|
| 1 | +# Operator Dashboards |
| 2 | + |
| 3 | +The ArangoDB Kubernetes Operator can create a dashboard for each type of |
| 4 | +resource it supports. These dashboards are intended to give an overview of |
| 5 | +the created resources, their state and instructions on how to modify those resources. |
| 6 | + |
| 7 | +The dashboards do not provide direct means to modify the resources. |
| 8 | +All modifications are done using `kubectl` commands (which are provided by the dashboards) |
| 9 | +so the standard security of your Kubernetes cluster is not bypassed. |
| 10 | + |
| 11 | +## Exposing the dashboards |
| 12 | + |
| 13 | +For each resource type (deployment, deployment replication & local storage) operator |
| 14 | +a `Service` is created that serves the dashboard internally in the Kubernetes cluster. |
| 15 | +To expose a dashboard outside the Kubernetes cluster, run a `kubecty expose` |
| 16 | +command like this: |
| 17 | + |
| 18 | +```bash |
| 19 | +kubectl expose service <service-name> --type=LoadBalancer \ |
| 20 | + --port=8528 --target-port=8528 \ |
| 21 | + --name=<your-exposed-service-name> --namespace=<the-namespace> |
| 22 | +``` |
| 23 | + |
| 24 | +Replace `<service-name>` with: |
| 25 | + |
| 26 | +- `arango-deployment-operator` for the ArangoDeployment operator dashboard. |
| 27 | +- `arango-deployment-replication-operator` for the ArangoDeploymentReplication |
| 28 | + operator dashboard. |
| 29 | +- `arango-storage-operator` for the ArangoLocalStorage operator dashboard. |
| 30 | + (use 'kube-system' namespace) |
| 31 | + |
| 32 | +Replace `<the-namespace>` with the name of the namespace that the operator is in. |
| 33 | +This will often be `default`. |
| 34 | + |
| 35 | +This will create an additional `Service` of type `LoadBalancer` that copies |
| 36 | +the selector from the existing `Service`. |
| 37 | +If your Kubernetes cluster does not support loadbalancers, |
| 38 | +use `--type=NodePort` instead. |
| 39 | + |
| 40 | +Run the following command to inspect your new service and look for the |
| 41 | +loadbalancer IP/host address (or nodeport). |
| 42 | + |
| 43 | +```bash |
| 44 | +kubectl get service <your-exposed-service-name> --namespace=<the-namespace> |
| 45 | +``` |
| 46 | + |
| 47 | +This will result in something like this: |
| 48 | + |
| 49 | +```bash |
| 50 | +$ kubectl get service arango-storage-operator-lb --namespace=kube-system |
| 51 | +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE |
| 52 | +arango-storage-operator-lb LoadBalancer 10.103.30.24 192.168.31.11 8528:30655/TCP 1d |
| 53 | +``` |
| 54 | + |
| 55 | +## Authentication |
| 56 | + |
| 57 | +While the dashboards do not provide any means to directly modify resources, |
| 58 | +they still show sensitive information (e.g. TLS certificates). |
| 59 | +Therefore the dashboards require a username+password for authentications. |
| 60 | + |
| 61 | +The username+password pair is configured in a generic Kubernetes `Secret` named `arangodb-operator-dashboard`, found in the namespace where the operator runs. |
| 62 | + |
| 63 | +To create such a secret, run this: |
| 64 | + |
| 65 | +```bash |
| 66 | +kubectl create secret generic \ |
| 67 | + arangodb-operator-dashboard --namespace=<the-namespace> \ |
| 68 | + --from-literal=username=<username> \ |
| 69 | + --from-literal=password=<password> |
| 70 | +``` |
| 71 | + |
| 72 | +Until such a `Secret` is found, the operator will respond with a status `401` |
| 73 | +to any request related to the dashboard. |
0 commit comments