====== K8s Day 0: Helm ======
TAGs: k8s, helm

  * .https://searchitoperations.techtarget.com/tip/When-to-use-Kubernetes-operators-vs-Helm-charts
===== - Helm Installation =====
Follow .https://helm.sh/docs/intro/quickstart/

===== - Install k8s dashboard =====

==== - Search for packages and install ====
  * .https://helm.sh/docs/intro/using_helm/

Search //hub//:
    helm search hub pkg-name
    
Searh local //repository//:

Add Add official charts repository
    helm repo add stable https://charts.helm.sh/stable

    helm repo add brigade https://brigadecore.github.io/charts
    "brigade" has been added to your repositories
    
    
    helm search repo brigade
    
Install chart
    helm install happy-panda bitnami/wordpress
    
    helm status happy-panda
    
Customizing the Chart Before Installing

    helm show values bitnami/wordpress
    ## Global Docker image parameters
    
Override any of these settings in a YAML formatted file, and then pass that file during installation.

    echo '{mariadb.auth.database: user0db, mariadb.auth.username: user0}' > values.yaml    
    helm install -f values.yaml bitnami/wordpress --generate-name
    
==== - Helm K8S Dashboard ====
  * .https://artifacthub.io/packages/helm/k8s-dashboard/kubernetes-dashboard

Add kubernetes-dashboard repository
    helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
    
Deploy a Helm Release named "k8s-dashboard" using the kubernetes-dashboard chart
    helm install k8s-dashboard kubernetes-dashboard/kubernetes-dashboard
    
Install opetions:
<code>
    -n, --namespace string            namespace scope for this request
    --create-namespace
</code>

    kubectl get pods --all-namespaces
    
To uninstall/delete the my-release deployment:

    helm delete k8s-dashboard
=== - Access dashboard ===
Get the Kubernetes Dashboard URL by running:

<code>
  export POD_NAME=$(kubectl get pods -n default -l "app.kubernetes.io/name=kubernetes-dashboard,app.kubernetes.io/instance=k8s-dashboard" -o jsonpath="{.items[0].metadata.name}")
  echo https://127.0.0.1:8443/
  kubectl -n default port-forward $POD_NAME 8443:8443
</code>

=== - Change Dashboard Access to NodePort ===
  * see .http://localhost/~dang/wiki/doku.php?id=virtualization:k8s:onap_k8s:0_k8s_installation#k8s_dashboard

=== - Generate new certificat for Dashboard ===
Chrome doesn't like the certificate.

Create new certs
<code>
cd k8s-dashbard-setup
mkdir certs
cd certs
openssl genrsa -out dashboard.key 2048
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=kubernetes-dashboard'
ls
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
kubectl get secret
kubectl describe secrets k8s-dashboard-kubernetes-dashboard-certs
kubectl delete secret k8s-dashboard-kubernetes-dashboard-certs 
kubectl create secret generic k8s-dashboard-kubernetes-dashboard-certs --from-file=dashboard.key --from file=dashboard.crt 
kubectl delete pods k8s-dashboard-kubernetes-dashboard-696b8cc6f8-jdwxz 
kubectl get pods
kubectl get service

</code>

=== - Get login token ===
This account is created by helm.

<code>
kubectl get secrets 
NAME                                             TYPE                                  DATA   AGE
default-token-kcnjb                              kubernetes.io/service-account-token   3      45h
k8s-dashboard-kubernetes-dashboard-certs         Opaque                                2      4m9s
k8s-dashboard-kubernetes-dashboard-token-lb8sz   kubernetes.io/service-account-token   3      25h   <--------

kubectl describe secrets k8s-dashboard-kubernetes-dashboard-token-lb8sz
...
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InZBbDNmcGlJam9tOVRGcFdzYkllekczbFNJM0NsNVpFb3RPcV8xNXE2aFEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Ims4cy1kYXNoYm9hcmQta3ViZXJuZXRlcy1kYXNoYm9hcmQtdG9rZW4tbGI4c3oiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiazhzLWRhc2hib2FyZC1rdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjJhZDk2NTgxLTRkYTYtNGUwZS1iOTQ4LTg5MGE1NzY5MmM0MSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0Oms4cy1kYXNoYm9hcmQta3ViZXJuZXRlcy1kYXNoYm9hcmQifQ.OZ8_5cdCOv-USZmTvBmaU0Xh9teAUDX_5a1cR7BfKWTLUz4XdZ-GmGZZY4FRHaRndcUi3hH08UHogr0cwNOZEdf_sJGZflOcH_AC9OMTuR26bt4_xam66LfviXNUSsvps11wxg4ZFs3_v-Iz3dMJWT-UokmF783TD2Ds5HQ-XkGCvRi7de6EPvjjT_T3Mb_ZVOi4ql-QOfPUBbHRnGU6HmJFhmYKBSOVppuMGlhOL76uu7QnkPydygMurrxKBpfE_-kbZG2PgoBPjavNH8DYxTF6q0tlMCHO-n531M4s3uWkn-N3OBojJubgtYPo9-4wD-Xex8zSSqm67Lqh0WzGdQ


</code>

=== - Create new Dashboard Service account ===
The service account created by helm is restrictive and has no permission. We will create a new one with cluster-admin roles. This should not be used in production as the service account has full control over cluster. https://github.com/kubernetes/dashboard/issues/4179

<code>
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
</code>

    kubectl apply -f service-account.yaml