Fix how to run development container

shu-mutou · shu-mutou · commit 4b809a16d09d · 2024-04-03T18:26:27.000+09:00
diff --git a/hack/develop/developmental-role.yaml b/hack/develop/developmental-role.yaml
@@ -12,13 +12,158 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# ClusterRole and Role for testing and developing Kubernetes Dashboard 
+
+################################
+### Namespaces
+################################
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/part-of: kubernetes-dashboard
+
+---
+
+################################
+### cert-manager
+################################
+
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned
+  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/name: certmanager
+    app.kubernetes.io/part-of: kubernetes-dashboard
+spec:
+  selfSigned: {}
+
+---
+
+################################
+### Service Accounts
+################################
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kubernetes-dashboard
+  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/part-of: kubernetes-dashboard
+
+---
+
+################################
+### Secrets & Config Maps
+################################
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kubernetes-dashboard-csrf
+  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/part-of: kubernetes-dashboard
+type: Opaque
+data:
+  csrf: ""
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kubernetes-dashboard-key-holder
+  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/part-of: kubernetes-dashboard
+type: Opaque
+
+---
+
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: kubernetes-dashboard-settings
+  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/part-of: kubernetes-dashboard
+
+---
+
+################################
+### Roles & Bindings
+################################
+
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+kind: Role
 metadata:
+  name: kubernetes-dashboard
+  namespace: kubernetes-dashboard
   labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard-cluster-admin
+    app.kubernetes.io/part-of: kubernetes-dashboard
+rules:
+  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
+  - apiGroups: [ "" ]
+    resources: [ "secrets" ]
+    resourceNames: [ "kubernetes-dashboard-key-holder", "kubernetes-dashboard-csrf" ]
+    verbs: [ "get", "update", "delete" ]
+    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
+  - apiGroups: [ "" ]
+    resources: [ "configmaps" ]
+    resourceNames: [ "kubernetes-dashboard-settings" ]
+    verbs: [ "get", "update" ]
+    # Allow Dashboard to get metrics.
+  - apiGroups: [ "" ]
+    resources: [ "services/proxy" ]
+    resourceNames: [ "kubernetes-dashboard-metrics-scraper", "http:kubernetes-dashboard-metrics-scraper" ]
+    verbs: [ "get" ]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/part-of: kubernetes-dashboard
+rules:
+  # Allow Metrics Scraper to get metrics from the Metrics server
+  - apiGroups: [ "metrics.k8s.io" ]
+    resources: [ "pods", "nodes" ]
+    verbs: [ "get", "list", "watch" ]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: kubernetes-dashboard
   namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/part-of: kubernetes-dashboard
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kubernetes-dashboard
+subjects:
+  - kind: ServiceAccount
+    name: kubernetes-dashboard
+    namespace: kubernetes-dashboard
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/part-of: kubernetes-dashboard
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
diff --git a/hack/develop/run-command.sh b/hack/develop/run-command.sh
@@ -13,58 +13,30 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-ROOT_DIR="$(cd $(dirname "${BASH_SOURCE}")/../.. && pwd -P)"
-
-# Create `kind` cluster if kubeconfig for own cluster is not set.
-if [[ "${K8S_OWN_CLUSTER}" != "dummy" ]] ; then
-  # Stop `kind` cluster.
-  echo "Stop kind cluster"
-  hack/scripts/stop-cluster.sh
-  # Start `kind` cluster.
-  echo "Start kind cluster in docker network named kubernetes-dashboard"
-  hack/scripts/start-cluster.sh
-  # Copy kubeconfig from /home/user/.kube/config
-  cat /home/user/.kube/config > /tmp/kind.kubeconfig
-  # Edit kubeconfig for kind
-  KIND_CONTAINER_NAME="kubernetes-dashboard-control-plane"
-  KIND_ADDR=$(sudo docker inspect -f='{{(index .NetworkSettings.Networks "kubernetes-dashboard").IPAddress}}' ${KIND_CONTAINER_NAME})
-  sed -e "s/0.0.0.0:[0-9]\+/${KIND_ADDR}:6443/g" /tmp/kind.kubeconfig > /home/user/.kube/config
-  # Copy kubeconfig from /home/user/.kube/config again.
-  cat /home/user/.kube/config > /tmp/kind.kubeconfig
-  # Deploy recommended.yaml to deploy dashboard-metrics-scraper sidecar
-  echo "Deploy dashboard and dashboard-metrics-scraper into kind cluster"
-  kubectl apply -f charts/recommended.yaml
-  # Add role for development
-  echo "Add full access role for development"
-  kubectl apply -f hack/develop/developmental-role.yaml
-  echo "@@@@@@@@@@@@@@ CAUTION!! @@@@@@@@@@@@@@"
-  echo "ADDED FULL ACCESS ROLE FOR DEVELOPMENT!"
-  echo "DO NOT USE THIS IN OPEN NETWORK!"
-  echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-  # Kill and run `kubectl proxy`
-  KUBECTL_PID=$(ps -A|grep 'kubectl'|tr -s ' '|cut -d ' ' -f 2)
-  echo "Kill kubectl ${KUBECTL_PID}"
-  kill ${KUBECTL_PID}
-  nohup kubectl proxy --address 127.0.0.1 --port 8000 >/tmp/kubeproxy.log 2>&1 &
-  export SIDECAR_HOST="http://localhost:8000/api/v1/namespaces/kubernetes-dashboard/services/dashboard-metrics-scraper:/proxy/"
-  # Inform how to get token for logging in to dashboard
-  echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-  echo "HOW TO GET TOKEN FOR LOGGING INTO DASHBOARD"
-  echo ""
-  echo "1. Run terminal for dashboard container."
-  echo "  docker exec -it k8s-dashboard-dev gosu user bash"
-  echo ""
-  echo "2. Run following to get token for logging into dashboard."
-  echo "  kubectl -n kubernetes-dashboard create token kubernetes-dashboard"
-  echo ""
-  echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-fi
-
-# Clean install dependencies
-cd modules/web
-rm -fr node_modules
-yarn
-cd ${ROOT_DIR}
+# Inform how to add full access role for development
+# and get token for logging in to dashboard 
+echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ CAUTION!! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
+echo "DO NOT USE THIS IN OPEN NETWORK!"
+echo ""
+echo "To add a role with full access for development and get its token"
+echo "to log into the Dashboard, see followings:"
+echo ""
+echo "1. Run terminal in development container."
+echo "    docker exec -it k8s-dashboard-dev gosu user bash"
+echo ""
+echo "2. Set env for kubeconfig"
+echo "    export KUBECONFIG=/go/src/github.com/kubernetes/dashboard/.tmp/kubeconfig"
+echo ""
+echo "3. Add full access role for development."
+echo "    kubectl apply -f hack/develop/developmental-role.yaml"
+echo ""
+echo "4. Run following to get token for logging into dashboard."
+echo "    kubectl -n kubernetes-dashboard create token kubernetes-dashboard"
+echo ""
+echo "5. Access https://localhost:8443/ with browser on your host,"
+echo "   then login with token."
+echo ""
+echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
 
 # Start dashboard.
 echo "Start dashboard in production mode"
diff --git a/hack/develop/run-dev-container.sh b/hack/develop/run-dev-container.sh
@@ -55,6 +55,9 @@ KD_DEV_SRC=${KD_DEV_SRC:-"${CD}"}
 KD_DEV_CONTAINER_NAME=${KD_DEV_CONTAINER_NAME:-"k8s-dashboard-dev"}
 KD_DEV_SRC_ON_CONTAINER=/go/src/github.com/kubernetes/dashboard
 
+# Set command on development container
+KD_DEV_CMD=${KD_DEV_CMD:-$*}
+
 echo "Remove existing container ${KD_DEV_CONTAINER_NAME}"
 docker rm -f ${KD_DEV_CONTAINER_NAME}
 
@@ -84,5 +87,3 @@ docker run \
   -e DOCKER_GID="${DOCKER_GID}" \
   ${DOCKER_RUN_OPTS} \
   ${KD_DEV_IMAGE_NAME}
-  #-p 8080:8080 \
-  #-v ${KD_DEV_KUBECONFIG}:/home/user/.kube/config \
