From 177c679c2a8ac1e79594bf19e0d5af19c30159af Mon Sep 17 00:00:00 2001 From: Ewout Prangsma Date: Mon, 2 Jul 2018 09:07:36 +0200 Subject: [PATCH 1/2] Dashboard design concept --- docs/design/dashboard.md | 64 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 docs/design/dashboard.md diff --git a/docs/design/dashboard.md b/docs/design/dashboard.md new file mode 100644 index 000000000..7a80cbd56 --- /dev/null +++ b/docs/design/dashboard.md @@ -0,0 +1,64 @@ +# Deployment Operator Dashboard + +To inspect the state of an `ArangoDeployment` you can use `kubectl get ...` to inspect +the `status` of the resource itself, but to get the entire "picture" you also +must inspect the status of the `Pods` created for the deployment, the `PersistentVolumeClaims`, +the `PersistentVolumes`, the `Services` and some `Secrets`. + +The goal of the operator dashboard is to simplify this inspection process. + +The deployment operator dashboard provides: + +- A status overview of all `ArangoDeployment` it controls +- A status overview of all resources created by the operator (for an `ArangoDeployment`) +- Run the arangoinspector on deployments +- Instructions for upgrading deployments to newer versions + +It does not provide: + +- Direct access to the deployed database +- Anything that can already be done in the web-UI of the database or naturaly belongs there. + +The dashboard is a single-page web application that is served by the operator itself. + +## Design decisions + +### Leader only + +Since only the operator instance that won the leader election has the latest state of all +deployments, only that instance will serve dashboard requests. + +For this purpose, a `Service` is created when deploying the operator. +This service uses a `role=leader` selector to ensure that only the right instance +will be included in its list of endpoints. + +### Exposing the dashboard + +By default `Service` that selects the leading operator instance is not exposed outside the Kubernetes cluster. +Users must use `kubectl expose service ...` to add additional `Services` of type `LoadBalancer` +or `NodePort` to expose the dashboard if and how they want to. + +### Readonly behavior + +The dashboard only provides readonly functions. +When modifications to an `ArangoDeployment` are needed (e.g. when upgrading to a new version), the dashboard +will provide instructions for doing so using `kubectl` commands. + +In doing so, the requirements for authentication & access control of the dashboard itself remain limited, +while all possible authentication & access control features of Kubernetes are still available to ensure +a secure deployment. + +### Authentication + +The dashboard requires a username+password to gain access, unless it is started with a option to disable authentication. +This username+password pair is stored in standard basic authentication `Secret` in the Kubernetes cluster. + +### Frontend technology + +The frontend part of the dashboard will be build with React. +This aligns with future developments in the context of the web-UI of the database itself. + +### Backend technology + +The backend of the dashboard contains an HTTPS server that serves the dashboard webpage (including all required web resources) +and all API methods it needs. From cd9101e84a0b43c97c98a86cb990eabcb40c5f8c Mon Sep 17 00:00:00 2001 From: Ewout Prangsma Date: Mon, 2 Jul 2018 09:22:37 +0200 Subject: [PATCH 2/2] Typos --- docs/design/dashboard.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/design/dashboard.md b/docs/design/dashboard.md index 7a80cbd56..01da1eaab 100644 --- a/docs/design/dashboard.md +++ b/docs/design/dashboard.md @@ -9,7 +9,7 @@ The goal of the operator dashboard is to simplify this inspection process. The deployment operator dashboard provides: -- A status overview of all `ArangoDeployment` it controls +- A status overview of all `ArangoDeployments` it controls - A status overview of all resources created by the operator (for an `ArangoDeployment`) - Run the arangoinspector on deployments - Instructions for upgrading deployments to newer versions @@ -34,7 +34,7 @@ will be included in its list of endpoints. ### Exposing the dashboard -By default `Service` that selects the leading operator instance is not exposed outside the Kubernetes cluster. +By default the `Service` that selects the leading operator instance is not exposed outside the Kubernetes cluster. Users must use `kubectl expose service ...` to add additional `Services` of type `LoadBalancer` or `NodePort` to expose the dashboard if and how they want to. @@ -50,12 +50,12 @@ a secure deployment. ### Authentication -The dashboard requires a username+password to gain access, unless it is started with a option to disable authentication. -This username+password pair is stored in standard basic authentication `Secret` in the Kubernetes cluster. +The dashboard requires a username+password to gain access, unless it is started with an option to disable authentication. +This username+password pair is stored in a standard basic authentication `Secret` in the Kubernetes cluster. ### Frontend technology -The frontend part of the dashboard will be build with React. +The frontend part of the dashboard will be built with React. This aligns with future developments in the context of the web-UI of the database itself. ### Backend technology