name: intro layout: true class: center, middle, inverse — # OpenAppStack Setting up a simple Kubernetes cluster with OpenAppStack .footnote[Project site: [openappstack.net](https://openappstack.net)] — layout: false # What is OpenAppStack Cloud application suite – Open source – Self-updating – Easy to install – Integrated .footnote[Project by Greenhost and eQualit.ie] ??? – Open source: you know what it means – Self updating: pulls new updates from server and applies them – Easy to install: one script sets up the system and you don’t have to touch it after – Integrated: One account for all applications, Single Sign On, Single Sign Off? — # What is OpenAppStack Based on existing open source applications: – Keycloak – Nextcloud – Kubernetes – … more to follow soon! .footnote[Project by Greenhost and eQualit.ie] ??? Why Kubernetes? – Secret management – Templating with Helm – Updating with Helm – Self-repairing system Why Keycloak? – Auth methods: – OpenID Connect (OIDC) – SAML (needed for i.e. Nextcloud) – Some kind of second factor auth (OTP, U2F) – Web interface or API for user management – Possible automated client registration – Popular framework — # Why? End user problems: – Decentralisation – Underused open source alternatives Developer problems: – Hard to get users for your application – Hard to roll out updates to users Operations problems: – Different type of deployment for different applications – Container orchestration ??? – Decentralisation from: – Google – Facebook – Amazon – Slack – OS alternatives: – Hard installation – Keep up to date – Different deployments for: – PHP – Python – Ruby — # Installation Few steps on the slides. Or, follow the tutorial on [openappstack.net/tutorial.html](https://openappstack.net/tutorial.html) — # Troubleshooting 1. Ask the people in the room 2. Check out the contact page on [openappstack.net/contact.html](/contact.html) 3. IRC: `#oas` @ freenode.net 4. Helpful debug commands: “` kubectl get pods –all-namespaces helm ls “` — # Prerequisites A virtual machine or bare metal server with: – Ubuntu 18.04 – A public IP address – 10GB of disk space and 4GB of RAM – Root ssh access – Ansible `>= 2.6` In the case your system package manager doesn’t provide `ansible >= 2.6`: “` pip3 install –user -r ansible/requirements.txt “` (or use `virtualenv`) ??? Hint: if you have several python projects on your PC, consider using [virtualenv](https://virtualenv.pypa.io/en/stable/) Hint: if you get a [segmentation fault](https://bitbucket.org/cffi/cffi/issues/272/segfault-while-installing-via-pip) using above command, you can add `–no-use-wheel` to it. — # You will get: – a single-node kubernetes cluster on the machine – utility tools: – `helmfile` – `helm` – `kubectl` – `rke` — # DNS entries – oas.example.com – *.oas.example.com Point to machine’s public IP address — # Get the code “` git clone https://code.greenhost.net/openappstack/bootstrap.git “` — # Inventory Copy `ansible/inventory.yml.example` to `ansible/inventory.yml` and edit it — # Inventory example “`yaml all: hosts: oas-dev: # Node to deploy to; can be a name or address. ansible_host: "YOUR IP HERE" # Ssh user to log in as. ansible_user: "root" children: cluster: hosts: oas-dev master: hosts: oas-dev worker: hosts: oas-dev “` ??? Copy `ansible/inventory.yml.example` to `ansible/inventory.yml` and edit it — # Settings `ansible/group_vars/cluster/settings.yml`: “`yaml # Use python3 on cluster nodes for ansible ansible_python_interpreter: "/usr/bin/env python3" # External ip address of the cluster. ip_address: "YOUR IP HERE" # Main domain name of the cluster services. domain: "example.com" # Email address of someone administering the cluster. admin_email: "admin@example.com" # Label of this deployment. release_name: "test" keycloak_password: nextcloud_password: # Get staging LE certificates acme_staging: false “` ??? Copy `ansible/group_vars/cluster/settings.yml.example` to `ansible/group_vars/cluster/settings.yml` and edit it About the passwords: “`yaml keycloak_password: "{{ lookup(‘password’, ‘./secrets/keycloak_admin_password chars=ascii_letters’) }}" nextcloud_password: "{{ lookup(‘password’, ‘./secrets/nextcloud_admin_password chars=ascii_letters’) }}" “` Or make up your own.. — # Installation “` cd ansible/ ansible-playbook bootstrap.yml “` It will take approx. 5-10 mins to setup your cluster. — # Usage Right now, there’s three applications pre-installed. – [Keycloak](https://www.keycloak.org/) @ https://auth.oas.example.com – [Nextcloud](https://nextcloud.com) @ https://files.oas.example.com – [Traefik](https://traefik.io) @ https://traefik.oas.example.com ??? ## This is where everyone should pay attention again – Nextcloud: not yet integrated with Keycloak. – Traefik: we’re thinking of switching it out with nginx — # Managing an existing cluster Login to your cluster with: ssh USER@oas.example.com where `USER` the `ansible_user` you configured in `ansible/inventory.yml`. — # Things to try: – `kubectl get pods -n oas` – `kubectl get pods -n oas-apps` – `helm ls` ## Visit these URLs: – [Keycloak](https://www.keycloak.org/) @ https://auth.oas.example.com – [Nextcloud](https://nextcloud.com) @ https://files.oas.example.com – [Traefik](https://traefik.io) @ https://traefik.oas.example.com — # Have fun! That’s all we have for now. Please stay in touch, we want to know how your cluster is doing this week! Check [our contact page at openappstack.net/contact.html](/contact.html)