Start minikube with addons - minikube start --addons ingress,ingress-dns
Bootstrap services with Tilt:
$ cat Tiltfile
ip=str(local('minikube ip')).strip()
tld='{}.nip.io'.format(ip)
# Crudely patch host names to use TLD.
#!/usr/bin/env bash | |
set -eu | |
# Use INGRESS_LISTEN_ADDRESS to override the bind address, e.g. if you need to | |
# put ingress on a different network because something else has 127.0.0.1 | |
# | |
# $ sudo ip addr add 10.10.10.10/32 dev lo | |
# $ INGRESS_LISTEN_ADDRESS=10.10.10.10 kind-create-cluster-localhost-ingress.sh | |
ingress_listen_address="${INGRESS_LISTEN_ADDRESS:-127.0.0.1}" |
input: | |
broker: | |
inputs: | |
- sftp: | |
address: sftp1:22 | |
credentials: | |
username: u | |
password: p | |
paths: | |
- /inbox/*.txt |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: kafka | |
spec: | |
selector: | |
matchLabels: | |
app: kafka | |
template: | |
metadata: |
Start minikube with addons - minikube start --addons ingress,ingress-dns
Bootstrap services with Tilt:
$ cat Tiltfile
ip=str(local('minikube ip')).strip()
tld='{}.nip.io'.format(ip)
# Crudely patch host names to use TLD.
Quick and dirty example of protecting a service with an authenticating nginx proxy and HTTP basic auth. The proxy passes the identity of the caller to the upstream. Key rotation is (sort-of) supported.
The easiest way to play is in a local minikube with ingress, minikube start --addons ingress,ingress-dns
, and Tilt to inject the development domain (via nip.io).
Overview:
htpasswd -nbB alice p
. bcrypt should mean they're safe enough but it could be stored in a vault easily enough.A HTTP API, purely to demo. Normally, it would not be accessible inside the cluster (remove the type: NodePort
).
apiVersion: apps/v1
kind: Deployment
metadata:
name: http-api
spec:
selector:
matchLabels:
FROM alpine as protoc | |
RUN apk add unzip | |
ADD https://github.com/protocolbuffers/protobuf/releases/download/v3.14.0/protoc-3.14.0-linux-x86_64.zip / | |
WORKDIR /protoc | |
RUN unzip /protoc-3.14.0-linux-x86_64.zip | |
FROM golang:1.15.6 as protoc-go | |
RUN \ | |
export GO111MODULE=on && \ |
#!/usr/bin/env bash | |
set -eu | |
network="${1:?network is required}" | |
service_name="${2:?service name is required}" | |
service_port="${3:?service port is required}" | |
host_port="${4:-${service_port}}" | |
docker run --rm \ |
<!DOCTYPE html> | |
<html> | |
<head> | |
<title>Preact Demo</title> | |
<style> | |
a { | |
text-decoration: underline; | |
cursor: pointer; | |
} | |
</style> |
# Bring up a cluster ... | |
$ sudo kubeadm init | |
# Copy config across for your user ... | |
mkdir -p $HOME/.kube | |
sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config | |
sudo chown $(id -u):$(id -g) $HOME/.kube/config | |
# "Taint" the master node so you can use it as a node ... | |
$ kubectl taint nodes --all node-role.kubernetes.io/master- |