From b5ea56b3b84406c0e4aeaae59545de2f96972bad Mon Sep 17 00:00:00 2001 From: Shu Muto Date: Fri, 22 Mar 2024 11:25:33 +0000 Subject: [PATCH 1/8] Fix development container The development container provides developers with a clean environment at all time. This creates a environment for static check, test, build and execute dashboard on local machine that is almost the same as CI/CD environment. --- Makefile | 23 ++-- hack/develop/Dockerfile | 23 ++-- hack/develop/run-command.sh | 4 +- hack/develop/run-dev-container.sh | 17 +-- hack/docker/dev.compose.yml | 40 +++---- hack/docker/docker.compose.yaml | 4 +- hack/include/config.mk | 17 ++- hack/include/kind.mk | 13 +- hack/test-resources/cluster-admin.yaml | 160 +++++++++++++++++++++++++ 9 files changed, 241 insertions(+), 60 deletions(-) create mode 100644 hack/test-resources/cluster-admin.yaml diff --git a/Makefile b/Makefile index fe5e5d83a1d8..01aea3c0b501 100644 --- a/Makefile +++ b/Makefile @@ -76,7 +76,8 @@ tools: $(PRE) ## Installs required tools # Note: Make sure that the port 8080 (Web HTTP) is free on your localhost .PHONY: serve serve: $(PRE) --ensure-kind-cluster --ensure-metrics-server ## Starts development version of the application on http://localhost:8080 - @KUBECONFIG=$(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) \ + @KUBECONFIG=$(KUBECONFIG_FOR_DOCKER_COMPOSE) \ + SOURCE_DIR=$(SOURCE_DIR) \ SYSTEM_BANNER=$(SYSTEM_BANNER) \ SYSTEM_BANNER_SEVERITY=$(SYSTEM_BANNER_SEVERITY) \ SIDECAR_HOST=$(SIDECAR_HOST) \ @@ -95,7 +96,8 @@ serve: $(PRE) --ensure-kind-cluster --ensure-metrics-server ## Starts developmen # Note: Make sure that the ports 8443 (Gateway HTTPS) and 8080 (Gateway HTTP) are free on your localhost .PHONY: run run: $(PRE) --ensure-kind-cluster --ensure-metrics-server ## Starts production version of the application on https://localhost:8443 and https://localhost:8000 - @KUBECONFIG=$(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) \ + @KUBECONFIG=$(KUBECONFIG_FOR_DOCKER_COMPOSE) \ + SOURCE_DIR=$(SOURCE_DIR) \ SYSTEM_BANNER=$(SYSTEM_BANNER) \ SYSTEM_BANNER_SEVERITY=$(SYSTEM_BANNER_SEVERITY) \ SIDECAR_HOST=$(SIDECAR_HOST) \ @@ -111,14 +113,15 @@ run: $(PRE) --ensure-kind-cluster --ensure-metrics-server ## Starts production v .PHONY: image image: ifndef NO_BUILD - @KUBECONFIG=$(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) \ - SYSTEM_BANNER=$(SYSTEM_BANNER) \ - SYSTEM_BANNER_SEVERITY=$(SYSTEM_BANNER_SEVERITY) \ - SIDECAR_HOST=$(SIDECAR_HOST) \ - VERSION="v0.0.0-prod" \ - WEB_BUILDER_ARCH=$(ARCH) \ - docker compose -f $(DOCKER_COMPOSE_PATH) --project-name=$(PROJECT_NAME) build \ - --no-cache + @KUBECONFIG=$(KUBECONFIG_FOR_DOCKER_COMPOSE) \ + SOURCE_DIR=$(SOURCE_DIR) \ + SYSTEM_BANNER=$(SYSTEM_BANNER) \ + SYSTEM_BANNER_SEVERITY=$(SYSTEM_BANNER_SEVERITY) \ + SIDECAR_HOST=$(SIDECAR_HOST) \ + VERSION="v0.0.0-prod" \ + WEB_BUILDER_ARCH=$(ARCH) \ + docker compose -f $(DOCKER_COMPOSE_PATH) --project-name=$(PROJECT_NAME) build \ + --no-cache endif # Prepares and installs local dev version of Kubernetes Dashboard in our dedicated kind cluster. diff --git a/hack/develop/Dockerfile b/hack/develop/Dockerfile index b766aade489b..33e5d64abbdc 100644 --- a/hack/develop/Dockerfile +++ b/hack/develop/Dockerfile @@ -18,7 +18,7 @@ # golang is based on debian:jessie # Specify version to clarify which version we use. -FROM golang:1.20-bullseye +FROM golang:1.22-bullseye # Install Node.js. Go is already installed. # A small tweak, apt-get update is already run by the nodejs setup script, @@ -27,7 +27,7 @@ RUN apt-get update && apt-get install -y ca-certificates --no-install-recommends RUN mkdir -p /etc/apt/keyrings RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | \ gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg -ENV NODE_MAJOR=18 +ENV NODE_MAJOR=20 RUN echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | \ tee /etc/apt/sources.list.d/nodesource.list RUN apt-get update && apt-get install -y --no-install-recommends \ @@ -72,7 +72,7 @@ ENV NG_CLI_ANALYTICS=false # Download a statically linked docker client, # so the container is able to build images on the host. -RUN curl -sSL https://download.docker.com/linux/static/stable/x86_64/docker-23.0.1.tgz > /tmp/docker.tgz && \ +RUN curl -sSL https://download.docker.com/linux/static/stable/x86_64/docker-25.0.5.tgz > /tmp/docker.tgz && \ cd /tmp/ && \ tar xzvf docker.tgz && \ rm docker.tgz && \ @@ -82,7 +82,7 @@ RUN curl -sSL https://download.docker.com/linux/static/stable/x86_64/docker-23.0 # Install docker compose plugin RUN mkdir -p /usr/local/lib/docker/cli-plugins -RUN curl -SL https://github.com/docker/compose/releases/download/v2.14.0/docker-compose-linux-x86_64 \ +RUN curl -SL https://github.com/docker/compose/releases/download/v2.25.0/docker-compose-linux-x86_64 \ -o /usr/local/lib/docker/cli-plugins/docker-compose RUN chmod +x /usr/local/lib/docker/cli-plugins/docker-compose @@ -91,12 +91,15 @@ RUN curl -LO https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stab RUN chmod +x ./kubectl RUN mv ./kubectl /usr/local/bin/kubectl -# Install golangci for ckecking or fixing go format. -# `npm ci` installs golangci, but this installation is needed -# for running `npm run check` singlely, like -# `hack/develop/run-dev-container.sh run check`. -RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | \ - sh -s -- -b $(go env GOPATH)/bin v1.52.2 +# Install helm +ENV HELM_DOWNLOAD="/tmp/helm.tar.gz" +ENV HELM_TMP="/tmp/helm" +RUN curl -SsL https://get.helm.sh/helm-$(curl -Ls https://github.com/helm/helm/releases | grep 'href="/helm/helm/releases/tag/v3.[0-9]*.[0-9]*\"' | sed -E 's/.*\/helm\/helm\/releases\/tag\/(v[0-9\.]+)".*/\1/g' | head -1)-linux-amd64.tar.gz -o ${HELM_DOWNLOAD} +RUN mkdir -p ${HELM_TMP} +RUN tar -xf ${HELM_DOWNLOAD} -C ${HELM_TMP} +RUN mv ${HELM_TMP}/linux-amd64/helm /usr/bin/helm +RUN rm -fr ${HELM_DOWNLOAD} +RUN rm -fr ${HELM_TMP} # Enable go mod. ENV GO111MODULE=on diff --git a/hack/develop/run-command.sh b/hack/develop/run-command.sh index ac6c8450eca1..c662e0afc381 100755 --- a/hack/develop/run-command.sh +++ b/hack/develop/run-command.sh @@ -16,7 +16,7 @@ ROOT_DIR="$(cd $(dirname "${BASH_SOURCE}")/../.. && pwd -P)" # Create `kind` cluster if kubeconfig for own cluster is not set. -if [[ "${K8S_OWN_CLUSTER}" != true ]] ; then +if [[ "${K8S_OWN_CLUSTER}" != "dummy" ]] ; then # Stop `kind` cluster. echo "Stop kind cluster" hack/scripts/stop-cluster.sh @@ -26,7 +26,7 @@ if [[ "${K8S_OWN_CLUSTER}" != true ]] ; then # Copy kubeconfig from /home/user/.kube/config cat /home/user/.kube/config > /tmp/kind.kubeconfig # Edit kubeconfig for kind - KIND_CONTAINER_NAME="k8s-cluster-ci-control-plane" + KIND_CONTAINER_NAME="kubernetes-dashboard-control-plane" KIND_ADDR=$(sudo docker inspect -f='{{(index .NetworkSettings.Networks "kubernetes-dashboard").IPAddress}}' ${KIND_CONTAINER_NAME}) sed -e "s/0.0.0.0:[0-9]\+/${KIND_ADDR}:6443/g" /tmp/kind.kubeconfig > /home/user/.kube/config # Copy kubeconfig from /home/user/.kube/config again. diff --git a/hack/develop/run-dev-container.sh b/hack/develop/run-dev-container.sh index 5c4192d583f9..bc85c09cabe3 100755 --- a/hack/develop/run-dev-container.sh +++ b/hack/develop/run-dev-container.sh @@ -26,15 +26,15 @@ DOCKER_GID=$(getent group docker|cut -d ":" -f 3) # kubeconfig for dashboard. # This will be mounted and certain npm command can modify it, # so this should not be set for original kubeconfig. -if [[ -n "${KD_DEV_KUBECONFIG}" ]] ; then +#if [[ -n "${KD_DEV_KUBECONFIG}" ]] ; then # Use your own kubernetes cluster. - K8S_OWN_CLUSTER=true -else + #K8S_OWN_CLUSTER=true +#else # Use the kind cluster that will be created later by the script. # Set defult as kubeconfig made by `hack/scripts/start-cluster.sh`. - touch /tmp/kind.kubeconfig - KD_DEV_KUBECONFIG=/tmp/kind.kubeconfig -fi + #touch /tmp/kind.kubeconfig + #KD_DEV_KUBECONFIG=/tmp/kind.kubeconfig +#fi # Create docker network to work with kind cluster KD_DEV_NETWORK="kubernetes-dashboard" @@ -72,7 +72,7 @@ docker run \ --network=${KD_DEV_NETWORK} \ -v /var/run/docker.sock:/var/run/docker.sock \ -v ${KD_DEV_SRC}:${KD_DEV_SRC_ON_CONTAINER} \ - -v ${KD_DEV_KUBECONFIG}:/home/user/.kube/config \ + -e KD_DEV_SRC="${KD_DEV_SRC}" \ -e KD_DEV_CMD="${KD_DEV_CMD}" \ -e K8S_OWN_CLUSTER=${K8S_OWN_CLUSTER} \ -e BIND_ADDRESS=${KD_DEV_BIND_ADDRESS} \ @@ -82,6 +82,7 @@ docker run \ -e LOCAL_UID="${LOCAL_UID}" \ -e LOCAL_GID="${LOCAL_GID}" \ -e DOCKER_GID="${DOCKER_GID}" \ - -p 8080:8080 \ ${DOCKER_RUN_OPTS} \ ${KD_DEV_IMAGE_NAME} + #-p 8080:8080 \ + #-v ${KD_DEV_KUBECONFIG}:/home/user/.kube/config \ diff --git a/hack/docker/dev.compose.yml b/hack/docker/dev.compose.yml index b9c2e30aae1d..037ba6827930 100644 --- a/hack/docker/dev.compose.yml +++ b/hack/docker/dev.compose.yml @@ -27,7 +27,7 @@ services: - "KONG_ADMIN_ERROR_LOG=/dev/stderr" - "KONG_DNS_ORDER=LAST,A,SRV,CNAME" volumes: - - ${PWD}/hack/gateway/dev.kong.yml:/kong/declarative/kong.yml + - ${SOURCE_DIR}/hack/gateway/dev.kong.yml:/kong/declarative/kong.yml ports: - "9000:8000" @@ -39,11 +39,11 @@ services: command: - "--kubeconfig=${KUBECONFIG:?}" volumes: - - ${PWD}/modules/common:/workspace/common # Required - Common dir watched by AIR - - ${PWD}/modules/auth/pkg:/workspace/auth/pkg # Required - Source dir watched by AIR - - ${PWD}/modules/auth/api:/workspace/auth/api # Required - Source dir watched by AIR - - ${PWD}/modules/auth/main.go:/workspace/auth/main.go # Required - Entry file watched by AIR - - ${PWD}/modules/auth/.air.toml:/workspace/auth/.air.toml # Required - AIR configuration + - ${SOURCE_DIR}/modules/common:/workspace/common # Required - Common dir watched by AIR + - ${SOURCE_DIR}/modules/auth/pkg:/workspace/auth/pkg # Required - Source dir watched by AIR + - ${SOURCE_DIR}/modules/auth/api:/workspace/auth/api # Required - Source dir watched by AIR + - ${SOURCE_DIR}/modules/auth/main.go:/workspace/auth/main.go # Required - Entry file watched by AIR + - ${SOURCE_DIR}/modules/auth/.air.toml:/workspace/auth/.air.toml # Required - AIR configuration - ${KUBECONFIG:?}:${KUBECONFIG:?} # Required - local kubeconfig path resolves to $HOME//.kube/config tmpfs: - /tmp @@ -57,10 +57,10 @@ services: --kubeconfig=${KUBECONFIG:?} --sidecar-host=${SIDECAR_HOST:?} volumes: - - ${PWD}/modules/common:/workspace/common # Required - Common dir watched by AIR - - ${PWD}/modules/api/pkg:/workspace/api/pkg # Required - Source dir watched by AIR - - ${PWD}/modules/api/main.go:/workspace/api/main.go # Required - Entry file watched by AIR - - ${PWD}/modules/api/.air.toml:/workspace/api/.air.toml # Required - AIR configuration + - ${SOURCE_DIR}/modules/common:/workspace/common # Required - Common dir watched by AIR + - ${SOURCE_DIR}/modules/api/pkg:/workspace/api/pkg # Required - Source dir watched by AIR + - ${SOURCE_DIR}/modules/api/main.go:/workspace/api/main.go # Required - Entry file watched by AIR + - ${SOURCE_DIR}/modules/api/.air.toml:/workspace/api/.air.toml # Required - AIR configuration - ${KUBECONFIG:?}:${KUBECONFIG:?} # Required - local kubeconfig path resolves to $HOME//.kube/config tmpfs: - /tmp @@ -75,10 +75,10 @@ services: - "--system-banner='Local\ dev\ environment'" - "--system-banner-severity=${SYSTEM_BANNER_SEVERITY:?}" volumes: - - ${PWD}/modules/common:/workspace/common # Required - Common dir watched by AIR - - ${PWD}/modules/web/pkg:/workspace/web/pkg # Required - Source dir watched by AIR - - ${PWD}/modules/web/main.go:/workspace/web/main.go # Required - Entry file watched by AIR - - ${PWD}/modules/web/.air.toml:/workspace/web/.air.toml # Required - AIR configuration + - ${SOURCE_DIR}/modules/common:/workspace/common # Required - Common dir watched by AIR + - ${SOURCE_DIR}/modules/web/pkg:/workspace/web/pkg # Required - Source dir watched by AIR + - ${SOURCE_DIR}/modules/web/main.go:/workspace/web/main.go # Required - Entry file watched by AIR + - ${SOURCE_DIR}/modules/web/.air.toml:/workspace/web/.air.toml # Required - AIR configuration - ${KUBECONFIG:?}:${KUBECONFIG:?} # Required - local kubeconfig path resolves to $HOME//.kube/config tmpfs: - /tmp @@ -89,7 +89,7 @@ services: context: ../../modules/web dockerfile: dev.web.Dockerfile volumes: - - ${PWD}/modules/web:/workspace + - ${SOURCE_DIR}/modules/web:/workspace ports: - "8080:8080" @@ -103,10 +103,10 @@ services: --metric-resolution=5s --metric-duration=10m volumes: - - ${PWD}/modules/common:/workspace/common # Required - Common dir watched by AIR - - ${PWD}/modules/metrics-scraper/pkg:/workspace/metrics-scraper/pkg # Required - Source dir watched by AIR - - ${PWD}/modules/metrics-scraper/main.go:/workspace/metrics-scraper/main.go # Required - Entry file watched by AIR - - ${PWD}/modules/metrics-scraper/.air.toml:/workspace/metrics-scraper/.air.toml # Required - AIR configuration + - ${SOURCE_DIR}/modules/common:/workspace/common # Required - Common dir watched by AIR + - ${SOURCE_DIR}/modules/metrics-scraper/pkg:/workspace/metrics-scraper/pkg # Required - Source dir watched by AIR + - ${SOURCE_DIR}/modules/metrics-scraper/main.go:/workspace/metrics-scraper/main.go # Required - Entry file watched by AIR + - ${SOURCE_DIR}/modules/metrics-scraper/.air.toml:/workspace/metrics-scraper/.air.toml # Required - AIR configuration - ${KUBECONFIG:?}:${KUBECONFIG:?} shm_size: 1G tmpfs: @@ -114,5 +114,5 @@ services: networks: default: - name: kind + name: kubernetes-dashboard external: true diff --git a/hack/docker/docker.compose.yaml b/hack/docker/docker.compose.yaml index 3345418cf546..5c693fd7078f 100644 --- a/hack/docker/docker.compose.yaml +++ b/hack/docker/docker.compose.yaml @@ -27,7 +27,7 @@ services: - "KONG_ADMIN_ERROR_LOG=/dev/stderr" - "KONG_DNS_ORDER=LAST,A,CNAME" volumes: - - ${PWD}/hack/gateway/prod.kong.yml:/kong/declarative/kong.yml + - ${SOURCE_DIR}/hack/gateway/prod.kong.yml:/kong/declarative/kong.yml ports: - "8080:8000" - "8443:8443" @@ -97,5 +97,5 @@ services: networks: default: - name: kind + name: kubernetes-dashboard external: true diff --git a/hack/include/config.mk b/hack/include/config.mk index a837b8d7f003..f24b5cc8cbeb 100644 --- a/hack/include/config.mk +++ b/hack/include/config.mk @@ -21,10 +21,9 @@ DOCKER_COMPOSE_DEV_PATH := $(DOCKER_DIRECTORY)/dev.compose.yml TMP_DIRECTORY := $(ROOT_DIRECTORY)/.tmp # Kind KIND_CLUSTER_NAME := kubernetes-dashboard -KIND_CLUSTER_VERSION := 1.29.0 -KIND_CLUSTER_IMAGE := docker.io/kindest/node:v${KIND_CLUSTER_VERSION} +KIND_CLUSTER_VERSION := v1.29.0 +KIND_CLUSTER_IMAGE := docker.io/kindest/node:${KIND_CLUSTER_VERSION} KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH := $(TMP_DIRECTORY)/kubeconfig -KIND_CLUSTER_KUBECONFIG_CONTEXT := kind-$(KIND_CLUSTER_NAME) KIND_CONFIG_FILE := $(PARTIALS_DIRECTORY)/kind.config.yml # Metrics server METRICS_SERVER_VERSION := v0.7.0 @@ -43,3 +42,15 @@ endif ifeq (,$(findstring $(GOPATH)/bin,$(PATH))) $(warning $$GOPATH/bin directory is not in your $$PATH) endif + +### KUBECONFIG for docker compose +KUBECONFIG_FOR_DOCKER_COMPOSE := $(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) +ifdef KD_DEV_SRC +KUBECONFIG_FOR_DOCKER_COMPOSE := $(KD_DEV_SRC)/.tmp/kubeconfig +endif + +### Dashboard source directory for docker compose +SOURCE_DIR := $(PWD) +ifdef KD_DEV_SRC +SOURCE_DIR := $(KD_DEV_SRC) +endif diff --git a/hack/include/kind.mk b/hack/include/kind.mk index 6c9b863bd65c..3c5b7d7286e7 100644 --- a/hack/include/kind.mk +++ b/hack/include/kind.mk @@ -15,11 +15,12 @@ include $(PARTIALS_DIRECTORY)/config.mk .PHONY: --ensure-metrics-server --ensure-metrics-server: @echo [kind] installing metrics server $(METRICS_SERVER_VERSION) - @kubectl --context $(KIND_CLUSTER_KUBECONFIG_CONTEXT) apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/$(METRICS_SERVER_VERSION)/components.yaml >/dev/null + @KUBECONFIG=$(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) \ + kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/$(METRICS_SERVER_VERSION)/components.yaml >/dev/null @echo [kind] patching metrics server arguments - @kubectl patch deployment \ + @KUBECONFIG=$(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) \ + kubectl patch deployment \ metrics-server \ - --context $(KIND_CLUSTER_KUBECONFIG_CONTEXT) \ -n kube-system \ --type='json' \ -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/args", "value": ["--cert-dir=/tmp", "--secure-port=10250", "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname", "--kubelet-use-node-status-port", "--metric-resolution=15s", "--kubelet-insecure-tls"]}]' @@ -27,8 +28,10 @@ include $(PARTIALS_DIRECTORY)/config.mk .PHONY: --ensure-kind-ingress-nginx --ensure-kind-ingress-nginx: @echo [kind] installing ingress-nginx - @kubectl --context $(KIND_CLUSTER_KUBECONFIG_CONTEXT) apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-$(INGRESS_NGINX_VERSION)/deploy/static/provider/kind/deploy.yaml >/dev/null - @kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admission >/dev/null + @KUBECONFIG=$(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) \ + kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-$(INGRESS_NGINX_VERSION)/deploy/static/provider/kind/deploy.yaml >/dev/null + @KUBECONFIG=$(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) \ + kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admission >/dev/null .PHONY: --ensure-helm-dependencies --ensure-helm-dependencies: diff --git a/hack/test-resources/cluster-admin.yaml b/hack/test-resources/cluster-admin.yaml new file mode 100644 index 000000000000..8653eff50b3e --- /dev/null +++ b/hack/test-resources/cluster-admin.yaml @@ -0,0 +1,160 @@ +# ClusterRole and Role for testing and developing Kubernetes Dashboard + +################################ +### Namespaces +################################ + +apiVersion: v1 +kind: Namespace +metadata: + name: kubernetes-dashboard + labels: + app.kubernetes.io/part-of: kubernetes-dashboard + +--- + +################################ +### cert-manager +################################ + +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned + namespace: kubernetes-dashboard + labels: + app.kubernetes.io/name: certmanager + app.kubernetes.io/part-of: kubernetes-dashboard +spec: + selfSigned: {} + +--- + +################################ +### Service Accounts +################################ + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubernetes-dashboard + namespace: kubernetes-dashboard + labels: + app.kubernetes.io/part-of: kubernetes-dashboard + +--- + +################################ +### Secrets & Config Maps +################################ + +apiVersion: v1 +kind: Secret +metadata: + name: kubernetes-dashboard-csrf + namespace: kubernetes-dashboard + labels: + app.kubernetes.io/part-of: kubernetes-dashboard +type: Opaque +data: + csrf: "" + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: kubernetes-dashboard-key-holder + namespace: kubernetes-dashboard + labels: + app.kubernetes.io/part-of: kubernetes-dashboard +type: Opaque + +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + name: kubernetes-dashboard-settings + namespace: kubernetes-dashboard + labels: + app.kubernetes.io/part-of: kubernetes-dashboard + +--- + +################################ +### Roles & Bindings +################################ + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: kubernetes-dashboard + namespace: kubernetes-dashboard + labels: + app.kubernetes.io/part-of: kubernetes-dashboard +rules: + # Allow Dashboard to get, update and delete Dashboard exclusive secrets. + - apiGroups: [ "" ] + resources: [ "secrets" ] + resourceNames: [ "kubernetes-dashboard-key-holder", "kubernetes-dashboard-csrf" ] + verbs: [ "get", "update", "delete" ] + # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. + - apiGroups: [ "" ] + resources: [ "configmaps" ] + resourceNames: [ "kubernetes-dashboard-settings" ] + verbs: [ "get", "update" ] + # Allow Dashboard to get metrics. + - apiGroups: [ "" ] + resources: [ "services/proxy" ] + resourceNames: [ "kubernetes-dashboard-metrics-scraper", "http:kubernetes-dashboard-metrics-scraper" ] + verbs: [ "get" ] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubernetes-dashboard + labels: + app.kubernetes.io/part-of: kubernetes-dashboard +rules: + # Allow Metrics Scraper to get metrics from the Metrics server + - apiGroups: [ "metrics.k8s.io" ] + resources: [ "pods", "nodes" ] + verbs: [ "get", "list", "watch" ] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubernetes-dashboard + namespace: kubernetes-dashboard + labels: + app.kubernetes.io/part-of: kubernetes-dashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubernetes-dashboard +subjects: + - kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubernetes-dashboard + labels: + app.kubernetes.io/part-of: kubernetes-dashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard From 2bd9e5e90a65971304bd99f5422b0dabe132677c Mon Sep 17 00:00:00 2001 From: Shu Muto Date: Sat, 23 Mar 2024 05:33:49 +0000 Subject: [PATCH 2/8] Fix licence check --- hack/test-resources/cluster-admin.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/hack/test-resources/cluster-admin.yaml b/hack/test-resources/cluster-admin.yaml index 8653eff50b3e..f9304f34e624 100644 --- a/hack/test-resources/cluster-admin.yaml +++ b/hack/test-resources/cluster-admin.yaml @@ -1,3 +1,17 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + # ClusterRole and Role for testing and developing Kubernetes Dashboard ################################ From d07c55124fe875396d2f4ea256d2e2edbd3ffb53 Mon Sep 17 00:00:00 2001 From: Shu Muto Date: Sat, 23 Mar 2024 08:31:11 +0000 Subject: [PATCH 3/8] Added required Docker version --- DEVELOPMENT.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index 371b3e5a1fa2..a4045f0aadf6 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -27,7 +27,7 @@ Tools that we are using include [golangci-lint](https://github.com/golangci/gola Make sure the following software is installed and added to your path: -- [Docker](https://docs.docker.com/engine/install/) +- [Docker](https://docs.docker.com/engine/install/) Docker Compose v2.15.0 or later is required (to use the --no-attach option). It is included in Docker v20.10.23 or later. - [Go](https://golang.org/dl/) (check the required version in [`modules/go.work`](modules/go.work)) - [Node.js](https://nodejs.org/en/download) (check the required version in [`modules/web/package.json`](modules/web/package.json)) - [Yarn](https://yarnpkg.com/getting-started/install) (check the required version in [`modules/web/.yarnrc.yml`](modules/web/.yarnrc.yml)) From 9f264e832f2525e876987023bef6b99cf720308d Mon Sep 17 00:00:00 2001 From: Shu Muto Date: Sat, 23 Mar 2024 09:30:17 +0000 Subject: [PATCH 4/8] Fix how to run development container --- hack/develop/developmental-role.yaml | 151 ++++++++++++++++++++++++++- hack/develop/run-command.sh | 76 +++++--------- hack/develop/run-dev-container.sh | 5 +- 3 files changed, 175 insertions(+), 57 deletions(-) diff --git a/hack/develop/developmental-role.yaml b/hack/develop/developmental-role.yaml index 5a740bcf9431..f9304f34e624 100644 --- a/hack/develop/developmental-role.yaml +++ b/hack/develop/developmental-role.yaml @@ -12,13 +12,158 @@ # See the License for the specific language governing permissions and # limitations under the License. +# ClusterRole and Role for testing and developing Kubernetes Dashboard + +################################ +### Namespaces +################################ + +apiVersion: v1 +kind: Namespace +metadata: + name: kubernetes-dashboard + labels: + app.kubernetes.io/part-of: kubernetes-dashboard + +--- + +################################ +### cert-manager +################################ + +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned + namespace: kubernetes-dashboard + labels: + app.kubernetes.io/name: certmanager + app.kubernetes.io/part-of: kubernetes-dashboard +spec: + selfSigned: {} + +--- + +################################ +### Service Accounts +################################ + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubernetes-dashboard + namespace: kubernetes-dashboard + labels: + app.kubernetes.io/part-of: kubernetes-dashboard + +--- + +################################ +### Secrets & Config Maps +################################ + +apiVersion: v1 +kind: Secret +metadata: + name: kubernetes-dashboard-csrf + namespace: kubernetes-dashboard + labels: + app.kubernetes.io/part-of: kubernetes-dashboard +type: Opaque +data: + csrf: "" + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: kubernetes-dashboard-key-holder + namespace: kubernetes-dashboard + labels: + app.kubernetes.io/part-of: kubernetes-dashboard +type: Opaque + +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + name: kubernetes-dashboard-settings + namespace: kubernetes-dashboard + labels: + app.kubernetes.io/part-of: kubernetes-dashboard + +--- + +################################ +### Roles & Bindings +################################ + apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: Role metadata: + name: kubernetes-dashboard + namespace: kubernetes-dashboard labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard-cluster-admin + app.kubernetes.io/part-of: kubernetes-dashboard +rules: + # Allow Dashboard to get, update and delete Dashboard exclusive secrets. + - apiGroups: [ "" ] + resources: [ "secrets" ] + resourceNames: [ "kubernetes-dashboard-key-holder", "kubernetes-dashboard-csrf" ] + verbs: [ "get", "update", "delete" ] + # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. + - apiGroups: [ "" ] + resources: [ "configmaps" ] + resourceNames: [ "kubernetes-dashboard-settings" ] + verbs: [ "get", "update" ] + # Allow Dashboard to get metrics. + - apiGroups: [ "" ] + resources: [ "services/proxy" ] + resourceNames: [ "kubernetes-dashboard-metrics-scraper", "http:kubernetes-dashboard-metrics-scraper" ] + verbs: [ "get" ] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubernetes-dashboard + labels: + app.kubernetes.io/part-of: kubernetes-dashboard +rules: + # Allow Metrics Scraper to get metrics from the Metrics server + - apiGroups: [ "metrics.k8s.io" ] + resources: [ "pods", "nodes" ] + verbs: [ "get", "list", "watch" ] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubernetes-dashboard namespace: kubernetes-dashboard + labels: + app.kubernetes.io/part-of: kubernetes-dashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubernetes-dashboard +subjects: + - kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubernetes-dashboard + labels: + app.kubernetes.io/part-of: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/hack/develop/run-command.sh b/hack/develop/run-command.sh index c662e0afc381..ba84734dae53 100755 --- a/hack/develop/run-command.sh +++ b/hack/develop/run-command.sh @@ -13,58 +13,30 @@ # See the License for the specific language governing permissions and # limitations under the License. -ROOT_DIR="$(cd $(dirname "${BASH_SOURCE}")/../.. && pwd -P)" - -# Create `kind` cluster if kubeconfig for own cluster is not set. -if [[ "${K8S_OWN_CLUSTER}" != "dummy" ]] ; then - # Stop `kind` cluster. - echo "Stop kind cluster" - hack/scripts/stop-cluster.sh - # Start `kind` cluster. - echo "Start kind cluster in docker network named kubernetes-dashboard" - hack/scripts/start-cluster.sh - # Copy kubeconfig from /home/user/.kube/config - cat /home/user/.kube/config > /tmp/kind.kubeconfig - # Edit kubeconfig for kind - KIND_CONTAINER_NAME="kubernetes-dashboard-control-plane" - KIND_ADDR=$(sudo docker inspect -f='{{(index .NetworkSettings.Networks "kubernetes-dashboard").IPAddress}}' ${KIND_CONTAINER_NAME}) - sed -e "s/0.0.0.0:[0-9]\+/${KIND_ADDR}:6443/g" /tmp/kind.kubeconfig > /home/user/.kube/config - # Copy kubeconfig from /home/user/.kube/config again. - cat /home/user/.kube/config > /tmp/kind.kubeconfig - # Deploy recommended.yaml to deploy dashboard-metrics-scraper sidecar - echo "Deploy dashboard and dashboard-metrics-scraper into kind cluster" - kubectl apply -f charts/recommended.yaml - # Add role for development - echo "Add full access role for development" - kubectl apply -f hack/develop/developmental-role.yaml - echo "@@@@@@@@@@@@@@ CAUTION!! @@@@@@@@@@@@@@" - echo "ADDED FULL ACCESS ROLE FOR DEVELOPMENT!" - echo "DO NOT USE THIS IN OPEN NETWORK!" - echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" - # Kill and run `kubectl proxy` - KUBECTL_PID=$(ps -A|grep 'kubectl'|tr -s ' '|cut -d ' ' -f 2) - echo "Kill kubectl ${KUBECTL_PID}" - kill ${KUBECTL_PID} - nohup kubectl proxy --address 127.0.0.1 --port 8000 >/tmp/kubeproxy.log 2>&1 & - export SIDECAR_HOST="http://localhost:8000/api/v1/namespaces/kubernetes-dashboard/services/dashboard-metrics-scraper:/proxy/" - # Inform how to get token for logging in to dashboard - echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" - echo "HOW TO GET TOKEN FOR LOGGING INTO DASHBOARD" - echo "" - echo "1. Run terminal for dashboard container." - echo " docker exec -it k8s-dashboard-dev gosu user bash" - echo "" - echo "2. Run following to get token for logging into dashboard." - echo " kubectl -n kubernetes-dashboard create token kubernetes-dashboard" - echo "" - echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" -fi - -# Clean install dependencies -cd modules/web -rm -fr node_modules -yarn -cd ${ROOT_DIR} +# Inform how to add full access role for development +# and get token for logging in to dashboard +echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ CAUTION!! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" +echo "DO NOT USE THIS IN OPEN NETWORK!" +echo "" +echo "To add a role with full access for development and get its token" +echo "to log into the Dashboard, see followings:" +echo "" +echo "1. Run terminal in development container." +echo " docker exec -it k8s-dashboard-dev gosu user bash" +echo "" +echo "2. Set env for kubeconfig" +echo " export KUBECONFIG=/go/src/github.com/kubernetes/dashboard/.tmp/kubeconfig" +echo "" +echo "3. Add full access role for development." +echo " kubectl apply -f hack/develop/developmental-role.yaml" +echo "" +echo "4. Run following to get token for logging into dashboard." +echo " kubectl -n kubernetes-dashboard create token kubernetes-dashboard" +echo "" +echo "5. Access https://localhost:8443/ with browser on your host," +echo " then login with token." +echo "" +echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" # Start dashboard. echo "Start dashboard in production mode" diff --git a/hack/develop/run-dev-container.sh b/hack/develop/run-dev-container.sh index bc85c09cabe3..cf03804db430 100755 --- a/hack/develop/run-dev-container.sh +++ b/hack/develop/run-dev-container.sh @@ -55,6 +55,9 @@ KD_DEV_SRC=${KD_DEV_SRC:-"${CD}"} KD_DEV_CONTAINER_NAME=${KD_DEV_CONTAINER_NAME:-"k8s-dashboard-dev"} KD_DEV_SRC_ON_CONTAINER=/go/src/github.com/kubernetes/dashboard +# Set command on development container +KD_DEV_CMD=${KD_DEV_CMD:-$*} + echo "Remove existing container ${KD_DEV_CONTAINER_NAME}" docker rm -f ${KD_DEV_CONTAINER_NAME} @@ -84,5 +87,3 @@ docker run \ -e DOCKER_GID="${DOCKER_GID}" \ ${DOCKER_RUN_OPTS} \ ${KD_DEV_IMAGE_NAME} - #-p 8080:8080 \ - #-v ${KD_DEV_KUBECONFIG}:/home/user/.kube/config \ From 2aad4c16726fdbc9d951befb7846ae9d3f0bee9d Mon Sep 17 00:00:00 2001 From: Shu Muto Date: Sat, 23 Mar 2024 18:48:56 +0900 Subject: [PATCH 5/8] Add description for development container --- DEVELOPMENT.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index a4045f0aadf6..46d2199d43e0 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -54,6 +54,11 @@ To create Docker images locally use `make image`. See [`Makefile`](Makefile) to get to know other targets useful during development. You can also run `make help` to quickly check the list of available commands. +## To run dashboard using all in one development container + +Run `hack/develop/run-dev-container.sh`. It will build dashboard components from your local repository, will create also kubernetes cluster using kind, and will run dashboard using `make run`. Then you can see dashboard http://localhost:8443 with your browser. Please see `CAUTION!!` in output on your console to get access token for logging in. +You can also run `hack/develop/run-dev-container.sh bash` and run any manual `make` commands to have a clean development environment at any time. + ## Dependency Management We keep all the dependencies outside the repository and always try to avoid using suspicious, unknown dependencies as they may introduce vulnerabilities. From 0816500a22bec174d3d04aaed38f0ef877d7c351 Mon Sep 17 00:00:00 2001 From: Shu Muto Date: Sat, 23 Mar 2024 18:54:04 +0900 Subject: [PATCH 6/8] Clean up unused sources --- hack/develop/run-dev-container.sh | 13 -- hack/test-resources/cluster-admin.yaml | 174 ------------------------- 2 files changed, 187 deletions(-) delete mode 100644 hack/test-resources/cluster-admin.yaml diff --git a/hack/develop/run-dev-container.sh b/hack/develop/run-dev-container.sh index cf03804db430..0298eefbc32a 100755 --- a/hack/develop/run-dev-container.sh +++ b/hack/develop/run-dev-container.sh @@ -23,19 +23,6 @@ LOCAL_UID=$(id -u) LOCAL_GID=$(id -g) DOCKER_GID=$(getent group docker|cut -d ":" -f 3) -# kubeconfig for dashboard. -# This will be mounted and certain npm command can modify it, -# so this should not be set for original kubeconfig. -#if [[ -n "${KD_DEV_KUBECONFIG}" ]] ; then - # Use your own kubernetes cluster. - #K8S_OWN_CLUSTER=true -#else - # Use the kind cluster that will be created later by the script. - # Set defult as kubeconfig made by `hack/scripts/start-cluster.sh`. - #touch /tmp/kind.kubeconfig - #KD_DEV_KUBECONFIG=/tmp/kind.kubeconfig -#fi - # Create docker network to work with kind cluster KD_DEV_NETWORK="kubernetes-dashboard" docker network create ${KD_DEV_NETWORK} \ diff --git a/hack/test-resources/cluster-admin.yaml b/hack/test-resources/cluster-admin.yaml deleted file mode 100644 index f9304f34e624..000000000000 --- a/hack/test-resources/cluster-admin.yaml +++ /dev/null @@ -1,174 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# ClusterRole and Role for testing and developing Kubernetes Dashboard - -################################ -### Namespaces -################################ - -apiVersion: v1 -kind: Namespace -metadata: - name: kubernetes-dashboard - labels: - app.kubernetes.io/part-of: kubernetes-dashboard - ---- - -################################ -### cert-manager -################################ - -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned - namespace: kubernetes-dashboard - labels: - app.kubernetes.io/name: certmanager - app.kubernetes.io/part-of: kubernetes-dashboard -spec: - selfSigned: {} - ---- - -################################ -### Service Accounts -################################ - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kubernetes-dashboard - namespace: kubernetes-dashboard - labels: - app.kubernetes.io/part-of: kubernetes-dashboard - ---- - -################################ -### Secrets & Config Maps -################################ - -apiVersion: v1 -kind: Secret -metadata: - name: kubernetes-dashboard-csrf - namespace: kubernetes-dashboard - labels: - app.kubernetes.io/part-of: kubernetes-dashboard -type: Opaque -data: - csrf: "" - ---- - -apiVersion: v1 -kind: Secret -metadata: - name: kubernetes-dashboard-key-holder - namespace: kubernetes-dashboard - labels: - app.kubernetes.io/part-of: kubernetes-dashboard -type: Opaque - ---- - -kind: ConfigMap -apiVersion: v1 -metadata: - name: kubernetes-dashboard-settings - namespace: kubernetes-dashboard - labels: - app.kubernetes.io/part-of: kubernetes-dashboard - ---- - -################################ -### Roles & Bindings -################################ - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kubernetes-dashboard - namespace: kubernetes-dashboard - labels: - app.kubernetes.io/part-of: kubernetes-dashboard -rules: - # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - - apiGroups: [ "" ] - resources: [ "secrets" ] - resourceNames: [ "kubernetes-dashboard-key-holder", "kubernetes-dashboard-csrf" ] - verbs: [ "get", "update", "delete" ] - # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - - apiGroups: [ "" ] - resources: [ "configmaps" ] - resourceNames: [ "kubernetes-dashboard-settings" ] - verbs: [ "get", "update" ] - # Allow Dashboard to get metrics. - - apiGroups: [ "" ] - resources: [ "services/proxy" ] - resourceNames: [ "kubernetes-dashboard-metrics-scraper", "http:kubernetes-dashboard-metrics-scraper" ] - verbs: [ "get" ] - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubernetes-dashboard - labels: - app.kubernetes.io/part-of: kubernetes-dashboard -rules: - # Allow Metrics Scraper to get metrics from the Metrics server - - apiGroups: [ "metrics.k8s.io" ] - resources: [ "pods", "nodes" ] - verbs: [ "get", "list", "watch" ] - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kubernetes-dashboard - namespace: kubernetes-dashboard - labels: - app.kubernetes.io/part-of: kubernetes-dashboard -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubernetes-dashboard -subjects: - - kind: ServiceAccount - name: kubernetes-dashboard - namespace: kubernetes-dashboard - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubernetes-dashboard - labels: - app.kubernetes.io/part-of: kubernetes-dashboard -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: kubernetes-dashboard - namespace: kubernetes-dashboard From 27b664cc1b48096f5799e3638c67634ac242103a Mon Sep 17 00:00:00 2001 From: Shu Muto Date: Thu, 11 Apr 2024 18:58:15 +0900 Subject: [PATCH 7/8] Add description to set kubeconfig --- hack/develop/run-command.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/develop/run-command.sh b/hack/develop/run-command.sh index ba84734dae53..c77920ee2282 100755 --- a/hack/develop/run-command.sh +++ b/hack/develop/run-command.sh @@ -24,7 +24,7 @@ echo "" echo "1. Run terminal in development container." echo " docker exec -it k8s-dashboard-dev gosu user bash" echo "" -echo "2. Set env for kubeconfig" +echo "2. Set env for kubeconfig on development container." echo " export KUBECONFIG=/go/src/github.com/kubernetes/dashboard/.tmp/kubeconfig" echo "" echo "3. Add full access role for development." From b7540d72852dd626768d4095669b31ab465e6966 Mon Sep 17 00:00:00 2001 From: Shu Muto Date: Wed, 1 May 2024 00:14:16 +0900 Subject: [PATCH 8/8] Fix envs for kubeconfig Also, stop using KIND_EXPERIMENTAL_DOCKER_NETWORK. --- Makefile | 6 +++--- hack/develop/run-dev-container.sh | 3 +-- hack/docker/dev.compose.yml | 2 +- hack/docker/docker.compose.yaml | 2 +- hack/include/config.mk | 29 ++++++++++++++++------------- hack/include/kind.mk | 24 ++++++++++++------------ 6 files changed, 34 insertions(+), 32 deletions(-) diff --git a/Makefile b/Makefile index 01aea3c0b501..bcb0ab82819e 100644 --- a/Makefile +++ b/Makefile @@ -76,7 +76,7 @@ tools: $(PRE) ## Installs required tools # Note: Make sure that the port 8080 (Web HTTP) is free on your localhost .PHONY: serve serve: $(PRE) --ensure-kind-cluster --ensure-metrics-server ## Starts development version of the application on http://localhost:8080 - @KUBECONFIG=$(KUBECONFIG_FOR_DOCKER_COMPOSE) \ + @KUBECONFIG=$(DOCKER_COMPOSE_KUBECONFIG) \ SOURCE_DIR=$(SOURCE_DIR) \ SYSTEM_BANNER=$(SYSTEM_BANNER) \ SYSTEM_BANNER_SEVERITY=$(SYSTEM_BANNER_SEVERITY) \ @@ -96,7 +96,7 @@ serve: $(PRE) --ensure-kind-cluster --ensure-metrics-server ## Starts developmen # Note: Make sure that the ports 8443 (Gateway HTTPS) and 8080 (Gateway HTTP) are free on your localhost .PHONY: run run: $(PRE) --ensure-kind-cluster --ensure-metrics-server ## Starts production version of the application on https://localhost:8443 and https://localhost:8000 - @KUBECONFIG=$(KUBECONFIG_FOR_DOCKER_COMPOSE) \ + @KUBECONFIG=$(DOCKER_COMPOSE_KUBECONFIG) \ SOURCE_DIR=$(SOURCE_DIR) \ SYSTEM_BANNER=$(SYSTEM_BANNER) \ SYSTEM_BANNER_SEVERITY=$(SYSTEM_BANNER_SEVERITY) \ @@ -113,7 +113,7 @@ run: $(PRE) --ensure-kind-cluster --ensure-metrics-server ## Starts production v .PHONY: image image: ifndef NO_BUILD - @KUBECONFIG=$(KUBECONFIG_FOR_DOCKER_COMPOSE) \ + @KUBECONFIG=$(DOCKER_COMPOSE_KUBECONFIG) \ SOURCE_DIR=$(SOURCE_DIR) \ SYSTEM_BANNER=$(SYSTEM_BANNER) \ SYSTEM_BANNER_SEVERITY=$(SYSTEM_BANNER_SEVERITY) \ diff --git a/hack/develop/run-dev-container.sh b/hack/develop/run-dev-container.sh index 0298eefbc32a..550b6fccf323 100755 --- a/hack/develop/run-dev-container.sh +++ b/hack/develop/run-dev-container.sh @@ -24,7 +24,7 @@ LOCAL_GID=$(id -g) DOCKER_GID=$(getent group docker|cut -d ":" -f 3) # Create docker network to work with kind cluster -KD_DEV_NETWORK="kubernetes-dashboard" +KD_DEV_NETWORK="kind" docker network create ${KD_DEV_NETWORK} \ -d=bridge \ -o com.docker.network.bridge.enable_ip_masquerade=true \ @@ -67,7 +67,6 @@ docker run \ -e K8S_OWN_CLUSTER=${K8S_OWN_CLUSTER} \ -e BIND_ADDRESS=${KD_DEV_BIND_ADDRESS} \ -e KUBECONFIG=${KD_DEV_KUBECONFIG} \ - -e KIND_EXPERIMENTAL_DOCKER_NETWORK=${KD_DEV_NETWORK} \ -e SIDECAR_HOST=${KD_DEV_SIDECAR_HOST} \ -e LOCAL_UID="${LOCAL_UID}" \ -e LOCAL_GID="${LOCAL_GID}" \ diff --git a/hack/docker/dev.compose.yml b/hack/docker/dev.compose.yml index 037ba6827930..9a6352efd89b 100644 --- a/hack/docker/dev.compose.yml +++ b/hack/docker/dev.compose.yml @@ -114,5 +114,5 @@ services: networks: default: - name: kubernetes-dashboard + name: kind external: true diff --git a/hack/docker/docker.compose.yaml b/hack/docker/docker.compose.yaml index 5c693fd7078f..5dbaea4ddcbe 100644 --- a/hack/docker/docker.compose.yaml +++ b/hack/docker/docker.compose.yaml @@ -97,5 +97,5 @@ services: networks: default: - name: kubernetes-dashboard + name: kind external: true diff --git a/hack/include/config.mk b/hack/include/config.mk index f24b5cc8cbeb..f07da3f64873 100644 --- a/hack/include/config.mk +++ b/hack/include/config.mk @@ -2,6 +2,11 @@ PROJECT_NAME := dashboard ### Dirs and paths +# Dashboard source directory +SOURCE_DIR := $(ROOT_DIRECTORY) +ifdef KD_DEV_SRC +SOURCE_DIR := $(KD_DEV_SRC) +endif # Base paths PARTIALS_DIRECTORY := $(ROOT_DIRECTORY)/hack/include # Modules @@ -23,8 +28,18 @@ TMP_DIRECTORY := $(ROOT_DIRECTORY)/.tmp KIND_CLUSTER_NAME := kubernetes-dashboard KIND_CLUSTER_VERSION := v1.29.0 KIND_CLUSTER_IMAGE := docker.io/kindest/node:${KIND_CLUSTER_VERSION} -KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH := $(TMP_DIRECTORY)/kubeconfig KIND_CONFIG_FILE := $(PARTIALS_DIRECTORY)/kind.config.yml +KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH := $(TMP_DIRECTORY)/kubeconfig +# Kubectl +KIND_CLUSTER_DEPLOY_KUBECONFIG := $(HOME)/.kube/config +ifdef KD_DEV_SRC +KIND_CLUSTER_DEPLOY_KUBECONFIG := $(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) +endif +# Kubeconfig to mount into docker compose +DOCKER_COMPOSE_KUBECONFIG := $(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) +ifdef KD_DEV_SRC +DOCKER_COMPOSE_KUBECONFIG := $(SOURCE_DIR)/.tmp/kubeconfig +endif # Metrics server METRICS_SERVER_VERSION := v0.7.0 # Ingress nginx (kind) @@ -42,15 +57,3 @@ endif ifeq (,$(findstring $(GOPATH)/bin,$(PATH))) $(warning $$GOPATH/bin directory is not in your $$PATH) endif - -### KUBECONFIG for docker compose -KUBECONFIG_FOR_DOCKER_COMPOSE := $(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) -ifdef KD_DEV_SRC -KUBECONFIG_FOR_DOCKER_COMPOSE := $(KD_DEV_SRC)/.tmp/kubeconfig -endif - -### Dashboard source directory for docker compose -SOURCE_DIR := $(PWD) -ifdef KD_DEV_SRC -SOURCE_DIR := $(KD_DEV_SRC) -endif diff --git a/hack/include/kind.mk b/hack/include/kind.mk index 3c5b7d7286e7..5e4120eba2a5 100644 --- a/hack/include/kind.mk +++ b/hack/include/kind.mk @@ -3,22 +3,22 @@ include $(PARTIALS_DIRECTORY)/config.mk .PHONY: --ensure-kind-cluster --ensure-kind-cluster: @if test -n "$(shell kind get clusters 2>/dev/null | grep $(KIND_CLUSTER_NAME))"; then \ - echo [kind] cluster already exists; \ - else \ - echo [kind] creating cluster $(KIND_CLUSTER_NAME); \ - kind create cluster -q --config=$(KIND_CONFIG_FILE) --name=$(KIND_CLUSTER_NAME) --image=$(KIND_CLUSTER_IMAGE); \ - fi; \ - echo [kind] exporting internal kubeconfig to $(TMP_DIRECTORY); \ - mkdir -p $(TMP_DIRECTORY); \ - kind get kubeconfig --name $(KIND_CLUSTER_NAME) --internal > $(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) + echo [kind] cluster already exists; \ + else \ + echo [kind] creating cluster $(KIND_CLUSTER_NAME); \ + kind create cluster -q --config=$(KIND_CONFIG_FILE) --name=$(KIND_CLUSTER_NAME) --image=$(KIND_CLUSTER_IMAGE); \ + fi; \ + echo [kind] exporting internal kubeconfig to $(TMP_DIRECTORY); \ + mkdir -p $(TMP_DIRECTORY); \ + kind get kubeconfig --name $(KIND_CLUSTER_NAME) --internal > $(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) .PHONY: --ensure-metrics-server --ensure-metrics-server: @echo [kind] installing metrics server $(METRICS_SERVER_VERSION) - @KUBECONFIG=$(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) \ + @KUBECONFIG=$(KIND_CLUSTER_DEPLOY_KUBECONFIG) \ kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/$(METRICS_SERVER_VERSION)/components.yaml >/dev/null @echo [kind] patching metrics server arguments - @KUBECONFIG=$(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) \ + @KUBECONFIG=$(KIND_CLUSTER_DEPLOY_KUBECONFIG) \ kubectl patch deployment \ metrics-server \ -n kube-system \ @@ -28,9 +28,9 @@ include $(PARTIALS_DIRECTORY)/config.mk .PHONY: --ensure-kind-ingress-nginx --ensure-kind-ingress-nginx: @echo [kind] installing ingress-nginx - @KUBECONFIG=$(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) \ + @KUBECONFIG=$(KIND_CLUSTER_DEPLOY_KUBECONFIG) \ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-$(INGRESS_NGINX_VERSION)/deploy/static/provider/kind/deploy.yaml >/dev/null - @KUBECONFIG=$(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) \ + @KUBECONFIG=$(KIND_CLUSTER_DEPLOY_KUBECONFIG) \ kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admission >/dev/null .PHONY: --ensure-helm-dependencies