Skip to content

Instantly share code, notes, and snippets.

@adelton

adelton/README.md

Last active July 16, 2024 14:56
Show Gist options
  • Save adelton/d3d1312ebc16578b63517ffe601cc69b to your computer and use it in GitHub Desktop.
Save adelton/d3d1312ebc16578b63517ffe601cc69b to your computer and use it in GitHub Desktop.
Download ZIP
OpenShift Console on MicroShift
Raw
README.md

OpenShift Console on MicroShift

On MicroShift 4.13 installed on RHEL 9.2 using Installing and configuring MicroShift clusters product documentation, OpenShift Console can be enabled on port :9000 by fetching the files from this gist and then running

# oc create serviceaccount -n kube-system openshift-console
# bash openshift-console.eval | oc create -f -

If you don't like the idea of running bash on a random script downloaded from the web, run

# oc create token -n kube-system openshift-console
# hostname -f

and edit the openshift-console.yaml file and replace $( hostname -f ) and $( oc create token -n kube-system openshift-console ) with the outputs of commands above. Then run

# oc create -f openshift-console.yaml

You can also use --duration=... to specify longer than standard duration of the token created. If the token expires and the console URL stops serving the OpenShift console content, you can refresh the token with

oc set env -n kube-system deployment/openshift-console-deployment BRIDGE_K8S_AUTH_BEARER_TOKEN=$( oc create token -n kube-system openshift-console )

Beware: there is no authentication, so only use for test purposes on well-controlled network.

Raw
openshift-console.eval
IN="
read -d '' YAML <<EOF
$( cat openshift-console.yaml )
EOF
"
eval "$IN"
echo "$YAML"
Raw
openshift-console.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: openshift-console-cluster-role-binding
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: openshift-console
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: openshift-console-deployment
namespace: kube-system
labels:
app: openshift-console
spec:
replicas: 1
selector:
matchLabels:
app: openshift-console
template:
metadata:
labels:
app: openshift-console
spec:
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: openshift-console-app
image: quay.io/openshift/origin-console:latest
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
env:
- name: BRIDGE_USER_AUTH
value: disabled
- name: BRIDGE_K8S_MODE
value: off-cluster
- name: BRIDGE_K8S_MODE_OFF_CLUSTER_ENDPOINT
value: https://$( hostname -f ):6443
- name: BRIDGE_K8S_MODE_OFF_CLUSTER_SKIP_VERIFY_TLS
value: "true"
- name: BRIDGE_K8S_AUTH
value: bearer-token
- name: BRIDGE_K8S_AUTH_BEARER_TOKEN
value: "$( oc create token -n kube-system openshift-console )"
---
apiVersion: v1
kind: Service
metadata:
name: openshift-console-service
namespace: kube-system
spec:
selector:
app: openshift-console
ports:
- port: 9000
targetPort: 9000
type: LoadBalancer
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment