Deckhouse Platform in existing cluster
Congratulations, your Deckhouse platform is up and running!
Now that you have installed and properly configured Deckhouse, let’s look at what you can do with it.
The in-cluster documentation is available at deckhouse.example.com
Access to the documentation is restricted via the basic authentication mechanism (additional authentication options are provided in the user-auth module:
- Login —
admin
-
Password — generated automatically. It can be found in the
deckhouse
ConfigMap in the configuration section of thedeckhouse-web
module. Use the following command to get it:kubectl -n d8-system get cm deckhouse -o jsonpath="{.data.deckhouseWeb}" | grep password
Sample output:
$ kubectl -n d8-system get cm deckhouse -o jsonpath="{.data.deckhouseWeb}" | grep password password: UJvSB4UYTa3fnDOco6LF
The following problems may cause deckhouse.example.com to be unreachable:
- Ingress controller-level issues;
- DNS-related issues;
- network problems (filtering, routing…).
Essentials
Monitoring
Explore Grafana dashboards bundled with Deckhouse at grafana.example.com.
Go to grafana.example.com/prometheus/ to access Prometheus directly.
Learn more about the monitoring
module.
Dashboard
Enable the dashboard module and get access to the Kubernetes Dashboard at: dashboard.example.com
Status page
Enable the upmeter module and get information about the overall status of Deckhouse and its components at status.example.com.
At the upmeter.example.com page you can get detailed SLA statistics for each component and time frame.
Deploying your first application
Setting up a CI/CD system
Enable the user-authz module and create a ServiceAccount to use for deploying to the cluster and grant it all the necessary privileges.
You can use the generated kubeconfig
file in Kubernetes with any deployment system.
Routing traffic
Create a Service
and Ingress
for your application.
Learn more about the capabilities of the ingress-nginx
module.
Monitoring your application
Enable the monitoring-custom module and add prometheus.deckhouse.io/custom-target: "my-app"
and prometheus.deckhouse.io/port: "80"
annotations to the Service created.
For more information, see the monitoring-custom
module’s documentation.
External authentication
Deckhouse supports various external authentication mechanisms.
Configuring DexProvider
You have to configure a DexProvider
object to enable, e.g., GitHub-based authentication. After creating the DexProvider
object, all access attempts to Deckhouse components such as Grafana, Dashboard, etc., will be authenticated using GitHub.
External authentication for any Ingress
You have to create a DexAuthenticator object to enable external authentication for any Ingress resource.
External authentication for the Kubernetes API
Configure publishAPI
, download kubectl
and create a kubeconfig
file for external access to the API using the web interface available at kubeconfig.example.com
.
What’s next?
Detailed information about the system and the Deckhouse Platform components is available in the documentation.
Please, reach us via our online community if you have any questions.