85 lines
2.4 KiB
Markdown
85 lines
2.4 KiB
Markdown
# Kubernetes
|
|
|
|
## Initialize your project
|
|
|
|
1. Generate the Docker configuration to enable image builds with Kaniko and communicate with reg.cadoles.com
|
|
|
|
```shell
|
|
docker login reg.cadoles.com
|
|
mkdir -p misc/k8s/kustomization/base/secrets/dockerconfig
|
|
docker --config misc/k8s/kustomization/base/secrets/dockerconfig login reg.cadoles.com
|
|
mv misc/k8s/kustomization/base/secrets/dockerconfig/config.json misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson
|
|
mkdir -p misc/k8s/kustomization/overlays/dev/secrets/dockerconfig
|
|
cp misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson misc/k8s/kustomization/overlays/dev/secrets/dockerconfig/.dockerconfigjson
|
|
```
|
|
|
|
## Getting started with Kind
|
|
|
|
1. Create your [Kind](https://kind.sigs.k8s.io/) cluster
|
|
|
|
```shell
|
|
kind create cluster --config misc/k8s/kind/bouncer-cluster.yaml
|
|
```
|
|
|
|
2. Deploy required operators
|
|
|
|
```shell
|
|
kubectl apply -k misc/k8s/kind/cluster --server-side
|
|
```
|
|
|
|
3. Deploy your Bouncer development environment
|
|
|
|
```shell
|
|
skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/<YOUR_PERSONNAL_USER_NAME>
|
|
```
|
|
|
|
## Testing
|
|
|
|
Bouncer will automatically create proxies based on the files present in the `misc/k8s/kustomization/overlays/dev/files/bouncer/bootstrap.d` folder.
|
|
|
|
By default, with you host web browser, open http://localhost:9000, you should see the Cadoles website.
|
|
|
|
### Using the admin API
|
|
|
|
#### From inside the cluster
|
|
|
|
1. Open shell in bouncer-admin pod
|
|
|
|
```shell
|
|
kubectl exec -it -n bouncer-dev bouncer-admin-<suffix> -- /bin/sh
|
|
```
|
|
|
|
2. Create an authentication token
|
|
|
|
```shell
|
|
bouncer --config /etc/bouncer/config.yml auth create-token --role writer --subject $(whoami) > .bouncer-token
|
|
```
|
|
|
|
3. Create a proxy and enable it
|
|
|
|
```shell
|
|
bouncer admin proxy query
|
|
```
|
|
|
|
#### From outside the cluster
|
|
|
|
1. Retrieve the authentication token from the generated secret
|
|
|
|
```shell
|
|
TOKEN=$(kubectl get secret -n bouncer-dev -o jsonpath="{.data.token}" bouncer-admin-writer-token | base64 -d)
|
|
```
|
|
|
|
2. Use the `bouncer` admin client to query the admin API
|
|
|
|
```shell
|
|
./bouncer admin proxy query -t "${TOKEN}" --server http://127.0.0.1:9999
|
|
```
|
|
|
|
## Benchmarking
|
|
|
|
You can use [`siege`](https://github.com/JoeDog/siege) to benchmark your instance with the Cadoles proxy.
|
|
|
|
```shell
|
|
BASE_URL=http://localhost:9000 make siege
|
|
```
|