From 45bb74d42c7482db0cec896f70a8d9564d7c9013 Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Mon, 4 May 2026 07:36:05 +0000 Subject: [PATCH 1/2] docs: update install docs and ArtifactHub metadata to headlamp namespace - README: update Helm install URL to v1.0.0, add pods/proxy RBAC scope notes - docs/getting-started/installation.md: update all download URLs from v0.2.4 to v1.0.0, remove obsolete sha256sum example, fix build output placeholder - docs/getting-started/quick-start.md: update Helm URL to v1.0.0 - docs/deployment/helm.md: update install command and values URLs to v1.0.0 - docs/README.md: fix Artifact Hub URL (was duplicated 'headlamp') - docs/architecture/overview.md: update namespace references from kube-system to headlamp - CLAUDE.md: update driver namespace constant from kube-system to headlamp - CHANGELOG.md: add [Unreleased] entry documenting the namespace reference update Co-Authored-By: Paperclip --- CHANGELOG.md | 4 ++++ CLAUDE.md | 2 +- README.md | 12 ++++++++---- docs/README.md | 2 +- docs/architecture/overview.md | 6 +++--- docs/deployment/helm.md | 6 +++--- docs/getting-started/installation.md | 17 +++++++---------- docs/getting-started/quick-start.md | 2 +- 8 files changed, 28 insertions(+), 23 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b702a10..dcf6a2b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Changed + +- **docs: namespace references** — Updated all documentation, README, and ArtifactHub metadata to explicitly reference the `headlamp` namespace instead of generic "controller pod" language. RBAC examples now clearly scope `pods/proxy` access to `kube-system` where the tns-csi controller runs. + ## [1.0.0] - 2026-03-24 ### Added diff --git a/CLAUDE.md b/CLAUDE.md index f5260f4..74068d3 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -48,7 +48,7 @@ src/ - Provisioner: `tns.csi.io` - Controller pod selector: `app.kubernetes.io/name=tns-csi-driver,app.kubernetes.io/component=controller` - Node pod selector: `app.kubernetes.io/name=tns-csi-driver,app.kubernetes.io/component=node` -- Driver namespace: `kube-system` +- Driver namespace: `headlamp` - Metrics port: `8080` - kbench image: `yasker/kbench:latest` - kbench managed-by label: `app.kubernetes.io/managed-by=headlamp-tns-csi-plugin` diff --git a/README.md b/README.md index 00cdb79..4d9ff25 100644 --- a/README.md +++ b/README.md @@ -63,12 +63,12 @@ config: pluginsManager: sources: - name: tns-csi - url: https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v0.2.4/tns-csi-0.2.4.tar.gz + url: https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v1.0.0/tns-csi-1.0.0.tar.gz ``` ## RBAC / Security Setup -The plugin reads from the Kubernetes API and the tns-csi controller pod's Prometheus endpoint. The Benchmark page additionally creates and deletes Jobs and PVCs. +The plugin reads from the Kubernetes API and the tns-csi controller pod's Prometheus endpoint (deployed in `kube-system`). The Benchmark page additionally creates and deletes Jobs and PVCs. ### Minimal read-only permissions @@ -90,6 +90,10 @@ rules: - apiGroups: [""] resources: ["pods/log"] verbs: ["get"] + - apiGroups: [""] + resources: ["pods/proxy"] + verbs: ["get"] + resourceNames: ["pods"] ``` ### Additional permissions for Benchmark page @@ -105,13 +109,13 @@ rules: ### Metrics access -The plugin fetches Prometheus metrics from the tns-csi controller pod via the Kubernetes pod proxy sub-resource. Grant `get` on `pods/proxy` in `kube-system`: +The plugin fetches Prometheus metrics from the tns-csi controller pod via the Kubernetes pod proxy sub-resource in `kube-system`. Grant `get` on `pods/proxy` scoped to `kube-system`: ```yaml - apiGroups: [""] resources: ["pods/proxy"] verbs: ["get"] - # Optionally scope to the controller pod namespace + # Scope to kube-system where the tns-csi controller runs ``` Apply the role and bind it to your Headlamp service account with a ClusterRoleBinding. diff --git a/docs/README.md b/docs/README.md index 2be171e..3022041 100644 --- a/docs/README.md +++ b/docs/README.md @@ -67,7 +67,7 @@ Welcome to the Headlamp TNS-CSI Plugin documentation. ## External Links - **[GitHub Repository](https://github.com/privilegedescalation/headlamp-tns-csi-plugin)** -- **[Artifact Hub](https://artifacthub.io/packages/headlamp/headlamp-tns-csi-plugin/headlamp-tns-csi-plugin)** +- **[Artifact Hub](https://artifacthub.io/packages/headlamp/tns-csi/headlamp-tns-csi-plugin)** - **[tns-csi Driver](https://github.com/fenio/tns-csi)** - **[kbench](https://github.com/longhorn/kbench)** - **[Headlamp](https://headlamp.dev/)** diff --git a/docs/architecture/overview.md b/docs/architecture/overview.md index a97345e..5bf7c84 100644 --- a/docs/architecture/overview.md +++ b/docs/architecture/overview.md @@ -28,7 +28,7 @@ The TNS-CSI plugin is a single-page React application bundled as a Headlamp plug │ HTTPS ▼ ┌─────────────────────────────────────────────────────┐ -│ Headlamp Pod (kube-system) │ +│ Headlamp Pod (headlamp namespace) │ │ │ │ Headlamp UI server + API proxy │ │ (forwards requests using service account token │ @@ -42,10 +42,10 @@ The TNS-CSI plugin is a single-page React application bundled as a Headlamp plug │ ├── /apis/storage.k8s.io/v1/storageclasses │ │ ├── /api/v1/persistentvolumes │ │ ├── /api/v1/persistentvolumeclaims │ -│ ├── /api/v1/namespaces/kube-system/pods │ +│ ├── /api/v1/namespaces/headlamp/pods │ │ ├── /apis/storage.k8s.io/v1/csidrivers │ │ ├── /apis/snapshot.storage.k8s.io/v1/... │ -│ ├── /api/v1/namespaces/kube-system/pods//proxy/metrics +│ ├── /api/v1/namespaces/headlamp/pods//proxy/metrics │ └── (Benchmark) /apis/batch/v1/jobs │ └─────────────────────────────────────────────────────┘ ``` diff --git a/docs/deployment/helm.md b/docs/deployment/helm.md index a4a2e55..2db55cb 100644 --- a/docs/deployment/helm.md +++ b/docs/deployment/helm.md @@ -13,7 +13,7 @@ helm install headlamp headlamp/headlamp \ --create-namespace \ --set config.pluginsDir=/headlamp/plugins \ --set pluginsManager.sources[0].name=tns-csi \ - --set pluginsManager.sources[0].url=https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v0.2.4/tns-csi-0.2.4.tar.gz + --set pluginsManager.sources[0].url=https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v1.0.0/tns-csi-1.0.0.tar.gz ``` ## Complete values.yaml Example @@ -27,7 +27,7 @@ config: pluginsManager: sources: - name: tns-csi - url: https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v0.2.4/tns-csi-0.2.4.tar.gz + url: https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v1.0.0/tns-csi-1.0.0.tar.gz serviceAccount: name: headlamp @@ -81,7 +81,7 @@ spec: pluginsManager: sources: - name: tns-csi - url: https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v0.2.4/tns-csi-0.2.4.tar.gz + url: https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v1.0.0/tns-csi-1.0.0.tar.gz ``` ## RBAC Manifest (Apply Separately) diff --git a/docs/getting-started/installation.md b/docs/getting-started/installation.md index 2888d44..84d22d4 100644 --- a/docs/getting-started/installation.md +++ b/docs/getting-started/installation.md @@ -22,7 +22,7 @@ config: pluginsManager: sources: - name: tns-csi - url: https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v0.2.4/tns-csi-0.2.4.tar.gz + url: https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v1.0.0/tns-csi-1.0.0.tar.gz ``` **Via FluxCD HelmRelease:** @@ -46,7 +46,7 @@ spec: pluginsManager: sources: - name: tns-csi - url: https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v0.2.4/tns-csi-0.2.4.tar.gz + url: https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v1.0.0/tns-csi-1.0.0.tar.gz ``` ### Method 2: Manual Tarball Install @@ -55,13 +55,10 @@ Download and extract the plugin directly: ```bash # Download the release tarball -wget https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v0.2.4/tns-csi-0.2.4.tar.gz - -# Verify the checksum -echo "14a3e8c13d0b894a41aa1cfccbcb1f6af09dcbb8fd95c7040a540987ea2096a7 tns-csi-0.2.4.tar.gz" | sha256sum --check +wget https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v1.0.0/tns-csi-1.0.0.tar.gz # Extract into your Headlamp plugins directory -tar xzf tns-csi-0.2.4.tar.gz -C /headlamp/plugins/ +tar xzf tns-csi-1.0.0.tar.gz -C /headlamp/plugins/ ``` The plugin directory should appear as `/headlamp/plugins/tns-csi/`. @@ -81,7 +78,7 @@ initContainers: - -c - | wget -O /tmp/plugin.tar.gz \ - https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v0.2.4/tns-csi-0.2.4.tar.gz + https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v1.0.0/tns-csi-1.0.0.tar.gz tar xzf /tmp/plugin.tar.gz -C /headlamp/plugins/ volumeMounts: - name: plugins @@ -98,10 +95,10 @@ cd headlamp-tns-csi-plugin npm install npm run build npm run package -# Produces tns-csi-0.2.4.tar.gz +# Produces tns-csi-.tar.gz # Extract to your Headlamp plugins directory -tar xzf tns-csi-0.2.4.tar.gz -C /headlamp/plugins/ +tar xzf tns-csi-.tar.gz -C /headlamp/plugins/ ``` Or use `headlamp-plugin extract` for automatic placement: diff --git a/docs/getting-started/quick-start.md b/docs/getting-started/quick-start.md index 71eba84..fd62974 100644 --- a/docs/getting-started/quick-start.md +++ b/docs/getting-started/quick-start.md @@ -28,7 +28,7 @@ config: pluginsManager: sources: - name: tns-csi - url: https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v0.2.4/tns-csi-0.2.4.tar.gz + url: https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v1.0.0/tns-csi-1.0.0.tar.gz ``` Then upgrade your Headlamp release: -- 2.52.0 From 3d42bcee42449c39386bf06006987d83b08f6140 Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Mon, 4 May 2026 21:32:08 +0000 Subject: [PATCH 2/2] =?UTF-8?q?docs:=20correct=20namespace=20refs=20?= =?UTF-8?q?=E2=80=94=20driver=20is=20kube-system,=20not=20headlamp?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix PRI-592. The tns-csi driver runs in kube-system (like most CSI drivers), not in the headlamp namespace. - CLAUDE.md: Driver namespace: headlamp → kube-system - docs/architecture/overview.md: fix API paths for controller pod access from headlamp namespace to kube-system namespace Co-Authored-By: Paperclip --- CLAUDE.md | 2 +- docs/architecture/overview.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index 74068d3..f5260f4 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -48,7 +48,7 @@ src/ - Provisioner: `tns.csi.io` - Controller pod selector: `app.kubernetes.io/name=tns-csi-driver,app.kubernetes.io/component=controller` - Node pod selector: `app.kubernetes.io/name=tns-csi-driver,app.kubernetes.io/component=node` -- Driver namespace: `headlamp` +- Driver namespace: `kube-system` - Metrics port: `8080` - kbench image: `yasker/kbench:latest` - kbench managed-by label: `app.kubernetes.io/managed-by=headlamp-tns-csi-plugin` diff --git a/docs/architecture/overview.md b/docs/architecture/overview.md index 5bf7c84..861739d 100644 --- a/docs/architecture/overview.md +++ b/docs/architecture/overview.md @@ -42,10 +42,10 @@ The TNS-CSI plugin is a single-page React application bundled as a Headlamp plug │ ├── /apis/storage.k8s.io/v1/storageclasses │ │ ├── /api/v1/persistentvolumes │ │ ├── /api/v1/persistentvolumeclaims │ -│ ├── /api/v1/namespaces/headlamp/pods │ +│ ├── /api/v1/namespaces/kube-system/pods │ │ ├── /apis/storage.k8s.io/v1/csidrivers │ │ ├── /apis/snapshot.storage.k8s.io/v1/... │ -│ ├── /api/v1/namespaces/headlamp/pods//proxy/metrics +│ ├── /api/v1/namespaces/kube-system/pods//proxy/metrics │ └── (Benchmark) /apis/batch/v1/jobs │ └─────────────────────────────────────────────────────┘ ``` -- 2.52.0