Exploring how to run wiki in kubernetes. Most recent success—as of this writing—captured in github: commit 
Initial success running on a laptop dobbs/wiki-k8s . Below we also have visualized some of the experiments.
The following image reflects previous usage. Kubernetes ran on my laptop with traefik configured to use a wildcard subdomain name and a let's encrypt wildcard TLS certificate. The domain name configs and servers lived in digital ocean.
strict digraph { node [shape=box style=filled colorscheme=set312] { edge [style=invis] secret [fillcolor=1] tmpl [fillcolor=7] yaml [fillcolor=2] script [fillcolor=8 shape=cds] namespace [fillcolor=3 label="k8s\nnamespace"] cloud [fillcolor=4] laptop [fillcolor=5] secret -> tmpl -> script -> yaml -> namespace -> laptop -> cloud } { node [fillcolor=2] wiki_yaml [label="wiki.yaml"] traefik_yaml [label="traefik.yaml"] } { node [fillcolor=1] FQDN DO_TOKEN LE_EMAIL } { node [fillcolor=7] wiki_tmpl [label="wiki.tmpl"] traefik_tmpl [label="traefik-values.tmpl"] } { node [fillcolor=8 shape=cds] merge [label="merge-dot-tmpl.sh"] helm [label="helm install ..."] do_dns [label="local-dns-digital-ocean.sh"] kubectl [label="kubectl apply ..."] } subgraph cluster_do { label="Digital Ocean" style=filled colorscheme=set312 fillcolor=4 nameserver [fillcolor=5] } subgraph cluster_laptop { label=laptop style=filled colorscheme=set312 fillcolor=5 "kube-system" [fillcolor=3] default [fillcolor=3] } traefik_tmpl -> merge:nw {FQDN DO_TOKEN LE_EMAIL} -> merge:ne merge:sw -> traefik_yaml wiki_tmpl -> merge:nw FQDN -> merge:ne merge:se -> wiki_yaml {FQDN DO_TOKEN} -> do_dns -> nameserver traefik_yaml -> helm -> "kube-system" wiki_yaml -> kubectl -> default }
Docker Desktop for Mac now resets the local kubernetes cluster with new releases. After one recent reset and redeploying this configuration, traefik began using its fallback to self-signed certificates instead of obtaining trusted TLS certificates from Let's Encrypt.
We aspire to develop a configuration where wiki can run within Digital Ocean's hosted kubernetes service. At least one vital secret is missing from the picture: kubectl requires a certificate to enable communication with Digital Ocean's kubernetes cluster.
strict digraph { node [shape=box style=filled colorscheme=set312] { edge [style=invis] secret [fillcolor=1] tmpl [fillcolor=7] yaml [fillcolor=2] script [fillcolor=8 shape=cds] namespace [fillcolor=3 label="k8s\nnamespace"] cloud [fillcolor=4] secret -> tmpl -> script -> yaml -> namespace -> cloud } { node [fillcolor=2] wiki_yaml [label="wiki.yaml"] traefik_yaml [label="traefik.yaml"] } { node [fillcolor=1] FQDN DO_TOKEN LE_EMAIL } { node [fillcolor=7] wiki_tmpl [label="wiki.tmpl"] traefik_tmpl [label="traefik-values.tmpl"] } { node [fillcolor=8 shape=cds] merge [label="merge-dot-tmpl.sh"] helm [label="helm install ..."] do_dns [label="local-dns-digital-ocean.sh"] kubectl [label="kubectl apply ..."] } subgraph cluster_do { label="Digital Ocean" style=filled colorscheme=set312 fillcolor=4 "kube-system" [fillcolor=3] default [fillcolor=3] nameserver [fillcolor=5] } traefik_tmpl -> merge:nw {FQDN DO_TOKEN LE_EMAIL} -> merge:ne merge:sw -> traefik_yaml wiki_tmpl -> merge:nw FQDN -> merge:ne merge:se -> wiki_yaml {FQDN DO_TOKEN} -> do_dns -> nameserver traefik_yaml -> helm -> "kube-system" wiki_yaml -> kubectl -> default }
.
I have switched away from using Docker Desktop's kubernetes. I am now using kind (kubernetes in docker) instead. That has recently become available in homebrew.
# install & create a cluster brew install kind kind create cluster --name wiki # Choose homebrew instead of Docker Desktop. # I don't remember why I make this choice. # Offered here for completeness. brew install kubernetes-cli brew link --overwrite kubernetes-cli # point local kubernetes commands at the cluster kind export kubeconfig --name=wiki # start interacting with kubernetes kubectl get all
Once the cluster is created, I can run a wiki farm in this local cluster like so:
# apply a specific kubernetes manifest SHA=fb2aa0f67c6cc2be55f9bd12e653fb8391e0c405 BASE=https://raw.githubusercontent.com/dobbs/farm kubectl apply -f $BASE/$SHA/examples/k8s/wiki.yaml # port forwarding kubectl port-forward service/wiki-service 3000:80 \ > /dev/null &
Then these URLs will spawn wikis
# copy the admin secret to login to the wikis kubectl exec -it svc/wiki-service \ -- jq -r .admin .wiki/config.json
Some changes to the kubernetes manifest are needed to run this wiki in other contexts. We have at least one example with minor changes to this configuration which successfully deploys a wiki within a kubernetes cluster at work.
todo
Try running kind inside a digital ocean VM
done
Add CNAMEs to point to the same wiki
New config for * in allowed domains—worked from a rebased branch github
Change config.json, restart wiki without loosing data—saved some notes in a Q&A format stackoverflow
Find something better than kubectl port-forward—this is currently the most convenient option given the choice to use kind as my local kubernetes cluster.
Try slackmatic plugin in context—must remember to grunt browserify before npm publish