|
|
|
Cockpit Guide | |
|---|
Cockpit has a dashboard that interacts with a Kubernetes cluster or an Openshift v3 cluster. This functionality is in the Cockpit kubernetes package.
The dashboard can either be deployed on kubernetes as a container in a pod or used via a normal authenticated Cockpit session. Cockpit communicates with Kubernetes via its REST API.
When the Kubernetes dashboard is used in a standard Cockpit login session, usually some
form of authentication is necessary to access the Kubernetes REST API.
Like the kubectl and oc commands, Cockpit uses
the authentication and server information in the ~/.kube/config file for
the logged in user.
If a user is able to use kubectl successfully when at their shell terminal,
then that same user will able to use Kubernetes dashboard when logged into Cockpit:
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
docker-registry-1-l4pyh 1/1 Running 10 23d
...
When running Openshift one can use the oc login command to configure the
~/.kube/config file correctly. This in turn allows Cockpit to use that
login information.
The Kubernetes dashboard can be deployed as a pod on Kubernetes requiring users to log in using the standard standard authentication configured for access to its API.
$ wget https://raw.githubusercontent.com/cockpit-project/cockpit/master/containers/kubernetes-cockpit.json $ kubectl create -f kubernetes-cockpit.json
This pod can be used on kubernetes that is configured with basic authentication. By
default the pod tries to access the kubernetes API securely and expects that the kubernetes
API server has been deployed with a CA, certificate files and service account key. In order
to change this behavior, edit the kubernetes-cockpit.json and change the
KUBE_INSECURE environment variable to true.
You can retrieve the address where you can access the dashboard via:
$ kubectl get service kubernetes-cockpit
The Kubernetes dashboard can be deployed as a pod on Openshift, and use Openshift OAuth authentication. Running software on Openshift requires forethought, planning and configuration. In particular, in order to run the admin interface as a pod you need to first decide the host name that it will be accessible at. This is the host name part of its URL.
Next use the following commands to deploy the registry pod and service. You'll need
to have admin access to the Openshift cluster, as an OAuth client needs to be created.
Replace the XXX with the host name you want to make the registry
accessible at. In addition replace YYY with the host name of the
Openshift API server.
$ wget https://raw.githubusercontent.com/cockpit-project/cockpit/master/containers/openshift-cockpit.template $ oc process -f openshift-cockpit.template -p COCKPIT_KUBE_URL=https://XXX -p OPENSHIFT_OAUTH_PROVIDER_URL=https://YYY:8443 | oc create -f -
You can retrieve the address where you can access the dashboard via:
$ oc get service openshift-cockpit