Skip to content

Configuring the UI#

The Mirantis k0rdent Enterprise UI can assist in performing actions and getting visibility into what's happening, but there are certain resources that need to be created ahead of time.

Enable / Disable the UI#

You don't need to install the Mirantis k0rdent Enterprise UI because it's already included with k0rdent-enterprise, but you can enable or disable it by editing the Management object:

kubectl edit management kcm -n kcm-system

...
spec:
  core:
    capi: {}
    kcm:
      config:
        k0rdent-ui:
          auth:
            basic:
              password: mypassword
          enabled: false
  providers:
  - name: cluster-api-provider-k0sproject-k0smotron
...

This opens a text editor with the YAML for kcm. Set the value of spec.core.kcm.config.k0rdent-ui.enabled to true or false and save the document.

It will take a few minutes for the Management object to become ready:

kubectl get management

NAME   READY   RELEASE                        AGE
kcm    False   k0rdent-enterprise-1-1-0-rc9   46m

kubectl get management

NAME   READY   RELEASE                        AGE
kcm    True    k0rdent-enterprise-1-1-0-rc9   46m

Once the Management object is ready, the changes take effect.

Signing into the UI#

The Mirantis k0rdent Enterprise UI can handle authentication via Basic Authentication or OIDC.

Basic Authentication#

For security reasons, you MUST change the UI password immediately after installation (if you didn't change it as part of the installation process itself). To do that, edit the Management object. This is the same process as enabling/disabling the UI.

...
spec:
  core:
    capi: {}
    kcm:
      config:
        k0rdent-ui:
          auth:
            basic:
              password: myNEWpassword
  providers:
...

Edit the value of spec.core.kcm.config.k0rdent-ui.auth.basic.password to your new password, and save the document. The new password will take effect as soon as the Management object is ready.

kubectl get management

NAME   READY   RELEASE                        AGE
kcm    True    k0rdent-enterprise-1-1-0-rc9   46m

OIDC#

As of version 1.1.0, Mirantis k0rdent Enterprise supports OIDC using Google. To set it up, follow these steps:

  1. Start by going to the Google Developer site and getting a client ID and secret.

  2. Edit the Management object:

    kubectl edit management kcm -n kcm-system

    ...
spec:
core:
  capi: {}
  kcm:
    config:
      k0rdent-ui:
        auth:
          google:
            secretKeyRef:
              name: oidc-secret
              clientIDKey: client-id
              clientSecretKey: client-secret
          basic:
            password: myNEWpassword
        nextAuth:
          secretKeyRef:
          name: nextauth-secret
          key: nextauth-secret
providers:
...

    The clientIdKey and clientSecretKey are what you got from Google, but the nextAuth secret is an arbitrary value to keep the user from being logged out when the pod is restarted.

  3. Add role bindings for the users to whom you want to grant access to the Mirantis k0rdent Enterprise UI:

    apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
    name: kcm-oidc-admin
roleRef:
    kind: ClusterRole
    name: kcm-k0rdent-enterprise-global-admin-role
    apiGroup: rbac.authorization.k8s.io
subjects:
- kind: User
    name: <user-email>
    apiGroup: rbac.authorization.k8s.io

Credentials#

Mirantis k0rdent Enterprise requires permissions to perform actions. You provide these permissions by creating Credential objects.

Infrastructure credentials#

Because Mirantis k0rdent Enterprise can work with multiple infrastructures, the Credential created will depend on the infrastructure on which the target cluster runs. You can get more information here. Create a Credential for every infrastructure on which you intend to work.

Cluster credentials#

While Mirantis k0rdent Enterprise can be used to create and manage new clusters, it can also "adopt" existing clusters. To adopt a cluster, it needs login access to the cluster via a valid KUBECONFIG, just as you would use with kubectl. To make this available to Mirantis k0rdent Enterprise, you can create a Credential that includes the KUBECONFIG. See the documentation for adopting clusters for more information.

Make the UI avaiable#

To make the UI available to users, create an Ingress that points to the k0rdent-ui-* Pod.

Alternatively, you can also create local access to the UI by following these steps:

  1. Install kubectl and set the KUBECONFIG to point to the Mirantis k0rdent Enterprise management cluster.

  2. Forward the UI Pod to the local machine:

    kubectl port-forward svc/kcm-k0rdent-ui 3000:3000 -n kcm-system

    Forwarding from 127.0.0.1:3000 -> 3000
Forwarding from [::1]:3000 -> 3000

  3. Access the UI at http://localhost:3000.

Catalog Repository#

In order to use the Addons catalog, you'll need to add the k0rdent-catalog Helm repository. To do that, create a file, such as helmrepo.yaml and add the following:

apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: k0rdent-catalog
  namespace: kcm-system  
spec:
  type: oci
  url: oci://ghcr.io/k0rdent/catalog/charts

Then add the object to your Mirantis k0rdent Enterprise management cluster:

kubectl apply -f helmrepo.yaml

helmrepository.source.toolkit.fluxcd.io/k0rdent-catalog created