# snippets for k3s

## Install k3s
https://k3s.io/:
```
curl -sfL https://get.k3s.io | sh -
```

## Disable traeffic-ingress:
edit /etc/systemd/system/k3s.service:
```
[...]
ExecStart=/usr/local/bin/k3s \
    server --disable traefik \
[...]
```
finally `systemctl daemon-reload` and `systemctl restart k3s`

## Enable nginx-ingress
### Installation
https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal

### Change service type from NodePort to LoadBalancer
`kubectl edit service -n ingress-nginx` and change `type: NodePort` to `type: LoadBalancer`

Port 80 and 443 should listen now on an *External-IP* `kubectl get all --all-namespaces`:
```
[...]
NAMESPACE       NAME                                         TYPE           CLUSTER-IP      EXTERNAL-IP    PORT(S)                      AGE
[...]
ingress-nginx   service/ingress-nginx-controller-admission   ClusterIP      10.43.174.128   <none>         443/TCP                      35m
ingress-nginx   service/ingress-nginx-controller             LoadBalancer   10.43.237.255   10.62.94.246   80:30312/TCP,443:30366/TCP   35m
[...]
```
Test: `curl -s http://<External-IP>` should return well known nginx-404-page:
```
dominik@muggler:~$ curl -s http://10.62.94.246
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.1</center>
</body>
</html>
```

### Enable nginx-ingress tcp- and udp-services for apps other than http/s
`kubectl edit deployment -n ingress-nginx` and search for `spec:`/`template`/`spec`/`containers` section:
```
[...]
spec:                                                                                  
[...]                                                                  
  template:                                                                            
    metadata:                                  
      creationTimestamp: null                  
      labels:                                  
        app.kubernetes.io/component: controller                 
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx    
    spec:                                        
      containers:                                
      - args:                                    
        - /nginx-ingress-controller              
        - --election-id=ingress-controller-leader
        - --ingress-class=nginx                  
        - --configmap=ingress-nginx/ingress-nginx-controller
        - --validating-webhook=:8443                        
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
        *** ADD >>> - --tcp-services-configmap=ingress-nginx/tcp-services <<< ADD ***
        *** ADD >>> - --udp-services-configmap=ingress-nginx/udp-services <<< ADD ***
        env:     
[...]
```

### Deploy nginx-service and expose via nginx-ingress on TCP-port 9000
my-nginx-deployment.yml:
```
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-nginx
spec:
  selector:
    matchLabels:
      run: my-nginx
  replicas: 1
  template:
    metadata:
      labels:
        run: my-nginx
    spec:
      containers:
      - name: my-nginx
        image: nginx:alpine
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: my-nginx
  labels:
    run: my-nginx
spec:
  ports:
  - port: 80
    protocol: TCP
  selector:
    run: my-nginx
```
Apply with `kubectl apply -f my-nginx-deployment.yml`:
```
deployment.apps/my-nginx created
service/my-nginx created
configmap/tcp-services created
```
Test: `kubectl get all`:
```
[...]
NAME                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
[...]
service/my-nginx     ClusterIP   10.43.118.13   <none>        80/TCP    99s
[...]
```
Expose my-nginx app on nginx-ingress TCP-port 9000: `kubectl edit service -n ingress-nginx`
Find the `ports:`-section of the `ingress-nginx-controller` service and *ADD* the definition for port 9000:
```
[...]
spec:   
    clusterIP: 10.43.237.255                                                              
    externalTrafficPolicy: Cluster
    ports:
    - name: http                                                                          
      nodePort: 30312                                                                     
      port: 80
      protocol: TCP                                                                       
      targetPort: http                                                                    
    - name: https                                                                         
      nodePort: 30366                                                                     
      port: 443
      protocol: TCP                                                                       
      targetPort: https      
*** ADD >>>
    - name: proxied-tcp-9000
      port: 9000
      protocol: TCP
      targetPort: 9000
<<< ADD ***
[...]
```
Finally, we need to glue nginx-ingress with the my-nginx app. This will be done with the config-map `tcp-services-config-map.yml` referenced earlier in the nginx-ingress deployment definition:
```
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: tcp-services
  namespace: ingress-nginx
data:
  9000: "default/my-nginx:80::PROXY"
```
Apply with `kubectl apply -f tcp-services-config-map.yml`:
```
configmap/tcp-services created
```


Verify nginx-ingress is listening on port 9000 with `kubectl get all --all-namespaces`:
```
[...]
NAMESPACE       NAME                                         TYPE           CLUSTER-IP      EXTERNAL-IP    PORT(S)                                     AGE
[...]
ingress-nginx   service/ingress-nginx-controller             LoadBalancer   10.43.237.255   10.62.94.246   80:30312/TCP,443:30366/TCP,9000:31460/TCP   71m
[...]
```
Test:
```
dominik@muggler:~$ curl -s http://10.62.94.246:9000
<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.19.2</center>
</body>
</html>
```