Upgrade to wiki 0.20.0

This configuration partially works with kubernetes 1.15 running
locally using Docker Desktop for Mac and kind (k8s in docker).

For completeness, we installed kind & created a cluster like this:

    cd /tmp/ && GO111MODULE="on" go get sigs.k8s.io/kind
    kind create cluster --name workshop
    export KUBECONFIG="$(kind get kubeconfig-path --name="workshop")"

We describe finicky details discovered while creating wiki.yaml.

The persistent volume when mounted in wiki-config begins its life with
all files owned by root. This prevented our node user inside the
container from creating the config files inside .wiki. It took a while
to discover the correct securityContext for the wiki-config container.

We tested this configuration as follows:

    alias k=kubectl
    k apply -f wiki.yaml
    export POD=$(k get pod -lapp=wiki -o jsonpath='{.items[*].metadata.name}')
    export PASSWORD=$(k exec svc/wiki-service -- jq -r .admin .wiki/config.json)
    k port-forward svc/wiki-service 3000:80 > /dev/null &
    pbcopy <<<"$PASSWORD"
    open http://localhost:3000
    # click lock icon in the browser to login to wiki page
    # paste the password from the clipboard
    # click wiki to toggle editing on
    # make a few edits to the wiki page

Something about authentication is NOT working for anything except
localhost. When we try the same tests using http://localtest.me or
configuring foo.local in the MacOS /etc/hosts file, for some reason
the cookies don't seem to be passed through to the server. All edits
on other pages end up in browser localStorage.

Nevertheless, I'll commit what I have for now.

Dockerfile

@@ -5,7 +5,7 @@ RUN apk add --update --no-cache \
   git \
   jq
 WORKDIR "/home/node"
-ARG WIKI_PACKAGE=wiki@0.19.0
+ARG WIKI_PACKAGE=wiki@0.20.0
 RUN su node -c "npm install -g --prefix . $WIKI_PACKAGE"
 RUN su node -c "mkdir -p .wiki"
 VOLUME "/home/node/.wiki"

examples/k8s/README.md

@@ -0,0 +1,27 @@
+# Wiki Farm in Kubernetes
+
+There are easier ways to get started with federated wiki. Here we are
+using wiki to drive some learning about kubernetes.
+
+# We're using MacOS, Docker Desktop, and kind
+
+    brew cask install docker
+    brew install kind
+    kind create cluster --name wiki
+
+# Deploy Wiki
+
+    kubectl apply -f wiki.yaml
+
+# Play with the wiki
+
+    # pbcopy & open are MacOS commands
+    kubectl port-forward svc/wiki-service 3000:80 \
+      > port-forward.log \
+      2> port-forward.err &
+    # get admin password on the clipboard
+    kubectl exec svc/wiki-service -- \
+      jq -r .admin .wiki/config.json \
+      | pbcopy
+    open http://localhost:3000
+    # login with the password on the clipboard

examples/k8s/wiki.yaml

@@ -0,0 +1,130 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: dot-wiki
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 4Gi
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: wiki-config
+data:
+  config.json: |
+    {
+      "admin": "ADMIN",
+      "farm": true,
+      "cookieSecret": "RANDOM",
+      "security_type": "friends",
+      "secure_cookie": false,
+      "wikiDomains": {
+        "local": {
+          "id": "/home/node/.wiki/local.owner.json"
+        },
+        "localhost": {
+          "id": "/home/node/.wiki/local.owner.json"
+        },
+        "localtest.me": {
+          "id": "/home/node/.wiki/local.owner.json"
+        },
+        "local.dbbs.co": {
+          "id": "/home/node/.wiki/local.owner.json"
+        }
+      }
+    }
+  local.owner.json: |
+    {
+      "name": "The Owner",
+      "friend": {
+        "secret": "ADMIN"
+      }
+    }
+  install-config: |
+    #!/bin/sh
+    randomstring() {
+        node -e 'console.log(require("crypto").randomBytes(64).toString("hex"))'
+    }
+    readonly ADMIN=$(randomstring)
+    readonly COOKIE=$(randomstring)
+
+    readonly CONFIG=/home/node/.wiki/config.json
+    readonly OWNER=/home/node/.wiki/local.owner.json
+    [ -f $CONFIG ] || {
+      jq --arg admin $ADMIN  \
+         --arg cookie $COOKIE \
+         '.admin = $admin | .cookieSecret = $cookie' \
+         /etc/config/config.json \
+         > $CONFIG
+    }
+    [ -f $OWNER ] || {
+      jq --arg admin $ADMIN  \
+         '.friend.secret = $admin' \
+         /etc/config/local.owner.json \
+         > $OWNER
+    }
+    chown -R 1000:1000 /home/node/.wiki
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wiki-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: wiki
+  template:
+    metadata:
+      labels:
+        app: wiki
+    spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+      initContainers:
+      - name: wiki-config
+        image: dobbs/farm:1.0.0
+        securityContext:
+          runAsUser: 0
+          runAsGroup: 0
+          allowPrivilegeEscalation: false
+        volumeMounts:
+          - name: dot-wiki
+            mountPath: /home/node/.wiki
+          - name: config-templates
+            mountPath: /etc/config
+        command: ["sh", "/etc/config/install-config"]
+      containers:
+      - name: farm
+        image: dobbs/farm:1.0.0
+        command: ["wiki", "--config", "/home/node/.wiki/config.json"]
+        ports:
+        - containerPort: 3000
+        volumeMounts:
+          - name: dot-wiki
+            mountPath: /home/node/.wiki
+      volumes:
+      - name: dot-wiki
+        persistentVolumeClaim:
+          claimName: dot-wiki
+      - name: config-templates
+        configMap:
+          name: wiki-config
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wiki-service
+spec:
+  ports:
+  - name: http
+    targetPort: 3000
+    port: 80
+  selector:
+    app: wiki