wiki-farm-docker/examples/k8s/wiki.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: wiki-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: wiki
  template:
    metadata:
      labels:
        app: wiki
    spec:
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
      containers:
      - name: farm
        image: dobbs/farm:1.0.6
        command: ["wiki"]
        ports:
        - containerPort: 3000
        volumeMounts:
          - name: dot-wiki
            mountPath: /home/node/.wiki
          - name: fedwiki
            mountPath: /home/node/fedwiki
      volumes:
      - name: dot-wiki
        hostPath:
          path: /macos/.wiki-k8s
      - name: fedwiki
        hostPath:
          path: /macos/fedwiki
---
apiVersion: v1
kind: Service
metadata:
  name: wiki-service
spec:
  ports:
  - name: http
    targetPort: 3000
    port: 80
  selector:
    app: wiki
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: wiki
spec:
  rules:
  - host: "*.localhost"
    http: &wiki
      paths:
      - path: /
        backend:
          serviceName: wiki-service
          servicePort: http
  # - host: "*.example.com"
  #   http: *wiki
Add example kubernetes deployment This configuration partially works with kubernetes 1.15 running locally using Docker Desktop for Mac and kind (k8s in docker). For completeness, we installed kind & created a cluster like this: cd /tmp/ && GO111MODULE="on" go get sigs.k8s.io/kind kind create cluster --name workshop export KUBECONFIG="$(kind get kubeconfig-path --name="workshop")" We describe finicky details discovered while creating wiki.yaml. The persistent volume when mounted in wiki-config begins its life with all files owned by root. This prevented our node user inside the container from creating the config files inside .wiki. It took a while to discover the correct securityContext for the wiki-config container. We tested this configuration as follows: alias k=kubectl k apply -f wiki.yaml export POD=$(k get pod -lapp=wiki -o jsonpath='{.items[*].metadata.name}') export PASSWORD=$(k exec svc/wiki-service -- jq -r .admin .wiki/config.json) k port-forward svc/wiki-service 3000:80 > /dev/null & pbcopy <<<"$PASSWORD" open http://localhost:3000 # click lock icon in the browser to login to wiki page # paste the password from the clipboard # click wiki to toggle editing on # make a few edits to the wiki page Something about authentication is NOT working for anything except localhost. When we try the same tests using http://localtest.me or configuring foo.local in the MacOS /etc/hosts file, for some reason the cookies don't seem to be passed through to the server. All edits on other pages end up in browser localStorage. Nevertheless, I'll commit what I have for now. 2019-11-17 05:27:45 +00:00			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: wiki-deployment`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: wiki`
			`template:`
			`metadata:`
			`labels:`
			`app: wiki`
			`spec:`
			`securityContext:`
			`runAsUser: 1000`
			`runAsGroup: 1000`
			`fsGroup: 1000`
			`containers:`
			`- name: farm`
version 1.0.6 2020-08-29 18:31:01 +00:00			`image: dobbs/farm:1.0.6`
Simplest wiki command that could possibly work Now that we've figured out how to mount local directories into the k8s cluster, we have moved all the configuration into ~/.wiki-k8s/config.json 2020-01-19 22:11:12 +00:00			`command: ["wiki"]`
Add example kubernetes deployment This configuration partially works with kubernetes 1.15 running locally using Docker Desktop for Mac and kind (k8s in docker). For completeness, we installed kind & created a cluster like this: cd /tmp/ && GO111MODULE="on" go get sigs.k8s.io/kind kind create cluster --name workshop export KUBECONFIG="$(kind get kubeconfig-path --name="workshop")" We describe finicky details discovered while creating wiki.yaml. The persistent volume when mounted in wiki-config begins its life with all files owned by root. This prevented our node user inside the container from creating the config files inside .wiki. It took a while to discover the correct securityContext for the wiki-config container. We tested this configuration as follows: alias k=kubectl k apply -f wiki.yaml export POD=$(k get pod -lapp=wiki -o jsonpath='{.items[*].metadata.name}') export PASSWORD=$(k exec svc/wiki-service -- jq -r .admin .wiki/config.json) k port-forward svc/wiki-service 3000:80 > /dev/null & pbcopy <<<"$PASSWORD" open http://localhost:3000 # click lock icon in the browser to login to wiki page # paste the password from the clipboard # click wiki to toggle editing on # make a few edits to the wiki page Something about authentication is NOT working for anything except localhost. When we try the same tests using http://localtest.me or configuring foo.local in the MacOS /etc/hosts file, for some reason the cookies don't seem to be passed through to the server. All edits on other pages end up in browser localStorage. Nevertheless, I'll commit what I have for now. 2019-11-17 05:27:45 +00:00			`ports:`
			`- containerPort: 3000`
			`volumeMounts:`
			`- name: dot-wiki`
			`mountPath: /home/node/.wiki`
Simplify persistence configuration & expose macos folders We now map ~/.wiki-k8s in MacOS into the .wiki folder inside the container and similarly with MacOS ~/workspace/fedwiki First, when we create the k3d cluster, we include directives that are passed through to docker to mount the MacOS directories into the kubernetes host. Second, we use hostPath volumes in the kubernetes deployment config. These will work great for the primary use case of a local wiki. Deployments to remote kubernetes clusters will want to do this with the PersistentVolumeClaim that was removed with this change. One luxury of using hostPath and the legacy_security is that we no longer require an init container. 2020-01-13 02:29:41 +00:00			`- name: fedwiki`
			`mountPath: /home/node/fedwiki`
Add example kubernetes deployment This configuration partially works with kubernetes 1.15 running locally using Docker Desktop for Mac and kind (k8s in docker). For completeness, we installed kind & created a cluster like this: cd /tmp/ && GO111MODULE="on" go get sigs.k8s.io/kind kind create cluster --name workshop export KUBECONFIG="$(kind get kubeconfig-path --name="workshop")" We describe finicky details discovered while creating wiki.yaml. The persistent volume when mounted in wiki-config begins its life with all files owned by root. This prevented our node user inside the container from creating the config files inside .wiki. It took a while to discover the correct securityContext for the wiki-config container. We tested this configuration as follows: alias k=kubectl k apply -f wiki.yaml export POD=$(k get pod -lapp=wiki -o jsonpath='{.items[*].metadata.name}') export PASSWORD=$(k exec svc/wiki-service -- jq -r .admin .wiki/config.json) k port-forward svc/wiki-service 3000:80 > /dev/null & pbcopy <<<"$PASSWORD" open http://localhost:3000 # click lock icon in the browser to login to wiki page # paste the password from the clipboard # click wiki to toggle editing on # make a few edits to the wiki page Something about authentication is NOT working for anything except localhost. When we try the same tests using http://localtest.me or configuring foo.local in the MacOS /etc/hosts file, for some reason the cookies don't seem to be passed through to the server. All edits on other pages end up in browser localStorage. Nevertheless, I'll commit what I have for now. 2019-11-17 05:27:45 +00:00			`volumes:`
			`- name: dot-wiki`
Simplify persistence configuration & expose macos folders We now map ~/.wiki-k8s in MacOS into the .wiki folder inside the container and similarly with MacOS ~/workspace/fedwiki First, when we create the k3d cluster, we include directives that are passed through to docker to mount the MacOS directories into the kubernetes host. Second, we use hostPath volumes in the kubernetes deployment config. These will work great for the primary use case of a local wiki. Deployments to remote kubernetes clusters will want to do this with the PersistentVolumeClaim that was removed with this change. One luxury of using hostPath and the legacy_security is that we no longer require an init container. 2020-01-13 02:29:41 +00:00			`hostPath:`
			`path: /macos/.wiki-k8s`
			`- name: fedwiki`
			`hostPath:`
			`path: /macos/fedwiki`
Add example kubernetes deployment This configuration partially works with kubernetes 1.15 running locally using Docker Desktop for Mac and kind (k8s in docker). For completeness, we installed kind & created a cluster like this: cd /tmp/ && GO111MODULE="on" go get sigs.k8s.io/kind kind create cluster --name workshop export KUBECONFIG="$(kind get kubeconfig-path --name="workshop")" We describe finicky details discovered while creating wiki.yaml. The persistent volume when mounted in wiki-config begins its life with all files owned by root. This prevented our node user inside the container from creating the config files inside .wiki. It took a while to discover the correct securityContext for the wiki-config container. We tested this configuration as follows: alias k=kubectl k apply -f wiki.yaml export POD=$(k get pod -lapp=wiki -o jsonpath='{.items[*].metadata.name}') export PASSWORD=$(k exec svc/wiki-service -- jq -r .admin .wiki/config.json) k port-forward svc/wiki-service 3000:80 > /dev/null & pbcopy <<<"$PASSWORD" open http://localhost:3000 # click lock icon in the browser to login to wiki page # paste the password from the clipboard # click wiki to toggle editing on # make a few edits to the wiki page Something about authentication is NOT working for anything except localhost. When we try the same tests using http://localtest.me or configuring foo.local in the MacOS /etc/hosts file, for some reason the cookies don't seem to be passed through to the server. All edits on other pages end up in browser localStorage. Nevertheless, I'll commit what I have for now. 2019-11-17 05:27:45 +00:00			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: wiki-service`
			`spec:`
			`ports:`
			`- name: http`
			`targetPort: 3000`
			`port: 80`
			`selector:`
			`app: wiki`
Start an insecure wiki under simple.localtest.me Bootstrapping a simpler development environment 2020-01-12 22:30:42 +00:00			`---`
			`apiVersion: extensions/v1beta1`
			`kind: Ingress`
			`metadata:`
change domain names in kubernetes example to use localhost Now that both chrome and firefox understand *.localhost domains we can remove our suggestion of using localtest.me subdomains. Also update the brew install instructions now that brew cask install is deprecated in favor of brew install --cask My favorite improvement is finding a way to use yaml block labels and references to reduce the duplication in the ingress config. I suppose the last important thing to mention about this changes is that k3d seems to have switched from traefik to nginx for its ingress loadbalancer. We no longer need the traefik annotation. 2021-01-10 23:02:45 +00:00			`name: wiki`
Start an insecure wiki under simple.localtest.me Bootstrapping a simpler development environment 2020-01-12 22:30:42 +00:00			`spec:`
			`rules:`
change domain names in kubernetes example to use localhost Now that both chrome and firefox understand *.localhost domains we can remove our suggestion of using localtest.me subdomains. Also update the brew install instructions now that brew cask install is deprecated in favor of brew install --cask My favorite improvement is finding a way to use yaml block labels and references to reduce the duplication in the ingress config. I suppose the last important thing to mention about this changes is that k3d seems to have switched from traefik to nginx for its ingress loadbalancer. We no longer need the traefik annotation. 2021-01-10 23:02:45 +00:00			`- host: "*.localhost"`
			`http: &wiki`
Change the insecure wiki to a farm for *.simple.localtest.me 2020-01-12 23:55:14 +00:00			`paths:`
			`- path: /`
			`backend:`
			`serviceName: wiki-service`
			`servicePort: http`
change domain names in kubernetes example to use localhost Now that both chrome and firefox understand *.localhost domains we can remove our suggestion of using localtest.me subdomains. Also update the brew install instructions now that brew cask install is deprecated in favor of brew install --cask My favorite improvement is finding a way to use yaml block labels and references to reduce the duplication in the ingress config. I suppose the last important thing to mention about this changes is that k3d seems to have switched from traefik to nginx for its ingress loadbalancer. We no longer need the traefik annotation. 2021-01-10 23:02:45 +00:00			`# - host: "*.example.com"`
			`# http: *wiki`