# k8s

This folder holds all the services required for my private infrastructure. Following contraints apply:

* Order of implementation is top down.
* Every namespace has a subfolder within this subdirectory.
* helm3

# Operations

Cleanup `Error` pods.

```sh
kubectl get pods | grep Error | cut -d' ' -f 1 | xargs kubectl delete pod
```

Redeploy a deployment:

```sh
DEPLOYMENT="rstudio"
NAMESPACE="datalab"
kubectl patch deployment $DEPLOYMENT -n $NAMESPACE -p "{\"spec\": {\"template\": {\"metadata\": { \"labels\": {  \"redeploy\": \"$( date +%s )\"}}}}}"
```

# Deployment

## namespaces

```sh
namespaces="flux cert-manager nginx-ingress infrapuzzle kuard auth nextcloud datalab web development longhorn-system"
for i in $( echo $NAMESPACES ) ; do
  k create ns $i
done
```

## [helm-operator](https://github.com/fluxcd/helm-operator/blob/master/chart/helm-operator/README.md)

As I use helm extensively, using the helm-operator was a logical step. [See documentation for installation.](https://github.com/fluxcd/helm-operator/blob/master/chart/helm-operator/README.md)

```bash
$ helm repo add fluxcd https://charts.fluxcd.io
$ helm repo update
$ kubectl apply -f https://raw.githubusercontent.com/fluxcd/helm-operator/master/deploy/crds.yaml
$ helm upgrade -i helm-operator fluxcd/helm-operator \
    --namespace flux \
    --set helm.versions=v3
```

## [ingress-controller](https://github.com/helm/charts/tree/master/stable/nginx-ingress)

Apply with helm-operator:

```bash
$ kubectl apply -f nginx-ingress/ingress.yaml
```

## [cert-manager](https://cert-manager.io/docs/tutorials/acme/ingress/)

Apply with helm-operator:

```bash
$ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/master/deploy/manifests/00-crds.yaml
$ kubectl apply -f cert-manager/cert-manager.yaml
$ kubectl apply -f cert-manager/staging-issuer.yaml
$ kubectl apply -f cert-manager/production-issuer.yaml
```

To test all this you may use the kuaard demo project:

```sh
$ kubectl apply -f kuard
# checkout: https://kuard.haumdaucher.de
$ kubectl delete -f kuard
```

## longhorn-system

```sh
# on node:
sudo yum install -y iscsi-initiator-utils
# locally
kubectl apply -f longhorn-system/longhorn.yaml
```

## rstudio

Currently only for one user:

```sh
kubectl apply -f datalab/rstudio.yaml
```


## Add private docker registry

*Current state:* Registry of hub.moritzgraf.de:5000 is used.

```sh
# create secret base64 encoded and put it in htpasswd helm chart
USER='moritz'
PASSWORD='xxx'
docker run --entrypoint htpasswd --rm registry:2 -Bbn $USER $PASSWORD
# 
kubectl apply -f development/registry.secret.yaml
```

### creating docker-pull-secret

Create credentials secret [according to docu](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line):

```sh
namespaces="datalab"
for i in $( echo $namespaces ) ; do
  kubectl create secret docker-registry registry-haumdaucher-de \
    -n $i \
    --docker-server=registry.haumdaucher.de \
    --docker-username=moritz \
    --docker-password='xxx' \
    --docker-email=moritz@moritzgraf.de \
    --dry-run -o yaml > ./${i}/docker-pull.yaml.secret
done
# apply
for i in $( echo $namespaces ) ; do
  kubectl apply -f ${i}/docker-pull.yaml.secret
done
```

## auth

Including:

* openLDAP
* phpldapadmin
* ldap self service
* dex


```sh

```

## nextcloud

Install with helm

```sh

```

Migate


Backup


## Add mopbot & corona & corona-api

```sh
kubectl apply -f datalab/
```

## Web

```sh
kubectl apply -f web/
```