fix: Upload file for kubeconfig is not working (add a cluster)

kore3lab · Dec 23, 2022 · 014822f · 014822f
2 parents 8f9d4a8 + 5f0fda8
commit 014822f
Show file tree

Hide file tree

Showing 16 changed files with 640 additions and 328 deletions.
diff --git a/docs/README.md b/docs/README.md
@@ -1,16 +1,19 @@
 # Kore-board Documentation
 
-* [Developer Guide](./developer/README.md)
+## [Developer Guide](./developer/README.md)
 
-  * [Getting started](./developer/getting-started.md)
-  * [Architecture](./developer/architecture.md)
-  * [API Specification](./developer/api-specification.md)
-  * [Packaging Helm-chart](./developer/helm-chart.md)
-  * [Web-Terminal Developer Guide](./developer/app-terminal.md)
+* [Getting started](./developer/getting-started.md)
+* [Architecture](./developer/architecture.md)
+* [API Specification](./developer/api-specification.md)
+* [Packaging Helm-chart](./developer/helm-chart.md)
+* [Web-Terminal Developer Guide](./developer/app-terminal.md)
 
 
-* [User Guide](./user/README.md)
-  * [Installation](./user/installation.md)
-  * [Sign-in configuration](./user/config-sign-in.md)
-  * [Kubeconfig configuration](./user/config-kubeconfigs.md)
-  * [Configure startup parameters](./user/config-startup-parameters.md)
+## [User Guide](./user/README.md)
+
+* [Installation](./user/installation.md)
+* [Authenticate API access with serviceaccount](./user/add-authenticate-serviceaccount.md)
+* Configuration
+  * [Sign-in](./user/config-sign-in.md)
+  * [Kubeconfig provider](./user/config-kubeconfigs.md)
+  * [startup parameters](./user/config-startup-parameters.md)
diff --git a/docs/user/README.md b/docs/user/README.md
@@ -1,6 +1,8 @@
 # User Guide
 
 * [Installation](./installation.md)
-* [Sign-in configuration](./config-sign-in.md)
-* [Kubeconfig configuration](./config-kubeconfigs.md)
-* [Configure startup parameters](./config-startup-parameters.md)
+* [Authenticate API access with serviceaccount](./add-authenticate-serviceaccount.md)
+* Configuration
+  * [Sign-in](./config-sign-in.md)
+  * [Kubeconfig provider](./config-kubeconfigs.md)
+  * [Container startup parameters](./config-startup-parameters.md)
diff --git a/docs/user/add-authenticate-serviceaccount.md b/docs/user/add-authenticate-serviceaccount.md
@@ -0,0 +1,82 @@
+# Authenticate API access with serviceaccount
+
+if `client-certificate` is not available on KUBECONFIG
+
+
+## Prerequisites
+
+* `kubectl` and runnable
+
+## How-to
+
+* Install kore-board
+  * See [Installation](./installation.md) page.
+
+* Create a secret for serviceaccount `kore-board`
+```
+$ kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kore-board-secret
+  namespace: kore
+  annotations:
+    kubernetes.io/service-account.name: kore-board
+type: kubernetes.io/service-account-token
+EOF
+```
+
+* Grant `cluster-admin` permission to the serviceaccount
+
+```
+$ kubectl create clusterrolebinding kore-board-binding --clusterrole=cluster-admin --serviceaccount=kore:kore-board
+```
+
+* Create and verify the KUBECONFIG file  (ca.crt, token)
+
+```
+$ echo -e "apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+    certificate-authority-data: $(kubectl get secret kore-board-secret -n kore -o jsonpath='{.data.ca\.crt}')
+    server: $(kubectl config view -o jsonpath="{.clusters[?(@.name==\"$(kubectl config view -o jsonpath="{.contexts[?(@.name==\"$(kubectl config current-context)\")].context.cluster}")\")].cluster.server}")
+  name: token-cluster
+contexts:
+- context:
+    cluster: token-cluster
+    user: token-user
+  name: admin
+current-context: token
+users:
+- name: token-user
+  user:
+    token: $(kubectl get secret kore-board-secret -n kore -o jsonpath='{.data.token}' | base64 --decode)
+" > kubeconfig-token.yaml
+
+$ kubectl get sa kore-board -n kore --kubeconfig="$(pwd)/kubeconfig-token.yaml"
+$ kubectl get secret kore-board-secret -n kore --kubeconfig="$(pwd)/kubeconfig-token.yaml"
+$ kubectl get nodes --kubeconfig="$(pwd)/kubeconfig-token.yaml"
+```
+
+### GKE Autopilot
+
+* Configure kubconfig with `gcloud container` command
+
+```
+$ export KUBECONFIG="kubeconfig-gke-autopilot.yaml"
+$ gcloud container clusters get-credentials autopilot-cluster-1 --region asia-northeast3 --project kore-project
+$ kubectl get nodes
+```
+
+* Set gcloud config when edit **permission error** occurs
+
+```
+ERROR: (gcloud.container.clusters.get-credentials) get-credentials requires edit permission on ....
+```
+
+```
+$ gcloud config set container/use_client_certificate False
+```
+
+* [Authenticate API access with serviceaccount](#how-to)
diff --git a/docs/user/installation.md b/docs/user/installation.md
@@ -16,22 +16,25 @@ $ kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/la
 * if necessary, add a startup option `--kubelet-insecure-tls` 
 
 * or apply "metrics-server" with options `--kubelet-insecure-tls`
+
 ```
 $ kubectl apply -f https://raw.githubusercontent.com/kore3lab/dashboard/master/scripts/install/metrics-server/metrics-server-v0.5.1-kubelet-insecure-tls.yaml
 ```
 
 ## Kubernetes
 
-### Installation using Yaml
+### Installation using vanilla manifests
 
 * Installation
+
 ```
-$ kubectl apply -f ./scripts/install/kubernetes/recommended.yaml
+$ kubectl apply -f https://raw.githubusercontent.com/kore3lab/dashboard/master/scripts/install/kubernetes/recommended.yaml
 ```
 
-* clean-up
+* Uninstallation
+
 ```
-$ kubectl delete -f ./scripts/install/kubernetes/recommended.yaml
+$ kubectl delete -f https://raw.githubusercontent.com/kore3lab/dashboard/master/scripts/install/kubernetes/recommended.yaml
 ```
 
 ### Installation using Helm-chart
@@ -40,19 +43,23 @@ $ kubectl delete -f ./scripts/install/kubernetes/recommended.yaml
 * Installation
 
 ```
+$ helm repo add kore https://raw.githubusercontent.com/kore3lab/dashboard/master/scripts/install/kubernetes
+$ helm search repo kore
+
 $ kubectl create ns kore
-$ helm install -n kore kore-board ./scripts/install/kubernetes/helm-chart/ \
+$ helm install dashboard kore/kore-board -n kore \
   --set backend.service.type=NodePort \
   --set backend.service.nodePort=30081 \
   --set frontend.service.type=NodePort \
   --set frontend.service.nodePort=30080
 
-$ helm list
+$ helm list -n kore
 ```
 
-* clean-up
+* Uninstallation
+
 ```
-$ helm uninstall kore-board
+$ helm uninstall dashboard -n kore
 ```
 
 ### if you want use existing kubeconfig file
@@ -67,11 +74,13 @@ $ kubectl create configmap kore-board-kubeconfig --from-file=config=${HOME}/.kub
 ### Installation using "docker-compose"
 
 * Installation
+
 ```
 $ docker-compose -f ./scripts/install/docker-compose.yaml up -d
 ```
 
-* clean-up
+* Uninstallation
+
 ```
 $ docker-compose -f ./scripts/install/docker-compose.yaml down
 ```
@@ -103,7 +112,8 @@ $ docker run --rm -d -p 3000:80 --name frontend\
     ghcr.io/kore3lab/kore-board.frontend:latest
 ```
 
-* clean-up
+* Uninstallation
+
 ```
 $ docker stop frontend backend metrics-scraper terminal
 $ docker volume rm data kubeconfig

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "kore-board",
-  "version": "0.5.3",
+  "version": "0.5.5",
   "description": "Kubernetes multi-clusters dashboard",
   "repository": {
     "type": "git",

diff --git a/scripts/install/kubernetes/helm-chart/Chart.yaml b/scripts/install/kubernetes/helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: kore-board
 type: application
-version: 0.5.4
-appVersion: v0.5.4
+version: 0.5.5
+appVersion: v0.5.5
 description: Kubernetes multi-clusters dashboard
diff --git a/scripts/install/kubernetes/index.yaml b/scripts/install/kubernetes/index.yaml
@@ -3,7 +3,7 @@ entries:
   acornsoft-dashboard:
   - apiVersion: v2
     appVersion: v0.3.0
-    created: "2022-11-24T14:32:59.511299+09:00"
+    created: "2022-12-23T09:05:03.848624+09:00"
     description: Acornsoft Kubernetes Dashboard
     digest: 9063661ae9ba91998ab0375fa3b96cf3c8f247816b77a734716357930f07d3b3
     name: acornsoft-dashboard
@@ -13,7 +13,7 @@ entries:
     version: 0.3.0
   - apiVersion: v2
     appVersion: v0.2.0
-    created: "2022-11-24T14:32:59.508879+09:00"
+    created: "2022-12-23T09:05:03.847808+09:00"
     description: Acornsoft Kubernetes Dashboard
     digest: 90d6e245dbbb0098514374152c92e78ac65bd50fadee0a69250ee0450257f879
     name: acornsoft-dashboard
@@ -23,7 +23,7 @@ entries:
     version: 0.2.0
   - apiVersion: v2
     appVersion: v0.1.2
-    created: "2022-11-24T14:32:59.506847+09:00"
+    created: "2022-12-23T09:05:03.846999+09:00"
     description: Acornsoft Kubernetes Dashboard
     digest: 3205f6217826ba691c6f040ab23809cb0a3047ab6f5295bea2100d874b82e519
     name: acornsoft-dashboard
@@ -32,9 +32,19 @@ entries:
     - acornsoft-dashboard-0.1.2.tgz
     version: 0.1.2
   kore-board:
+  - apiVersion: v2
+    appVersion: v0.5.5
+    created: "2022-12-23T09:05:03.859202+09:00"
+    description: Kubernetes multi-clusters dashboard
+    digest: a689fa83adf2777f6c81ca4d1f608b25052e24a20433333e84e830ae2942b5aa
+    name: kore-board
+    type: application
+    urls:
+    - kore-board-0.5.5.tgz
+    version: 0.5.5
   - apiVersion: v2
     appVersion: v0.5.4
-    created: "2022-11-24T14:32:59.531764+09:00"
+    created: "2022-12-23T09:05:03.857246+09:00"
     description: Kubernetes multi-clusters dashboard
     digest: 58a13da261258afac2ff78514aea88ce192ffa5f1ce4308945df01c3535c3b7b
     name: kore-board
@@ -44,7 +54,7 @@ entries:
     version: 0.5.4
   - apiVersion: v2
     appVersion: v0.5.3
-    created: "2022-11-24T14:32:59.529097+09:00"
+    created: "2022-12-23T09:05:03.856084+09:00"
     description: Kubernetes multi-clusters dashboard
     digest: abc649f1a1b0456a2f40a92459968f011e71b9bf6e10a2d7d59f55bf010d30cf
     name: kore-board
@@ -54,7 +64,7 @@ entries:
     version: 0.5.3
   - apiVersion: v2
     appVersion: v0.5.2
-    created: "2022-11-24T14:32:59.526328+09:00"
+    created: "2022-12-23T09:05:03.85495+09:00"
     description: Kubernetes multi-clusters dashboard
     digest: a272ff9069e61eb45045d808d917ea50669d91af28f091fff5c12ec66231ff98
     name: kore-board
@@ -64,7 +74,7 @@ entries:
     version: 0.5.2
   - apiVersion: v2
     appVersion: v0.5.1
-    created: "2022-11-24T14:32:59.523275+09:00"
+    created: "2022-12-23T09:05:03.853852+09:00"
     description: Kubernetes multi-clusters dashboard
     digest: 9fee906403036f7aca6971bcb39b2a83afcb1dbd7feafea31d89d954ce7221d1
     name: kore-board
@@ -74,7 +84,7 @@ entries:
     version: 0.5.1
   - apiVersion: v2
     appVersion: v0.5.0
-    created: "2022-11-24T14:32:59.520431+09:00"
+    created: "2022-12-23T09:05:03.852369+09:00"
     description: Kubernetes multi-clusters dashboard
     digest: e60368b94335ed7ab63dc03c6a6c2e0e6f706dcae823d9a55f1e2f86bfc089d6
     name: kore-board
@@ -84,7 +94,7 @@ entries:
     version: 0.5.0
   - apiVersion: v2
     appVersion: v0.4.2
-    created: "2022-11-24T14:32:59.517701+09:00"
+    created: "2022-12-23T09:05:03.851218+09:00"
     description: Kubernetes multi-clusters dashboard
     digest: 242fd23d5991dd585cec827ea5500c31801904660fc70c81b5b2d784964f25c8
     name: kore-board
@@ -94,7 +104,7 @@ entries:
     version: 0.4.2
   - apiVersion: v2
     appVersion: v0.4.0
-    created: "2022-11-24T14:32:59.515745+09:00"
+    created: "2022-12-23T09:05:03.85036+09:00"
     description: Kubernetes multi-clusters dashboard
     digest: 86b6253fad9c2843aa0555ac2dbfdba9020fdbf16fb626564235c84879ed5ee2
     name: kore-board
@@ -104,12 +114,12 @@ entries:
     version: 0.4.0
   - apiVersion: v2
     appVersion: v0.3.3
-    created: "2022-11-24T14:32:59.513317+09:00"
+    created: "2022-12-23T09:05:03.849445+09:00"
     description: Kubernetes multi-clusters dashboard
     digest: 5421b7f7072b0047e2c91c7d2f546271c085b1672eef703c7c8114be2c9c007d
     name: kore-board
     type: application
     urls:
     - kore-board-0.3.3.tgz
     version: 0.3.3
-generated: "2022-11-24T14:32:59.504384+09:00"
+generated: "2022-12-23T09:05:03.844007+09:00"
diff --git a/scripts/install/kubernetes/kore-board-0.5.5.tgz b/scripts/install/kubernetes/kore-board-0.5.5.tgz