# Kubernetes

## Initialize your project

1. Generate the Docker configuration to enable image builds with Kaniko and communicate with reg.cadoles.com

   ```shell
   docker login reg.cadoles.com
   mkdir -p misc/k8s/kustomization/base/secrets/dockerconfig
   docker --config misc/k8s/kustomization/base/secrets/dockerconfig login reg.cadoles.com
   mv misc/k8s/kustomization/base/secrets/dockerconfig/config.json misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson
   mkdir -p misc/k8s/kustomization/overlays/dev/secrets/dockerconfig
   cp misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson misc/k8s/kustomization/overlays/dev/secrets/dockerconfig/.dockerconfigjson
   ```

## Getting started with Kind

1. Create your [Kind](https://kind.sigs.k8s.io/) cluster

   ```shell
   kind create cluster --config misc/k8s/kind/bouncer-cluster.yaml
   ```

2. Deploy required operators

   ```shell
   kubectl apply -k misc/k8s/kind/cluster --server-side
   ```

3. Deploy your Bouncer development environment

   ```shell
   skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/<YOUR_PERSONNAL_USER_NAME>
   ```

## Testing

Bouncer will automatically create proxies based on the files present in the `misc/k8s/kustomization/overlays/dev/files/bouncer/bootstrap.d` folder.

By default, with you host web browser, open http://localhost:9000, you should see the Cadoles website.

### Using the admin API

#### From inside the cluster

1. Open shell in bouncer-admin pod

   ```shell
   kubectl exec -it -n bouncer-dev bouncer-admin-<suffix> -- /bin/sh
   ```

2. Create an authentication token

   ```shell
   bouncer --config /etc/bouncer/config.yml auth create-token --role writer --subject $(whoami) > .bouncer-token
   ```

3. Create a proxy and enable it

   ```shell
   bouncer admin proxy query
   ```

#### From outside the cluster

1. Retrieve the authentication token from the generated secret

   ```shell
   TOKEN=$(kubectl get secret -n bouncer-dev -o jsonpath="{.data.token}" bouncer-admin-writer-token | base64 -d)
   ```

2. Use the `bouncer` admin client to query the admin API

   ```shell
   ./bouncer admin proxy query -t "${TOKEN}" --server http://127.0.0.1:9999
   ```

## Benchmarking

You can use [`siege`](https://github.com/JoeDog/siege) to benchmark your instance with the Cadoles proxy.

```shell
BASE_URL=http://localhost:9000 make siege
```