Operator Dashboards

The ArangoDB Kubernetes Operator can create a dashboard for each type ofresource it supports. These dashboards are intended to give an overview ofthe created resources, their state and instructions on how to modify those resources.

The dashboards do not provide direct means to modify the resources.All modifications are done using kubectl commands (which are provided by the dashboards)so the standard security of your Kubernetes cluster is not bypassed.

Exposing the dashboards

For each resource type (deployment, deployment replication & local storage) operatora Service is created that serves the dashboard internally in the Kubernetes cluster.To expose a dashboard outside the Kubernetes cluster, run a kubecty exposecommand like this:

  1. kubectl expose service <service-name> --type=LoadBalancer \
  2. --port=8528 --target-port=8528 \
  3. --name=<your-exposed-service-name> --namespace=<the-namespace>

Replace <service-name> with:

  • arango-deployment-operator for the ArangoDeployment operator dashboard.
  • arango-deployment-replication-operator for the ArangoDeploymentReplication operator dashboard.
  • arango-storage-operator for the ArangoLocalStorage operator dashboard. (use ‘kube-system’ namespace)

Replace <the-namespace> with the name of the namespace that the operator is in.This will often be default.

This will create an additional Service of type LoadBalancer that copiesthe selector from the existing Service.If your Kubernetes cluster does not support loadbalancers,use —type=NodePort instead.

Run the following command to inspect your new service and look for theloadbalancer IP/host address (or nodeport).

  1. kubectl get service <your-exposed-service-name> --namespace=<the-namespace>

This will result in something like this:

  1. $ kubectl get service arango-storage-operator-lb --namespace=kube-system
  2. NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
  3. arango-storage-operator-lb LoadBalancer 10.103.30.24 192.168.31.11 8528:30655/TCP 1d

Authentication

While the dashboards do not provide any means to directly modify resources,they still show sensitive information (e.g. TLS certificates).Therefore the dashboards require a username+password for authentications.

The username+password pair is configured in a generic Kubernetes Secret named arangodb-operator-dashboard, found in the namespace where the operator runs.

To create such a secret, run this:

  1. kubectl create secret generic \
  2. arangodb-operator-dashboard --namespace=<the-namespace> \
  3. --from-literal=username=<username> \
  4. --from-literal=password=<password>

Until such a Secret is found, the operator will respond with a status 401to any request related to the dashboard.