docs: Authenticate API access with serviceaccount

docs/README.md

@@ -12,7 +12,7 @@
 ## [User Guide](./user/README.md)
 
 * [Installation](./user/installation.md)
-* [Add a KUBECONFIG](./user/add-kubeconfig.md)
+* [Authenticate API access with serviceaccount](./user/add-authenticate-serviceaccount.md)
 * Configuration
   * [Sign-in](./user/config-sign-in.md)
   * [Kubeconfig provider](./user/config-kubeconfigs.md)

docs/user/README.md

@@ -1,7 +1,7 @@
 # User Guide
 
 * [Installation](./installation.md)
-* [Add a KUBECONFIG](./add-kubeconfig.md)
+* [Authenticate API access with serviceaccount](./add-authenticate-serviceaccount.md)
 * Configuration
   * [Sign-in](./config-sign-in.md)
   * [Kubeconfig provider](./config-kubeconfigs.md)

docs/user/add-authenticate-serviceaccount.md

@@ -0,0 +1,82 @@
+# Authenticate API access with serviceaccount
+
+if `client-certificate` is not available on KUBECONFIG
+
+
+## Prerequisites
+
+* `kubectl` and runnable
+
+## How-to
+
+* Install kore-board
+  * See [Installation](./installation.md) page.
+
+* Create a secret for serviceaccount `kore-board`
+```
+$ kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kore-board-secret
+  namespace: kore
+  annotations:
+    kubernetes.io/service-account.name: kore-board
+type: kubernetes.io/service-account-token
+EOF
+```
+
+* Grant `cluster-admin` permission to the serviceaccount
+
+```
+$ kubectl create clusterrolebinding kore-board-binding --clusterrole=cluster-admin --serviceaccount=kore:kore-board
+```
+
+* Create and verify the KUBECONFIG file  (ca.crt, token)
+
+```
+$ echo -e "apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+    certificate-authority-data: $(kubectl get secret kore-board-secret -n kore -o jsonpath='{.data.ca\.crt}')
+    server: $(kubectl config view -o jsonpath="{.clusters[?(@.name==\"$(kubectl config view -o jsonpath="{.contexts[?(@.name==\"$(kubectl config current-context)\")].context.cluster}")\")].cluster.server}")
+  name: token-cluster
+contexts:
+- context:
+    cluster: token-cluster
+    user: token-user
+  name: admin
+current-context: token
+users:
+- name: token-user
+  user:
+    token: $(kubectl get secret kore-board-secret -n kore -o jsonpath='{.data.token}' | base64 --decode)
+" > kubeconfig-token.yaml
+
+$ kubectl get sa kore-board -n kore --kubeconfig="$(pwd)/kubeconfig-token.yaml"
+$ kubectl get secret kore-board-secret -n kore --kubeconfig="$(pwd)/kubeconfig-token.yaml"
+$ kubectl get nodes --kubeconfig="$(pwd)/kubeconfig-token.yaml"
+```
+
+### GKE Autopilot
+
+* Configure kubconfig with `gcloud container` command
+
+```
+$ export KUBECONFIG="kubeconfig-gke-autopilot.yaml"
+$ gcloud container clusters get-credentials autopilot-cluster-1 --region asia-northeast3 --project kore-project
+$ kubectl get nodes
+```
+
+* Set gcloud config when edit **permission error** occurs
+
+```
+ERROR: (gcloud.container.clusters.get-credentials) get-credentials requires edit permission on ....
+```
+
+```
+$ gcloud config set container/use_client_certificate False
+```
+
+* [Authenticate API access with serviceaccount](#how-to)

docs/user/installation.md

@@ -16,6 +16,7 @@ $ kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/la
 * if necessary, add a startup option `--kubelet-insecure-tls` 
 
 * or apply "metrics-server" with options `--kubelet-insecure-tls`
+
 ```
 $ kubectl apply -f https://raw.githubusercontent.com/kore3lab/dashboard/master/scripts/install/metrics-server/metrics-server-v0.5.1-kubelet-insecure-tls.yaml
 ```
@@ -25,13 +26,15 @@ $ kubectl apply -f https://raw.githubusercontent.com/kore3lab/dashboard/master/s
 ### Installation using Yaml
 
 * Installation
+
 ```
-$ kubectl apply -f ./scripts/install/kubernetes/recommended.yaml
+$ kubectl apply -f https://raw.githubusercontent.com/kore3lab/dashboard/master/scripts/install/kubernetes/recommended.yaml
 ```
 
-* clean-up
+* Uninstallation
+
 ```
-$ kubectl delete -f ./scripts/install/kubernetes/recommended.yaml
+$ kubectl delete -f https://raw.githubusercontent.com/kore3lab/dashboard/master/scripts/install/kubernetes/recommended.yaml
 ```
 
 ### Installation using Helm-chart
@@ -40,19 +43,23 @@ $ kubectl delete -f ./scripts/install/kubernetes/recommended.yaml
 * Installation
 
 ```
+$ helm repo add kore https://raw.githubusercontent.com/kore3lab/dashboard/master/scripts/install/kubernetes
+$ helm search repo kore
+
 $ kubectl create ns kore
-$ helm install -n kore kore-board ./scripts/install/kubernetes/helm-chart/ \
+$ helm install dashboard kore/kore-board -n kore \
   --set backend.service.type=NodePort \
   --set backend.service.nodePort=30081 \
   --set frontend.service.type=NodePort \
   --set frontend.service.nodePort=30080
 
-$ helm list
+$ helm list -n kore
 ```
 
-* clean-up
+* Uninstallation
+
 ```
-$ helm uninstall kore-board
+$ helm uninstall dashboard -n kore
 ```
 
 ### if you want use existing kubeconfig file
@@ -67,11 +74,13 @@ $ kubectl create configmap kore-board-kubeconfig --from-file=config=${HOME}/.kub
 ### Installation using "docker-compose"
 
 * Installation
+
 ```
 $ docker-compose -f ./scripts/install/docker-compose.yaml up -d
 ```
 
-* clean-up
+* Uninstallation
+
 ```
 $ docker-compose -f ./scripts/install/docker-compose.yaml down
 ```
@@ -103,7 +112,8 @@ $ docker run --rm -d -p 3000:80 --name frontend\
     ghcr.io/kore3lab/kore-board.frontend:latest
 ```
 
-* clean-up
+* Uninstallation
+
 ```
 $ docker stop frontend backend metrics-scraper terminal
 $ docker volume rm data kubeconfig