privilegedescalation/headlamp-tns-csi-plugin
Archived
12
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases 13 Wiki Activity

docs: migrate Headlamp install namespace from kube-system to headlamp

Browse Source 
Doc-only: redirect all references to Headlamp's own install
namespace from kube-system to headlamp, except:
- Driver namespace (CLAUDE.md) stays kube-system (upstream)
- CSI controller API paths (docs/architecture/overview.md) stay
  kube-system (upstream workload)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Chris Farhood
2026-05-06 14:09:48 +00:00
committed by Gandalf the Greybeard [agent]
parent 40949dd3b5
commit 11cbe6d7e0
10 changed files with 23 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/troubleshooting/README.md
+2 -2
View File
@@ -77,7 +77,7 @@ If a page shows a loading spinner indefinitely:
1. **Check browser console** for errors (F12 → Console)
2. **Check network tab** for failed API requests (look for 403, 404, 500)
3. **Check Headlamp pod logs**: `kubectl logs -n kube-system -l app.kubernetes.io/name=headlamp`
3. **Check Headlamp pod logs**: `kubectl logs -n headlamp -l app.kubernetes.io/name=headlamp`
4. **Try refreshing** — the watch connection may have been interrupted
## Common API Errors
@@ -102,7 +102,7 @@ Look for errors related to `tns-csi`, `headlamp-plugin`, or Kubernetes API paths
**Headlamp pod logs:**
```bash
kubectl logs -n kube-system -l app.kubernetes.io/name=headlamp --tail=100
kubectl logs -n headlamp -l app.kubernetes.io/name=headlamp --tail=100
```
**tns-csi controller logs:**
docs/troubleshooting/benchmark.md
+2 -2
View File
@@ -8,10 +8,10 @@ The Benchmark page requires permissions to create and delete Jobs and PVCs:
```bash
kubectl auth can-i create jobs -n <benchmark-namespace> \
--as=system:serviceaccount:kube-system:headlamp
--as=system:serviceaccount:headlamp:headlamp
kubectl auth can-i create persistentvolumeclaims -n <benchmark-namespace> \
--as=system:serviceaccount:kube-system:headlamp
--as=system:serviceaccount:headlamp:headlamp
```
Apply the additional permissions if missing — see [RBAC Issues](rbac.md) or [SECURITY.md](../../SECURITY.md).
docs/troubleshooting/metrics.md
+1 -1
View File
@@ -47,7 +47,7 @@ This requires `get` on `pods/proxy` in `kube-system`:
```bash
kubectl auth can-i get pods/proxy \
-n kube-system \
--as=system:serviceaccount:kube-system:headlamp
--as=system:serviceaccount:headlamp:headlamp
```
### 5. Network Policies
docs/troubleshooting/rbac.md
+3 -3
View File
@@ -11,16 +11,16 @@ Use `kubectl auth can-i` to check specific permissions:
```bash
# Check if the Headlamp service account can list StorageClasses
kubectl auth can-i list storageclasses \
--as=system:serviceaccount:kube-system:headlamp
--as=system:serviceaccount:headlamp:headlamp
# Check pod proxy access (for metrics)
kubectl auth can-i get pods/proxy \
-n kube-system \
--as=system:serviceaccount:kube-system:headlamp
--as=system:serviceaccount:headlamp:headlamp
# Check snapshot access
kubectl auth can-i list volumesnapshots \
--as=system:serviceaccount:kube-system:headlamp
--as=system:serviceaccount:headlamp:headlamp
```
### Applying the Required RBAC