kubernetes: kubectl, minikube, virtualboxHeadless

Set the default kubernetes version in minikube:

  minikube config set kubernetes-version v1.10.3

Configure clusters and credentials:

  PKI=$HOME/Development/code/SumAll/pki
  CLUSTERS=( tng-stage tng-prod )
  USERNAME=ibrennan

  mkdir -p $PKI

  for CLUSTER in ${CLUSTERS[@]}; do
    CRT=${PKI}/${CLUSTER}-ca.crt
    lpass show --notes "SumAll kubernetes ${CLUSTER} client ca.crt" > $CRT

    LPASS=$(lpass show --notes "SumAll kubernetes ${CLUSTER} client config ${USERNAME}")
    SERVER=$(grep -oP '^server: \K\S+' <<< $LPASS)
    TOKEN=$(grep -oP '^token: \K\S+' <<< $LPASS)

    kubectl config set-cluster ${CLUSTER} --server=${SERVER} --certificate-authority=${CRT} --embed-certs=true
    kubectl config set-credentials ${USERNAME}-${CLUSTER} --token=${TOKEN}
    kubectl config set-context ${CLUSTER} --cluster=${CLUSTER} --user=${USERNAME}-${CLUSTER}
  done

  unset PKI CLUSTERS CLUSTER USERNAME CRT LPASS SERVER TOKEN

Initialize cluster resources:

  RESOURCES=$HOME/Development/code/SumAll/k8s-cluster-resources
  if [ ! -e $RESOURCES ]; then
    git clone git@github.com:SumAll/k8s-cluster-resources.git $RESOURCES
  fi
  kubectl --context=minikube create -f $RESOURCES/ms-config-dev.yml
  kubectl --context=minikube create -f $RESOURCES/k8s-generic-pod-user-dev.yml
  kubectl --context=minikube create -f $RESOURCES/mongo/mongo-dev.yml
  kubectl --context=minikube create -f $RESOURCES/redis/redis-dev.yml
  kubectl --context=minikube create -f $RESOURCES/site-proxy/ingress-dev.yaml
  unset RESOURCES

  minikube service mongo --url
  minikube service redis --url

Set up tng-workspace:

  if ! systemctl --quiet is-active openvpn-sumall.service; then
    systemctl start openvpn-sumall.service
  fi

  # `minikube status` is broken: kubernetes/minikube#2743
  # `minikube start` is not idempotent: kubernetes/minikube#2646
  ps x | grep -q [m]inikube || minikube start

  WORKSPACE=$HOME/Development/code/SumAll/k8s-workspace
  if [ ! -e $WORKSPACE ]; then
    git clone git@github.com:SumAll/k8s-workspace.git $WORKSPACE
  fi
  pushd $WORKSPACE >/dev/null

  export TNG_WORKSPACE=$HOME/Development/code/SumAll/tng-workspace
  mkdir -p $TNG_WORKSPACE

  for f in config.sh manage-services.sh setup-serviceyml-configmap.sh; do
    sed -i '1 s,#!/bin/bash,#!/usr/bin/env bash,' $f
  done

  ./manage-services.sh -c setup

  for f in config.sh manage-services.sh setup-serviceyml-configmap.sh; do
    sed -i '1 s,#!/usr/bin/env bash,#!/bin/bash,' $f
  done

  popd
  unset WORKSPACE f

configuration.nix

@@ -21,7 +21,14 @@
 
   time.timeZone = "America/New_York";
 
-  virtualisation.docker.enable = true;
+  virtualisation = {
+    docker.enable = true;
+
+    virtualbox.host = {
+      enable = true;
+      headless = true;
+    };
+  };
 
   nixpkgs.config = {
     allowUnfree = true;

environment/system-packages.nix

@@ -27,9 +27,11 @@ with pkgs; [
   gnupg
   highlight
   jq
+  kubectl
   lastpass-cli
   lshw
   lsof
+  minikube
   mkpasswd
   nice-backgrounds
   neovim
@@ -50,6 +52,7 @@ with pkgs; [
   universal-ctags
   vim-configured
   vimPrivatePlugins.haskell-vim
+  virtualboxHeadless
   vlc
   vln
   weechat

users/default.nix

@@ -9,6 +9,7 @@
         "docker"
         "networkmanager"
         "wheel"
+        "vboxusers"
       ];
       hashedPassword = "$6$4uOYQEuFA$RqNmGNfQcR6mPK2.jSHPntF43HgN6BJP4nwQANNUbp8ulpquniQNqecgUMVGRBsjBzt2b7gJBhCCedbUYmI/60";
     };