This guide explains what Tekton Dashboard extensions are and how to manage them. It covers the following topics:
Tekton Dashboard Extensions are currently alpha and are considered experimental. This means things could change at any time.
Resource based extensions provide a simple and easy way to list and view resources inside a cluster. They are deployed as Extension
resources and the Dashboard will generate UI to display the chosen resources.
Using them requires two steps (see an example below):
- create an Extension resource in your cluster
- add RBAC rules to the Tekton Dashboard service account to allow it access to the target resources
See the Example: Register a CronJob extension below for a working example.
Variable Name | Type | Required | Default | Description |
---|---|---|---|---|
metav1.TypeMeta | Yes | - | ||
metadata | metav1.ObjectMeta | No | - | |
spec | ExtensionSpec | Yes | - | Extension spec |
Variable Name | Type | Required | Default | Description |
---|---|---|---|---|
apiVersion | string | Yes | - | Extension resource group |
name | string | Yes | - | Extension resource name |
displayname | string | Yes | - | Display name in the Dashboard UI |
namespaced | boolean | No | true | Specifies whether the Extension represents a namespaced resource |
To create an Extension
resource for CronJob
s run the following command:
kubectl apply -n tekton-pipelines -f - <<EOF
apiVersion: dashboard.tekton.dev/v1alpha1
kind: Extension
metadata:
name: cronjobs
spec:
apiVersion: batch/v1beta1
name: cronjobs
displayname: k8s cronjobs
EOF
This adds a new item in the side nav of the Dashboard.
Clicking on it will show an error though, you need to allow the Tekton Dashboard service account to access cronjobs in your cluster. See next step to learn how you can easily extend RBAC rules of the service account.
Extending the Tekton Dashboard service account can be done easily using ClusterRole aggregation. To support this method the Dashboard must be installed with the --extensions-rbac
flag to ensure that the aggregationRule is correctly configured.
Create a ClusterRole
with the necessary permissions and the label rbac.dashboard.tekton.dev/aggregate-to-dashboard: "true"
.
To add the necessary permissions for your cronjobs extension to work, run the following command:
kubectl apply -f - <<EOF
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-dashboard-cronjobs-extension
labels:
rbac.dashboard.tekton.dev/aggregate-to-dashboard: "true"
rules:
- apiGroups: ["batch"]
resources: ["cronjobs"]
verbs: ["get", "list"]
EOF
Alternatively, if the --extensions-rbac
is not used, omit the label from the ClusterRole, and define the appropriate RoleBinding or ClusterRoleBinding yourself with the subject set to the tekton-dashboard
service account.
Now the Tekton Dashboard will show CronJob
s in your cluster.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License. Code samples are licensed under the Apache 2.0 License.