# 1 start pods on azure AKS

change ${CORE_ROOT} to your path of `core`.

In [None]:
export CORE_ROOT="${HOME}/core"

change ${PJ_ROOT} to your path of `uoa-poc2`.

In [None]:
export PJ_ROOT="${HOME}/uoa-poc2"
cd ${PJ_ROOT};pwd

example)
```
/Users/user/uoa-poc2
```

## load environment variables

load from `core`

In [None]:
source ${CORE_ROOT}/docs/environments/azure_aks/env

load from `uoa-poc2`

In [None]:
source ${PJ_ROOT}/docs/environments/azure_aks/env

## setup alias

In [None]:
if [ "$(uname)" == 'Darwin' ]; then
  alias randomstr8='cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 8'
  alias randomstr16='cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 16'
  alias randomstr32='cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 32'
elif [ "$(expr substr $(uname -s) 1 5)" == 'Linux' ]; then
  alias randomstr8='cat /dev/urandom 2>/dev/null | head -n 40 | tr -cd 'a-zA-Z0-9' | head -c 8'
  alias randomstr16='cat /dev/urandom 2>/dev/null | head -n 40 | tr -cd 'a-zA-Z0-9' | head -c 16'
  alias randomstr32='cat /dev/urandom 2>/dev/null | head -n 40 | tr -cd 'a-zA-Z0-9' | head -c 32'
else
  echo "Your platform ($(uname -a)) is not supported."
  exit 1
fi

## add auth tokens for the controller of uoa-poc2

### create new `secrets/auth-tokens.json`

example)
```json
[
  {
    "host": "api\\..+$",
    "settings": {
      "bearer_tokens": [
        {
          "token": "f8ndLS3Dgvmy434lRJhGqbsBDuy6oOXX",
          "allowed_paths": [
            "^/orion/.*$",
            "^/idas/.*$",
            "^/comet/.*$"
          ]
        },
        {
          "token": "TISstc1030",
          "allowed_paths": [
            "^/controller/.*$"
          ]
        },
        {
          "token": "lAra2vvfFCoNYUBZDRSVg0kr0UYXQJeZ",
          "allowed_paths": [
            "^/controller/.*$"
          ]
        }
      ],
      "basic_auths": [],
      "no_auths": {
        "allowed_paths": []
      }
    }
  },
  {
    "host": "kibana\\..+$",
    "settings": {
      "bearer_tokens": [],
      "basic_auths": [
        {
          "username": "kjOocePR",
          "password": "4wm4wDPFiIgKuFwM",
          "allowed_paths": [
            "^.*$"
          ]
        }
      ],
      "no_auths": {
        "allowed_paths": []
      }
    }
  },
  {
    "host": "grafana\\..+$",
    "settings": {
      "bearer_tokens": [],
      "basic_auths": [],
      "no_auths": {
        "allowed_paths": [
          "^.*$"
        ]
      }
    }
  },
  {
    "host": "zaico\\..+$",
    "settings": {
      "bearer_tokens": [],
      "basic_auths": [
        {
          "username": "dA9edLTb",
          "password": "pnFj8HB1y8Q9Ch8r",
          "allowed_paths": [
            "^.*$"
          ]
        }
      ],
      "no_auths": {
        "allowed_paths": [
          "^.*/static/.*$"
        ]
      }
    }
  },
  {
    "host": "robotui\\..+$",
    "settings": {
      "bearer_tokens": [],
      "basic_auths": [
        {
          "username": "vB4xNAlx",
          "password": "jOvGeNTFoFNBzF0P",
          "allowed_paths": [
            "^.*$"
          ]
        }
      ],
      "no_auths": {
        "allowed_paths": [
          "^.*/static/.*$"
        ]
      }
    }
  }
]
```

In [None]:
cat ${CORE_ROOT}/secrets/auth-tokens.json | jq '.[0].settings.bearer_tokens|=.+[
  {
    "token": "'$(randomstr32)'",
    "allowed_paths": ["^/controller/.*$"]
  }
]' >> /tmp/auth-tokens.json.1
cat /tmp/auth-tokens.json.1 | jq '.|=.+[{
  "host": "zaico\\..+$",
  "settings": {
    "bearer_tokens": [],
    "basic_auths": [
      {
        "username": "'$(randomstr8)'",
        "password": "'$(randomstr16)'",
        "allowed_paths": ["^.*$"]
      }
    ],
    "no_auths": {
      "allowed_paths": ["^.*/static/.*$"]
    }
  }
},
{
  "host": "robotui\\..+$",
  "settings": {
    "bearer_tokens": [],
    "basic_auths": [
      {
        "username": "'$(randomstr8)'",
        "password": "'$(randomstr16)'",
        "allowed_paths": ["^.*$"]
      }
    ],
    "no_auths": {
      "allowed_paths": ["^.*/static/.*$"]
    }
  }
}]' | tee /tmp/auth-tokens.json
mv ${CORE_ROOT}/secrets/auth-tokens.json ${CORE_ROOT}/secrets/auth-tokens.json.back
mv /tmp/auth-tokens.json ${CORE_ROOT}/secrets/auth-tokens.json
rm /tmp/auth-tokens.json.1

## change the auth-tokens to kubernetes secrets

### watch `auth` log

_Outside of this notebook_
1. open a ternminal.
1. run a command displayed below.

In [None]:
echo "kubectl logs -f -lapp=auth --all-containers=true"

### delete and re-register auth-tokens to kubernetes secrets

In [None]:
kubectl delete secret auth-tokens

In [None]:
kubectl create secret generic auth-tokens --from-file=${CORE_ROOT}/secrets/auth-tokens.json

### confirm the token will be reloaded

**wait a few minutes until the change of secret is detected by Kubernetes.**  
When the new secret is detected, the tokens of auth will be reloaded automatically.

log messages like below will be shown after tokens is reloaded.

```
...
--------
2019/08/06 02:28:00 hosts: [.*]
--------
2019/08/06 02:28:00 bearerTokenAllowedPaths: map[.*:map[OnjhCAf8oIRpwBfbFDCh7hu5kh3e9TFM:[^/orion/.*$ ^/idas/.*$ ^/comet/.*$] BcC7SFz7tWAqNtsmQOqbfDCgXqAUyVyn:[^/controller/.*$]]]
--------
2019/08/06 02:28:00 basicAuthPaths, map[]
--------
2019/08/06 02:28:00 noAuthPaths, map[.*:[]]
--------
```

## start etcd cluster

In [None]:
helm install --name uoapoc2 --set customResources.createEtcdClusterCRD=true stable/etcd-operator

example)

```
NAME:   uoapoc2
LAST DEPLOYED: Thu Nov 21 14:57:53 2019
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/ClusterRole
NAME                                 AGE
uoapoc2-etcd-operator-etcd-operator  0s

==> v1/ClusterRoleBinding
NAME                                 AGE
uoapoc2-etcd-operator-etcd-operator  0s

==> v1/Deployment
NAME                                         AGE
uoapoc2-etcd-operator-etcd-backup-operator   0s
uoapoc2-etcd-operator-etcd-operator          0s
uoapoc2-etcd-operator-etcd-restore-operator  0s

==> v1/Pod(related)
NAME                                                          AGE
uoapoc2-etcd-operator-etcd-backup-operator-5c7df84879-tfpvz   0s
uoapoc2-etcd-operator-etcd-operator-788c77569f-vrtrp          0s
uoapoc2-etcd-operator-etcd-restore-operator-85968dfb96-b5xjl  0s

==> v1/Service
NAME                   AGE
etcd-restore-operator  0s

==> v1/ServiceAccount
NAME                                 AGE
uoapoc2-etcd-operator-etcd-operator  0s

==> v1beta2/EtcdCluster
NAME          AGE
etcd-cluster  0s


NOTES:
1. Watch etcd cluster start
  kubectl get pods -l etcd_cluster=etcd-cluster --namespace default -w

2. Confirm etcd cluster is healthy
  $ kubectl run --rm -i --tty --env="ETCDCTL_API=3" --env="ETCDCTL_ENDPOINTS=http://etcd-cluster-client:2379" --namespace default etcd-test --image quay.io/coreos/etcd --restart=Never -- /bin/sh -c 'watch -n1 "etcdctl  member list"'

3. Interact with the cluster!
  $ kubectl run --rm -i --tty --env ETCDCTL_API=3 --namespace default etcd-test --image quay.io/coreos/etcd --restart=Never -- /bin/sh
  / # etcdctl --endpoints http://etcd-cluster-client:2379 put foo bar
  / # etcdctl --endpoints http://etcd-cluster-client:2379 get foo
  OK
  (ctrl-D to exit)
  
4. Optional
  Check the etcd-operator logs
  export POD=$(kubectl get pods -l app=uoapoc2-etcd-operator-etcd-operator --namespace default --output name)
  kubectl logs $POD --namespace=default
```

In [None]:
kubectl get pods -l etcd_cluster=etcd-cluster

example)

```
NAME                      READY   STATUS    RESTARTS   AGE
etcd-cluster-65th59s8p5   1/1     Running   0          66s
etcd-cluster-g5bx65pxc9   1/1     Running   0          98s
etcd-cluster-trcr55758r   1/1     Running   0          82s
```

In [None]:
kubectl run --rm -it --env="ETCDCTL_API=3" --env="ETCDCTL_ENDPOINTS=http://etcd-cluster-client:2379" etcd-test --image quay.io/coreos/etcd --restart=Never -- /bin/sh -c "etcdctl  member list"

example)

```
5fe5acb0c4ceba8d, started, etcd-cluster-65th59s8p5, http://etcd-cluster-65th59s8p5.etcd-cluster.default.svc:2380, http://etcd-cluster-65th59s8p5.etcd-cluster.default.svc:2379
7a5f572987d5ad20, started, etcd-cluster-g5bx65pxc9, http://etcd-cluster-g5bx65pxc9.etcd-cluster.default.svc:2380, http://etcd-cluster-g5bx65pxc9.etcd-cluster.default.svc:2379
9eea3fbab46615d4, started, etcd-cluster-trcr55758r, http://etcd-cluster-trcr55758r.etcd-cluster.default.svc:2380, http://etcd-cluster-trcr55758r.etcd-cluster.default.svc:2379
pod "etcd-test" deleted
```

## start robot-controller on azure AKS

In [None]:
kubectl apply -f controller/robot-controller-azure-service.yaml

In [None]:
envsubst < controller/robot-controller-deployment.yaml | kubectl apply -f -

In [None]:
kubectl get pods -l app=robot-controller

example)
```
NAME                        READY     STATUS    RESTARTS   AGE
robot-controller-5c7fd7df75-59f7s   1/1     Running   0          26s
robot-controller-5c7fd7df75-lwjs6   1/1     Running   0          26s
robot-controller-5c7fd7df75-wlxfq   1/1     Running   0          26s
```

In [None]:
kubectl get services -l app=robot-controller

example)
```
NAME               TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
robot-controller   ClusterIP   10.101.151.122   <none>        3000/TCP   3m30s
```

## start zaico-extension on azure AKS

notice) replace XXXXXXXXXXXXXXXXXXXX with the 'REST API token' of `zaico.co.jp`

In [None]:
export ZAICO_TOKEN="XXXXXXXXXXXXXXXXXXXX"

In [None]:
export SHIPMENTAPI_TOKEN=$(cat ${CORE_ROOT}/secrets/auth-tokens.json | jq '.[0].settings.bearer_tokens | map(select(.allowed_paths[] | contains ("^/controller/.*$"))) | .[0].token' -r)

In [None]:
export DESTINATIONS='[{"id": 0, "name": ""}, {"id": 1, "name": "会議室1"}, {"id": 2, "name": "会議室2"}, {"id": 3, "name": "会議室3"}]'

In [None]:
kubectl apply -f zaico-extensions/zaico-extensions-azure-service.yaml

In [None]:
envsubst < zaico-extensions/zaico-extensions-deployment.yaml | kubectl apply -f -

In [None]:
kubectl get pods -l app=zaico-extensions

example)
```
NAME                               READY   STATUS    RESTARTS   AGE
zaico-extensions-9b9964947-598q8   1/1     Running   0          15m
zaico-extensions-9b9964947-89gqs   1/1     Running   0          15m
zaico-extensions-9b9964947-dcj75   1/1     Running   0          15m
```

In [None]:
kubectl get services -l app=zaico-extensions

example)
```
NAME               TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)    AGE
zaico-extensions   ClusterIP   10.0.103.45   <none>        3000/TCP   6m43s
```

### register DNS A Record for zaico-extensions

In [None]:
HTTPS_IPADDR=$(kubectl get services -l app=ambassador -o json | jq '.items[0].status.loadBalancer.ingress[0].ip' -r)
az network dns record-set a add-record --resource-group ${DNS_ZONE_RG} --zone-name "${DOMAIN}" --record-set-name "zaico" --ipv4-address "${HTTPS_IPADDR}"

In [None]:
nslookup zaico.${DOMAIN}

In [None]:
curl -i https://zaico.${DOMAIN}

example)
```
HTTP/1.1 401 Unauthorized
www-authenticate: Basic realm="basic authentication required"
content-length: 0
date: Thu, 10 Oct 2019 08:07:59 GMT
server: envoy
```

## start robotiui on azure AKS

In [None]:
kubectl apply -f robotui/robotui-azure-service.yaml

In [None]:
envsubst < robotui/robotui-deployment.yaml | kubectl apply -f -

In [None]:
kubectl get pods -l app=robotui

example)
```
NAME                      READY   STATUS    RESTARTS   AGE
robotui-78b7ff5d5-7rm2c   1/1     Running   0          18s
robotui-78b7ff5d5-92l88   1/1     Running   0          18s
robotui-78b7ff5d5-zwj9d   1/1     Running   0          18s
```

In [None]:
kubectl get services -l app=robotui

example)
```
NAME      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE
robotui   ClusterIP   10.0.252.198   <none>        8080/TCP   40d
```

### register DNS A Record for zaico-extensions

In [None]:
HTTPS_IPADDR=$(kubectl get services -l app=ambassador -o json | jq '.items[0].status.loadBalancer.ingress[0].ip' -r)
az network dns record-set a add-record --resource-group ${DNS_ZONE_RG} --zone-name "${DOMAIN}" --record-set-name "robotui" --ipv4-address "${HTTPS_IPADDR}"

In [None]:
nslookup robotui.${DOMAIN}

In [None]:
curl -i https://robotui.${DOMAIN}

example)
```
HTTP/1.1 401 Unauthorized
www-authenticate: Basic realm="basic authentication required"
content-length: 0
date: Thu, 10 Oct 2019 08:07:59 GMT
server: envoy
```