paralus / paralus Goto Github PK
View Code? Open in Web Editor NEWAll-in-one Kubernetes access manager. User-level credentials, RBAC, SSO, audit logs.
Home Page: https://www.paralus.io/
License: Apache License 2.0
All-in-one Kubernetes access manager. User-level credentials, RBAC, SSO, audit logs.
Home Page: https://www.paralus.io/
License: Apache License 2.0
Getting the following error if we regenerate buf files:
# github.com/RafaySystems/rcloud-base/proto/types/controller
Error: proto/types/controller/init.go:20:25: cannot use &Task{} (type *Task) as type "k8s.io/apimachinery/pkg/runtime".Object in argument to SchemeBuilder.Register:
*Task does not implement "k8s.io/apimachinery/pkg/runtime".Object (missing GetObjectKind method)
Error: proto/types/controller/init.go:20:34: cannot use &TaskList{} (type *TaskList) as type "k8s.io/apimachinery/pkg/runtime".Object in argument to SchemeBuilder.Register:
*TaskList does not implement "k8s.io/apimachinery/pkg/runtime".Object (missing GetObjectKind method)
Error: proto/types/controller/init.go:21:25: cannot use &Tasklet{} (type *Tasklet) as type "k8s.io/apimachinery/pkg/runtime".Object in argument to SchemeBuilder.Register:
*Tasklet does not implement "k8s.io/apimachinery/pkg/runtime".Object (missing GetObjectKind method)
Error: proto/types/controller/init.go:21:37: cannot use &TaskletList{} (type *TaskletList) as type "k8s.io/apimachinery/pkg/runtime".Object in argument to SchemeBuilder.Register:
*TaskletList does not implement "k8s.io/apimachinery/pkg/runtime".Object (missing GetObjectKind method)
Error: proto/types/controller/init.go:22:25: cannot use &Namespace{} (type *Namespace) as type "k8s.io/apimachinery/pkg/runtime".Object in argument to SchemeBuilder.Register:
*Namespace does not implement "k8s.io/apimachinery/pkg/runtime".Object (missing GetObjectKind method)
Error: proto/types/controller/init.go:22:39: cannot use &NamespaceList{} (type *NamespaceList) as type "k8s.io/apimachinery/pkg/runtime".Object in argument to SchemeBuilder.Register:
*NamespaceList does not implement "k8s.io/apimachinery/pkg/runtime".Object (missing GetObjectKind method)
Error: proto/types/controller/zz_generated.deepcopy.go:25:29: cannot use &out.ObjectMeta (type **"k8s.io/apimachinery/pkg/apis/meta/v1".ObjectMeta) as type *"k8s.io/apimachinery/pkg/apis/meta/v1".ObjectMeta in argument to in.ObjectMeta.DeepCopyInto
Error: proto/types/controller/zz_generated.deepcopy.go:51:3: cannot use c (type *Namespace) as type "k8s.io/apimachinery/pkg/runtime".Object in return argument:
*Namespace does not implement "k8s.io/apimachinery/pkg/runtime".Object (missing GetObjectKind method)
Error: proto/types/controller/zz_generated.deepcopy.go:91:27: cannot use &out.ListMeta (type **"k8s.io/apimachinery/pkg/apis/meta/v1".ListMeta) as type *"k8s.io/apimachinery/pkg/apis/meta/v1".ListMeta in argument to in.ListMeta.DeepCopyInto
Error: proto/types/controller/zz_generated.deepcopy.go:118:3: cannot use c (type *NamespaceList) as type "k8s.io/apimachinery/pkg/runtime".Object in return argument:
*NamespaceList does not implement "k8s.io/apimachinery/pkg/runtime".Object (missing GetObjectKind method)
Error: proto/types/controller/zz_generated.deepcopy.go:118:3: too many errors
FAIL github.com/RafaySystems/rcloud-base/pkg/service [build failed]
FAIL
Error: Process completed with exit code 2.
The documentation is terrible for leveraging the paralus APIs. The endpoint link redirects one to the github page which has no information other than swagger JSONs. I had to examine network connections to even see what APIs are called, and even then I can't figure out how to authenticate through the APIs. I needs much better documentation so I don't have to hunt through the code.
Even after I do a delete from the dashboard, and if kubectl is already open, I'm still able to perform operations on the cluster for a few minutes. Only after a while it starts throwing error. (image attached)
kubectl get pods
kubectl create ns testns
followed by a 'kubectl get ns' - you'll observe that the namespace is created as well as listing command works even though the cluster is deleted from the UI.NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
myrelease paralus 1 2022-10-14 19:08:59.321602061 +0530 IST deployed ztka-0.1.7 v0.1.6
kubectl version --output=yaml
and helm version
. Any other information that you have, eg. logs and custom values, is highly appreciated!clientVersion:
buildDate: "2022-05-03T13:46:05Z"
compiler: gc
gitCommit: 4ce5a8954017644c5420bae81d72b09b735c21f0
gitTreeState: clean
gitVersion: v1.24.0
goVersion: go1.18.1
major: "1"
minor: "24"
platform: linux/amd64
kustomizeVersion: v4.5.4
serverVersion:
buildDate: "2022-08-17T18:47:37Z"
compiler: gc
gitCommit: 95ee5ab382d64cfe6c28967f36b53970b8374491
gitTreeState: clean
gitVersion: v1.24.4
goVersion: go1.18.5
major: "1"
minor: "24"
platform: linux/amd64
Can we do something about it? Like maybe running a kubectl delete ns paralus-system
in the background as soon as the cluster is deleted from the UI.
The password reset url is incorrect after upgrading the domain name. It still shows console.paralus.local
though the domain was updated to 'paralusdemo.com`
However, it gives the correct URL when I try to get the reset url using the Password reset method (screenshot attached)
helm upgrade paralus paralus/ztka -n paralus --values https://raw.githubusercontent.com/paralus/helm-charts/main/examples/values.dev-generic.yaml --set fqdn.domain="yourdomain.com"
kubectl logs -f --namespace paralus $(kubectl get pods --namespace paralus -l app.kubernetes.io/name='paralus' -o jsonpath='{ .items[0].metadata.name }') initialize | grep 'Org Admin signup URL:'
kubectl version --output=yaml
and helm version
. Any other information that you have, eg. logs and custom values, is highly appreciated!Digital Ocean 1-Click Setup
If user logged in using SSO provider. Later any change in the groups (or any other data like user name) at provider side, won't reflect back in our system.
ORY Kratos currently has ory/kratos#2326 (comment).
You can check your version by running helm ls|grep '^<deployment-name>'
or using pctl, pctl version
, and provide the output.
kubectl version --output=yaml
and helm version
. Any other information that you have, eg. logs and custom values, is highly appreciated!nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- key: kubernetes.io/arch
operator: In
values:
- amd64
No special char. allowed & length between 4-64 characters.
if namespace has any type of special character. This produces issues as namespaces can have -
character in thempr-test
Namespace Read Only
role -> in namespace part type in pr-test
No special char. allowed & length between 4-64 characters.
kubectl version --output=yaml
and helm version
. Any other information that you have, eg. logs and custom values, is highly appreciated!Environment is running on Google Cloud GKE
kubectl version --outpout=yaml
clientVersion: buildDate: "2022-11-09T13:28:30Z" compiler: gc gitCommit: 872a965c6c6526caa949f0c6ac028ef7aff3fb78 gitTreeState: clean gitVersion: v1.25.4 goVersion: go1.19.3 major: "1" minor: "25" platform: darwin/arm64 kustomizeVersion: v4.5.7 serverVersion: buildDate: "2022-10-26T09:25:23Z" compiler: gc gitCommit: 900b919b3b8275ecb9f70a489a318b5b08a4ab9c gitTreeState: clean gitVersion: v1.23.13-gke.900 goVersion: go1.17.13b7 major: "1" minor: "23" platform: linux/amd64
helm version
version.BuildInfo{Version:"v3.8.0", GitCommit:"d14138609b01886f544b2025f5000351c9eb092e", GitTreeState:"clean", GoVersion:"go1.17.6"}
WARNING: version difference between client (1.25) and server (1.23) exceeds the supported minor version skew of +/-1`
You can check your version by running helm ls|grep '^<deployment-name>'
or using pctl, pctl version
, and provide the output.
kubectl version --output=yaml
and helm version
. Any other information that you have, eg. logs and custom values, is highly appreciated!Expected: pass buf lint
buf lint
Log: buf-lint.log
Most of them are naming convention details
Expected
Actual
You can check your version by running helm ls|grep '^<deployment-name>'
or using pctl, pctl version
, and provide the output.
kubectl version --output=yaml
and helm version
. Any other information that you have, eg. logs and custom values, is highly appreciated!Currently you can overcome this by below
helm repo add bitnami-full-index https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
update postgres repository in Chart.yaml
update contour repository in Chart.yaml
You can check your version by running helm ls|grep '^<deployment-name>'
or using pctl, pctl version
, and provide the output.
kubectl version --output=yaml
and helm version
. Any other information that you have, eg. logs and custom values, is highly appreciated!You can check your version by running helm ls|grep '^<deployment-name>'
or using pctl, pctl version
, and provide the output.
We need to have a consistent way in which we return errors.
Design still being finalized
Expected: As a user who does not have aggregated associated cluster.write permission, I should not be able to create / delete new cluste
Actual: As a project read only user ( without cluster.write ) - I am able to create / delete new cluster for import
You can check your version by running helm ls|grep '^<deployment-name>'
or using pctl, pctl version
, and provide the output.
kubectl version --output=yaml
and helm version
. Any other information that you have, eg. logs and custom values, is highly appreciated!You can check your version by running helm ls|grep '^<deployment-name>'
or using pctl, pctl version
, and provide the output.
kubectl version --output=yaml
and helm version
. Any other information that you have, eg. logs and custom values, is highly appreciated!Add support for allowing DSN string for db connection.
Currently Paralus accepts different database values like username, password, address etc. Adding DSN over these values makes configuration easy and reduce the number of variables required.
Provide all database variables dbUser
, dbPassword
, dbAddr
, dbName
ks logs -n paralus pod/paralus-689bb79dc4-zzf7t kratos-automigrate
time=2022-11-17T13:53:12Z level=info msg=No tracer configured - skipping tracing setup audience=application service_name=Ory Kratos service_version=v0.8.0-alpha.3
time=2022-11-17T13:53:12Z level=warning msg=Migrator: unable to dump schema audience=application error=map[message:exec: "pg_dump": executable file not found in $PATH] service_name=Ory Kratos service_version=v0.8.0-alpha.3
Successfully applied SQL migrations!
time=2022-11-17T13:53:12Z level=warning msg=Migrator: unable to dump schema audience=application error=map[message:exec: "pg_dump": executable file not found in $PATH] service_name=Ory Kratos service_version=v0.8.0-alpha.3
ks logs -n paralus pod/paralus-689bb79dc4-zzf7t migrate-admindb
error: Dirty database version 1. Fix and force version.
paralus=# SELECT * FROM schema_migrations;
version | dirty
---------+-------
1 | t
(1 row)
kubectl logs -f --namespace paralus $(kubectl get pods --namespace paralus -l [app.kubernetes.io/name='paralus]
(http://app.kubernetes.io/name='paralus)' -o jsonpath='{ .items[0].[metadata.name](http://metadata.name/) }') initialize | grep 'Org Admin signup URL:'
Error from server (BadRequest): container "initialize" in pod "paralus-6fb4c85d7c-s79xb" is waiting to start: PodInitializing
Any help please?
Currently there are different entrypoints for doing different paralus actions, such as Paralus initialization, db migration and starting paralus server. All of these can be combined into single tool with different sub-commands for each operation to user need to perform.
Make it more easy to run.
Currently we need to remember and run following command for different Paralus actions:
# Start Paralus core
go run main.go
# To perform Paralus initialization
go run scripts/initialize/main.go
# Start the Kratos providers synchronizer
go run scripts/kratos/providers_sync.go
# Paralus db migration
migrate -path=persistence/migrations/admindb -database $DSN up
If we do all these using single binary then commands will be something like:
# Start Paralus core
./paralus serve
# To perform Paralus initialization
./paralus init
# Start the Kratos providers synchronizer
./paralus sync oidc-providers
# Paralus db migration
./paralus migrate
Create a ROADMAP.md
file in this repo with a list of features and/or fixes we plan to implement in the future.
ztka {"level":"info","ts":"2022-09-09T14:32:13.013Z","caller":"debug/handler.go:236","msg":"unable to create completer","error":"Get "[https://dae160f0-4fab-4702-b1b3-dc3b2d23d5d5.user.app.metisint.zoo:443/api/v1/namespaces](https://dae160f0-4fab-4702-b1b3-dc3b2d23d5d5.user.app.metisint.zoo/api/v1/namespaces%5C)": x509: certificate signed by unknown authority"}
Currently the user has to provide/create a yaml
file during installation with custom values based on their requirement. Paralus will be deployed with those values. Further, there are different yaml files for different environments - EKS, AKS, GCP etc. so the user needs to supply the correct yaml file to correctly configure Paralus.
The idea is to have an interactive installation of Paralus where the user is asked for inputs for the configurable values and doesn't have to deal with yaml files at all.
For Eg. ask the following questions during installation:
Improves the user experience and makes it less complex. Currently the user needs to supply a specific yaml file or create a different one to install Paralus. With this interactive installation, user no more deals with updating values in yaml file which now will be taken care of by Paralus.
Fetch latest release from Github API and provide to the frontend for direct download.
Add few more points where we audit changes
As of now the above mentioned places are not being logged. Having these also logged gives more visibility.
None
ES is pretty heavy and is only used for audit-logs. Would be much better if we switch to PG by default for audit logs, but probably retain an option to use ES as well. This would be much more useful in POC environments.
ref: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-postgresql.html
If a user gets access to the container using kubectl exec -it pod -- bash
, we should be knowing what all the changes user is doing.
a good idea is to record the session, this has been done by the teleport project:
While editing the project (by clicking on settings icon in project card from dashboard), in auth/v3/partner/partner0/organization/org0/project/freshproj api, we are getting the deleted namespaces as well in spec.projectNamespaceRole.
Also, we aren’t the namespaces with spec.userRoles in the same project info api.
Also, in we are getting the roles which have been deleted/unchecked previously.
we might need to change the edit project api accordingly to manage namespace & role changes for user association
Kratos now parse all claims into raw_claims. OIDC provider that returns groups information in claims can be directly mapped to groups in Paralus.
OIDC providers mapper files: https://github.com/paralus/paralus/tree/main/_kratos/oidc-mappers
As of now, we for audit logs like project.updated.success
, we are only storing just the id and the name of the changed project. We had a suggestion to add in more information on what exactly got updated. It would be useful to get more info available in these.
None
Paralus looks like a sophisticated piece of software, I am looking into ways on how to connect all our clusters with different providers to our OIDC IDP. I see all the features of Paralus, but many are IDP related, so what will I miss when using kubelogin with a powerful IDP
http://console.paralus.local
. But its not loading. Im using M1 Mac Air system.http://console.paralus.local
You can check your version by running helm ls|grep '^<deployment-name>'
or using pctl, pctl version
, and provide the output.
APP VERSION
v0.1.3
kubectl version --output=yaml
and helm version
. Any other information that you have, eg. logs and custom values, is highly appreciated!kubectl version --output=yaml
clientVersion:
buildDate: "2021-12-16T08:38:33Z"
compiler: gc
gitCommit: 5c99e2ac2ff9a3c549d9ca665e7bc05a3e18f07e
gitTreeState: clean
gitVersion: v1.22.5
goVersion: go1.16.12
major: "1"
minor: "22"
platform: darwin/arm64
serverVersion:
buildDate: "2022-05-19T15:42:59Z"
compiler: gc
gitCommit: 4ce5a8954017644c5420bae81d72b09b735c21f0
gitTreeState: clean
gitVersion: v1.24.0
goVersion: go1.18.1
major: "1"
minor: "24"
platform: linux/arm64
WARNING: version difference between client (1.22) and server (1.24) exceeds the supported minor version skew of +/-1
helm version
Need an architecture diagram
Why is this needed?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.