add cert-manager stuff

IaC-test/securitygroup-k8s-external.tf

@@ -111,7 +111,7 @@ resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_ru
   security_group_id = openstack_networking_secgroup_v2.k8s-external-worker-sto4.id
 }
 
-# Rules sto4
+# Rules dco
 resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_rule2_v4_dco" {
   direction         = "ingress"
   ethertype         = "IPv4"
@@ -123,3 +123,15 @@ resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_ru
   security_group_id = openstack_networking_secgroup_v2.k8s-external-worker-dco.id
 }
 
+# Rules dco
+resource "openstack_networking_secgroup_rule_v2" "k8s_external_ingress_worker_rule3_v4_dco" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = "80"
+  port_range_max    = "80"
+  provider          = openstack.dco
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.k8s-external-worker-dco.id
+}
+

k8s/cert-manager/README.md

@@ -0,0 +1,6 @@
+# install cert-manager addon
+microk8s enable cert-manager
+microk8s enable ingress dns
+# init the clusterissuer
+kubectl apply -f clusterissuer.yaml
+kubectl get clusterissuer -o wide

k8s/cert-manager/clusterissuer.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+ name: letsencrypt
+spec:
+ acme:
+   email: someemailaddress+element@sunet.se
+   server: https://acme-v02.api.letsencrypt.org/directory
+   privateKeySecretRef:
+     name: lets-encrypt-private-key
+   # Add a single challenge solver, HTTP01 using nginx
+   solvers:
+   - http01:
+       ingress:
+         class: public

k8s/rook/README.md

@@ -1,3 +1,74 @@
 ### Rook deployment
 
 In the operator.yaml change ROOK_CSI_KUBELET_DIR_PATH to "/var/snap/microk8s/common/var/lib/kubelet"
+
+# initalize rook operator
+kubectl create -f crds.yaml -f common.yaml -f operator.yaml
+
+kubectl get pods -n rook-ceph
+NAME                                  READY   STATUS    RESTARTS   AGE
+rook-ceph-operator-6668b75686-l4zlh   1/1     Running   0          60s
+
+# initalize rook cluster
+kubectl create -f cluster-multizone.yaml
+
+takes lots of time before the multizone cluster is initalized
+(should be around 47 pods...)
+
+NAME                                              READY   STATUS      RESTARTS        AGE
+csi-cephfsplugin-6xhjh                            2/2     Running     1 (3m42s ago)   4m16s
+csi-cephfsplugin-cgmqs                            2/2     Running     0               4m16s
+csi-cephfsplugin-hs2rx                            2/2     Running     1 (3m43s ago)   4m16s
+csi-cephfsplugin-km7k6                            2/2     Running     0               4m16s
+csi-cephfsplugin-ms8c2                            2/2     Running     1 (3m42s ago)   4m16s
+csi-cephfsplugin-provisioner-dc97f9d65-6tvkn      5/5     Running     2 (3m35s ago)   4m15s
+csi-cephfsplugin-provisioner-dc97f9d65-bwdkn      5/5     Running     0               4m15s
+csi-cephfsplugin-wlks6                            2/2     Running     0               4m16s
+csi-rbdplugin-ckgnc                               2/2     Running     0               4m18s
+csi-rbdplugin-hmfhc                               2/2     Running     1 (3m42s ago)   4m18s
+csi-rbdplugin-mclsz                               2/2     Running     0               4m18s
+csi-rbdplugin-nt7rk                               2/2     Running     1 (3m42s ago)   4m18s
+csi-rbdplugin-provisioner-7f5767b9d5-gvbkr        5/5     Running     0               4m17s
+csi-rbdplugin-provisioner-7f5767b9d5-n5mwc        5/5     Running     0               4m17s
+csi-rbdplugin-rzk9v                               2/2     Running     1 (3m44s ago)   4m18s
+csi-rbdplugin-z9dmh                               2/2     Running     0               4m18s
+rook-ceph-crashcollector-k8sw1-5fd979dcf9-w9g2x   1/1     Running     0               119s
+rook-ceph-crashcollector-k8sw2-68f48b45b-dwld5    1/1     Running     0               109s
+rook-ceph-crashcollector-k8sw3-7f5d749cbf-kxswk   1/1     Running     0               96s
+rook-ceph-crashcollector-k8sw4-84fd486bb6-pfkgm   1/1     Running     0               2m3s
+rook-ceph-crashcollector-k8sw5-58c7b74b4c-pdf2j   1/1     Running     0               110s
+rook-ceph-crashcollector-k8sw6-578ffc7cfb-bpzgl   1/1     Running     0               2m27s
+rook-ceph-exporter-k8sw1-66746d6cf-pljkx          1/1     Running     0               119s
+rook-ceph-exporter-k8sw2-6cc5d955d4-k7xx5         1/1     Running     0               104s
+rook-ceph-exporter-k8sw3-5d6f7d49b9-rvvbd         1/1     Running     0               96s
+rook-ceph-exporter-k8sw4-5bf54d5b86-cn6v7         1/1     Running     0               118s
+rook-ceph-exporter-k8sw5-547898b8d7-l7cmc         1/1     Running     0               110s
+rook-ceph-exporter-k8sw6-596f7d956d-n426q         1/1     Running     0               2m27s
+rook-ceph-mgr-a-6cfc895565-h9qfg                  2/2     Running     0               2m37s
+rook-ceph-mgr-b-85fc4df4b5-fv6z9                  2/2     Running     0               2m37s
+rook-ceph-mon-a-868c8f5cff-2tk7l                  1/1     Running     0               4m10s
+rook-ceph-mon-b-6f9776cf9b-w4dtq                  1/1     Running     0               3m12s
+rook-ceph-mon-c-8457f5cc77-8mbpj                  1/1     Running     0               2m57s
+rook-ceph-operator-6668b75686-l4zlh               1/1     Running     0               7m36s
+rook-ceph-osd-0-79d7b6c764-shwtd                  1/1     Running     0               2m4s
+rook-ceph-osd-1-65d99447b5-bnhln                  1/1     Running     0               119s
+rook-ceph-osd-2-69dbd98748-5vrwn                  1/1     Running     0               114s
+rook-ceph-osd-3-596b58cf7d-j2qgj                  1/1     Running     0               115s
+rook-ceph-osd-4-858bc8df6d-wrlsx                  1/1     Running     0               2m
+rook-ceph-osd-5-7f6fbfd96-65gpl                   1/1     Running     0               96s
+rook-ceph-osd-prepare-k8sw1-5pgh9                 0/1     Completed   0               2m14s
+rook-ceph-osd-prepare-k8sw2-6sdrc                 0/1     Completed   0               2m14s
+rook-ceph-osd-prepare-k8sw3-mfzsh                 0/1     Completed   0               2m13s
+rook-ceph-osd-prepare-k8sw4-dn8gn                 0/1     Completed   0               2m13s
+rook-ceph-osd-prepare-k8sw5-lj5tj                 0/1     Completed   0               2m13s
+rook-ceph-osd-prepare-k8sw6-8hw4k                 0/1     Completed   0               2m12s
+
+# init rook toolbox
+kubectl create -f toolbox.yaml
+
+# jump into toolbox
+kubectl -n rook-ceph exec -it rook-ceph-tools-5f4464f87-zbd5p -- /bin/bash
+
+# init rook filesystem & storageclass
+kubectl create -f filesystem.yaml
+kubectl create -f storageclass.yaml