docs: fix remaining hardcoded headlamp namespace to <your-namespace> placeholder
Prior commit was inconsistent — some files used <your-namespace> while DEPLOYMENT.md, TROUBLESHOOTING.md and several troubleshooting/user-guide docs still hardcoded headlamp as the namespace. Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
committed by
Countess von Containerheim [agent]
parent
207711567c
commit
0776319435
@@ -71,4 +71,4 @@ subjects:
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: e2e-ci-runner
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
+2
-2
@@ -33,7 +33,7 @@ kubectl -n polaris get svc polaris-dashboard
|
||||
kubectl get --raw /api/v1/namespaces/polaris/services/polaris-dashboard:80/proxy/results.json | jq .PolarisOutputVersion
|
||||
|
||||
# Verify Headlamp is deployed
|
||||
kubectl -n headlamp get pods -l app.kubernetes.io/name=headlamp
|
||||
kubectl -n <your-namespace> get pods -l app.kubernetes.io/name=headlamp
|
||||
```
|
||||
|
||||
## Installation Methods
|
||||
@@ -59,7 +59,7 @@ kubectl -n headlamp get pods -l app.kubernetes.io/name=headlamp
|
||||
|
||||
```bash
|
||||
helm upgrade --install headlamp headlamp/headlamp \
|
||||
--namespace headlamp \
|
||||
--namespace <your-namespace> \
|
||||
--values headlamp-values.yaml
|
||||
```
|
||||
|
||||
|
||||
+15
-15
@@ -33,7 +33,7 @@ This guide covers common issues encountered when using the Headlamp Polaris Plug
|
||||
|
||||
```bash
|
||||
# View Headlamp pod logs (plugin sidecar)
|
||||
kubectl logs -n headlamp deployment/headlamp -c headlamp-plugin
|
||||
kubectl logs -n <your-namespace> deployment/headlamp -c headlamp-plugin
|
||||
|
||||
# Expected output:
|
||||
# Installing plugin from https://github.com/.../headlamp-polaris-plugin-X.Y.Z.tar.gz
|
||||
@@ -43,7 +43,7 @@ kubectl logs -n headlamp deployment/headlamp -c headlamp-plugin
|
||||
**Verify plugin files exist**:
|
||||
|
||||
```bash
|
||||
kubectl exec -n headlamp deployment/headlamp -c headlamp -- ls -la /headlamp/plugins/
|
||||
kubectl exec -n <your-namespace> deployment/headlamp -c headlamp -- ls -la /headlamp/plugins/
|
||||
# Should show: headlamp-polaris-plugin/
|
||||
```
|
||||
|
||||
@@ -118,7 +118,7 @@ Expected subjects:
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: headlamp
|
||||
namespace: headlamp
|
||||
namespace: <your-namespace>
|
||||
```
|
||||
|
||||
For OIDC mode:
|
||||
@@ -154,7 +154,7 @@ metadata:
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: headlamp
|
||||
namespace: headlamp
|
||||
namespace: <your-namespace>
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: polaris-proxy-reader
|
||||
@@ -169,7 +169,7 @@ Service account mode:
|
||||
```bash
|
||||
# Impersonate Headlamp service account
|
||||
kubectl auth can-i get services/proxy \
|
||||
--as=system:serviceaccount:headlamp:headlamp \
|
||||
--as=system:serviceaccount:<your-namespace>:headlamp \
|
||||
--resource-name=polaris-dashboard \
|
||||
-n polaris
|
||||
# Expected: yes
|
||||
@@ -189,7 +189,7 @@ kubectl auth can-i get services/proxy \
|
||||
After applying RBAC changes:
|
||||
|
||||
```bash
|
||||
kubectl rollout restart deployment headlamp -n headlamp
|
||||
kubectl rollout restart deployment headlamp -n <your-namespace>
|
||||
```
|
||||
|
||||
---
|
||||
@@ -490,7 +490,7 @@ Run this script to test all RBAC components:
|
||||
#!/bin/bash
|
||||
NS="polaris"
|
||||
SA="headlamp"
|
||||
SA_NS="headlamp"
|
||||
SA_NS="<your-namespace>"
|
||||
|
||||
echo "=== Testing RBAC for Polaris Plugin ==="
|
||||
|
||||
@@ -530,7 +530,7 @@ Test connectivity from Headlamp to Polaris:
|
||||
|
||||
```bash
|
||||
# Create debug pod in headlamp namespace
|
||||
kubectl run netdebug -n headlamp --rm -it --image=nicolaka/netshoot -- bash
|
||||
kubectl run netdebug -n <your-namespace> --rm -it --image=nicolaka/netshoot -- bash
|
||||
|
||||
# Inside pod, test DNS and HTTP
|
||||
nslookup polaris-dashboard.polaris.svc.cluster.local
|
||||
@@ -545,11 +545,11 @@ If you have audit logging enabled, check for denied requests:
|
||||
|
||||
```bash
|
||||
# View recent audit logs (location varies by cluster)
|
||||
kubectl logs -n headlamp kube-apiserver-* | grep polaris-dashboard
|
||||
kubectl logs -n <your-namespace> kube-apiserver-* | grep polaris-dashboard
|
||||
|
||||
# Look for lines with:
|
||||
# "reason": "Forbidden"
|
||||
# "user": "system:serviceaccount:headlamp:headlamp"
|
||||
# "user": "system:serviceaccount:<your-namespace>:headlamp"
|
||||
```
|
||||
|
||||
---
|
||||
@@ -567,7 +567,7 @@ kubectl logs -n headlamp kube-apiserver-* | grep polaris-dashboard
|
||||
**Check sidecar logs**:
|
||||
|
||||
```bash
|
||||
kubectl logs -n headlamp deployment/headlamp -c headlamp-plugin
|
||||
kubectl logs -n <your-namespace> deployment/headlamp -c headlamp-plugin
|
||||
```
|
||||
|
||||
**Common errors**:
|
||||
@@ -591,7 +591,7 @@ Error: 404 Not Found
|
||||
**Solution**: Verify `archive-url` in plugin config matches GitHub release:
|
||||
|
||||
```bash
|
||||
kubectl get configmap headlamp-plugin-config -n headlamp -o yaml
|
||||
kubectl get configmap headlamp-plugin-config -n <your-namespace> -o yaml
|
||||
```
|
||||
|
||||
Expected format:
|
||||
@@ -677,13 +677,13 @@ If none of these solutions work, gather debugging information and open an issue:
|
||||
1. **Version Information**:
|
||||
|
||||
```bash
|
||||
kubectl get pods -n headlamp -l app.kubernetes.io/name=headlamp -o yaml | grep image:
|
||||
kubectl get pods -n <your-namespace> -l app.kubernetes.io/name=headlamp -o yaml | grep image:
|
||||
```
|
||||
|
||||
2. **Plugin Version**:
|
||||
|
||||
- Check Settings → Plugins in Headlamp UI
|
||||
- Or: `kubectl exec -n headlamp deployment/headlamp -c headlamp -- cat /headlamp/plugins/headlamp-polaris-plugin/package.json`
|
||||
- Or: `kubectl exec -n <your-namespace> deployment/headlamp -c headlamp -- cat /headlamp/plugins/headlamp-polaris-plugin/package.json`
|
||||
|
||||
3. **Browser Console Output**:
|
||||
|
||||
@@ -698,7 +698,7 @@ If none of these solutions work, gather debugging information and open an issue:
|
||||
5. **Pod Logs**:
|
||||
|
||||
```bash
|
||||
kubectl logs -n headlamp deployment/headlamp -c headlamp --tail=100
|
||||
kubectl logs -n <your-namespace> deployment/headlamp -c headlamp --tail=100
|
||||
kubectl logs -n polaris deployment/polaris-dashboard --tail=100
|
||||
```
|
||||
|
||||
|
||||
@@ -112,7 +112,7 @@ The plugin requires permissions to access the Polaris dashboard via Kubernetes s
|
||||
```bash
|
||||
# Test if Headlamp service account has permission
|
||||
kubectl auth can-i get services/proxy \
|
||||
--as=system:serviceaccount:headlamp:headlamp \
|
||||
--as=system:serviceaccount:<your-namespace>:headlamp \
|
||||
-n polaris \
|
||||
--resource-name=polaris-dashboard
|
||||
|
||||
|
||||
@@ -119,7 +119,7 @@ kubectl -n <your-namespace> exec -it deployment/headlamp -c headlamp -- \
|
||||
|
||||
# Verify RBAC is correct
|
||||
kubectl auth can-i get services/proxy \
|
||||
--as=system:serviceaccount:headlamp:headlamp \
|
||||
--as=system:serviceaccount:<your-namespace>:headlamp \
|
||||
-n polaris \
|
||||
--resource-name=polaris-dashboard
|
||||
|
||||
|
||||
@@ -38,7 +38,7 @@ kubectl get --raw /api/v1/namespaces/polaris/services/polaris-dashboard:80/proxy
|
||||
|
||||
# 3. Verify RBAC permissions
|
||||
kubectl auth can-i get services/proxy \
|
||||
--as=system:serviceaccount:headlamp:headlamp \
|
||||
--as=system:serviceaccount:<your-namespace>:headlamp \
|
||||
-n polaris \
|
||||
--resource-name=polaris-dashboard
|
||||
|
||||
@@ -76,7 +76,7 @@ kubectl -n polaris get rolebinding headlamp-polaris-proxy
|
||||
|
||||
# Test permission (service account mode)
|
||||
kubectl auth can-i get services/proxy \
|
||||
--as=system:serviceaccount:headlamp:headlamp \
|
||||
--as=system:serviceaccount:<your-namespace>:headlamp \
|
||||
-n polaris \
|
||||
--resource-name=polaris-dashboard
|
||||
|
||||
|
||||
@@ -169,7 +169,7 @@ Service account mode:
|
||||
```bash
|
||||
# Impersonate Headlamp service account
|
||||
kubectl auth can-i get services/proxy \
|
||||
--as=system:serviceaccount:headlamp:headlamp \
|
||||
--as=system:serviceaccount:<your-namespace>:headlamp \
|
||||
--resource-name=polaris-dashboard \
|
||||
-n polaris
|
||||
# Expected: yes
|
||||
@@ -490,7 +490,7 @@ Run this script to test all RBAC components:
|
||||
#!/bin/bash
|
||||
NS="polaris"
|
||||
SA="headlamp"
|
||||
SA_NS="headlamp"
|
||||
SA_NS="<your-namespace>"
|
||||
|
||||
echo "=== Testing RBAC for Polaris Plugin ==="
|
||||
|
||||
@@ -549,7 +549,7 @@ kubectl logs -n <your-namespace> kube-apiserver-* | grep polaris-dashboard
|
||||
|
||||
# Look for lines with:
|
||||
# "reason": "Forbidden"
|
||||
# "user": "system:serviceaccount:headlamp:headlamp"
|
||||
# "user": "system:serviceaccount:<your-namespace>:headlamp"
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
@@ -83,7 +83,7 @@ roleRef:
|
||||
```bash
|
||||
# Test service account (in-cluster mode)
|
||||
kubectl auth can-i get services/proxy \
|
||||
--as=system:serviceaccount:headlamp:headlamp \
|
||||
--as=system:serviceaccount:<your-namespace>:headlamp \
|
||||
-n polaris \
|
||||
--resource-name=polaris-dashboard
|
||||
|
||||
|
||||
@@ -317,7 +317,7 @@ kubectl -n polaris get rolebinding headlamp-polaris-proxy
|
||||
|
||||
# Test permission
|
||||
kubectl auth can-i get services/proxy \
|
||||
--as=system:serviceaccount:headlamp:headlamp \
|
||||
--as=system:serviceaccount:<your-namespace>:headlamp \
|
||||
-n polaris \
|
||||
--resource-name=polaris-dashboard
|
||||
```
|
||||
|
||||
@@ -91,7 +91,7 @@ kubectl -n polaris get rolebinding headlamp-polaris-proxy
|
||||
|
||||
# Test permission
|
||||
kubectl auth can-i get services/proxy \
|
||||
--as=system:serviceaccount:headlamp:headlamp \
|
||||
--as=system:serviceaccount:<your-namespace>:headlamp \
|
||||
-n polaris \
|
||||
--resource-name=polaris-dashboard
|
||||
|
||||
@@ -109,7 +109,7 @@ In token-auth mode, **each user's own identity** is used for Kubernetes API requ
|
||||
With service account mode:
|
||||
|
||||
- Single RoleBinding grants access to all Headlamp users
|
||||
- Kubernetes sees all requests as `system:serviceaccount:headlamp:headlamp`
|
||||
- Kubernetes sees all requests as `system:serviceaccount:<your-namespace>:headlamp`
|
||||
|
||||
With token-auth mode:
|
||||
|
||||
@@ -411,7 +411,7 @@ Every plugin data fetch creates a Kubernetes API audit log entry.
|
||||
"level": "Metadata",
|
||||
"verb": "get",
|
||||
"user": {
|
||||
"username": "system:serviceaccount:headlamp:headlamp"
|
||||
"username": "system:serviceaccount:<your-namespace>:headlamp"
|
||||
},
|
||||
"sourceIPs": ["10.96.0.1"],
|
||||
"objectRef": {
|
||||
@@ -494,7 +494,7 @@ If using a log aggregator (e.g., Elasticsearch), create filters to exclude or do
|
||||
```bash
|
||||
# Service account mode
|
||||
kubectl auth can-i get services/proxy \
|
||||
--as=system:serviceaccount:headlamp:headlamp \
|
||||
--as=system:serviceaccount:<your-namespace>:headlamp \
|
||||
-n polaris \
|
||||
--resource-name=polaris-dashboard
|
||||
|
||||
|
||||
Reference in New Issue
Block a user