100644 index 000000000..a2e5446b2 --- /dev/null +++ b/deployment/digital-ocean/dashboard/README.md @@ -0,0 +1,54 @@ +# Install Kubernetes Dashboard + +The kubernetes dashboard is optional but very helpful for debugging. If you want to install it, you have to do so only **once** per cluster: + +```bash +# in folder deployment/digital-ocean/ +$ kubectl apply -f dashboard/ +$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml +``` + +### Login to your dashboard + +Proxy the remote kubernetes dashboard to localhost: + +```bash +$ kubectl proxy +``` + +Visit: + +[http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/](http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/) + +You should see a login screen. + +To get your token for the dashboard you can run this command: + +```bash +$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') +``` + +It should print something like: + +```text +Name: admin-user-token-6gl6l +Namespace: kube-system +Labels: +Annotations: kubernetes.io/service-account.name=admin-user + kubernetes.io/service-account.uid=b16afba9-dfec-11e7-bbb9-901b0e532516 + +Type: kubernetes.io/service-account-token + +Data +==== +ca.crt: 1025 bytes +namespace: 11 bytes +token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTZnbDZsIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiMTZhZmJhOS1kZmVjLTExZTctYmJiOS05MDFiMGU1MzI1MTYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.M70CU3lbu3PP4OjhFms8PVL5pQKj-jj4RNSLA4YmQfTXpPUuxqXjiTf094_Rzr0fgN_IVX6gC4fiNUL5ynx9KU-lkPfk0HnX8scxfJNzypL039mpGt0bbe1IXKSIRaq_9VW59Xz-yBUhycYcKPO9RM2Qa1Ax29nqNVko4vLn1_1wPqJ6XSq3GYI8anTzV8Fku4jasUwjrws6Cn6_sPEGmL54sq5R4Z5afUtv-mItTmqZZdxnkRqcJLlg2Y8WbCPogErbsaCDJoABQ7ppaqHetwfM_0yMun6ABOQbIwwl8pspJhpplKwyo700OSpvTT9zlBsu-b35lzXGBRHzv5g_RA +``` + +Grab the token from above and paste it into the [login screen](http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/) + +When you are logged in, you should see sth. like: +![Dashboard](./dashboard-screenshot.png) + +Feel free to save the login token from above in your password manager. Unlike the `kubeconfig` file, this token does not expire. diff --git a/deployment/dashboard/admin-user.yaml b/deployment/digital-ocean/dashboard/admin-user.yaml similarity index 100% rename from deployment/dashboard/admin-user.yaml rename to deployment/digital-ocean/dashboard/admin-user.yaml diff --git a/deployment/digital-ocean/dashboard-screenshot.png b/deployment/digital-ocean/dashboard/dashboard-screenshot.png similarity index 100% rename from deployment/digital-ocean/dashboard-screenshot.png rename to deployment/digital-ocean/dashboard/dashboard-screenshot.png diff --git a/deployment/dashboard/role-binding.yaml b/deployment/digital-ocean/dashboard/role-binding.yaml similarity index 100% rename from deployment/dashboard/role-binding.yaml rename to deployment/digital-ocean/dashboard/role-binding.yaml diff --git a/deployment/digital-ocean/https/README.md b/deployment/digital-ocean/https/README.md new file mode 100644 index 000000000..398601e78 --- /dev/null +++ b/deployment/digital-ocean/https/README.md @@ -0,0 +1,57 @@ +# Setup Ingress and HTTPS + +Follow [this quick start guide](https://docs.cert-manager.io/en/latest/tutorials/acme/quick-start/index.html) and install certmanager via helm and tiller: + +```text +$ kubectl create serviceaccount tiller --namespace=kube-system +$ kubectl create clusterrolebinding tiller-admin --serviceaccount=kube-system:tiller --clusterrole=cluster-admin +$ helm init --service-account=tiller +$ helm repo update +$ helm install stable/nginx-ingress +$ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml +$ helm install --name cert-manager --namespace cert-manager stable/cert-manager +``` + +Create letsencrypt issuers. _Change the email address_ in these files before running this command. + +```bash +# in folder deployment/digital-ocean/https/ +$ kubectl apply -f issuer.yaml +``` + +Create an ingress service in namespace `human-connection`. _Change the domain name_ according to your needs: + +```bash +# in folder deployment/digital-ocean/https/ +$ kubectl apply -f ingress.yaml +``` + +Check the ingress server is working correctly: + +```bash +$ curl -kivL -H 'Host: ' 'https://' +``` + +If the response looks good, configure your domain registrar for the new IP address and the domain. + +Now let's get a valid HTTPS certificate. According to the tutorial above, check your tls certificate for staging: + +```bash +$ kubectl describe --namespace=human-connection certificate tls +$ kubectl describe --namespace=human-connection secret tls +``` + +If everything looks good, update the issuer of your ingress. Change the annotation `certmanager.k8s.io/issuer` from `letsencrypt-staging` to `letsencrypt-prod` in your ingress configuration in `ingress.yaml`. + +```bash +# in folder deployment/digital-ocean/https/ +$ kubectl apply -f ingress.yaml +``` + +Delete the former secret to force a refresh: + +```text +$ kubectl --namespace=human-connection delete secret tls +``` + +Now, HTTPS should be configured on your domain. Congrats. diff --git a/deployment/human-connection/ingress/ingress.yaml b/deployment/digital-ocean/https/ingress.yaml similarity index 100% rename from deployment/human-connection/ingress/ingress.yaml rename to deployment/digital-ocean/https/ingress.yaml diff --git a/deployment/human-connection/https/issuer.yaml b/deployment/digital-ocean/https/issuer.yaml similarity index 100% rename from deployment/human-connection/https/issuer.yaml rename to deployment/digital-ocean/https/issuer.yaml