wiki-cafe
/
wiki-farm-docker
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
wiki-farm-docker/examples/k8s/wiki.yaml

131 lines
2.9 KiB
YAML
Raw Normal View History

Add example kubernetes deployment This configuration partially works with kubernetes 1.15 running locally using Docker Desktop for Mac and kind (k8s in docker). For completeness, we installed kind & created a cluster like this: cd /tmp/ && GO111MODULE="on" go get sigs.k8s.io/kind kind create cluster --name workshop export KUBECONFIG="$(kind get kubeconfig-path --name="workshop")" We describe finicky details discovered while creating wiki.yaml. The persistent volume when mounted in wiki-config begins its life with all files owned by root. This prevented our node user inside the container from creating the config files inside .wiki. It took a while to discover the correct securityContext for the wiki-config container. We tested this configuration as follows: alias k=kubectl k apply -f wiki.yaml export POD=$(k get pod -lapp=wiki -o jsonpath='{.items[*].metadata.name}') export PASSWORD=$(k exec svc/wiki-service -- jq -r .admin .wiki/config.json) k port-forward svc/wiki-service 3000:80 > /dev/null & pbcopy <<<"$PASSWORD" open http://localhost:3000 # click lock icon in the browser to login to wiki page # paste the password from the clipboard # click wiki to toggle editing on # make a few edits to the wiki page Something about authentication is NOT working for anything except localhost. When we try the same tests using http://localtest.me or configuring foo.local in the MacOS /etc/hosts file, for some reason the cookies don't seem to be passed through to the server. All edits on other pages end up in browser localStorage. Nevertheless, I'll commit what I have for now.
2019-11-17 05:27:45 +00:00
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: dot-wiki
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 4Gi
---
apiVersion: v1
kind: ConfigMap
metadata:
name: wiki-config
data:
config.json: |
{
"admin": "ADMIN",
"farm": true,
"cookieSecret": "RANDOM",
"security_type": "friends",
"secure_cookie": false,
"wikiDomains": {
"local": {
"id": "/home/node/.wiki/local.owner.json"
},
"localhost": {
"id": "/home/node/.wiki/local.owner.json"
},
"localtest.me": {
"id": "/home/node/.wiki/local.owner.json"
},
"local.dbbs.co": {
"id": "/home/node/.wiki/local.owner.json"
}
}
}
local.owner.json: |
{
"name": "The Owner",
"friend": {
"secret": "ADMIN"
}
}
install-config: |
#!/bin/sh
randomstring() {
node -e 'console.log(require("crypto").randomBytes(64).toString("hex"))'
}
readonly ADMIN=$(randomstring)
readonly COOKIE=$(randomstring)
readonly CONFIG=/home/node/.wiki/config.json
readonly OWNER=/home/node/.wiki/local.owner.json
[ -f $CONFIG ] || {
jq --arg admin $ADMIN \
--arg cookie $COOKIE \
'.admin = $admin | .cookieSecret = $cookie' \
/etc/config/config.json \
> $CONFIG
}
[ -f $OWNER ] || {
jq --arg admin $ADMIN \
'.friend.secret = $admin' \
/etc/config/local.owner.json \
> $OWNER
}
chown -R 1000:1000 /home/node/.wiki
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wiki-deployment
spec:
replicas: 1
selector:
matchLabels:
app: wiki
template:
metadata:
labels:
app: wiki
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
initContainers:
- name: wiki-config
image: dobbs/farm:1.0.0
securityContext:
runAsUser: 0
runAsGroup: 0
allowPrivilegeEscalation: false
volumeMounts:
- name: dot-wiki
mountPath: /home/node/.wiki
- name: config-templates
mountPath: /etc/config
command: ["sh", "/etc/config/install-config"]
containers:
- name: farm
image: dobbs/farm:1.0.0
command: ["wiki", "--config", "/home/node/.wiki/config.json"]
ports:
- containerPort: 3000
volumeMounts:
- name: dot-wiki
mountPath: /home/node/.wiki
volumes:
- name: dot-wiki
persistentVolumeClaim:
claimName: dot-wiki
- name: config-templates
configMap:
name: wiki-config
---
apiVersion: v1
kind: Service
metadata:
name: wiki-service
spec:
ports:
- name: http
targetPort: 3000
port: 80
selector:
app: wiki