setup K8s dashboard on local-cluster

flake.nix

@@ -77,6 +77,8 @@
 
         devenv.shells.default = {
 
+          #devenv-k8s.local-cluster.enable = true;
+
           devenv.root =
             let
               devenvRootFileContent = builtins.readFile inputs.devenv-root.outPath;

local-cluster/dash/Caddyfile

@@ -0,0 +1,9 @@
+:80 {
+  reverse_proxy https://dash-kong-proxy {
+    transport http {
+      tls_insecure_skip_verify
+    }
+    header_up Host {upstream_hostport}
+    header_up Authorization "Bearer {$DASH_USER_TOKEN}"
+  }
+}

local-cluster/dash/deploy-caddy/Kptfile

@@ -0,0 +1,25 @@
+apiVersion: kpt.dev/v1
+kind: Kptfile
+metadata:
+  name: deploy-caddy
+  annotations:
+    config.kubernetes.io/local-config: "true"
+upstream:
+  type: git
+  git:
+    repo: https://github.com/LCOGT/kpt-pkg-catalog
+    directory: /deployment
+    ref: main
+  updateStrategy: resource-merge
+upstreamLock:
+  type: git
+  git:
+    repo: https://github.com/LCOGT/kpt-pkg-catalog
+    directory: /deployment
+    ref: main
+    commit: c58213d7a52130c977fdff0a51f4bd4fb5ca73a3
+pipeline:
+  mutators:
+    - image: gcr.io/kpt-fn/apply-replacements:v0.1.1
+      configPath: ./fn-replacements.yaml
+      name: apply-replacements

local-cluster/dash/deploy-caddy/README.md

@@ -0,0 +1,41 @@
+# deployment
+
+## Description
+
+This package provides a bare-bones [`apps/v1.Deployment`](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/)
+that you can build upon and use in other packages.
+
+## Usage
+
+Clone this package:
+
+```shell
+kpt pkg get https://github.com/LCOGT/kpt-pkg-catalog/deployment deploy-myapp
+```
+
+Customize `deploy.yaml`:
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+  # Name will be used as the value for the `app.kubernetes.io/component`
+  # selector label and updated automatically by `kpt fn render`.
+  # So no need to set those manually.
+  name: test
+```
+
+And then render to update resources:
+
+```shell
+kpt fn render
+```
+
+This package is also a Kustomization, so, it can also be referenced by other
+Kustomizations:
+
+```yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./deploy-myapp/
+```

local-cluster/dash/deploy-caddy/deploy.yaml

@@ -0,0 +1,42 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone/deployment-apps-v1.json
+apiVersion: apps/v1
+kind: Deployment
+metadata: # kpt-merge: /example
+  # Name will be used as the value for the `app.kubernetes.io/component`
+  # selector label and updated automatically by `kpt fn render`.
+  # So no need to set those manually.
+  name: caddy
+  labels:
+    app.kubernetes.io/component: caddy
+  annotations:
+    internal.kpt.dev/upstream-identifier: 'apps|Deployment|default|example'
+spec:
+  revisionHistoryLimit: 3
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: caddy
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: caddy
+    spec:
+      volumes:
+        - name: caddy-config
+          configMap:
+            name: caddy-config
+      containers:
+        - name: default
+          image: "caddy"
+          env:
+            - name: DASH_USER_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  optional: false
+                  key: token
+                  name: dash-user-token
+          ports:
+            - name: http
+              containerPort: 80
+          volumeMounts:
+            - name: caddy-config
+              mountPath: /etc/caddy

local-cluster/dash/deploy-caddy/fn-replacements.yaml

@@ -0,0 +1,20 @@
+apiVersion: fn.kpt.dev/v1alpha1
+kind: ApplyReplacements
+metadata: # kpt-merge: /deploy
+  name: deploy
+  annotations:
+    config.kubernetes.io/local-config: "true"
+    internal.kpt.dev/upstream-identifier: 'fn.kpt.dev|ApplyReplacements|default|deploy'
+replacements:
+  - source:
+      kind: Deployment
+      fieldPath: metadata.name
+    targets:
+      - select:
+          kind: Deployment
+        fieldPaths:
+          - metadata.labels.[app.kubernetes.io/component]
+          - spec.selector.matchLabels.[app.kubernetes.io/component]
+          - spec.template.metadata.labels.[app.kubernetes.io/component]
+        options:
+          create: true

local-cluster/dash/deploy-caddy/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+metadata: # kpt-merge: /deploy
+  name: deploy
+  annotations:
+    config.kubernetes.io/local-config: "true"
+    internal.kpt.dev/upstream-identifier: 'kustomize.config.k8s.io|Kustomization|default|deploy'
+components:
+  - ./remove-kpt-internal-annotations/
+resources:
+  - ./deploy.yaml

local-cluster/dash/deploy-caddy/remove-kpt-internal-annotations/Kptfile

@@ -0,0 +1,20 @@
+apiVersion: kpt.dev/v1
+kind: Kptfile
+metadata:
+  name: remove-kpt-internal-annotations
+  annotations:
+    config.kubernetes.io/local-config: "true"
+upstream:
+  type: git
+  git:
+    repo: https://github.com/LCOGT/kpt-pkg-catalog
+    directory: /remove-kpt-internal-annotations
+    ref: main
+  updateStrategy: resource-merge
+upstreamLock:
+  type: git
+  git:
+    repo: https://github.com/LCOGT/kpt-pkg-catalog
+    directory: /remove-kpt-internal-annotations
+    ref: main
+    commit: b7204dffac224c3060e153b36da4735b31319cab

local-cluster/dash/deploy-caddy/remove-kpt-internal-annotations/README.md

@@ -0,0 +1,25 @@
+# remove-kpt-internal-annotations
+
+## Description
+
+This package provides a [Kustomize `Component`](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli/1802-kustomize-components)
+that can be used to remove `internal.kpt.dev/upstream-identifier` annotations from all rendered KRM objects.
+
+## Usage
+
+Clone this package:
+
+```shell
+kpt pkg get https://github.com/LCOGT/kpt-pkg-catalog/remove-kpt-internal-annotations
+```
+
+And then reference it from another Kustomization:
+
+
+```yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+components:
+  - ./remove-kpt-internal-annotations/
+```

local-cluster/dash/deploy-caddy/remove-kpt-internal-annotations/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+metadata: # kpt-merge: /remove-kpt-internal-annotations
+  name: remove-kpt-internal-annotations
+  annotations:
+    config.kubernetes.io/local-config: "true"
+    internal.kpt.dev/upstream-identifier: 'kustomize.config.k8s.io|Component|default|remove-kpt-internal-annotations'
+patches:
+  - target:
+      annotationSelector: internal.kpt.dev/upstream-identifier
+    patch: |-
+      - op: remove
+        path: /metadata/annotations/internal.kpt.dev~1upstream-identifier

local-cluster/dash/helm/Kptfile

@@ -0,0 +1,58 @@
+apiVersion: kpt.dev/v1
+kind: Kptfile
+metadata:
+  name: helm
+  annotations:
+    config.kubernetes.io/local-config: "true"
+upstream:
+  type: git
+  git:
+    repo: https://github.com/LCOGT/kpt-pkg-catalog
+    directory: /helm-chart
+    ref: main
+  updateStrategy: resource-merge
+upstreamLock:
+  type: git
+  git:
+    repo: https://github.com/LCOGT/kpt-pkg-catalog
+    directory: /helm-chart
+    ref: main
+    commit: c58213d7a52130c977fdff0a51f4bd4fb5ca73a3
+pipeline:
+  mutators:
+    - image: gcr.io/kpt-fn/starlark:v0.5.0
+      configMap:
+        source: |-
+          output = "rendered.yaml"
+          new = []
+
+          for r in ctx.resource_list["items"]:
+            path = r.get("metadata", {}).get("annotations", {}).get("internal.config.kubernetes.io/path", "")
+            if path == output:
+              continue
+            new.append(r)
+
+          ctx.resource_list["items"] = new
+      name: reset-rendered
+    - image: gcr.io/kpt-fn/render-helm-chart:v0.2.2
+      configPath: ./charts.yaml
+      name: render-helm-chart
+    - image: gcr.io/kpt-fn/starlark:v0.5.0
+      configMap:
+        source: |-
+          output = "rendered.yaml"
+
+          index = 0
+          for r in ctx.resource_list["items"]:
+            path = r.get("metadata", {}).get("annotations", {}).get("internal.config.kubernetes.io/path", "")
+
+            if path in set(["charts.yaml", "Kptfile", "kustomization.yaml"]):
+              continue
+
+            if path.startswith("remove-kpt-internal-annotations/"):
+              continue
+
+            r["metadata"]["annotations"]["internal.config.kubernetes.io/path"] = output
+            r["metadata"]["annotations"]["internal.config.kubernetes.io/index"] = "%d" % index
+            index = index + 1
+      name: output-to-file

local-cluster/dash/helm/README.md

@@ -0,0 +1,69 @@
+# helm-chart
+
+## Description
+
+This package will let you render a Helm chart.
+
+## Usage
+
+Clone this package:
+
+```shell
+kpt pkg get https://github.com/LCOGT/kpt-pkg-catalog/helm-chart example-helm
+```
+
+Define Helm charts in `charts.yaml`:
+
+```yaml
+apiVersion: kpt.dev/v1
+kind: RenderHelmChart
+metadata:
+  name: postgresql # Change this to a short name describing the charts
+  annotations:
+    config.kubernetes.io/local-config: "true"
+# See https://catalog.kpt.dev/render-helm-chart/v0.2/
+helmCharts:
+  - chartArgs:
+    repo: oci://registry-1.docker.io/bitnamicharts
+    name: postgresql
+    version: 12.12.10
+   templateOptions:
+    apiVersions:
+      - "1.23.17"
+    releaseName: postgresql
+    namespace: example-ns
+    includeCRDs: true
+    skipTests: true
+    values:
+      valuesInline:
+        # Chart values go here
+        architecture: standalone
+        primary.persistence.size: 2Gi
+        auth:
+          database: example
+          username: example
+          password: example
+```
+
+Then run:
+
+```shell
+kpt fn render --allow-network
+```
+
+This will template out the Chart(s) and place them in `rendered.yaml`.
+
+This package is also a Kustomization that includes the Chart(s) output, so
+you can use it from other Kustomizations:
+
+```yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./example-helm/
+```
+
+Note `helmCharts[].templateOptions.namespace` does not actually cause a
+`v1.Namespace` to be emmited. That must be created seperately, if it does not
+already exist on the cluster.
+Consider using https://github.com/LCOGT/kpt-pkg-catalog/tree/main/namespace to do that.

local-cluster/dash/helm/charts.yaml

@@ -0,0 +1,29 @@
+apiVersion: kpt.dev/v1
+kind: RenderHelmChart
+metadata: # kpt-merge: /example
+  name: dashboard
+  annotations:
+    config.kubernetes.io/local-config: "true"
+    internal.kpt.dev/upstream-identifier: kpt.dev|RenderHelmChart|default|example
+# See https://catalog.kpt.dev/render-helm-chart/v0.2/
+helmCharts:
+  - chartArgs:
+      repo: https://kubernetes.github.io/dashboard/
+      name: kubernetes-dashboard
+      version: 7.10.4
+    templateOptions:
+      apiVersions:
+        - 1.26.15
+      releaseName: dash
+      namespace: dash
+      includeCRDs: true
+      skipTests: true
+      values:
+        valuesInline:
+          # Chart values go here
+          app:
+            security:
+              csrfKey: fake
+            settings:
+              global:
+                defaultNamespace: _all

local-cluster/dash/helm/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+metadata: # kpt-merge: /helm-chart
+  name: helm-chart
+  annotations:
+    config.kubernetes.io/local-config: "true"
+    internal.kpt.dev/upstream-identifier: kustomize.config.k8s.io|Kustomization|default|helm-chart
+resources:
+  - ./rendered.yaml
+components:
+  - ./remove-kpt-internal-annotations/