# Kubernetes Deployment via Glasskube

## Prerequisites

- A Kubernetes cluster currently set as the current context in `kubectl`
- `docker`, `openssl`, `kubectl` and [`glasskube`](https://glasskube.dev) installed

## What is Glasskube?

[Glasskube](https://glasskube.dev) is an alternative package manager for Kubernetes and part of the CNCF landscape. Glasskube is designed as a Cloud Native application and every installed package is represented by a Custom Resource.


[`glasskube/glasskube`](https://github.com/glasskube/glasskube/) is in active development, with _good first issues_
available for new contributors.


## Quickstart


### Generate encryption keys

There are 4 encryption secrets required for Hatchet to run which can be generated via the following bash script (requires `docker` and `openssl`):

```sh filename=generate.sh copy
#!/bin/bash

# Define an alias for generating random strings. This needs to be a function in a script.
randstring() {
    openssl rand -base64 69 | tr -d "\n=+/" | cut -c1-$1
}

# Create keys directory
mkdir -p ./keys

# Function to clean up the keys directory
cleanup() {
    rm -rf ./keys
}

# Register the cleanup function to be called on the EXIT signal
trap cleanup EXIT

# Check if Docker is installed
if ! command -v docker &> /dev/null
then
    echo "Docker could not be found. Please install Docker."
    exit 1
fi

# Generate keysets using Docker
docker run --user $(id -u):$(id -g) -v $(pwd)/keys:/hatchet/keys ghcr.io/hatchet-dev/hatchet/hatchet-admin:latest /hatchet/hatchet-admin keyset create-local-keys --key-dir /hatchet/keys

# Read keysets from files
SERVER_ENCRYPTION_MASTER_KEYSET=$(<./keys/master.key)
SERVER_ENCRYPTION_JWT_PRIVATE_KEYSET=$(<./keys/private_ec256.key)
SERVER_ENCRYPTION_JWT_PUBLIC_KEYSET=$(<./keys/public_ec256.key)

# Generate the random strings for SERVER_AUTH_COOKIE_SECRETS
SERVER_AUTH_COOKIE_SECRET1=$(randstring 16)
SERVER_AUTH_COOKIE_SECRET2=$(randstring 16)

# Create the YAML file
cat > hatchet-secret.yaml <"
HATCHET_CLIENT_TLS_STRATEGY=none
```

You will need this in the following example.

### Port forward to the Hatchet engine

```sh
export NAMESPACE=hatchet # TODO: change if you modified the namespace
export POD_NAME=$(kubectl get pods --namespace $NAMESPACE -l "app.kubernetes.io/name=hatchet-engine,app.kubernetes.io/instance=hatchet" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace $NAMESPACE $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
kubectl --namespace $NAMESPACE port-forward $POD_NAME 7070:$CONTAINER_PORT
```

This will spin up the Hatchet engine service on `localhost:7070` which you can then connect to from the examples.

### Generate an API token

To generate an API token, navigate to the `Settings` tab in the Hatchet frontend and click on the `API Tokens` tab. Click the `Generate API Token` button to create a new token. Store this token somewhere safe.

### Run your first worker

Now that you have an API token, see the guide [here](https://docs.hatchet.run/home/setup) for how to run your first task.