Cadoles/bouncer
Cadoles
/
bouncer
10
0
Fork 0
Code Issues 1 Pull Requests Projects Releases 3 Wiki Activity
bouncer/misc/k8s
History
wpetit 7de166765b
Cadoles/bouncer/pipeline/head This commit looks good Details
feat(k8s): use secret as shared source for admin private key 		2024-03-28 15:53:40 +01:00
..
kind fix(k8s): redis configuration 2024-03-26 14:04:07 +01:00
kustomization feat(k8s): use secret as shared source for admin private key 2024-03-28 15:53:40 +01:00
README.md doc(k8s): add in/out cluster api querying procedure 2024-03-28 09:10:16 +01:00

README.md

Kubernetes

Initialize your project

  1. Generate the Docker configuration to enable image builds with Kaniko and communicate with reg.cadoles.com

    docker login reg.cadoles.com
mkdir -p misc/k8s/kustomization/base/secrets/dockerconfig
docker --config misc/k8s/kustomization/base/secrets/dockerconfig login reg.cadoles.com
mv misc/k8s/kustomization/base/secrets/dockerconfig/config.json misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson
mkdir -p misc/k8s/kustomization/overlays/dev/secrets/dockerconfig
cp misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson misc/k8s/kustomization/overlays/dev/secrets/dockerconfig/.dockerconfigjson

Getting started with Kind

  1. Create your Kind cluster

    kind create cluster --config misc/k8s/kind/bouncer-cluster.yaml

  2. Deploy required operators

    kubectl apply -k misc/k8s/kind/cluster --server-side

  3. Deploy your Bouncer development environment

    skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/<YOUR_PERSONNAL_USER_NAME>

Testing

Bouncer will automatically create proxies based on the files present in the misc/k8s/kustomization/overlays/dev/files/bouncer/bootstrap.d folder.

By default, with you host web browser, open http://localhost:9000, you should see the Cadoles website.

Using the admin API

From inside the cluster

  1. Open shell in bouncer-admin pod

    kubectl exec -it -n bouncer-dev bouncer-admin-<suffix> -- /bin/sh

  2. Create an authentication token

    bouncer --config /etc/bouncer/config.yml auth create-token --role writer --subject $(whoami) > .bouncer-token

  3. Create a proxy and enable it

    bouncer admin proxy query

From outside the cluster

  1. Retrieve the authentication token from the generated secret

    TOKEN=$(kubectl get secret -n bouncer-dev -o jsonpath="{.data.token}" bouncer-admin-writer-token | base64 -d)

  2. Use the bouncer admin client to query the admin API

    ./bouncer admin proxy query -t "${TOKEN}" --server http://127.0.0.1:9999

Benchmarking

You can use siege to benchmark your instance with the Cadoles proxy.

BASE_URL=http://localhost:9000 make siege