docs: add quickstart guide for kcp with kind and helm #3774
Conversation
Add comprehensive documentation for deploying kcp on a kind cluster using Helm. The guide covers: - Setting up a kind cluster with port mapping - Installing cert-manager for TLS management - Deploying kcp via the official Helm chart - Creating multiple team workspaces - Generating client certificates for teams - Configuring RBAC for workspace access Fixes kcp-dev#3723 Signed-off-by: majiayu000 <[email protected]>
kcp-ci-bot
added
dco-signoff: yes
|
Hi @majiayu000. Thanks for your PR. I'm waiting for a kcp-dev member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
mjudeikis
left a comment
mjudeikis
left a comment
There was a problem hiding this comment.
good start but still missing some parts.
In addition it would be great to have this quite in 2 parts:
- helm (as is now)
- kcp-operator.
We dont need todo part2 now, but once we get this working and merged, we can create follow-up issue to update this document :)
| kcp requires cert-manager for TLS certificate management: | ||
|
|
||
| ```bash | ||
| kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml |
There was a problem hiding this comment.
1.19.2 is latest. any reason we use old one?
| Install kcp: | ||
|
|
||
| ```bash | ||
| helm upgrade --install kcp kcp/kcp \ |
There was a problem hiding this comment.
we have only few values. Can we merge values with helm command and use --set flag?
| kcpFrontProxy: | ||
| service: | ||
| type: NodePort | ||
| nodePort: 8443 |
There was a problem hiding this comment.
Are you sure this work?
~/go/src/github.com/kcp-dev/kcp @826066e1* ❯ helm upgrade --install kcp kcp/kcp \ 08:07:30
--namespace kcp \
--create-namespace \
--values kcp-values.yaml \
--wait
Release "kcp" does not exist. Installing it now.
Error: 1 error occurred:
* Service "kcp-front-proxy" is invalid: spec.ports[0].nodePort: Invalid value: 8443: provided port is not in the valid range. The range of valid ports is 30000-32767
Should nodeports be higher up? Or its might be "mac" thing. What os did you tested this on?
| Create four workspaces for different teams: | ||
|
|
||
| ```bash | ||
| kubectl ws create team-alpha --enter |
There was a problem hiding this comment.
This should fail as your kcp deployment does not have host-alias set:
328","apf_pl":"exempt","apf_fs":"exempt","apf_iseats":1,"apf_fseats":0,"apf_additionalLatency":"0s","apf_execution_time":"31.679064ms","resp":200}
{"ts":1767594287729.2998,"caller":"httplog/httplog.go:134","msg":"HTTP","v":3,"verb":"GET","URI":"/livez","latency":"2.296612ms","userAgent":"kube-probe/1.33","audit-ID":"d3763a4f-1dae-4751-8f72-7999ef2bd896","srcIP":"10.244.0.1:46340","apf_pl":"catch-all","apf_fs":"catch-all","apf_iseats":1,"apf_fseats":0,"apf_additionalLatency":"0s","apf_execution_time":"1.932382ms","resp":200}
{"ts":1767594287733.6992,"caller":"httplog/httplog.go:134","msg":"HTTP","v":3,"verb":"GET","URI":"/readyz","latency":"1.820817ms","userAgent":"kube-probe/1.33","audit-ID":"19ff54c8-c6e3-4f20-91a4-542bf9c084d6","srcIP":"10.244.0.1:46342","apf_pl":"catch-all","apf_fs":"catch-all","apf_iseats":1,"apf_fseats":0,"apf_additionalLatency":"0s","apf_execution_time":"1.566277ms","resp":200}
{"ts":1767594288377.4663,"logger":"UnhandledError","caller":"workspace/workspace_controller.go:229","msg":"Unhandled Error","err":"\"kcp-workspace\" controller failed to sync \"root|team-beta\", err: Get \"https://kcp.dev.local:443/clusters/22mycglge1n5hnl0/apis/core.kcp.io/v1alpha1/logicalclusters/cluster\": dial tcp: lookup kcp.dev.local on 10.96.0.10:53: server misbehaving"}
{"ts":1767594289389.4412,"caller":"httplog/httplog.go:134","msg":"HTTP","v":3,"verb":"PUT","URI":"/clusters/system:admin/apis/coordination.k8s.io/v1/namespaces/kube-system/lease
Basically, the pod inside does not know how to reach recursively kcp.dev.local. WE have helm values for this but it need some scripting to detect right IP of the service to use here.
kcp-ci-bot
added
release-note
|
In addition - please instruct your AI bot to follow our PR template :) it prevents all the CI jobs from running if not confogured right |
|
@mjudeikis Thanks for your review! I will fix those comments and improve my bot ! |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
kcp-ci-bot
added
dco-signoff: no
Signed-off-by: lif <[email protected]>
majiayu000
force-pushed
the
fix-3723-feature-quick-start-kind-docum-0101-2313
branch
from
2753592 to
55202c4
Compare
kcp-ci-bot
added
dco-signoff: yes
|
@mjudeikis Thanks for the detailed review! I updated the doc to use cert-manager v1.19.2, switched Helm values to --set flags, fixed NodePort to 30443, and added a hostAliases upgrade step for in-cluster kcp.dev.local resolution. I also noted that the guide currently covers Helm only (operator in follow-up). Appreciate another look when you have a chance. |
3 participants
Summary
What Type of PR Is This?
/kind documentation
Related Issue(s)
Fixes #3723
Release Notes