# Cluster playground

## patch & install hetzner-kube

    docker pull golang
    docker run --rm -ti --name=golang golang bash
    git clone https://github.com/xetys/hetzner-kube
    cd hetzner-kube
    sed -i s'/kubernetes-cni/kubernetes-cni=0.6.0-00/' pkg/clustermanager/provision_node.go
    go build

    docker cp golang:/go/hetzner-kube/hetzner-kube .local/bin/hetzner-kube
    chmod +x .local/bin/hetzner-kube

## setup cluster

    hetzner-kube cluster create --name k8s-test --node-cidr 10.42.23.0/24 --ssh-key melpomene (-w 3)
    hetzner-kube cluster kubeconfig k8s-test
    kubectl cluster-info

## helm

    install kubernetes-helm from your package manager…

    kubectl apply -f tiller.yaml
    helm init --service-account tiller

## rook.io

    helm repo add rook-beta https://charts.rook.io/beta
    helm install --namespace rook-ceph-system rook-beta/rook-ceph
    kubectl apply -f rook-cluster.yaml
    kubectl apply -f rook-block.yaml
    kubectl patch storageclass rook-ceph-block -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
    kubectl apply -f rook-filesystem.yaml
    kubectl apply -f rook-object.yaml
 
## dashboard

    kubectl apply -f kubernetes-dashboard.yaml

    kubectl apply -f admin-user.yaml
    kubectl apply -f admin-role.yaml

    kubectl -n kube-system get secret | grep admin-user | cut -d' ' -f1
    kubectl -n kube-system describe secret admin-user-token-...

    kubectl proxy
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

## nginx-ingress

    kubectl apply -f nginx-ingress.yaml
    kubectl apply -f nginx-nodeport.yaml

### frontend LB variante 1

    scp haproxy.conf root@ssh root@$(hetzner-kube cluster master-ip k8s-test):
    ssh root@$(hetzner-kube cluster master-ip k8s-test)
    apt install -y haproxy 
    mv haproxy.cfg /etc/haproxy/haproxy.cfg
    systemctl restart haproxy

### frontend LB variante 2

    ssh root@$(hetzner-kube cluster master-ip k8s-test) apt install -y python
    ansible-playbook -i "$(hetzner-kube cluster master-ip k8s-test)," -u root ansible-haproxy.yaml

## static page

    kubectl apply -f staticpage.yaml
    kubectl proxy
    http://localhost:8001/api/v1/namespaces/testsite/pods/http:static-nginx:/proxy/#!

### add ingress
    
    kubectl apply -f staticpage-ingress.yaml

## set up SSL

    kubectl create namespace cert-manager
    kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
    kubectl apply -f certmanager-manifest.yaml

### create issuers

    adapt email!
    kubectl apply -f letsencrypt-staging.yaml
    kubectl apply -f letsencrypt-prod.yaml

### default issuer
    
    kubectl apply -f certmanager-default.yaml

## add ssl to testsite
  
    kubectl apply -f staticpage-ingress-ssl.yaml

## test deployment

    kubectl apply -f k8spress.yaml
    (adapt hostname!)

## teardown

    hetzner-kube cluster delete k8s-test