# 2 start pods on minikube

change ${PJ_ROOT} to your directory.

In [None]:
export PJ_ROOT="${HOME}/container-centric-fiware-demonstration"
cd ${PJ_ROOT};pwd

example)
```
/Users/user/container-centric-fiware-demonstration
```

## load environment variables

In [None]:
source ${PJ_ROOT}/docs/minikube/env

## start etcd cluster on minikube
[etcd](https://github.com/coreos/etcd)

In [None]:
helm install stable/etcd-operator --name ccfd

In [None]:
POD=$(kubectl get pods -l app=ccfd-etcd-operator-etcd-operator --namespace default --output name)
kubectl logs $POD --namespace=default

expected)
```
time="2018-07-11T22:52:48Z" level=info msg="Event(v1.ObjectReference{Kind:\"Endpoints\", Namespace:\"default\", Name:\"etcd-operator\", UID:\"21e458f5-855d-11e8-a3b4-026b849f8c40\", APIVersion:\"v1\", ResourceVersion:\"1580\", FieldPath:\"\"}): type: 'Normal' reason: 'LeaderElection' ccfd-etcd-operator-etcd-operator-6d5f994f86-2z65g became leader"
```

In [None]:
kubectl apply -f etcd/etcd-cluster.yaml

In [None]:
kubectl get pods -l app=etcd

example)
```
NAME                      READY     STATUS    RESTARTS   AGE
etcd-cluster-m5mk57c68n   0/1       Running   0          6s
etcd-cluster-nl872jt7zs   1/1       Running   0          46s
etcd-cluster-xds88qqcjx   1/1       Running   0          22s
```

In [None]:
kubectl get services -l app=etcd

example)
```
NAME                  TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)             AGE
etcd-cluster          ClusterIP   None         <none>        2379/TCP,2380/TCP   1m
etcd-cluster-client   ClusterIP   10.0.68.3    <none>        2379/TCP            1m
```

In [None]:
kubectl run --rm -it etcdclient --image quay.io/coreos/etcd --restart=Never -- etcdctl --peers http://etcd-cluster-client:2379 member list

example)
```
477d8981f585fdf3: name=etcd-cluster-xds88qqcjx peerURLs=http://etcd-cluster-xds88qqcjx.etcd-cluster.default.svc:2380 clientURLs=http://etcd-cluster-xds88qqcjx.etcd-cluster.default.svc:2379 isLeader=false
6fc6ea1e06f2b405: name=etcd-cluster-nl872jt7zs peerURLs=http://etcd-cluster-nl872jt7zs.etcd-cluster.default.svc:2380 clientURLs=http://etcd-cluster-nl872jt7zs.etcd-cluster.default.svc:2379 isLeader=true
8b8708e453bef839: name=etcd-cluster-m5mk57c68n peerURLs=http://etcd-cluster-m5mk57c68n.etcd-cluster.default.svc:2380 clientURLs=http://etcd-cluster-m5mk57c68n.etcd-cluster.default.svc:2379 isLeader=false
```

## start vernemq cluster on minikube
[vernemq](https://vernemq.com/)

### create usernames & passwords of vernemq

In [None]:
mkdir -p secrets
rm -f secrets/vmq.passwd
touch secrets/vmq.passwd

In [None]:
for e in $(env); do
  if [[ "${e}" =~ ^VERNEMQ__([[:alnum:]_-]+)=([[:alnum:]_-]+)$ ]]; then
    username=${BASH_REMATCH[1]}
    password=${BASH_REMATCH[2]}
    
    expect -c "
    spawn docker run --rm -v $(pwd)/secrets:/mnt -it erlio/docker-vernemq vmq-passwd /mnt/vmq.passwd ${username}
    expect \"Password:\"
    send -- \"${password}\n\"
    expect \"Reenter password:\"
    send -- \"${password}\n\"
    expect \"\\\$\"
    exit 0
    "
  fi
done

### register vmq.passwd to kubernetes secret

In [None]:
kubectl create secret generic vernemq-passwd --from-file=./secrets/vmq.passwd

### start vernemq

In [None]:
kubectl apply -f vernemq/vernemq-cluster-minikube.yaml

In [None]:
kubectl get pods -l app=vernemq

example)
```
NAME        READY     STATUS    RESTARTS   AGE
vernemq-0   1/1       Running   0          1m
vernemq-1   1/1       Running   0          1m
vernemq-2   1/1       Running   0          33s
```

In [None]:
kubectl exec vernemq-0 -- vmq-admin cluster show

expected)
```
+---------------------------------------------------+-------+
|                       Node                        |Running|
+---------------------------------------------------+-------+
|VerneMQ@vernemq-0.vernemq.default.svc.cluster.local| true  |
|VerneMQ@vernemq-1.vernemq.default.svc.cluster.local| true  |
|VerneMQ@vernemq-2.vernemq.default.svc.cluster.local| true  |
+---------------------------------------------------+-------+
```

In [None]:
kubectl get services -l app=mqtt

expected)
```
NAME      TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
mqtt      NodePort   10.110.252.152   <none>        1883:30382/TCP   1m
```

### nat MQTT port 

In [None]:
MQTT_PORT=$(kubectl describe service mqtt | grep "NodePort:" | awk '{print $3}' | awk -F'/' '{print $1}');echo ${MQTT_PORT}

In [None]:
VBoxManage controlvm "minikube" natpf1 "mqtt,tcp,0.0.0.0,1883,,${MQTT_PORT}"
VBoxManage showvminfo "minikube" | grep ${MQTT_PORT}

example)
```
NIC 1 Rule(0):   name = mqtt, protocol = tcp, host ip = 0.0.0.0, host port = 1883, guest ip = , guest port = 30382
```

### confirm to connect MQTT broker

In [None]:
mosquitto_pub -h ${HOST_IPADDR} -p 1883  -d -u iotagent -P ${VERNEMQ__iotagent} -t /test -m "test"

example)
```
Client mosqpub|52150-Nobuyukin sending CONNECT
Client mosqpub|52150-Nobuyukin received CONNACK
Client mosqpub|52150-Nobuyukin sending PUBLISH (d0, q0, r0, m1, '/test', ... (4 bytes))
Client mosqpub|52150-Nobuyukin sending DISCONNECT
```

## start mondodb cluster on minikube
[mongodb](https://www.mongodb.com/)

In [None]:
kubectl apply -f mongodb/mongodb-cluster-minikube.yaml

In [None]:
kubectl get pods -l app=mongodb

example)
```
NAME        READY     STATUS    RESTARTS   AGE
mongodb-0   2/2       Running   0          6m
mongodb-1   2/2       Running   0          4m
mongodb-2   2/2       Running   0          2m
```

In [None]:
kubectl get services -l app=mongodb

example)
```
NAME      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)     AGE
mongodb   ClusterIP   None         <none>        27017/TCP   6m
```

In [None]:
kubectl exec mongodb-0 -c mongodb -- mongo --eval 'printjson(rs.status().members.map(function(e) {return {name: e.name, stateStr:e.stateStr};}))'

expected)
```
MongoDB shell version v3.6.6
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.6.6
[
	{
		"name" : "mongodb-0.mongodb.default.svc.cluster.local:27017",
		"stateStr" : "PRIMARY"
	},
	{
		"name" : "mongodb-1.mongodb.default.svc.cluster.local:27017",
		"stateStr" : "SECONDARY"
	},
	{
		"name" : "mongodb-2.mongodb.default.svc.cluster.local:27017",
		"stateStr" : "SECONDARY"
	}
]
```

## start ambassador on minikube

[ambassador](https://www.getambassador.io/)

### start ambassador

In [None]:
kubectl apply -f ambassador/ambassador-minikube.yaml

In [None]:
kubectl get pods -l service=ambassador

example)
```
NAME                         READY     STATUS    RESTARTS   AGE
ambassador-cf99ff6bb-45jpl   1/1       Running   0          39s
ambassador-cf99ff6bb-8kht7   1/1       Running   0          39s
ambassador-cf99ff6bb-lv2tk   1/1       Running   0          39s
```

In [None]:
kubectl get services -l service=ambassador

example)
```
NAME         TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
ambassador   NodePort   10.98.181.146   <none>        80:31807/TCP   1m
```

### nat HTTP port

In [None]:
HTTP_PORT=$(kubectl describe service ambassador | grep "NodePort:" | awk '{print $3}' | awk -F'/' '{print $1}');echo ${HTTP_PORT}

In [None]:
VBoxManage controlvm "minikube" natpf1 "http,tcp,0.0.0.0,8080,,${HTTP_PORT}"
VBoxManage showvminfo "minikube" | grep ${HTTP_PORT}

In [None]:
curl -i http://${HOST_IPADDR}:8080

expected)
```
HTTP/1.1 404 Not Found
date: Fri, 25 May 2018 00:47:41 GMT
server: envoy
content-length: 0
```

## start authorization & authentication service on minikube

### create `secrets/auth-tokens.json`
example)
```json
{
  "bearer_tokens": [
      {
          "token": "iRGTsKKHwgjf4rR2XMSN3oE9Dhm6ym3O",
          "allowed_paths": ["^/orion/.*$", "^/idas/.*$"]
      }, {
          "token": "4Xc1GFa2D8zkZRbkdygm902oGYeUAJno",
          "allowed_paths": ["^/visualizer/positions/$"]
      }
  ],
  "basic_auths": [
      {
          "username": "user1",
          "password": "P@ssw0rd",
          "allowed_paths": ["/controller/web/"]
      }, {
          "username": "visualizer",
          "password": "P@ssw0rd",
          "allowed_paths": ["/visualizer/locus/"]
      }
  ]
}
```

In [None]:
cat << __EOS__ > secrets/auth-tokens.json
{
  "bearer_tokens": [
      {
          "token": "$(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 32)",
          "allowed_paths": ["^/orion/.*$", "^/idas/.*$"]
      }, {
          "token": "$(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 32)",
          "allowed_paths": ["^/visualizer/positions/$"]
      }
  ],
  "basic_auths": [
      {
          "username": "user1",
          "password": "$(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 16)",
          "allowed_paths": ["/controller/web/"]
      }, {
          "username": "visualizer",
          "password": "$(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 16)",
          "allowed_paths": ["/visualizer/locus/"]
      }
  ]
}
__EOS__

### register auth-tokens to kubernetes secrets

In [None]:
kubectl create secret generic auth-tokens --from-file=./secrets/auth-tokens.json

### start fiware-ambassador-auth

In [None]:
kubectl apply -f ambassador/fiware-ambassador-auth.yaml

In [None]:
kubectl get pods -l pod=ambassador-auth

example)
```
NAME                           READY     STATUS    RESTARTS   AGE
ambassador-auth-6fffdbd9c9-7kkpr   1/1       Running   0          56s
ambassador-auth-6fffdbd9c9-qxw6m   1/1       Running   0          56s
ambassador-auth-6fffdbd9c9-sdn5b   1/1       Running   0          56s
```

In [None]:
kubectl get services -l service=ambassador-auth

example)
```
NAME          TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE
ambassador-auth   ClusterIP   10.0.129.102   <none>        3000/TCP   2m
```

In [None]:
curl -i http://${HOST_IPADDR}:8080

example)
```
HTTP/1.1 401 Unauthorized
content-type: application/json; charset=utf-8
www-authenticate: Bearer realm="token_required"
date: Thu, 12 Jul 2018 02:21:24 GMT
content-length: 60
x-envoy-upstream-service-time: 2
server: envoy

{"authorized":false,"error":"missing Header: authorization"}
```

## start fiware orion on minikube
[fiware orion](https://catalogue-server.fiware.org/enablers/publishsubscribe-context-broker-orion-context-broker)

In [None]:
kubectl apply -f orion/orion.yaml

In [None]:
kubectl get pods -l app=orion

example)
```
NAME                     READY     STATUS    RESTARTS   AGE
orion-54f5cdcb5d-d2pt5   1/1       Running   0          56s
orion-54f5cdcb5d-hv274   1/1       Running   0          56s
orion-54f5cdcb5d-xbnx2   1/1       Running   0          56s
```

In [None]:
kubectl get services -l app=orion

example)
```
NAME      TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)    AGE
orion     ClusterIP   10.0.44.126   <none>        1026/TCP   1m
```

In [None]:
TOKEN=$(cat ${PJ_ROOT}/secrets/auth-tokens.json | jq '.bearer_tokens[0].token' -r)
curl -i -H "Authorization: bearer ${TOKEN}" http://${HOST_IPADDR}:8080/orion/v2/entities/

example)
```
HTTP/1.1 200 OK
content-length: 2
content-type: application/json
fiware-correlator: 4731eb48-4dc1-11e8-b1a2-0a580af4010a
date: Wed, 02 May 2018 04:28:35 GMT
x-envoy-upstream-service-time: 5
server: envoy

[]
```

## start duplicate message filter service for idas

In [None]:
kubectl apply -f idas/fiware-mqtt-msgfilter.yaml

In [None]:
kubectl get pods -l pod=mqtt-msgfilter

example)
```
NAME                              READY     STATUS    RESTARTS   AGE
mqtt-msgfilter-6f76445596-cmbqz   1/1       Running   0          26s
mqtt-msgfilter-6f76445596-wrhzb   1/1       Running   0          26s
mqtt-msgfilter-6f76445596-znnvg   1/1       Running   0          26s
```

In [None]:
kubectl get services -l service=mqtt-msgfilter

example)
```
NAME             TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)    AGE
mqtt-msgfilter   ClusterIP   10.0.133.42   <none>        5001/TCP   43s
```

## start fiware idas(iotagent-ul) on minikube
[fiware IDAS(iotagent-ul)](https://catalogue-server.fiware.org/enablers/backend-device-management-idas)

**In this demonstration, we use customized iotagent-ul in order to ignore duplicate MQTT messages.**

### build and push the idas conatiner image

In [None]:
env IOTAGENT_PASSWORD=${VERNEMQ__iotagent} envsubst < idas/iotagent-ul/config.js.template > idas/iotagent-ul/config.js

In [None]:
docker build -t ${REPOSITORY}/tech-sketch/iotagent-ul:1.6.0 idas/iotagent-ul/

In [None]:
docker push ${REPOSITORY}/tech-sketch/iotagent-ul:1.6.0

expected)
```
The push refers to repository [192.168.99.1:5000/tech-sketch/iotagent-ul]

559282c2: Preparing 
3c2b031d: Preparing 
e3e1d3a9: Preparing 
a102cc1f: Preparing 
1.6.0: digest: sha256:1185927621f88ecb2e3559baf39ed357dd3609a2e90a45f448daa97e7ceb02ec size: 1372
```

In [None]:
docker image ls | grep iotagent-ul

example)
```
192.168.99.1:5000/tech-sketch/iotagent-ul                1.6.0               c81db837b1f9        About a minute ago   113MB
```

### start idas

In [None]:
envsubst < idas/iotagent-ul.yaml | kubectl apply -f -

In [None]:
kubectl get pods -l app=iotagent-ul

example)
```
NAME                           READY     STATUS    RESTARTS   AGE
iotagent-ul-79685b64bf-8krps   1/1       Running   0          3m
iotagent-ul-79685b64bf-m6nlg   1/1       Running   0          3m
iotagent-ul-79685b64bf-mjpbl   1/1       Running   0          3m
```

In [None]:
kubectl get services -l app=iotagent-ul

example)
```
NAME          TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)             AGE
iotagent-ul   ClusterIP   10.0.180.155   <none>        4041/TCP,7896/TCP   43s
```

In [None]:
TOKEN=$(cat secrets/auth-tokens.json | jq '.bearer_tokens[0].token' -r)
curl -i -H "Authorization: bearer ${TOKEN}" -H "Fiware-Service: ${FIWARE_SERVICE}" -H "Fiware-Servicepath: /*" http://${HOST_IPADDR}:8080/idas/ul20/manage/iot/services/

example)
```
HTTP/1.1 200 OK
x-powered-by: Express
fiware-correlator: c114fc5e-b4a2-40f6-b7fe-1d68369784e5
content-type: application/json; charset=utf-8
content-length: 25
etag: W/"19-WMYe0U6ocKhQjp+oaVnMHLdbylc"
date: Wed, 02 May 2018 06:16:18 GMT
x-envoy-upstream-service-time: 9
server: envoy

{"count":0,"services":[]}
```

## start fiware cygnus on minikube
[fiware cygnus](https://catalogue-server.fiware.org/enablers/cygnus)

**In this demonstration, we use re-configured cygnus in order to revoke unnecessary sinks.**

### build and push the cygnus conatiner image

In [None]:
docker build -t ${REPOSITORY}/tech-sketch/cygnus-ngsi:1.8.0 ./cygnus/fiware-cygnus/

In [None]:
docker push ${REPOSITORY}/tech-sketch/cygnus-ngsi:1.8.0

expected)
```
The push refers to repository [192.168.99.1:5000/tech-sketch/cygnus-ngsi]

395d9f8e: Preparing 
27f81cbc: Preparing 
cc10c582: Preparing 
85b0c8f2: Preparing 
1.8.0: digest: sha256:68646f71f1ad28471187dc4670c742e1e6b032b94436c39c3a08deab79f84cb9 size: 1367
```

In [None]:
docker image ls | grep cygnus-ngsi

example)
```
192.168.99.1:5000/tech-sketch/cygnus-ngsi                1.8.0               4197d3e182e9        8 minutes ago         509MB
```

### start cygnus

In [None]:
envsubst < cygnus/cygnus.yaml | kubectl apply -f -

In [None]:
kubectl get pods -l app=cygnus

example)
```
NAME                      READY     STATUS    RESTARTS   AGE
cygnus-5c68fb6578-fdmtg   1/1       Running   0          44s
cygnus-5c68fb6578-stmds   1/1       Running   0          44s
cygnus-5c68fb6578-z85lp   1/1       Running   0          44s
```

In [None]:
kubectl get services -l app=cygnus

example)
```
NAME      TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)             AGE
cygnus    ClusterIP   10.103.255.240   <none>        5050/TCP,8081/TCP   1m
```

## start command proxy service on minikube

In [None]:
envsubst < controller/fiware-cmd-proxy.yaml | kubectl apply -f -

In [None]:
kubectl get pods -l pod=cmd-proxy

example)
```
NAME                        READY     STATUS    RESTARTS   AGE
cmd-proxy-d7cbc6dfb-6hnsp   1/1       Running   0          46s
cmd-proxy-d7cbc6dfb-v6rrx   1/1       Running   0          46s
cmd-proxy-d7cbc6dfb-zf2fd   1/1       Running   0          46s
```

In [None]:
kubectl get services -l service=cmd-proxy

example)
```
NAME        TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)    AGE
cmd-proxy   ClusterIP   10.0.172.56   <none>        8888/TCP   1m
```

## start robot visualization service on minikube

In [None]:
export MONGODB_DATABASE="sth_${FIWARE_SERVICE}"
export MONGODB_COLLECTION="sth_${ROBOT_SERVICEPATH}_${ROBOT_ID}_${ROBOT_TYPE}"
env BEARER_AUTH=$(cat ${PJ_ROOT}/secrets/auth-tokens.json | jq '.bearer_tokens | map(select(.allowed_paths[] | contains ("^/visualizer/positions/$"))) | .[0].token' -r) envsubst < controller/fiware-robot-visualization.yaml | kubectl apply -f -

In [None]:
kubectl get pods -l pod=robot-visualization

example)
```
NAME                                   READY     STATUS    RESTARTS   AGE
robot-visualization-7d69bcdff7-g7p98   1/1       Running   0          13m
robot-visualization-7d69bcdff7-k6mb9   1/1       Running   0          13m
robot-visualization-7d69bcdff7-txsqn   1/1       Running   0          13m
```

In [None]:
kubectl get services -l service=robot-visualization

example)
```
NAME                  TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)    AGE
robot-visualization   ClusterIP   10.0.112.72   <none>        8888/TCP   13m
```