openshift_console.yaml

# An OIDC provider is required (e.g., Dex).
# OIDC must be configured for the kube-apiserver. For example:
#    - --oidc-client-id=kubernetes-oidc
#    - --oidc-groups-claim=groups
#    - --oidc-issuer-url=https://dex.example.com
#    - --oidc-username-claim=email
# For cloud setups, you can use kube-oidc-proxy (https://github.com/TremoloSecurity/kube-oidc-proxy)
#
# <secret_cookie_auth_key> - 32 bytes string (regex: a-z0-9, example: rpb7aos4rd0m32x9omcrcqacnia0xty2)
# <secret_cookie_enc_key> - 32 bytes string (regex: a-z0-9, example: gg1ejofgupoc19wyuywr2yflm75aeiwg)
#
# prom rules:
#     - name: ForOpenshiftConsole
#       rules:
#         - expr: sum(rate(container_cpu_usage_seconds_total{job="kubelet",container!="",container!="POD"}[2m])) by (namespace,pod)
#           record: pod:container_cpu_usage:sum
#         - expr: sum(kube_pod_container_resource_requests{container!=""}) by (namespace, pod, resource)
#           record: kube_pod_resource_request
#         - expr: sum(kube_pod_container_resource_limits{container!=""}) by (namespace, pod, resource)
#           record: kube_pod_resource_limit
#         - expr: sum(container_network_receive_bytes_total{}) by(namespace,pod,interface) * 0
#           record: pod_network_name_info
#         - expr: sum(container_fs_usage_bytes{}) by (namespace, pod)
#           record: pod:container_fs_usage_bytes:sum

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    reloader.stakater.com/auto: "true"
  labels:
    app.kubernetes.io/instance: openshift-console
    app.kubernetes.io/name: openshift-console
    app.kubernetes.io/version: 4.20.0
    instance: openshift-console
    name: openshift-console
  name: openshift-console
  namespace: dashboards
spec:
  replicas: 1
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app.kubernetes.io/instance: openshift-console
      app.kubernetes.io/name: openshift-console
  template:
    metadata:
      labels:
        app.kubernetes.io/instance: openshift-console
        app.kubernetes.io/name: openshift-console
        app.kubernetes.io/version: 4.20.0
        instance: openshift-console
        name: openshift-console
    spec:
      containers:
      - args:
        - --public-dir=/opt/bridge/static
        - -v
        - "5"
        command:
        - /opt/bridge/bin/bridge
        env:
        - name: BRIDGE_DOCUMENTATION_BASE_URL
          value: https://kubernetes.io/docs/
        - name: BRIDGE_BASE_ADDRESS
          value: https://openshift-console.example.com
        - name: BRIDGE_USER_AUTH
          value: oidc
        - name: BRIDGE_USER_AUTH_OIDC_ISSUER_URL
          value: https://dex.example.com
        - name: BRIDGE_USER_AUTH_OIDC_CLIENT_ID
          value: kubernetes-oidc
        - name: BRIDGE_USER_AUTH_OIDC_CLIENT_SECRET
          value: <dex-client-secret>
        - name: BRIDGE_USER_AUTH_OIDC_TOKEN_SCOPES
          value: openid,profile,email,groups
        - name: BRIDGE_USER_SETTINGS_LOCATION
          value: localstorage
        - name: BRIDGE_K8S_MODE
          value: in-cluster
        - name: BRIDGE_ALERMANAGER_PUBLIC_URL
          value: http://vmalertmanager-vm.monitoring:9093
        - name: BRIDGE_THANOS_PUBLIC_URL
          value: http://promxy.monitoring:8080
        - name: BRIDGE_USER_AUTH_LOGOUT_REDIRECT
          value: https://openshift-console.example.com/auth/logout
        - name: BRIDGE_COOKIE_AUTHENTICATION_KEY_FILE
          value: /etc/openshift-console-secrets/cookie_auth_key
        - name: BRIDGE_COOKIE_ENCRYPTION_KEY_FILE
          value: /etc/openshift-console-secrets/cookie_enc_key
        image: quay.io/openshift/origin-console:4.20.0
        imagePullPolicy: Always
        name: openshift-console
        ports:
        - containerPort: 9000
          name: http
        resources:
          limits:
            cpu: 100m
            memory: 256Mi
          requests:
            cpu: 100m
            memory: 256Mi
        volumeMounts:
        - mountPath: /etc/openshift-console-secrets
          name: cookie-secrets
      nodeSelector: {}
      serviceAccountName: openshift-console
      tolerations: []
      volumes:
      - name: cookie-secrets
        secret:
          secretName: openshift-console

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  labels:
    app.kubernetes.io/instance: openshift-console
    app.kubernetes.io/name: openshift-console
    app.kubernetes.io/version: 4.20.0
    instance: openshift-console
    name: openshift-console
  name: openshift-console
  namespace: dashboards
spec:
  rules:
  - host: openshift-console.example.com
    http:
      paths:
      - backend:
          service:
            name: openshift-console
            port:
              name: http
        path: /
        pathType: ImplementationSpecific

---
apiVersion: v1
stringData:
  cookie_auth_key: rpb7aos4rd0m32x9omcrcqacnia0xty2
  cookie_enc_key: gg1ejofgupoc19wyuywr2yflm75aeiwg
kind: Secret
metadata:
  labels:
    app.kubernetes.io/instance: openshift-console
    app.kubernetes.io/name: openshift-console
    app.kubernetes.io/version: 4.20.0
    instance: openshift-console
    name: openshift-console
  name: openshift-console
  namespace: dashboards
type: Opaque

---
apiVersion: v1
kind: Service
metadata:
  annotations:
  labels:
    app.kubernetes.io/instance: openshift-console
    app.kubernetes.io/name: openshift-console
    app.kubernetes.io/version: 4.20.0
    instance: openshift-console
    name: openshift-console
  name: openshift-console
  namespace: dashboards
spec:
  ports:
  - name: http
    port: 9000
    protocol: TCP
    targetPort: http
  selector:
    app.kubernetes.io/instance: openshift-console
    app.kubernetes.io/name: openshift-console

Just found this - it looks awesome. I'm going to check it out now. So, to use it externally from the internet I need to install kube-oidc-proxy as well? After I install this do I just go to: https://openshift-console..com? Cheers, Dave