Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Spike: Deploy Rancher Manager #7352

Draft
wants to merge 9 commits into
base: main
Choose a base branch
from

Conversation

mook-as
Copy link
Contributor

@mook-as mook-as commented Aug 15, 2024

This is a draft PR to explore using Rancher Manager in place of our partial dashboard. Reviewing the code isn't going to be that helpful yet (needs a lot of cleanup before it is ready for review), but it will be useful to try out a CI build.

It just installs the helm chart instead of manually running Steve + dashboard bits.

Notes:

  • This bumps up minimum Kubernetes version to 1.22 (from 1.21) due to issues with the cert-manager helm chart.
  • This is currently only tested on macOS (and I fully expect this to break on Windows at least, due to issues with port forwarding)
  • This takes over https://localhost/ with the dashboard. We will need to figure out a way to make this work without doing that.

This is for #7322.

We will replace the bundled version of dashboard and steve with the normal
version to explore how that will work.

Signed-off-by: Mark Yen <[email protected]>
This installs Rancher Manager (but doesn't go through the setup).  This is
not yet very useful.

Signed-off-by: Mark Yen <[email protected]>
We are (at least for now) disabling dashboard extensions to reduce the
amount of stuff we have to worry about. We may end up re-enabling them
before this is merged (after cleanup).
Since ingress doesn't currently work on Windows, use envoy to do SSL
termination and do Kubernetes-level service port forwarding instead.  This
also means it will work without traefik.
@mook-as
Copy link
Contributor Author

mook-as commented Aug 19, 2024

Replaced ingress with an envoy pod doing SSL termination and port forwarding via our existing port forwarding logic; this now works on Windows, and doesn't require traefik (but might get cancelled by the user; we still need to fix that).

GitGuardian is already complaining about the hard-coded cert I placed in the envoy config (which we never verify anyway). It might be worth it to replace envoy with a golang-based proxy that generates certs on the fly (and, again, never gets verified).

We need to override the origin when talking to upstream, as the header
normally contains the downstream port and gets rejected.

Also add a timeout to dashboard setup so we can retry instead of hanging
forever if it doesn't work.
They generate kubeconfig files that have no port, which does not work as we
require port forwarding to reach the server.  To avoid confusing users,
hide the buttons.
- When we create an error, we need to throw in, not drop it on the floor.
- If the host port is not specified, and an existing server is found,
  return that server's port instead of 0.
@mook-as
Copy link
Contributor Author

mook-as commented Aug 21, 2024

The Apps section doesn't work. It does if we stop disabling the fleet and rke2 feature flags. However, even when it's enabled some things (e.g. NeuVector) doesn't seem to actually work.

@gunamata
Copy link
Contributor

Some observations from my brief testing on Windows so far:

  • Cluster Dashboard button behavior seems to work the same as today. The button stays in disabled state while the app/kubernetes is launching and turns enabled when the app is fully launched. Button is hidden when Kubernetes is disabled.
  • Clicking on the Cluster Dashboard opens up the dashboard same as the current experience.
  • At first glance and preliminary exploration, the GUI looks and feels the same as the current dashboard. The side menu bar has all the items as the current cluster dashboard plus some other items.
  • Even though I have not thoroughly tested the functionality, the usual screen that I use such as Workloads > Pods, Workloads > Deployment , Service Discovery > Services seem to work as current dashboard. The View Logs option in Pods seems to work consistently in the new cluster dashboard which is a good thing (More testing needs to be done to confirm this consistency).
  • Even though the Apps section is available in the sidebar menu, there are no items in the catalog. I remember seeing items in the catalog when I manually install rancher via helm. Need to confirm if we are able to see the catalog items and able to install some apps.
  • Download kubeconfig button is missing. The current dashboard doesn't have this option as well but it's nice to get the Download kubeconfig working.
  • The main Cluster Dashboard screen shows a fleet button in red. It looks like something goes wrong installing/configuring Fleet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants