feat: refresh development container

DEVELOPMENT.md

@@ -27,7 +27,7 @@ Tools that we are using include [golangci-lint](https://github.com/golangci/gola
 
 Make sure the following software is installed and added to your path:
 
-- [Docker](https://docs.docker.com/engine/install/) 
+- [Docker](https://docs.docker.com/engine/install/) Docker Compose v2.15.0 or later is required (to use the --no-attach option). It is included in Docker v20.10.23 or later.
 - [Go](https://golang.org/dl/) (check the required version in [`modules/go.work`](modules/go.work))
 - [Node.js](https://nodejs.org/en/download) (check the required version in [`modules/web/package.json`](modules/web/package.json))
 - [Yarn](https://yarnpkg.com/getting-started/install) (check the required version in [`modules/web/.yarnrc.yml`](modules/web/.yarnrc.yml))
@@ -54,6 +54,11 @@ To create Docker images locally use `make image`.
 
 See [`Makefile`](Makefile) to get to know other targets useful during development. You can also run `make help` to quickly check the list of available commands.
 
+## To run dashboard using all in one development container
+
+Run `hack/develop/run-dev-container.sh`. It will build dashboard components from your local repository, will create also kubernetes cluster using kind, and will run dashboard using `make run`. Then you can see dashboard http://localhost:8443 with your browser. Please see `CAUTION!!` in output on your console to get access token for logging in.
+You can also run `hack/develop/run-dev-container.sh bash` and run any manual `make` commands to have a clean development environment at any time.
+
 ## Dependency Management
 
 We keep all the dependencies outside the repository and always try to avoid using suspicious, unknown dependencies as they may introduce vulnerabilities.

Makefile

@@ -76,7 +76,8 @@ tools: $(PRE) ## Installs required tools
 # Note: Make sure that the port 8080 (Web HTTP) is free on your localhost
 .PHONY: serve
 serve: $(PRE) --ensure-kind-cluster --ensure-metrics-server ## Starts development version of the application on http://localhost:8080
-	@KUBECONFIG=$(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) \
+	@KUBECONFIG=$(DOCKER_COMPOSE_KUBECONFIG) \
+	SOURCE_DIR=$(SOURCE_DIR) \
 	SYSTEM_BANNER=$(SYSTEM_BANNER) \
 	SYSTEM_BANNER_SEVERITY=$(SYSTEM_BANNER_SEVERITY) \
 	SIDECAR_HOST=$(SIDECAR_HOST) \
@@ -95,7 +96,8 @@ serve: $(PRE) --ensure-kind-cluster --ensure-metrics-server ## Starts developmen
 # Note: Make sure that the ports 8443 (Gateway HTTPS) and 8080 (Gateway HTTP) are free on your localhost
 .PHONY: run
 run: $(PRE) --ensure-kind-cluster --ensure-metrics-server ## Starts production version of the application on https://localhost:8443 and https://localhost:8000
-	@KUBECONFIG=$(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) \
+	@KUBECONFIG=$(DOCKER_COMPOSE_KUBECONFIG) \
+	SOURCE_DIR=$(SOURCE_DIR) \
 	SYSTEM_BANNER=$(SYSTEM_BANNER) \
 	SYSTEM_BANNER_SEVERITY=$(SYSTEM_BANNER_SEVERITY) \
 	SIDECAR_HOST=$(SIDECAR_HOST) \
@@ -111,14 +113,15 @@ run: $(PRE) --ensure-kind-cluster --ensure-metrics-server ## Starts production v
 .PHONY: image
 image:
 ifndef NO_BUILD
-		@KUBECONFIG=$(KIND_CLUSTER_INTERNAL_KUBECONFIG_PATH) \
-		SYSTEM_BANNER=$(SYSTEM_BANNER) \
-		SYSTEM_BANNER_SEVERITY=$(SYSTEM_BANNER_SEVERITY) \
-		SIDECAR_HOST=$(SIDECAR_HOST) \
-		VERSION="v0.0.0-prod" \
-		WEB_BUILDER_ARCH=$(ARCH) \
-		docker compose -f $(DOCKER_COMPOSE_PATH) --project-name=$(PROJECT_NAME) build \
-		--no-cache
+	@KUBECONFIG=$(DOCKER_COMPOSE_KUBECONFIG) \
+	SOURCE_DIR=$(SOURCE_DIR) \
+	SYSTEM_BANNER=$(SYSTEM_BANNER) \
+	SYSTEM_BANNER_SEVERITY=$(SYSTEM_BANNER_SEVERITY) \
+	SIDECAR_HOST=$(SIDECAR_HOST) \
+	VERSION="v0.0.0-prod" \
+	WEB_BUILDER_ARCH=$(ARCH) \
+	docker compose -f $(DOCKER_COMPOSE_PATH) --project-name=$(PROJECT_NAME) build \
+	--no-cache
 endif
 
 # Prepares and installs local dev version of Kubernetes Dashboard in our dedicated kind cluster.

hack/develop/Dockerfile

@@ -18,7 +18,7 @@
 
 # golang is based on debian:jessie
 # Specify version to clarify which version we use.
-FROM golang:1.20-bullseye
+FROM golang:1.22-bullseye
 
 # Install Node.js. Go is already installed.
 # A small tweak, apt-get update is already run by the nodejs setup script,
@@ -27,7 +27,7 @@ RUN apt-get update && apt-get install -y ca-certificates --no-install-recommends
 RUN mkdir -p /etc/apt/keyrings
 RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | \
   gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
-ENV NODE_MAJOR=18
+ENV NODE_MAJOR=20
 RUN echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | \
   tee /etc/apt/sources.list.d/nodesource.list
 RUN apt-get update && apt-get install -y --no-install-recommends \
@@ -72,7 +72,7 @@ ENV NG_CLI_ANALYTICS=false
 
 # Download a statically linked docker client,
 # so the container is able to build images on the host.
-RUN curl -sSL https://download.docker.com/linux/static/stable/x86_64/docker-23.0.1.tgz > /tmp/docker.tgz && \
+RUN curl -sSL https://download.docker.com/linux/static/stable/x86_64/docker-25.0.5.tgz > /tmp/docker.tgz && \
 	cd /tmp/ && \
 	tar xzvf docker.tgz && \
 	rm docker.tgz && \
@@ -82,7 +82,7 @@ RUN curl -sSL https://download.docker.com/linux/static/stable/x86_64/docker-23.0
 
 # Install docker compose plugin
 RUN mkdir -p /usr/local/lib/docker/cli-plugins
-RUN curl -SL https://github.com/docker/compose/releases/download/v2.14.0/docker-compose-linux-x86_64 \
+RUN curl -SL https://github.com/docker/compose/releases/download/v2.25.0/docker-compose-linux-x86_64 \
   -o /usr/local/lib/docker/cli-plugins/docker-compose
 RUN chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
 
@@ -91,12 +91,15 @@ RUN curl -LO https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stab
 RUN chmod +x ./kubectl
 RUN mv ./kubectl /usr/local/bin/kubectl
 
-# Install golangci for ckecking or fixing go format.
-# `npm ci` installs golangci, but this installation is needed
-# for running `npm run check` singlely, like
-# `hack/develop/run-dev-container.sh run check`.
-RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | \
-  sh -s -- -b $(go env GOPATH)/bin v1.52.2
+# Install helm
+ENV HELM_DOWNLOAD="/tmp/helm.tar.gz"
+ENV HELM_TMP="/tmp/helm"
+RUN curl -SsL https://get.helm.sh/helm-$(curl -Ls https://github.com/helm/helm/releases | grep 'href="/helm/helm/releases/tag/v3.[0-9]*.[0-9]*\"' | sed -E 's/.*\/helm\/helm\/releases\/tag\/(v[0-9\.]+)".*/\1/g' | head -1)-linux-amd64.tar.gz -o ${HELM_DOWNLOAD}
+RUN mkdir -p ${HELM_TMP}
+RUN tar -xf ${HELM_DOWNLOAD} -C ${HELM_TMP}
+RUN mv ${HELM_TMP}/linux-amd64/helm /usr/bin/helm
+RUN rm -fr ${HELM_DOWNLOAD}
+RUN rm -fr ${HELM_TMP}
 
 # Enable go mod.
 ENV GO111MODULE=on

hack/develop/developmental-role.yaml

@@ -12,13 +12,158 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# ClusterRole and Role for testing and developing Kubernetes Dashboard 
+
+################################
+### Namespaces
+################################
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/part-of: kubernetes-dashboard
+
+---
+
+################################
+### cert-manager
+################################
+
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned
+  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/name: certmanager
+    app.kubernetes.io/part-of: kubernetes-dashboard
+spec:
+  selfSigned: {}
+
+---
+
+################################
+### Service Accounts
+################################
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kubernetes-dashboard
+  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/part-of: kubernetes-dashboard
+
+---
+
+################################
+### Secrets & Config Maps
+################################
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kubernetes-dashboard-csrf
+  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/part-of: kubernetes-dashboard
+type: Opaque
+data:
+  csrf: ""
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kubernetes-dashboard-key-holder
+  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/part-of: kubernetes-dashboard
+type: Opaque
+
+---
+
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: kubernetes-dashboard-settings
+  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/part-of: kubernetes-dashboard
+
+---
+
+################################
+### Roles & Bindings
+################################
+
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+kind: Role
 metadata:
+  name: kubernetes-dashboard
+  namespace: kubernetes-dashboard
   labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard-cluster-admin
+    app.kubernetes.io/part-of: kubernetes-dashboard
+rules:
+  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
+  - apiGroups: [ "" ]
+    resources: [ "secrets" ]
+    resourceNames: [ "kubernetes-dashboard-key-holder", "kubernetes-dashboard-csrf" ]
+    verbs: [ "get", "update", "delete" ]
+    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
+  - apiGroups: [ "" ]
+    resources: [ "configmaps" ]
+    resourceNames: [ "kubernetes-dashboard-settings" ]
+    verbs: [ "get", "update" ]
+    # Allow Dashboard to get metrics.
+  - apiGroups: [ "" ]
+    resources: [ "services/proxy" ]
+    resourceNames: [ "kubernetes-dashboard-metrics-scraper", "http:kubernetes-dashboard-metrics-scraper" ]
+    verbs: [ "get" ]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/part-of: kubernetes-dashboard
+rules:
+  # Allow Metrics Scraper to get metrics from the Metrics server
+  - apiGroups: [ "metrics.k8s.io" ]
+    resources: [ "pods", "nodes" ]
+    verbs: [ "get", "list", "watch" ]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: kubernetes-dashboard
   namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/part-of: kubernetes-dashboard
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kubernetes-dashboard
+subjects:
+  - kind: ServiceAccount
+    name: kubernetes-dashboard
+    namespace: kubernetes-dashboard
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/part-of: kubernetes-dashboard
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

hack/develop/run-command.sh

@@ -13,58 +13,30 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-ROOT_DIR="$(cd $(dirname "${BASH_SOURCE}")/../.. && pwd -P)"
-
-# Create `kind` cluster if kubeconfig for own cluster is not set.
-if [[ "${K8S_OWN_CLUSTER}" != true ]] ; then
-  # Stop `kind` cluster.
-  echo "Stop kind cluster"
-  hack/scripts/stop-cluster.sh
-  # Start `kind` cluster.
-  echo "Start kind cluster in docker network named kubernetes-dashboard"
-  hack/scripts/start-cluster.sh
-  # Copy kubeconfig from /home/user/.kube/config
-  cat /home/user/.kube/config > /tmp/kind.kubeconfig
-  # Edit kubeconfig for kind
-  KIND_CONTAINER_NAME="k8s-cluster-ci-control-plane"
-  KIND_ADDR=$(sudo docker inspect -f='{{(index .NetworkSettings.Networks "kubernetes-dashboard").IPAddress}}' ${KIND_CONTAINER_NAME})
-  sed -e "s/0.0.0.0:[0-9]\+/${KIND_ADDR}:6443/g" /tmp/kind.kubeconfig > /home/user/.kube/config
-  # Copy kubeconfig from /home/user/.kube/config again.
-  cat /home/user/.kube/config > /tmp/kind.kubeconfig
-  # Deploy recommended.yaml to deploy dashboard-metrics-scraper sidecar
-  echo "Deploy dashboard and dashboard-metrics-scraper into kind cluster"
-  kubectl apply -f charts/recommended.yaml
-  # Add role for development
-  echo "Add full access role for development"
-  kubectl apply -f hack/develop/developmental-role.yaml
-  echo "@@@@@@@@@@@@@@ CAUTION!! @@@@@@@@@@@@@@"
-  echo "ADDED FULL ACCESS ROLE FOR DEVELOPMENT!"
-  echo "DO NOT USE THIS IN OPEN NETWORK!"
-  echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-  # Kill and run `kubectl proxy`
-  KUBECTL_PID=$(ps -A|grep 'kubectl'|tr -s ' '|cut -d ' ' -f 2)
-  echo "Kill kubectl ${KUBECTL_PID}"
-  kill ${KUBECTL_PID}
-  nohup kubectl proxy --address 127.0.0.1 --port 8000 >/tmp/kubeproxy.log 2>&1 &
-  export SIDECAR_HOST="http://localhost:8000/api/v1/namespaces/kubernetes-dashboard/services/dashboard-metrics-scraper:/proxy/"
-  # Inform how to get token for logging in to dashboard
-  echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-  echo "HOW TO GET TOKEN FOR LOGGING INTO DASHBOARD"
-  echo ""
-  echo "1. Run terminal for dashboard container."
-  echo "  docker exec -it k8s-dashboard-dev gosu user bash"
-  echo ""
-  echo "2. Run following to get token for logging into dashboard."
-  echo "  kubectl -n kubernetes-dashboard create token kubernetes-dashboard"
-  echo ""
-  echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-fi
-
-# Clean install dependencies
-cd modules/web
-rm -fr node_modules
-yarn
-cd ${ROOT_DIR}
+# Inform how to add full access role for development
+# and get token for logging in to dashboard 
+echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ CAUTION!! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
+echo "DO NOT USE THIS IN OPEN NETWORK!"
+echo ""
+echo "To add a role with full access for development and get its token"
+echo "to log into the Dashboard, see followings:"
+echo ""
+echo "1. Run terminal in development container."
+echo "    docker exec -it k8s-dashboard-dev gosu user bash"
+echo ""
+echo "2. Set env for kubeconfig on development container."
+echo "    export KUBECONFIG=/go/src/github.com/kubernetes/dashboard/.tmp/kubeconfig"
+echo ""
+echo "3. Add full access role for development."
+echo "    kubectl apply -f hack/develop/developmental-role.yaml"
+echo ""
+echo "4. Run following to get token for logging into dashboard."
+echo "    kubectl -n kubernetes-dashboard create token kubernetes-dashboard"
+echo ""
+echo "5. Access https://localhost:8443/ with browser on your host,"
+echo "   then login with token."
+echo ""
+echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
 
 # Start dashboard.
 echo "Start dashboard in production mode"