Deckhouse Platform in existing cluster

Congratulations, your Deckhouse platform is up and running!

Now that you have installed and properly configured Deckhouse, let’s look at what you can do with it.

The in-cluster documentation is available at deckhouse.example.com

Access to the documentation is restricted via the basic authentication mechanism (additional authentication options are provided in the user-auth module:

  • Login — admin
  • Password — generated automatically. It can be found in the deckhouse ConfigMap in the configuration section of the deckhouse-web module. Use the following command to get it:

    kubectl -n d8-system get cm deckhouse -o jsonpath="{.data.deckhouseWeb}" | grep password
    

    Sample output:

    $ kubectl -n d8-system get cm deckhouse -o jsonpath="{.data.deckhouseWeb}" | grep password 
    password: UJvSB4UYTa3fnDOco6LF
    

The following problems may cause deckhouse.example.com to be unreachable:

  • Ingress controller-level issues;
  • DNS-related issues;
  • network problems (filtering, routing…).

Essentials

Monitoring

Explore Grafana dashboards bundled with Deckhouse at grafana.example.com.

Go to grafana.example.com/prometheus/ to access Prometheus directly.

Learn more about the monitoring module.

Dashboard

Enable the dashboard module and get access to the Kubernetes Dashboard at: dashboard.example.com

Status page

Enable the upmeter module and get information about the overall status of Deckhouse and its components at status.example.com.

At the upmeter.example.com page you can get detailed SLA statistics for each component and time frame.

Deploying your first application

Setting up a CI/CD system

Enable the user-authz module and create a ServiceAccount to use for deploying to the cluster and grant it all the necessary privileges.

You can use the generated kubeconfig file in Kubernetes with any deployment system.

Routing traffic

Create a Service and Ingress for your application.

Learn more about the capabilities of the ingress-nginx module.

Monitoring your application

Enable the monitoring-custom module and add prometheus.deckhouse.io/custom-target: "my-app" and prometheus.deckhouse.io/port: "80" annotations to the Service created.

For more information, see the monitoring-custom module’s documentation.

External authentication

Deckhouse supports various external authentication mechanisms.

Configuring DexProvider

You have to configure a DexProvider object to enable, e.g., GitHub-based authentication. After creating the DexProvider object, all access attempts to Deckhouse components such as Grafana, Dashboard, etc., will be authenticated using GitHub.

External authentication for any Ingress

You have to create a DexAuthenticator object to enable external authentication for any Ingress resource.

External authentication for the Kubernetes API

Configure publishAPI, download kubectl and create a kubeconfig file for external access to the API using the web interface available at kubeconfig.example.com.

What’s next?

Detailed information about the system and the Deckhouse Platform components is available in the documentation.

Please, reach us via our online community if you have any questions.