2.9 KiB
Creating a public service in hscloud
In this chapter, I will show you how to create a service that will be publicly available on the Internet.
Requirements
Working nix. You can install nix with command:
sh <(curl -L https://nixos.org/nix/install) --daemon
and start it with:
nix-shell
bazel build //tools:install
bazel run //tools:install
Creating a copy of ldapweb
We start by enabling the nix-shell environment:
cd hscloud
nix-shell
We start in the hscloud
folder, with the nix-shell
environment enabled. If you don't have your namespace in the //personal
folder yet, we create it:
mkdir personal/$hs_username
We copy the configuration of the ldapweb
service into the workspace:
cp -r hswaw/ldapweb/ personal/$hs_username/
cd personal/$hs_username/ldapweb/
Modifying the service
The configuration of ldapweb
is contained in the prod.jsonnet
file. The format of jsonnet
is very similar to json
, but allows the use of variables, functions, and the import of other files.
We are interested in the initial part of the file:
local kube = import "../../kube/kube.libsonnet"
{
local top = self,
local cfg = self.cfg,
cfg:: {
name: 'ldapweb',
namespace: 'ldapweb',
domain: 'profile.hackerspace.pl',
image: 'registry.k0.hswaw.net/radex/ldap-web:1695486391',
},
...
}
The import is done from the kube.libsonnet
file in the kube
folder in the hscloud
folder. In order for the import to proceed correctly in this case, we need to go back one more folder: ../../../kube/kube.libsonnet
.
The hscloud
configuration only allows the namespace in personal-$hs_username
format. In addition, we need to change the domain to *.$hs_username.hscloud.ovh
. Finally, we change the service name to test
.
Finally, the above fragment of the prod.jsonnet
file should look like this:
# remember to replace $hs_username with your username!
local kube = import "../../../kube/kube.libsonnet";
{
local top = self,
local cfg = self.cfg,
cfg:: {
name: 'test',
namespace: 'personal-$hs_username',
domain: 'test.$hs_username.hscloud.ovh',
image: 'registry.k0.hswaw.net/radex/ldap-web:1695486391',
},
...
}
We log into the cluster:
hs_username=$USER # if your username is the same as your SSO username
prodaccess -username $hs_username
We invoke the command to apply the changes:
kubecfg update prod.jsonnet
Our service should be at https://test.$hs_username.hscloud.ovh/
. During the first couple of minutes we will get a message about an invalid certificate, because the Let's Encrypt service has not yet managed to generate a certificate for our domain.
To remove the service, call:
kubecfg delete prod.jsonnet
or
kubectl delete service test -n personal-$hs_username