Skip to content

Instantly share code, notes, and snippets.

@identw

identw/openshift_console.yaml

Last active December 13, 2024 20:02
Show Gist options
  • Save identw/c9fbdd0fc22c0b766be7a794c3910b97 to your computer and use it in GitHub Desktop.
Save identw/c9fbdd0fc22c0b766be7a794c3910b97 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
openshift_console.yaml
# An OIDC provider is required (e.g., Dex).
# OIDC must be configured for the kube-apiserver. For example:
# - --oidc-client-id=kubernetes-oidc
# - --oidc-groups-claim=groups
# - --oidc-issuer-url=https://dex.example.com
# - --oidc-username-claim=email
# For cloud setups, you can use kube-oidc-proxy (https://github.com/TremoloSecurity/kube-oidc-proxy)
#
# <secret_cookie_auth_key> - 32 bytes string (regex: a-z0-9, example: rpb7aos4rd0m32x9omcrcqacnia0xty2)
# <secret_cookie_enc_key> - 32 bytes string (regex: a-z0-9, example: gg1ejofgupoc19wyuywr2yflm75aeiwg)
#
# prom rules:
# - name: ForOpenshiftConsole
# rules:
# - expr: sum(rate(container_cpu_usage_seconds_total{job="kubelet",container!="",container!="POD"}[2m])) by (namespace,pod)
# record: pod:container_cpu_usage:sum
# - expr: sum(kube_pod_container_resource_requests{container!=""}) by (namespace, pod, resource)
# record: kube_pod_resource_request
# - expr: sum(kube_pod_container_resource_limits{container!=""}) by (namespace, pod, resource)
# record: kube_pod_resource_limit
# - expr: sum(container_network_receive_bytes_total{}) by(namespace,pod,interface) * 0
# record: pod_network_name_info
# - expr: sum(container_fs_usage_bytes{}) by (namespace, pod)
# record: pod:container_fs_usage_bytes:sum
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
reloader.stakater.com/auto: "true"
labels:
app.kubernetes.io/instance: openshift-console
app.kubernetes.io/name: openshift-console
app.kubernetes.io/version: 4.20.0
instance: openshift-console
name: openshift-console
name: openshift-console
namespace: dashboards
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app.kubernetes.io/instance: openshift-console
app.kubernetes.io/name: openshift-console
template:
metadata:
labels:
app.kubernetes.io/instance: openshift-console
app.kubernetes.io/name: openshift-console
app.kubernetes.io/version: 4.20.0
instance: openshift-console
name: openshift-console
spec:
containers:
- args:
- --public-dir=/opt/bridge/static
- -v
- "5"
command:
- /opt/bridge/bin/bridge
env:
- name: BRIDGE_DOCUMENTATION_BASE_URL
value: https://kubernetes.io/docs/
- name: BRIDGE_BASE_ADDRESS
value: https://openshift-console.example.com
- name: BRIDGE_USER_AUTH
value: oidc
- name: BRIDGE_USER_AUTH_OIDC_ISSUER_URL
value: https://dex.example.com
- name: BRIDGE_USER_AUTH_OIDC_CLIENT_ID
value: kubernetes-oidc
- name: BRIDGE_USER_AUTH_OIDC_CLIENT_SECRET
value: <dex-client-secret>
- name: BRIDGE_USER_AUTH_OIDC_TOKEN_SCOPES
value: openid,profile,email,groups
- name: BRIDGE_USER_SETTINGS_LOCATION
value: localstorage
- name: BRIDGE_K8S_MODE
value: in-cluster
- name: BRIDGE_ALERMANAGER_PUBLIC_URL
value: http://vmalertmanager-vm.monitoring:9093
- name: BRIDGE_THANOS_PUBLIC_URL
value: http://promxy.monitoring:8080
- name: BRIDGE_USER_AUTH_LOGOUT_REDIRECT
value: https://openshift-console.example.com/auth/logout
- name: BRIDGE_COOKIE_AUTHENTICATION_KEY_FILE
value: /etc/openshift-console-secrets/cookie_auth_key
- name: BRIDGE_COOKIE_ENCRYPTION_KEY_FILE
value: /etc/openshift-console-secrets/cookie_enc_key
image: quay.io/openshift/origin-console:4.20.0
imagePullPolicy: Always
name: openshift-console
ports:
- containerPort: 9000
name: http
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
cpu: 100m
memory: 256Mi
volumeMounts:
- mountPath: /etc/openshift-console-secrets
name: cookie-secrets
nodeSelector: {}
serviceAccountName: openshift-console
tolerations: []
volumes:
- name: cookie-secrets
secret:
secretName: openshift-console
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app.kubernetes.io/instance: openshift-console
app.kubernetes.io/name: openshift-console
app.kubernetes.io/version: 4.20.0
instance: openshift-console
name: openshift-console
name: openshift-console
namespace: dashboards
spec:
rules:
- host: openshift-console.example.com
http:
paths:
- backend:
service:
name: openshift-console
port:
name: http
path: /
pathType: ImplementationSpecific
---
apiVersion: v1
stringData:
cookie_auth_key: rpb7aos4rd0m32x9omcrcqacnia0xty2
cookie_enc_key: gg1ejofgupoc19wyuywr2yflm75aeiwg
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: openshift-console
app.kubernetes.io/name: openshift-console
app.kubernetes.io/version: 4.20.0
instance: openshift-console
name: openshift-console
name: openshift-console
namespace: dashboards
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
annotations:
labels:
app.kubernetes.io/instance: openshift-console
app.kubernetes.io/name: openshift-console
app.kubernetes.io/version: 4.20.0
instance: openshift-console
name: openshift-console
name: openshift-console
namespace: dashboards
spec:
ports:
- name: http
port: 9000
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/instance: openshift-console
app.kubernetes.io/name: openshift-console
@cloudcafetech
Copy link

cloudcafetech commented Dec 7, 2024
edited
Loading

Using above gist getting following error.

Fatal glibc error: CPU does not support x86-64-v2

seem issue is old Hw and Proxmox CPU settings but it works with image version 4.10 with observe menu but facing below metrics which are showing No data point found image

kubelet_running_pods{instance=~'192.168.0.111:.*'}

In promethus dashboard I can see below

image

@saashqdev
Copy link

saashqdev commented Dec 13, 2024
edited
Loading

Just found this - it looks awesome. I'm going to check it out now. So, to use it externally from the internet I need to install kube-oidc-proxy as well? After I install this do I just go to: https://openshift-console..com? Cheers, Dave

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment