Kubernetes Operational View - read-only system dashboard for multiple K8s clusters
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

5.1 KiB

Multiple Clusters

Multiple clusters are supported by either passing a static list of API server URLs, using an existing kubeconfig file or pointing to a Cluster Registry HTTP endpoint.

Static List of API Server URLs

Set the CLUSTERS environment variable to a comma separated list of Kubernetes API server URLs.

These can either be unprotected localhost URLs or OAuth 2 protected API endpoints.

The needed OAuth credentials (Bearer access token) must be provided via a file ${CREDENTIALS_DIR}/read-only-token-secret.

Kubeconfig File

The kubeconfig file allows defining multiple cluster contexts with potential different authentication mechanisms.

Kubernetes Operational View will try to reach all defined contexts when given the --kubeconfig-path command line option (or KUBECONFIG_PATH environment variable).

Example:

Assuming ~/.kube/config as the following contents with two defined contexts:

Kubernetes Operational View would try to reach both endpoints with the respective token for authentication:

Note

You need to make sure that the Docker container has access to any required SSL certificate files. Minikube by default will use certificates in ~/.minikube. You can copy them to ~/.kube and make the paths in ~/.kube/config relative.

The following command should work out of the box with Minikube:

You can select which clusters should be queried by specifying a list of kubeconfig contexts with the --kubeconfig-contexts option:

This would only query the Kubernetes cluster defined by the bar context.

Cluster Registry

Clusters can be dynamically discovered by providing one HTTP endpoint as the cluster registry. Set either the CLUSTER_REGISTRY_URL environment variable or the --cluster-registry-url option to an URL conforming to:

The cluster registry will be queried with an OAuth Bearer token, the token can be statically set via the OAUTH2_ACCESS_TOKENS environment variable. Example:

Otherwise the needed OAuth credentials (Bearer access token) must be provided via a file ${CREDENTIALS_DIR}/read-only-token-secret. You can pass this file by mounting a secret like:

The deployment manifest to mount the above secret: