search

astefanutti / kubebox

⎈❏ Terminal and Web console for Kubernetes
http://astefanutti.github.io/kubebox
MIT License
2.14k stars 142 forks source link

Configuration options #152

Open fpaparoni opened 2 weeks ago

fpaparoni commented 2 weeks ago

I would like to know if configuration options are available in the project. I'm trying to see in the github repo but don't find much documentation.

Mainly I have three things to modify related to the standard setup:

  1. Fixed namespace: is there the possibility to have a default namespace configured so the user won't the namespace selection?
  2. Resource panel: is it possible to remove from the main view by default config?
  3. Installing it in a cluster gives me free access to the console. Is there a possibility to link some sort of authentication (OIDC or something similar?)

Regards,

Federico

astefanutti commented 2 weeks ago

Hi Federico,

  1. Fixed namespace: is there the possibility to have a default namespace configured so the user won't the namespace selection?

The namespace selection is always available, but if there is a default namespace configured in your kubeconfig file, then Kubebox uses that and won't display the namespace selection when started.

  1. Resource panel: is it possible to remove from the main view by default config?

No, it's not configurable at the moment.

  1. Installing it in a cluster gives me free access to the console. Is there a possibility to link some sort of authentication (OIDC or something similar?)

Provided you have a cluster with OIDC enabled, and you've configured it on the kubeconfig file, then Kubebox should use that to authenticate.

fpaparoni commented 2 weeks ago

Thank you for your answers. For the Resource panel I'm trying to understand how to modify the source code to toggle on/off.

Related to the other questions there is something I don't understand. You are talking about a kubeconfig, but if I install kubebox in my remote k8s cluster, so using web version I'm not providing a kubeconfig and I have direct access to the cluster where I installed it, also using a computer/browser where I haven't a k8s configuration. Is there a sort of config I can add to the kubebox k8s yamls to define, for example, the namespace?

astefanutti commented 2 weeks ago

Thank you for your answers. For the Resource panel I'm trying to understand how to modify the source code to toggle on/off.

The resources box is created there: https://github.com/astefanutti/kubebox/blob/0448a18e9e6acabba004d44fd1d0625027ba48ed/lib/ui/dashboard.js#L73-L85

Related to the other questions there is something I don't understand. You are talking about a kubeconfig, but if I install kubebox in my remote k8s cluster, so using web version I'm not providing a kubeconfig and I have direct access to the cluster where I installed it, also using a computer/browser where I haven't a k8s configuration. Is there a sort of config I can add to the kubebox k8s yamls to define, for example, the namespace?

You're right, the kubeconfig file is used when running Kubebox locally. When running in-cluster that's the service account associated to the Pod that's used at the moment, so Kubebox "inherits" the permissions granted to that service account via RBAC.

With OpenShift, it's possible to use OAuth (see https://github.com/astefanutti/kubebox/blob/0448a18e9e6acabba004d44fd1d0625027ba48ed/openshift.yaml#L77C19-L77C39).

It might be possible to deactivate the ServiceAccount for authentication and use OpenID, but I'm not sure we've tested it and there might be some limitations, as custom CA for the IDP: https://github.com/astefanutti/kubebox/blob/master/README.adoc#authentication.

fpaparoni commented 2 weeks ago

Thank you for the hints ;)