diff --git a/pages/how-to/set-up/mgmt-cluster.md b/pages/how-to/set-up/mgmt-cluster.md index 2fd3f619..c1fd5c38 100644 --- a/pages/how-to/set-up/mgmt-cluster.md +++ b/pages/how-to/set-up/mgmt-cluster.md @@ -60,6 +60,77 @@ In this instance the images in the _`plrl-console`_ namespace were taking a bit longer to download and initialize. Once the services were _up_ in the cli, I was able to access the console url -### Cannot list resources in the Kubernetes Dashboard +### "Cannot list resources in the Kubernetes Dashboard" ![alt text](/images/how-to/k8s-dash-403.png) This is expected and due to missing [RBAC Bindings](https://github.com/pluralsh/documentation/blob/main/pages/deployments/dashboard.md) for the console users + +##### Creating an RBAC Service +* **Create an `rbac` dir in your MGMT repo +and add the desired [k8s yaml](https://github.com/pluralsh/documentation/blob/main/pages/deployments/dashboard.md)** +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: someones-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: User + name: someone@your.company.com +# This will create a single binding for the someone@your.company.com user to the cluster-admin k8s role +``` + +* **Create a `services` dir in your MGMT repo** + * Add a Service Deployment CRD + This will create a service to sync the rbac bindings +```yaml +apiVersion: deployments.plural.sh/v1alpha1 +kind: ServiceDeployment +metadata: + name: rbac +spec: + clusterRef: + kind: Cluster + name: mgmt + namespace: infra + namespace: plrl-rbac + git: + folder: rbac + ref: main + repositoryRef: + kind: GitRepository + name: infra # can point to any git repository CRD + namespace: infra +``` +* **Commit and push your changes** +* **Apply the Service CRD to the MGMT Cluster** +`kubectl apply -f ./services/rbac.yaml` + +#### (Optionally) Make the RBAC Service Global +###### ℹ️ If you created a service with the Console UI +###### you need to manually apply the service CRD referenced by the Global Service +* **Navigate to `https://console.[your-sub-domain].onplural.sh/cd/globalservices`** + +* **Click the `New Global Service` button** + * Service Name: Name of the Existing Service + * (Optionally) Add Cluster Tags + * Select the Cloud Provider Distributions to Propagate the changes +* **Click `Continue`** +* **Copy and Modify the Generated YAML** +```yaml +apiVersion: deployments.plural.sh/v1alpha1 +kind: GlobalService +metadata: + name: global-rbac + namespace: infra +spec: + serviceRef: + name: rbac # ⬅️ We need to update this with the service we created for rbac + namespace: infra +``` +* **(Optionally) Save the Global Service YAML** + * Saving the global service yaml is not required once it is applied to the cluster + * I keep the applied yaml in `services/global-rbac.yaml` for reference diff --git a/public/images/how-to/new-global-service-1.png b/public/images/how-to/new-global-service-1.png new file mode 100644 index 00000000..c7e9e765 Binary files /dev/null and b/public/images/how-to/new-global-service-1.png differ diff --git a/public/images/how-to/new-global-services-btn.png b/public/images/how-to/new-global-services-btn.png new file mode 100644 index 00000000..58f9a5b6 Binary files /dev/null and b/public/images/how-to/new-global-services-btn.png differ diff --git a/src/generated/pages.json b/src/generated/pages.json index 20fe1de8..6bd6f7a9 100644 --- a/src/generated/pages.json +++ b/src/generated/pages.json @@ -290,11 +290,17 @@ { "path": "/how-to" }, + { + "path": "/how-to/set-up/controllers" + }, { "path": "/how-to/set-up" }, { - "path": "/how-to/set-up/new-mgmt-cluster" + "path": "/how-to/set-up/mgmt-cluster" + }, + { + "path": "/how-to/set-up/pipelines" }, { "path": "/how-to/set-up/plural-cli" @@ -303,16 +309,22 @@ "path": "/how-to/set-up/plural-console" }, { - "path": "/how-to/use" + "path": "/how-to/set-up/pr-automation" + }, + { + "path": "/how-to/set-up/workload-cluster" + }, + { + "path": "/how-to/upgrade" }, { - "path": "/how-to/use/plural-api" + "path": "/how-to/upgrade/mgmt-cluster" }, { - "path": "/how-to/use/plural-console" + "path": "/how-to/upgrade/plural-cli" }, { - "path": "/how-to/use/plural-docs" + "path": "/how-to/upgrade/workload-cluster" }, { "path": "/"