k3s/README.md

# snippets for k3s

* [Install k3s](#install-k3s)
* [Disable Traefik-ingress](#disable-traefik-ingress)
* [Enable NGINX-ingress](#enable-nginx-ingress)
  * [Installation](#install-nginx-ingress)
  * [Change service type from NodePort to LoadBalancer](#nginx-ingress-loadbalancer)
  * [Enable nginx-ingress tcp- and udp-services for apps other than http/s](#nginx-ingress-tcp-udp-enabled)
  * [Deploy my-nginx-service and expose via nginx-ingress on TCP-port 9000](#deploy-and-expose-tcp-service)
  * [Stick the nginx-ingress controler and my-nginx app together](#stick-nginx-ingress-and-tcp-service)
  * [Test exposed app on TCP-port 9000](#test-nginx-ingress-and-tcp-service)

## Install k3s <a name="install-k3s"></a>
https://k3s.io/:
```
curl -sfL https://get.k3s.io | sh -
```

## Disable Traefik-ingress <a name="disable-traefik-ingress"></a>
edit /etc/systemd/system/k3s.service:
```
[...]
ExecStart=/usr/local/bin/k3s \
    server --disable traefik \
[...]
```
Finally `systemctl daemon-reload` and `systemctl restart k3s`

## Enable NGINX-ingress <a name="enable-nginx-ingress"></a>
### Installation <a name="install-nginx-ingress"></a>
https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal

### Change service type from NodePort to LoadBalancer <a name="nginx-ingress-loadbalancer"></a> 
`kubectl edit service -n ingress-nginx` and change `type: NodePort` to `type: LoadBalancer`

Port 80 and 443 should listen now on an *External-IP* `kubectl get all --all-namespaces`:
```
[...]
NAMESPACE       NAME                                         TYPE           CLUSTER-IP      EXTERNAL-IP    PORT(S)                      AGE
[...]
ingress-nginx   service/ingress-nginx-controller-admission   ClusterIP      10.43.174.128   <none>         443/TCP                      35m
ingress-nginx   service/ingress-nginx-controller             LoadBalancer   10.43.237.255   10.62.94.246   80:30312/TCP,443:30366/TCP   35m
[...]
```
Test: `curl -s http://<External-IP>` should return well known nginx-404-page:
```
dominik@muggler:~$ curl -s http://10.62.94.246
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.1</center>
</body>
</html>
```

### Enable nginx-ingress tcp- and udp-services for apps other than http/s <a name="nginx-ingress-tcp-udp-enabled"></a>
Docs: https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/

`kubectl edit deployment -n ingress-nginx` and search for `spec:`/`template`/`spec`/`containers` section:
```
[...]
spec:                                                                                  
[...]                                                                  
  template:                                                                            
    metadata:                                  
      creationTimestamp: null                  
      labels:                                  
        app.kubernetes.io/component: controller                 
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx    
    spec:                                        
      containers:                                
      - args:                                    
        - /nginx-ingress-controller              
        - --election-id=ingress-controller-leader
        - --ingress-class=nginx                  
        - --configmap=ingress-nginx/ingress-nginx-controller
        - --validating-webhook=:8443                        
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
>>> ADD 
        - --tcp-services-configmap=ingress-nginx/tcp-services
        - --udp-services-configmap=ingress-nginx/udp-services
<<< ADD
        env:     
[...]
```

### Deploy my-nginx-service and expose via nginx-ingress on TCP-port 9000 <a name="deploy-and-expose-tcp-service"></a>
my-nginx-deployment.yml:
```
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-nginx
spec:
  selector:
    matchLabels:
      run: my-nginx
  replicas: 1
  template:
    metadata:
      labels:
        run: my-nginx
    spec:
      containers:
      - name: my-nginx
        image: nginx:alpine
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: my-nginx
  labels:
    run: my-nginx
spec:
  ports:
  - port: 80
    protocol: TCP
  selector:
    run: my-nginx
```
Apply with `kubectl apply -f my-nginx-deployment.yml`:
```
deployment.apps/my-nginx created
service/my-nginx created
configmap/tcp-services created
```
Test: `kubectl get all`:
```
[...]
NAME                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
[...]
service/my-nginx     ClusterIP   10.43.118.13   <none>        80/TCP    99s
[...]
```
Enable client-IP transparency and expose my-nginx app on nginx-ingress TCP-port 9000: `kubectl edit service -n ingress-nginx`
Find the `ports:`-section of the `ingress-nginx-controller` service and *ADD* the definition for port 9000:
```
[...]
spec:   
    clusterIP: 10.43.237.255                                                              
>>> CHANGE externalTrafficPolicy from Cluster to Local if original client-IP is desirable
    externalTrafficPolicy: Local
<<< CHANGE
    ports:
    - name: http                                                                          
      nodePort: 30312                                                                     
      port: 80
      protocol: TCP                                                                       
      targetPort: http                                                                    
    - name: https                                                                         
      nodePort: 30366                                                                     
      port: 443
      protocol: TCP                                                                       
      targetPort: https      
>>> ADD
    - name: proxied-tcp-9000
      port: 9000
      protocol: TCP
      targetPort: 9000
<<< ADD 
[...]
```
Verify nginx-ingress is listening on port 9000 with `kubectl get all --all-namespaces`:
```
[...]
NAMESPACE       NAME                                         TYPE           CLUSTER-IP      EXTERNAL-IP    PORT(S)                                     AGE
[...]
ingress-nginx   service/ingress-nginx-controller             LoadBalancer   10.43.237.255   10.62.94.246   80:30312/TCP,443:30366/TCP,9000:31460/TCP   71m
[...]
```

## Stick the nginx-ingress controler and my-nginx app together <a name="stick-nginx-ingress-and-tcp-service"></a>
Finally, the nginx-ingress controller needs a port-mapping pointing to the my-nginx app. This will be done with the config-map `tcp-services-config-map.yml`, referenced earlier in the nginx-ingress deployment definition:
```
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: tcp-services
  namespace: ingress-nginx
data:
  9000: "default/my-nginx:80"
```
Apply with `kubectl apply -f tcp-services-config-map.yml`:
```
configmap/tcp-services created
```
Subsequently the config-map can be edited with `kubectl edit configmap tcp-services -n ingress-nginx`

## Test exposed app on TCP-port 9000 <a name="test-nginx-ingress-and-tcp-service"></a>
```
dominik@muggler:~$ curl -s http://10.62.94.246:9000
<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.19.2</center>
</body>
</html>
```
Check logs of my-nginx POD:
```
root@k3s-master:/k3s# kubectl get pods
NAME                        READY   STATUS    RESTARTS   AGE
my-nginx-65c68bbcdf-xkhqj   1/1     Running   0          90m
```
```
kubectl logs my-nginx-65c68bbcdf-xkhqj -f
[...]
10.42.0.18 - - [23/Aug/2020:16:38:33 +0000] "PROXY TCP4 10.62.94.1 10.42.0.18 48558 9000" 400 157 "-" "-" "-"
[...]
```