bouncer/misc/k8s
William Petit 7de166765b
All checks were successful
Cadoles/bouncer/pipeline/head This commit looks good
feat(k8s): use secret as shared source for admin private key
2024-03-28 15:53:40 +01:00
..
kind fix(k8s): redis configuration 2024-03-26 14:04:07 +01:00
kustomization feat(k8s): use secret as shared source for admin private key 2024-03-28 15:53:40 +01:00
README.md doc(k8s): add in/out cluster api querying procedure 2024-03-28 09:10:16 +01:00

Kubernetes

Initialize your project

  1. Generate the Docker configuration to enable image builds with Kaniko and communicate with reg.cadoles.com

    docker login reg.cadoles.com
    mkdir -p misc/k8s/kustomization/base/secrets/dockerconfig
    docker --config misc/k8s/kustomization/base/secrets/dockerconfig login reg.cadoles.com
    mv misc/k8s/kustomization/base/secrets/dockerconfig/config.json misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson
    mkdir -p misc/k8s/kustomization/overlays/dev/secrets/dockerconfig
    cp misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson misc/k8s/kustomization/overlays/dev/secrets/dockerconfig/.dockerconfigjson
    

Getting started with Kind

  1. Create your Kind cluster

    kind create cluster --config misc/k8s/kind/bouncer-cluster.yaml
    
  2. Deploy required operators

    kubectl apply -k misc/k8s/kind/cluster --server-side
    
  3. Deploy your Bouncer development environment

    skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/<YOUR_PERSONNAL_USER_NAME>
    

Testing

Bouncer will automatically create proxies based on the files present in the misc/k8s/kustomization/overlays/dev/files/bouncer/bootstrap.d folder.

By default, with you host web browser, open http://localhost:9000, you should see the Cadoles website.

Using the admin API

From inside the cluster

  1. Open shell in bouncer-admin pod

    kubectl exec -it -n bouncer-dev bouncer-admin-<suffix> -- /bin/sh
    
  2. Create an authentication token

    bouncer --config /etc/bouncer/config.yml auth create-token --role writer --subject $(whoami) > .bouncer-token
    
  3. Create a proxy and enable it

    bouncer admin proxy query
    

From outside the cluster

  1. Retrieve the authentication token from the generated secret

    TOKEN=$(kubectl get secret -n bouncer-dev -o jsonpath="{.data.token}" bouncer-admin-writer-token | base64 -d)
    
  2. Use the bouncer admin client to query the admin API

    ./bouncer admin proxy query -t "${TOKEN}" --server http://127.0.0.1:9999
    

Benchmarking

You can use siege to benchmark your instance with the Cadoles proxy.

BASE_URL=http://localhost:9000 make siege