From 207711567cb36bac18fc29e087f796f9b1502b31 Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Sun, 10 May 2026 21:21:29 +0000 Subject: [PATCH] docs: replace hardcoded namespace with placeholder Users choose their own namespace for Headlamp. Replace all hardcoded namespace references (headlamp, kube-system) in user-facing docs with so users substitute their own value. Conventions: - Helm install: --namespace --create-namespace - kubectl commands: -n - YAML metadata: namespace: - Prose: "the namespace where Headlamp is installed" Out-of-scope references left untouched: - kube-system in NetworkPolicy selectors (API server namespace) - polaris namespace references (upstream workload namespace) - Source code and test files Refs: PRI-433 Co-Authored-By: Paperclip --- README.md | 4 +-- SECURITY.md | 6 ++-- docs/TESTING.md | 4 +-- docs/deployment/helm.md | 40 ++++++++++++------------- docs/deployment/kubernetes.md | 42 +++++++++++++-------------- docs/deployment/production.md | 26 ++++++++--------- docs/development/testing.md | 4 +-- docs/getting-started/installation.md | 26 ++++++++--------- docs/getting-started/prerequisites.md | 8 ++--- docs/getting-started/quick-start.md | 8 ++--- docs/troubleshooting/README.md | 6 ++-- docs/troubleshooting/common-issues.md | 26 ++++++++--------- docs/troubleshooting/rbac-issues.md | 2 +- docs/user-guide/rbac-permissions.md | 8 ++--- 14 files changed, 105 insertions(+), 105 deletions(-) diff --git a/README.md b/README.md index 7c7c9b2..520f960 100644 --- a/README.md +++ b/README.md @@ -97,7 +97,7 @@ metadata: subjects: - kind: ServiceAccount name: headlamp # adjust to match your Headlamp service account - namespace: headlamp # adjust to match the namespace Headlamp runs in + namespace: roleRef: kind: Role name: polaris-proxy-reader @@ -197,7 +197,7 @@ npm test npm run test:watch # E2E tests (Playwright) -export HEADLAMP_TOKEN=$(kubectl create token headlamp -n headlamp --duration=24h) +export HEADLAMP_TOKEN=$(kubectl create token headlamp -n --duration=24h) npm run e2e npm run e2e:headed # see browser ``` diff --git a/SECURITY.md b/SECURITY.md index f425ad2..3e4217c 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -71,7 +71,7 @@ metadata: subjects: - kind: ServiceAccount name: headlamp - namespace: headlamp + namespace: roleRef: kind: Role name: polaris-proxy-reader @@ -149,7 +149,7 @@ spec: ### Service Account (Default) -Headlamp runs with a dedicated service account (`headlamp` in `kube-system`). All users share the same permissions defined by this service account's RBAC bindings. +Headlamp runs with a dedicated service account (`headlamp` in the namespace where Headlamp is installed). All users share the same permissions defined by this service account's RBAC bindings. **Security Considerations:** - All users have identical access to the plugin @@ -317,7 +317,7 @@ All service proxy requests are logged in Kubernetes API audit logs (if enabled): "verb": "get", "requestURI": "/api/v1/namespaces/polaris/services/polaris-dashboard:80/proxy/results.json", "user": { - "username": "system:serviceaccount:kube-system:headlamp", + "username": "system:serviceaccount::headlamp", "groups": ["system:serviceaccounts", "system:authenticated"] } } diff --git a/docs/TESTING.md b/docs/TESTING.md index 5425b87..d20ded7 100644 --- a/docs/TESTING.md +++ b/docs/TESTING.md @@ -268,9 +268,9 @@ npm run e2e ```bash # Create token -export HEADLAMP_TOKEN=$(kubectl create token headlamp -n headlamp --duration=24h) +export HEADLAMP_TOKEN=$(kubectl create token headlamp -n --duration=24h) -kubectl port-forward -n headlamp svc/headlamp 4466:80 +kubectl port-forward -n svc/headlamp 4466:80 # Run tests HEADLAMP_URL=http://localhost:4466 npm run e2e diff --git a/docs/deployment/helm.md b/docs/deployment/helm.md index 7cf4a73..00fabc3 100644 --- a/docs/deployment/helm.md +++ b/docs/deployment/helm.md @@ -41,11 +41,11 @@ pluginsManager: ```bash # Install Headlamp helm install headlamp headlamp/headlamp \ - --namespace headlamp \ + --namespace \ --values headlamp-values.yaml # Wait for deployment -kubectl -n headlamp wait --for=condition=available deployment/headlamp --timeout=300s +kubectl -n wait --for=condition=available deployment/headlamp --timeout=300s ``` After installation, install the plugin via Headlamp UI (**Settings → Plugins → Catalog**). @@ -131,7 +131,7 @@ Deploy: ```bash helm upgrade --install headlamp headlamp/headlamp \ - --namespace headlamp \ + --namespace \ --values headlamp-values.yaml \ --wait \ --timeout 5m @@ -177,7 +177,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: headlamp-plugin-config - namespace: headlamp + namespace: data: plugin.yml: | - name: headlamp-polaris-plugin @@ -191,7 +191,7 @@ Apply ConfigMap then deploy Headlamp: kubectl apply -f headlamp-plugin-config.yaml helm upgrade --install headlamp headlamp/headlamp \ - --namespace headlamp \ + --namespace \ --values headlamp-values.yaml ``` @@ -221,7 +221,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: headlamp - namespace: headlamp + namespace: spec: interval: 30m chart: @@ -300,7 +300,7 @@ kubectl apply -f helmrepository.yaml kubectl apply -f helmrelease.yaml # Watch deployment -flux get helmreleases -n headlamp --watch +flux get helmreleases -n --watch ``` ## RBAC Configuration @@ -329,7 +329,7 @@ metadata: subjects: - kind: ServiceAccount name: headlamp -namespace: headlamp +namespace: roleRef: kind: Role name: polaris-proxy-reader @@ -349,7 +349,7 @@ helm repo update # Upgrade Headlamp (preserves plugin configuration) helm upgrade headlamp headlamp/headlamp \ - --namespace headlamp \ + --namespace \ --values headlamp-values.yaml \ --wait ``` @@ -365,15 +365,15 @@ helm upgrade headlamp headlamp/headlamp \ ```bash # Update ConfigMap with new version -kubectl -n headlamp edit configmap headlamp-plugin-config +kubectl -n edit configmap headlamp-plugin-config # Update version and URL: # version: 0.3.6 # url: https://github.com/.../v0.3.6/polaris-0.3.10.tar.gz # Restart deployment to trigger init container -kubectl -n headlamp rollout restart deployment/headlamp -kubectl -n headlamp rollout status deployment/headlamp +kubectl -n rollout restart deployment/headlamp +kubectl -n rollout status deployment/headlamp ``` ## Troubleshooting @@ -382,25 +382,25 @@ kubectl -n headlamp rollout status deployment/headlamp ```bash # Check Headlamp values -helm get values headlamp -n headlamp +helm get values headlamp -n # Verify plugin files exist -kubectl -n headlamp exec deployment/headlamp -c headlamp -- \ +kubectl -n exec deployment/headlamp -c headlamp -- \ ls -la /headlamp/plugins/headlamp-polaris-plugin/ # If missing, reinstall plugin via UI or check init container logs -kubectl -n headlamp logs deployment/headlamp -c install-polaris-plugin +kubectl -n logs deployment/headlamp -c install-polaris-plugin ``` ### Helm Release Stuck ```bash # Check Helm release status -helm list -n headlamp +helm list -n # If stuck, force upgrade helm upgrade headlamp headlamp/headlamp \ - --namespace headlamp \ + --namespace \ --values headlamp-values.yaml \ --force \ --wait @@ -410,13 +410,13 @@ helm upgrade headlamp headlamp/headlamp \ ```bash # Check HelmRelease status -flux get helmreleases -n headlamp +flux get helmreleases -n # Check events -kubectl -n headlamp describe helmrelease headlamp +kubectl -n describe helmrelease headlamp # Force reconciliation -flux reconcile helmrelease headlamp -n headlamp +flux reconcile helmrelease headlamp -n ``` ## Next Steps diff --git a/docs/deployment/kubernetes.md b/docs/deployment/kubernetes.md index 3c4cc95..211d0cb 100644 --- a/docs/deployment/kubernetes.md +++ b/docs/deployment/kubernetes.md @@ -47,7 +47,7 @@ metadata: subjects: - kind: ServiceAccount name: headlamp - namespace: headlamp + namespace: roleRef: kind: Role name: polaris-proxy-reader @@ -71,7 +71,7 @@ kubectl -n polaris get rolebinding headlamp-polaris-proxy # Test permission kubectl auth can-i get services/proxy \ - --as=system:serviceaccount:headlamp:headlamp \ + --as=system:serviceaccount::headlamp \ -n polaris \ --resource-name=polaris-dashboard @@ -90,7 +90,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: headlamp-plugin-config - namespace: headlamp + namespace: labels: app.kubernetes.io/name: headlamp app.kubernetes.io/component: plugin-config @@ -109,7 +109,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: headlamp - namespace: headlamp + namespace: labels: app.kubernetes.io/name: headlamp spec: @@ -194,7 +194,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: headlamp - namespace: headlamp + namespace: labels: app.kubernetes.io/name: headlamp @@ -204,7 +204,7 @@ apiVersion: v1 kind: Service metadata: name: headlamp - namespace: headlamp + namespace: labels: app.kubernetes.io/name: headlamp spec: @@ -235,27 +235,27 @@ kubectl apply -f headlamp-service.yaml kubectl apply -f headlamp-serviceaccount.yaml # Wait for deployment to be ready -kubectl -n headlamp wait --for=condition=available deployment/headlamp --timeout=300s +kubectl -n wait --for=condition=available deployment/headlamp --timeout=300s ``` ### 2. Verify Deployment ```bash # Check pods are running -kubectl -n headlamp get pods -l app.kubernetes.io/name=headlamp +kubectl -n get pods -l app.kubernetes.io/name=headlamp # Expected output: # NAME READY STATUS RESTARTS AGE # headlamp-xxxxxxxxxx-xxxxx 1/1 Running 0 2m # Check init container logs -kubectl -n headlamp logs deployment/headlamp -c install-plugins +kubectl -n logs deployment/headlamp -c install-plugins # Expected output: # Plugin installation complete # Verify plugin files exist -kubectl -n headlamp exec deployment/headlamp -c headlamp -- \ +kubectl -n exec deployment/headlamp -c headlamp -- \ ls -la /headlamp/plugins/headlamp-polaris-plugin/ # Expected output: @@ -273,7 +273,7 @@ kubectl get --raw /api/v1/namespaces/polaris/services/polaris-dashboard:80/proxy ```bash # Port-forward to access locally -kubectl -n headlamp port-forward service/headlamp 8080:80 +kubectl -n port-forward service/headlamp 8080:80 # Open browser to http://localhost:8080 ``` @@ -309,7 +309,7 @@ k8s/ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: headlamp +namespace: commonLabels: app.kubernetes.io/name: headlamp @@ -401,7 +401,7 @@ spec: - apiVersion: apps/v1 kind: Deployment name: headlamp - namespace: headlamp + namespace: ``` ## Upgrading the Plugin @@ -410,24 +410,24 @@ spec: ```bash # Edit ConfigMap with new version -kubectl -n headlamp edit configmap headlamp-plugin-config +kubectl -n edit configmap headlamp-plugin-config # Update version and URL: # version: 0.3.6 # url: https://github.com/.../v0.3.6/polaris-0.3.10.tar.gz # Restart deployment to trigger init container -kubectl -n headlamp rollout restart deployment/headlamp +kubectl -n rollout restart deployment/headlamp # Wait for rollout to complete -kubectl -n headlamp rollout status deployment/headlamp +kubectl -n rollout status deployment/headlamp ``` ### Verify Upgrade ```bash # Check init container logs -kubectl -n headlamp logs deployment/headlamp -c install-plugins +kubectl -n logs deployment/headlamp -c install-plugins # Verify new version in UI # Navigate to Settings → Plugins in Headlamp @@ -439,7 +439,7 @@ kubectl -n headlamp logs deployment/headlamp -c install-plugins ```bash # Check init container logs -kubectl -n headlamp logs deployment/headlamp -c install-plugins +kubectl -n logs deployment/headlamp -c install-plugins # Common issues: # 1. Network connectivity to GitHub @@ -451,14 +451,14 @@ kubectl -n headlamp logs deployment/headlamp -c install-plugins ```bash # Verify HEADLAMP_CONFIG_WATCH_PLUGINS is false -kubectl -n headlamp get deployment headlamp -o yaml | grep WATCH_PLUGINS +kubectl -n get deployment headlamp -o yaml | grep WATCH_PLUGINS # Expected output: # - name: HEADLAMP_CONFIG_WATCH_PLUGINS # value: "false" # If not set or "true", update deployment -kubectl -n headlamp edit deployment headlamp +kubectl -n edit deployment headlamp ``` ### RBAC Permissions Denied @@ -466,7 +466,7 @@ kubectl -n headlamp edit deployment headlamp ```bash # Test RBAC kubectl auth can-i get services/proxy \ - --as=system:serviceaccount:headlamp:headlamp \ + --as=system:serviceaccount::headlamp \ -n polaris \ --resource-name=polaris-dashboard diff --git a/docs/deployment/production.md b/docs/deployment/production.md index a4af452..37fedb7 100644 --- a/docs/deployment/production.md +++ b/docs/deployment/production.md @@ -37,8 +37,8 @@ kubectl -n polaris get svc polaris-dashboard kubectl get --raw /api/v1/namespaces/polaris/services/polaris-dashboard:80/proxy/results.json | jq .PolarisOutputVersion # Verify Headlamp -kubectl -n headlamp get deployment headlamp -kubectl -n headlamp get svc headlamp +kubectl -n get deployment headlamp +kubectl -n get svc headlamp ``` ## Production Checklist @@ -60,17 +60,17 @@ kubectl get --raw /api/v1/namespaces/polaris/services/polaris-dashboard:80/proxy # 2. Verify RBAC permissions kubectl auth can-i get services/proxy \ - --as=system:serviceaccount:headlamp:headlamp \ + --as=system:serviceaccount::headlamp \ -n polaris \ --resource-name=polaris-dashboard # Expected: yes # 3. Check Headlamp logs for plugin loading -kubectl -n headlamp logs deployment/headlamp | grep -i polaris +kubectl -n logs deployment/headlamp | grep -i polaris # Expected: No errors related to plugin loading # 4. Verify plugin files exist -kubectl -n headlamp exec deployment/headlamp -c headlamp -- ls -la /headlamp/plugins/headlamp-polaris-plugin/ +kubectl -n exec deployment/headlamp -c headlamp -- ls -la /headlamp/plugins/headlamp-polaris-plugin/ # Expected: dist/, package.json present ``` @@ -241,7 +241,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: headlamp-pdb - namespace: headlamp + namespace: spec: minAvailable: 1 selector: @@ -295,7 +295,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: headlamp - namespace: headlamp + namespace: spec: selector: matchLabels: @@ -312,10 +312,10 @@ spec: ```bash # View logs -kubectl -n headlamp logs deployment/headlamp -f +kubectl -n logs deployment/headlamp -f # Filter for plugin-related logs -kubectl -n headlamp logs deployment/headlamp | grep -i polaris +kubectl -n logs deployment/headlamp | grep -i polaris ``` **Polaris Dashboard Logs:** @@ -341,14 +341,14 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: name: headlamp-alerts - namespace: headlamp + namespace: spec: groups: - name: headlamp interval: 30s rules: - alert: HeadlampPodNotReady - expr: kube_pod_status_ready{namespace="headlamp", pod=~"headlamp-.*"} == 0 + expr: kube_pod_status_ready{namespace="", pod=~"headlamp-.*"} == 0 for: 5m labels: severity: warning @@ -423,7 +423,7 @@ If Headlamp or plugin becomes unavailable: ```bash helm upgrade --install headlamp headlamp/headlamp \ - --namespace headlamp \ + --namespace \ --values headlamp-values.yaml ``` @@ -436,7 +436,7 @@ helm upgrade --install headlamp headlamp/headlamp \ 4. **Verify plugin files:** ```bash - kubectl -n headlamp exec deployment/headlamp -- \ + kubectl -n exec deployment/headlamp -- \ ls /headlamp/plugins/headlamp-polaris-plugin/ ``` diff --git a/docs/development/testing.md b/docs/development/testing.md index 5425b87..d20ded7 100644 --- a/docs/development/testing.md +++ b/docs/development/testing.md @@ -268,9 +268,9 @@ npm run e2e ```bash # Create token -export HEADLAMP_TOKEN=$(kubectl create token headlamp -n headlamp --duration=24h) +export HEADLAMP_TOKEN=$(kubectl create token headlamp -n --duration=24h) -kubectl port-forward -n headlamp svc/headlamp 4466:80 +kubectl port-forward -n svc/headlamp 4466:80 # Run tests HEADLAMP_URL=http://localhost:4466 npm run e2e diff --git a/docs/getting-started/installation.md b/docs/getting-started/installation.md index c48a571..78c0636 100644 --- a/docs/getting-started/installation.md +++ b/docs/getting-started/installation.md @@ -72,7 +72,7 @@ Deploy or update Headlamp: ```bash helm upgrade --install headlamp headlamp/headlamp \ - --namespace headlamp \ + --namespace \ --values headlamp-values.yaml ``` @@ -122,7 +122,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: headlamp-plugin-config - namespace: headlamp + namespace: data: plugin.yml: | - name: headlamp-polaris-plugin @@ -138,14 +138,14 @@ kubectl apply -f headlamp-plugin-config.yaml # Deploy/update Headlamp with sidecar helm upgrade --install headlamp headlamp/headlamp \ - --namespace headlamp \ + --namespace \ --values headlamp-values.yaml # Wait for pod to be ready -kubectl -n headlamp wait --for=condition=ready pod -l app.kubernetes.io/name=headlamp --timeout=300s +kubectl -n wait --for=condition=ready pod -l app.kubernetes.io/name=headlamp --timeout=300s # Verify plugin files -kubectl -n headlamp exec -it deployment/headlamp -c headlamp -- ls -la /headlamp/plugins/headlamp-polaris-plugin/ +kubectl -n exec -it deployment/headlamp -c headlamp -- ls -la /headlamp/plugins/headlamp-polaris-plugin/ # Expected output: # drwxr-xr-x dist/ @@ -270,7 +270,7 @@ metadata: subjects: - kind: ServiceAccount name: headlamp - namespace: headlamp + namespace: roleRef: kind: Role name: polaris-proxy-reader @@ -284,10 +284,10 @@ See [RBAC Permissions](../user-guide/rbac-permissions.md) for detailed RBAC conf ```bash # If you updated Helm values or ConfigMaps -kubectl -n headlamp rollout restart deployment/headlamp +kubectl -n rollout restart deployment/headlamp # Wait for pod to be ready -kubectl -n headlamp wait --for=condition=ready pod -l app.kubernetes.io/name=headlamp --timeout=300s +kubectl -n wait --for=condition=ready pod -l app.kubernetes.io/name=headlamp --timeout=300s ``` ### 3. Clear Browser Cache @@ -312,14 +312,14 @@ kubectl -n headlamp wait --for=condition=ready pod -l app.kubernetes.io/name=hea ```bash # Verify plugin files exist -kubectl -n headlamp exec -it deployment/headlamp -c headlamp -- ls -la /headlamp/plugins/headlamp-polaris-plugin/ +kubectl -n exec -it deployment/headlamp -c headlamp -- ls -la /headlamp/plugins/headlamp-polaris-plugin/ # Expected output: # drwxr-xr-x dist/ # -rw-r--r-- package.json # Check Headlamp logs for errors -kubectl -n headlamp logs deployment/headlamp | grep -i polaris +kubectl -n logs deployment/headlamp | grep -i polaris # Expected: No errors related to plugin loading @@ -345,13 +345,13 @@ kubectl get --raw /api/v1/namespaces/polaris/services/polaris-dashboard:80/proxy ```bash # 1. Verify plugin files exist -kubectl -n headlamp exec deployment/headlamp -c headlamp -- \ +kubectl -n exec deployment/headlamp -c headlamp -- \ ls -la /headlamp/plugins/headlamp-polaris-plugin/ # Expected: dist/, package.json present # 2. Check Headlamp logs for plugin errors -kubectl -n headlamp logs deployment/headlamp | grep -i polaris +kubectl -n logs deployment/headlamp | grep -i polaris # 3. Hard refresh browser (Cmd+Shift+R or Ctrl+Shift+R) @@ -404,7 +404,7 @@ helm install polaris fairwinds-stable/polaris \ ```bash # Wait 30 minutes for ArtifactHub sync # Or manually force Headlamp restart: -kubectl -n headlamp rollout restart deployment/headlamp +kubectl -n rollout restart deployment/headlamp ``` ## Next Steps diff --git a/docs/getting-started/prerequisites.md b/docs/getting-started/prerequisites.md index 75debb1..716edf9 100644 --- a/docs/getting-started/prerequisites.md +++ b/docs/getting-started/prerequisites.md @@ -67,14 +67,14 @@ kubectl -n polaris wait --for=condition=ready pod -l app.kubernetes.io/name=pola ```bash # Check Headlamp is deployed -kubectl -n headlamp get pods -l app.kubernetes.io/name=headlamp +kubectl -n get pods -l app.kubernetes.io/name=headlamp # Expected output: # NAME READY STATUS RESTARTS AGE # headlamp-xxxxxxxxxx-xxxxx 1/1 Running 0 1h # Check Headlamp version (must be v0.26+) -kubectl -n headlamp get deployment headlamp -o jsonpath='{.spec.template.spec.containers[0].image}' +kubectl -n get deployment headlamp -o jsonpath='{.spec.template.spec.containers[0].image}' # Expected output: # ghcr.io/headlamp-k8s/headlamp:v0.39.0 (or similar) @@ -89,12 +89,12 @@ helm repo update # Install Headlamp helm install headlamp headlamp/headlamp \ - --namespace headlamp \ + --namespace \ --set config.pluginsDir="/headlamp/plugins" \ --set pluginsManager.enabled=true # Wait for pod to be ready -kubectl -n headlamp wait --for=condition=ready pod -l app.kubernetes.io/name=headlamp --timeout=300s +kubectl -n wait --for=condition=ready pod -l app.kubernetes.io/name=headlamp --timeout=300s ``` ## RBAC Requirements diff --git a/docs/getting-started/quick-start.md b/docs/getting-started/quick-start.md index 02646ee..fbe32fe 100644 --- a/docs/getting-started/quick-start.md +++ b/docs/getting-started/quick-start.md @@ -38,7 +38,7 @@ EOF # Update Headlamp helm upgrade --install headlamp headlamp/headlamp \ - --namespace headlamp \ + --namespace \ --values headlamp-values.yaml ``` @@ -70,7 +70,7 @@ metadata: subjects: - kind: ServiceAccount name: headlamp - namespace: headlamp + namespace: roleRef: kind: Role name: polaris-proxy-reader @@ -111,7 +111,7 @@ EOF ```bash # Verify plugin files exist -kubectl -n headlamp exec -it deployment/headlamp -c headlamp -- \ +kubectl -n exec -it deployment/headlamp -c headlamp -- \ ls /headlamp/plugins/headlamp-polaris-plugin/dist/ # Expected output: @@ -185,7 +185,7 @@ Cluster score badge in top navigation: ```bash # Verify plugin files exist -kubectl -n headlamp exec -it deployment/headlamp -c headlamp -- \ +kubectl -n exec -it deployment/headlamp -c headlamp -- \ ls /headlamp/plugins/headlamp-polaris-plugin/ # If missing, reinstall via Headlamp UI or sidecar method diff --git a/docs/troubleshooting/README.md b/docs/troubleshooting/README.md index f2047b7..56a2d18 100644 --- a/docs/troubleshooting/README.md +++ b/docs/troubleshooting/README.md @@ -45,10 +45,10 @@ kubectl auth can-i get services/proxy \ # Expected output: yes # 4. Check Headlamp pod is running -kubectl -n headlamp get pods -l app.kubernetes.io/name=headlamp +kubectl -n get pods -l app.kubernetes.io/name=headlamp # 5. Check Headlamp logs for plugin errors -kubectl -n headlamp logs deployment/headlamp | grep -i polaris +kubectl -n logs deployment/headlamp | grep -i polaris # Expected: No errors ``` @@ -57,7 +57,7 @@ kubectl -n headlamp logs deployment/headlamp | grep -i polaris ```bash # Verify plugin files exist -kubectl -n headlamp exec deployment/headlamp -c headlamp -- \ +kubectl -n exec deployment/headlamp -c headlamp -- \ ls -la /headlamp/plugins/headlamp-polaris-plugin/ # Expected output: diff --git a/docs/troubleshooting/common-issues.md b/docs/troubleshooting/common-issues.md index 5884651..88de60e 100644 --- a/docs/troubleshooting/common-issues.md +++ b/docs/troubleshooting/common-issues.md @@ -33,7 +33,7 @@ This guide covers common issues encountered when using the Headlamp Polaris Plug ```bash # View Headlamp pod logs (plugin sidecar) -kubectl logs -n headlamp deployment/headlamp -c headlamp-plugin +kubectl logs -n deployment/headlamp -c headlamp-plugin # Expected output: # Installing plugin from https://github.com/.../headlamp-polaris-plugin-X.Y.Z.tar.gz @@ -43,7 +43,7 @@ kubectl logs -n headlamp deployment/headlamp -c headlamp-plugin **Verify plugin files exist**: ```bash -kubectl exec -n headlamp deployment/headlamp -c headlamp -- ls -la /headlamp/plugins/ +kubectl exec -n deployment/headlamp -c headlamp -- ls -la /headlamp/plugins/ # Should show: headlamp-polaris-plugin/ ``` @@ -118,7 +118,7 @@ Expected subjects: subjects: - kind: ServiceAccount name: headlamp - namespace: headlamp + namespace: ``` For OIDC mode: @@ -154,7 +154,7 @@ metadata: subjects: - kind: ServiceAccount name: headlamp - namespace: headlamp + namespace: roleRef: kind: Role name: polaris-proxy-reader @@ -189,7 +189,7 @@ kubectl auth can-i get services/proxy \ After applying RBAC changes: ```bash -kubectl rollout restart deployment headlamp -n headlamp +kubectl rollout restart deployment headlamp -n ``` --- @@ -529,8 +529,8 @@ echo "=== Test complete ===" Test connectivity from Headlamp to Polaris: ```bash -# Create debug pod in headlamp namespace -kubectl run netdebug -n headlamp --rm -it --image=nicolaka/netshoot -- bash +# Create debug pod in the namespace where Headlamp is installed +kubectl run netdebug -n --rm -it --image=nicolaka/netshoot -- bash # Inside pod, test DNS and HTTP nslookup polaris-dashboard.polaris.svc.cluster.local @@ -545,7 +545,7 @@ If you have audit logging enabled, check for denied requests: ```bash # View recent audit logs (location varies by cluster) -kubectl logs -n headlamp kube-apiserver-* | grep polaris-dashboard +kubectl logs -n kube-apiserver-* | grep polaris-dashboard # Look for lines with: # "reason": "Forbidden" @@ -567,7 +567,7 @@ kubectl logs -n headlamp kube-apiserver-* | grep polaris-dashboard **Check sidecar logs**: ```bash -kubectl logs -n headlamp deployment/headlamp -c headlamp-plugin +kubectl logs -n deployment/headlamp -c headlamp-plugin ``` **Common errors**: @@ -591,7 +591,7 @@ Error: 404 Not Found **Solution**: Verify `archive-url` in plugin config matches GitHub release: ```bash -kubectl get configmap headlamp-plugin-config -n headlamp -o yaml +kubectl get configmap headlamp-plugin-config -n -o yaml ``` Expected format: @@ -677,13 +677,13 @@ If none of these solutions work, gather debugging information and open an issue: 1. **Version Information**: ```bash - kubectl get pods -n headlamp -l app.kubernetes.io/name=headlamp -o yaml | grep image: + kubectl get pods -n -l app.kubernetes.io/name=headlamp -o yaml | grep image: ``` 2. **Plugin Version**: - Check Settings → Plugins in Headlamp UI - - Or: `kubectl exec -n headlamp deployment/headlamp -c headlamp -- cat /headlamp/plugins/headlamp-polaris-plugin/package.json` + - Or: `kubectl exec -n deployment/headlamp -c headlamp -- cat /headlamp/plugins/headlamp-polaris-plugin/package.json` 3. **Browser Console Output**: @@ -698,7 +698,7 @@ If none of these solutions work, gather debugging information and open an issue: 5. **Pod Logs**: ```bash - kubectl logs -n headlamp deployment/headlamp -c headlamp --tail=100 + kubectl logs -n deployment/headlamp -c headlamp --tail=100 kubectl logs -n polaris deployment/polaris-dashboard --tail=100 ``` diff --git a/docs/troubleshooting/rbac-issues.md b/docs/troubleshooting/rbac-issues.md index 9c34140..cbf69c8 100644 --- a/docs/troubleshooting/rbac-issues.md +++ b/docs/troubleshooting/rbac-issues.md @@ -43,7 +43,7 @@ metadata: subjects: - kind: ServiceAccount name: headlamp - namespace: headlamp + namespace: roleRef: kind: Role name: polaris-proxy-reader diff --git a/docs/user-guide/rbac-permissions.md b/docs/user-guide/rbac-permissions.md index 4a51ede..41fb1f5 100644 --- a/docs/user-guide/rbac-permissions.md +++ b/docs/user-guide/rbac-permissions.md @@ -65,7 +65,7 @@ metadata: subjects: - kind: ServiceAccount name: headlamp # Adjust to your Headlamp SA name - namespace: headlamp # Adjust to Headlamp's namespace + namespace: roleRef: kind: Role name: polaris-proxy-reader @@ -75,7 +75,7 @@ roleRef: **Adjust for your environment:** - `subjects[0].name` - Your Headlamp service account name (often `headlamp`) -- `subjects[0].namespace` - Namespace where Headlamp runs (often `headlamp`) +- `subjects[0].namespace` - Namespace where Headlamp is installed ### Step 3: Apply and Verify @@ -267,7 +267,7 @@ metadata: subjects: - kind: ServiceAccount name: headlamp - namespace: headlamp + namespace: roleRef: kind: Role name: polaris-proxy-reader @@ -281,7 +281,7 @@ metadata: subjects: - kind: ServiceAccount name: headlamp - namespace: headlamp + namespace: roleRef: kind: Role name: polaris-proxy-reader