kubevela
/
kubevela.github.io
mirror of https://github.com/kubevela/kubevela.github.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Feat: add some documents about the user and RBAC 

Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
This commit is contained in:
barnettZQG 2022-04-13 17:12:05 +08:00
parent 5b72c29cdf
commit 19b2e4d7cc
39 changed files with 899 additions and 175 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/how-to/dashboard/application/get-application-log.md
View File

@ -3,15 +3,11 @@ title: View Application Logs
description: View an application log by KubeVela dashboard
---
![pod log](https://static.kubevela.net/images/1.3/pod-log.jpg)
You can view the logs of application in the environment tab.
Click the icon in the `Action` column, you'll see the running logs for pod.
![pod log](../../../resources/pod-log.jpg)
![pod log](../../../resources/log-show.jpg)
By default, the logs will refresh every 5s. If your logs didn't have timestamp, you can click the `Show timestamps` to see.
### Next Step

30
docs/how-to/dashboard/user/project.md Normal file
View File

@ -0,0 +1,30 @@
---
title: Project management
---
Projects provide a logical grouping of applications、environments and targets, which is useful when VelaUX is used by multiple teams. Projects provide the following features:
* restrict where apps may be deployed to (target clusters and namespaces), we plan to support setting resource limits for the target.
* restrict what Integrations can be use(trusted Helm repositories, docker registry or cloud provider)
* defining project roles to provide application RBAC.
* restrict what kinds of objects or component definitions may or may not be deployed(TODO)
## The Default Project
Once installed VelaUX has one default project with name `Default`, and owner by admin user. At the same time, the default target and environment are also generated by default and bound in the project.
## Creating Projects
Users with project management rights can go to `Platform/Projects` pagein this page you could create and delete project.
![project-list](https://static.kubevela.net/images/1.3/project-list.jpg)
Click the `New Project` button, you can open the drawer page for creating a project. Each project should set a name and owner, the owner user can auto grant the project admin role after the project is created.
## Updating Projects
Project owner, alias, and description information support updating. Click the project name and go to the project detail page, you can manage the members and roles in this project.
## Deleting Projects
If there are applications and environments in a project, it can not be deleted. you must delete applications, environments, and targets in the project that you want to delete.

62
docs/how-to/dashboard/user/rbac.md Normal file
View File

@ -0,0 +1,62 @@
---
title: RBAC
---
The RBAC feature enabled restriction of access to VelaUX resources. The UI and API could strict permission verification. We designed platform-scope roles and project-scope roles, Each role can be bound to a set of permission policies, and users can obtain corresponding permissions when they are bound to the role.
## Built-in permission policies
A permission policy consists of resources、action and effect, there are some built-in permission policies, including:
```
* Cluster Management resource:[cluster:*/*] action:* effect:allow scope:platform
* Project Management resource:[project:*] action:* effect:allow scope:platform
* Addon Management resource:[addon:*,addonRegistry:*] action:* effect:allow scope:platform
* Target Management resource:[target:*,cluster:*/namespace:*] action:* effect:allow scope:platform
* User Management resource:[user:*] action:* effect:allow scope:platform
* Platform Role Management resource:[role:*, permission:*] action:* effect:allow scope:platform
* Admin resource:[*:*] action:* effect:allow scope:platform
* Project Read resource:[project:{projectName}] action:detail effect:allow scope:project
* App Management resource:[project:{projectName}/application:*/*, definition:* ] action:* effect:allow scope:platform
* Environment Management resource:[project:{projectName}/environment:*] action:* effect:allow scope:platform
* Role Management resource:[project:{projectName}/role:*,project:{projectName}/projectUser:*,project:{projectName}/permission:*] action:* effect:allow scope:project)
```
Currently, built-in permission policies cover all resources. It is conceivable that these permissions can be flexibly customized, we will provide the API and UI page to manage the custom permission.
## Built-in roles
A role consists of a role name and the set of permissions it contains, we have built in some common roles:
* Adminplatform scope roleinclude the `Admin` permissionthat all operation rights of all resources。
* App Developerproject scope roleinclude permissions required for app development.
* Project Adminproject scope roleincluding administrative rights for all resources under the project.
## Custom roles
You can customize the list of roles for a platform or project based on your business or team needs.
### platform scope role
Go to `Platform/Roles` pageyou can get all platform-scope roles。
![role list](https://static.kubevela.net/images/1.3/role-dashboard.jpg)
Click the `New Role` button, you can open the drawer page for creating a role, you should input some required info, such as the role's name, alias and permissions. Click the `Create` button then complete.
### project scope role
First you need to go to the project details page, If users with project list query permission can enter through the project list, If not, you can enter through the application detail page.
![role list](https://static.kubevela.net/images/1.3/project-dashboard.jpg)
Switch to the role management page on the project details page to add or modify role information under the project.
![role list](https://static.kubevela.net/images/1.3/project-role.jpg)
## User bound role
* Platform-scope roles need to be bound to users on the user management page. One user can be bound to multiple platform-scope roles.
* Project-scope roles need to be set in the project member management page, and roles need to be bound when users are added to the project, or modify the existing users' roles.

40
docs/how-to/dashboard/user/user.md Normal file
View File

@ -0,0 +1,40 @@
---
title: User management
---
Once installed VelaUX has one built-in `admin` user that has full access to the system. it is recommended to use this user only for initial configuration and then create new user or configure SSO integration.
## Local users/accounts
The local users/accounts feature serves two main use-cases:
* For the restful API usersit is possible to configure an API account with limited permissions and generate an authentication token. users can use token to communicate with the API to create applications, etc.
* For a very small team where use of SSO integration might be considered an overkill. There could only use local users to authentication.
### Get full users list
If login user have list users permission, he could switch to the `Platform/Users` page and get full users list.
![user list](https://static.kubevela.net/images/1.3/user-dashboard.jpg)
As shown in the picture above there are user's name、alias, and platform roles in tables. we will record the user's last login time and show it.
### Creating users
Click the `New User` button, you can open the drawer page for creating a user. you should input some required info, such as the user's name、email, and password. Click the `Create` button then complete.
### Enable/disable users
You can click the disable or enable button, it could set the user's status. If a user is disabled, this user can not login.
### Reset user's password
You can click the reset password button and input a new password then commit it.
### Updating users
For existing users supports updating alias and platform role information. If a user has an empty email, support set a new email.
## SSO
SSO is our recommended way, please refer to [SSO login](../../../tutorials/sso) document.

2
docs/quick-start.md
View File

@ -26,6 +26,8 @@ After install VelaUX, you need to log in. Default username is "admin" and you ca
vela logs -n vela-system --name apiserver addon-velaux | grep "initialized admin username"
```
If there is no password in logs, you can get it from secret with the name `admin` in the `vela-system` namespace.
![](./resources/login.png)
## Choosing deployment type and Environment

52
i18n/zh/docusaurus-plugin-content-docs/current.json
View File

@ -1,6 +1,6 @@
{
"version.label": {
"message": "Next",
"message": "next",
"description": "The label for version current"
},
"sidebar.docs.category.Getting Started": {
@ -187,18 +187,46 @@
"message": "操作手册",
"description": "CLI 和 Dashboard 的操作指导手册"
},
"sidebar.docs.category.Manage application": {
"sidebar.docs.category.Manage applications": {
"message": "应用管理",
"description": "通过 Dashboard 对应用的管理操作说明"
},
"sidebar.docs.category.Manage traits": {
"message": "运维特征管理",
"description": "通过 Dashboard 对应用的运维特征管理操作说明"
},
"sidebar.docs.category.Manage workflows": {
"message": "工作流管理",
"description": "通过 Dashboard 对应用的工作流管理操作说明"
},
"sidebar.docs.category.Manage triggers": {
"message": "触发器管理",
"description": "通过 Dashboard 对应用触发器的管理操作说明"
},
"sidebar.docs.category.Manage integration configs": {
"message": "集成配置管理",
"description": "外部系统集成相关配置的管理说明"
},
"sidebar.docs.category.Manage resource": {
"message": "资源管理",
"description": "管理集群和交付目标等资源"
},
"sidebar.docs.category.Built-in Addons": {
"message": "内置插件包",
"description": "内置插件包说明"
"message": "内置插件",
"description": "内置插件说明"
},
"sidebar.docs.category.Cloud Resources": {
"message": "云资源",
"description": "云资源"
},
"sidebar.docs.category.Supported Cloud Resource": {
"message": "支持的云资源",
"description": "支持的云资源列表"
},
"sidebar.docs.category.Built-in Component Type": {
"message": "内置组件",
"description": "内置组件列表"
},
"sidebar.docs.category.Built-in Trait Type": {
"message": "内置运维特征",
"description": "内置运维特征列表"
@ -210,21 +238,5 @@
"sidebar.docs.category.Custom Addons": {
"message": "自定义插件",
"description": "自定义插件"
},
"sidebar.docs.category.Deploy Components": {
"message": "部署组件",
"description": "部署组件"
},
"sidebar.docs.category.Vela-Core": {
"message": "开放应用引擎KubeVela",
"description": "开放应用引擎 KubeVela Core"
},
"sidebar.docs.category.VelaUX": {
"message": "应用托管平台VelaUX",
"description": "应用托管平台VelaUX"
},
"sidebar.docs.category.Basics": {
"message": "基础内容",
"description": "基础内容"
}
}

20
i18n/zh/docusaurus-plugin-content-docs/current/how-to/cli/addon/addon.md
View File

@ -1,12 +1,12 @@
---
title: 安装插件
title: 安装插件
---
你可以通过安装 KubeVela 的插件Addon获取更多的系统功能。
你可以通过安装 KubeVela 的插件Addon获取更多的系统功能。
## 查看所有插件
## 查看所有插件
KubeVela 官方团队维护了一个默认的插件仓库 (https://addons.kubevela.net) ,默认情况下会从这个仓库实时发现.
KubeVela 官方团队维护了一个默认的插件仓库 (https://addons.kubevela.net) ,默认情况下会从这个仓库实时发现
```shell
@ -21,7 +21,7 @@ terraform-alibaba Kubernetes Terraform Controller for Alibaba Cloud
terraform-azure Kubernetes Terraform Controller for Azure disabled
```
## 安装插件
## 安装插件
```
$ vela addon enable fluxcd
@ -35,23 +35,23 @@ I0111 21:45:25.660129 89345 apply.go:106] "creating object" name="component-ui
Addon: fluxcd enabled Successfully.
```
安装完成后,插件中的功能会以组件,运维特征,工作流步骤等形式呈现,你可以通过 `vela component``vela trait` 等命令查看新增的能力,也可以在[插件的参考文档](../../../reference/addons/overview)中查看每个官方插件对应的能力.
安装完成后,插件中的功能会以组件,运维特征,工作流步骤等形式呈现,你可以通过 `vela component``vela trait` 等命令查看新增的能力,也可以在[插件的参考文档](../../../reference/addons/overview)中查看每个官方插件对应的能力.
## 删除/卸载已安装的插件
## 删除/卸载已安装的插件
> 删除前请确认插件对应的能力没有被任何应用使用。
> 删除前请确认插件对应的能力没有被任何应用使用。
```
$ vela addon disable fluxcd
Successfully disable addon:fluxcd
```
## 查看插件的下载仓库
## 查看插件的下载仓库
```
$ vela addon registry list
Name Type URL
KubeVela OSS https://addons.kubevela.net
KubeVela helm https://addons.kubevela.net
```
KubeVela 社区在 Github 上维护了一个官方的[正式插件包仓库](https://github.com/oam-dev/catalog/tree/master/addons) 和一个[试验阶段插件包仓库](https://github.com/oam-dev/catalog/tree/master/experimental) 。你在相应的仓库中找到插件包的定义文件。

22
i18n/zh/docusaurus-plugin-content-docs/current/how-to/dashboard/addon/overview.md
View File

@ -1,13 +1,13 @@
---
title: 管理插件
title: 管理插件
---
你可以在 VelaUX 的 Addon 页面管理平台插件,以获取更多的系统功能。
你可以在 VelaUX 的 Addon 页面管理平台插件,以获取更多的系统功能。
![alt](../../../resources/addon-list.jpg)
## 启用/停用插件 (Enable/Disable Addon)
## 启用/停用插件 (Enable/Disable Addon)
如下图所示,在某个插件页面点击 `Enable` 启用一个插件
如下图所示,在某个插件页面点击 `Enable` 启用一个插件
![alt](../../../resources/addon.jpg)
@ -15,23 +15,23 @@ title: 管理插件包
![alt](../../../resources/addon-dependency.jpg)
有些复杂的插件需要设置一些参数才能启用,如下图所示。
有些复杂的插件需要设置一些参数才能启用,如下图所示。
![alt](../../../resources/addon-parameter.jpg)
通过点击插件页面的 `Disable` 停用一个插件
> 停用前请确认插件对应的能力没有被任何应用所使用。
> 停用前请确认插件对应的能力没有被任何应用所使用。
你也可以通过点击页面的 `Upgrade` 来更新插件
你也可以通过点击页面的 `Upgrade` 来更新插件。
## 多集群环境中启用插件
## 多集群环境中启用插件
如果你的环境中添加了若干个子集群,启用插件时会在管控集群和所有子集群中均安装此插件包。但如果你的子集群在插件包启用之后,加入环境当中,则需要通过更新操作,让此插件包在子集群中生效
如果插件的部署目标设置为子集群部署,在启用插件时首先需要选择你希望启用的集群。如果插件启用完成后又新增了集群,你需要增加选择新的集群然后更新插件即可
## 插件仓库 (Addon Registry)
## 插件仓库 (Addon Registry)
插件仓库是一个存储、发现和下载插件的地方。 插件仓库的地址可以是一个 Git 仓库或者一个对象存储 Bucket。
插件仓库是一个存储、发现和下载插件的地方。 插件仓库的地址可以是一个 Git 仓库或者一个对象存储 Bucket。
KubeVela 社区在 Github 上维护了一个官方的[正式插件仓库](https://github.com/oam-dev/catalog/tree/master/addons) 和一个[试验阶段插件仓库](https://github.com/oam-dev/catalog/tree/master/experimental) 。

8
i18n/zh/docusaurus-plugin-content-docs/current/how-to/dashboard/application/get-application-log.md
View File

@ -1,13 +1,11 @@
---
title: 查看应用运行日志
description: 通过查看应用的运行日志是排查故障的最直接方式
description: 通过查看应用的运行日志是排查故障的最直接方式
---
![pod log](../../../resources/pod-log.jpg)
![pod log](https://static.kubevela.net/images/1.3/pod-log.jpg)
如上图所示,交付到 Kubernetes 集群的应用支持查询容器运行日志,通过展开实例信息,点击容器列表 Actions 列下的日志按钮,即可查询该容器的运行日志。
![pod log](../../../resources/log-show.jpg)
如上图所示,交付到 Kubernetes 集群的应用支持查询容器运行日志,切换到指定环境视图下,选择日志页面,即可通过组件/实例/容器的筛选查看对应的运行日志。
日志查询页面默认为每 5 秒自动刷新,查看最新的日志。若你的应用日志中没有时间信息,可点击 `Show timestamps` 展示日志记录时间。

5
i18n/zh/docusaurus-plugin-content-docs/current/how-to/dashboard/cluster/connect-cluster.md
View File

@ -1,5 +0,0 @@
---
title: Connect a kubernetes cluster
---
We support connect and detach the kubernetes cluster.

5
i18n/zh/docusaurus-plugin-content-docs/current/how-to/dashboard/cluster/detach-cluster.md
View File

@ -1,5 +0,0 @@
---
title: Detach a kubernetes cluster
---
We support connect and detach the kubernetes cluster.

5
i18n/zh/docusaurus-plugin-content-docs/current/how-to/dashboard/cluster/edit-cluster.md
View File

@ -1,5 +0,0 @@
---
title: Edit metadata of kubernetes cluster
---
We support connect and detach the kubernetes cluster.

3
i18n/zh/docusaurus-plugin-content-docs/current/how-to/dashboard/cluster/overview.md
View File

@ -1,3 +0,0 @@
---
title: Overview
---

5
i18n/zh/docusaurus-plugin-content-docs/current/how-to/dashboard/cluster/set-cluster-dashboard.md
View File

@ -1,5 +0,0 @@
---
title: Set cluster dashboard
---
We support connect and detach the kubernetes cluster.

30
i18n/zh/docusaurus-plugin-content-docs/current/how-to/dashboard/user/project.md Normal file
View File

@ -0,0 +1,30 @@
---
title: 项目管理
---
项目提供了应用、环境和资源的逻辑分组它适用于多个团队或项目组使用VelaUX的场景他具有以下能力设定
* 限制应用部署的目标,即哪些集群的哪些命名空间,未来我们将支持为交付目标设置资源限额。
* 限制可用的集成配置,包括镜像仓库、制品仓库、云服务授权等。
* 限制不同的用户的管理权限。
* 限制可使用的组件类型和可部署的资源类型(计划中)。
## 默认项目
VelaUX 安装后会默认生成一个`Default`的项目空间,授权给管理员用户。同时也默认生成了默认交付目标和环境绑定在该项目中。
## 创建项目
具有项目管理权限的用户可查看到 `Platform/Projects` 页面,进入该页面即可创建项目。
![project-list](https://static.kubevela.net/images/1.3/project-list.jpg)
点击右上方的`创建项目` 按钮即可进入项目创建页面,每一个项目需要设置一个负责人,项目创建后负责人自动授予项目管理员角色。
## 编辑项目
项目负责人、别名和描述信息支持更新编辑。点击项目名称进入项目详情页后可继续管理项目下的成员、角色和应用。
## 删除项目
当项目下存在应用等资源时不能删除,如需删除一个项目,需要先删除项目下的应用、环境、交付目标等资源。

62
i18n/zh/docusaurus-plugin-content-docs/current/how-to/dashboard/user/rbac.md Normal file
View File

@ -0,0 +1,62 @@
---
title: RBAC 授权
---
RBAC 功能可以限制对 VelaUX 资源的访问。 VelaUX 的 UI 和 API 都会进行严格的权限校验。我们设计了平台级角色和项目级角色,每一个角色可绑定一组权限策略,用户绑定到角色即获取对应的权限。
## 内置权限策略
一个权限策略核心由资源+动作+控制策略组成,我们目前内置了部分权限策略,包括:
```
* Cluster Management resource:[cluster:*/*] action:* effect:allow scope:platform
* Project Management resource:[project:*] action:* effect:allow scope:platform
* Addon Management resource:[addon:*,addonRegistry:*] action:* effect:allow scope:platform
* Target Management resource:[target:*,cluster:*/namespace:*] action:* effect:allow scope:platform
* User Management resource:[user:*] action:* effect:allow scope:platform
* Platform Role Management resource:[role:*, permission:*] action:* effect:allow scope:platform
* Admin resource:[*:*] action:* effect:allow scope:platform
* Project Read resource:[project:{projectName}] action:detail effect:allow scope:project
* App Management resource:[project:{projectName}/application:*/*, definition:* ] action:* effect:allow scope:platform
* Environment Management resource:[project:{projectName}/environment:*] action:* effect:allow scope:platform
* Role Management resource:[project:{projectName}/role:*,project:{projectName}/projectUser:*,project:{projectName}/permission:*] action:* effect:allow scope:project)
```
目前提供的默认权限定义覆盖了所有的资源,可想而知的是,这些权限都可以灵活的自定义,后续根据需要提供对应的 API 和管理页面。
## 内置角色
角色由角色名称和包含的权限集组成,我们内置了一些常用角色:
* Admin系统级角色包含 Admin 权限,即所有资源的所有操作权。
* App Developer项目级角色包括应用开发所需的权限。
* Project Admin项目级角色包括项目下所有资源的管理权限。
## 自定义角色
你可以根据企业或团队需求自定义平台或项目的角色列表。
### 平台角色
进入 Platform/Roles 页面,即可查询和管理平台级角色。
![role list](https://static.kubevela.net/images/1.3/role-dashboard.jpg)
点击右上方的 `添加角色` 按钮即可进入添加页面,填写角色名称选择包含的权限即可。
### 项目角色
首先需要进入项目的详情页面,如果有项目列表查询权限的用户可通过项目列表进入,如果没有列表查询权限的用户可通过应用页面中所属项目入口进入到项目详情页面。
![role list](https://static.kubevela.net/images/1.3/project-dashboard.jpg)
在项目详情页面中切换到角色管理页面,即可添加或修改项目下的角色信息。
![role list](https://static.kubevela.net/images/1.3/project-role.jpg)
## 用户绑定角色
* 平台级角色需要在用户管理页面中进行用户绑定,一个用户可绑定多个平台级角色。
* 项目级角色需要在项目详情页/成员管理中进行设置,需要将用户添加到项目时进行角色绑定,或修改已有用户的角色。

40
i18n/zh/docusaurus-plugin-content-docs/current/how-to/dashboard/user/user.md Normal file
View File

@ -0,0 +1,40 @@
---
title: 用户管理
---
VelaUX 安装后有一个内置的管理员用户,可以完全访问系统。建议仅使用管理员用户进行初始配置,然后切换到本地用户或配置 SSO 集成。
## 本地用户管理
本地用户管理和认证能力适用于以下两种场景:
* Restful API 用户,通过分配本地用户以及为其授权,使用账号信息进行认证获取 API 通信 Token。
* 小团队用户,使用单点登录是一个额外的负担,直接使用本地用户认证即可。
### 查看用户列表
具有用户查询权限的用户可以切换到 Platform/Users 页面下,查看所有用户信息。
![user list](https://static.kubevela.net/images/1.3/user-dashboard.jpg)
如上图所示,本地用户列表中展示用户名称、别名、平台级角色,邮箱等基础信息,同时我们会记录用户的上一次登录时间。
### 创建用户
点击右上方的 `新增用户` 按钮即可进入创建用户弹窗页,填写必要的用户信息后即可完成添加。
### 启用/禁用用户
在用户列表中可以点击 禁用/启用 按钮实现对用户的控制,禁用后的用户无法进行登录。
### 重置用户密码
在用户列表中可以点击 重置密码 按钮,然后输入新的秘密提交即可完成修改。
### 更新用户信息
已存在用户支持更新别名、平台角色信息,如果用户邮箱为空,可进行更新设置。
## 单点登录
单点登录是我们建议的方式,请参考 [单点登录](../../../tutorials/sso) 指导文档。

19
i18n/zh/docusaurus-plugin-content-docs/current/quick-start.md
View File

@ -25,25 +25,26 @@ title: 交付第一个应用
正常安装 VelaUX 后你需要登陆。默认账号为admin通过以下方式获取密码
```shell
# 首次安装时获取
vela logs -n vela-system --name apiserver addon-velaux | grep "initialized admin username"
```
如果日志中已不存在信息,可查询 `vela-system` 命名空间下的 `admin` 名称的 Secret。
## 选择应用的部署类型/规划应用部署环境
你进入的第一个页面即应用交付管理页面。
你进入的第一个页面即应用交付管理页面,在该页面中你可以查看到有权查看的所有应用列表。管理员初次进入时你可以看到一个只读的 `addon-velaux` 应用它是VelaUX addon的运行应用我们仅能进行运行数据观测
![](./resources/dashboard.png)
![dashboard](https://static.kubevela.net/images/1.3/dashboard.jpg)
然后点击右上角的 `New Application` 按钮开始创建应用,按照 UI 提示填写以下四个维度的信息:
- 应用的名称等基础信息;
<!-- - 选择所属的项目,我们已为你自动生成了默认项目,你也可以点击 `New` 进行创建; -->
- 选择所属的项目,我们已为你自动生成了默认项目,你也可以点击 `New` 进行创建;
- 选择应用的部署类型,本例中我们选择 `webservice` 类型,部署无状态服务,请注意,企业大多数业务应用都可以直接使用该类型进行部署。
- 规划应用交付的环境,我们选择基于默认 `Default` 交付目标创建的默认 `Default` 环境;
![](./resources/new-first-vela-app.jpg)
<!-- TODO v1.2 更新截图,去掉 Proejct -->
![new-app](https://static.kubevela.net/images/1.3/new-app.jpg)
## 设置应用的部署参数
@ -61,14 +62,10 @@ vela logs -n vela-system --name apiserver addon-velaux | grep "initialized admin
## 执行环境的部署
直接点击页面右上方的部署按钮。工作流执行完成后刷新应用实例列表即可查看到已经部署完成的实例
直接点击页面右上方的部署按钮。工作流执行完成后刷新应用部署状态页面即可查看到该应用交付的资源清单和组件状态。切换到实例页面可查询到该应用生成的实例信息
![](./resources/succeed-first-vela-app.jpg)
在部署的过程中,你可以点击 `Check the details` 来查看应用的相关状态信息:
![](./resources/status-first-vela-app.jpg)
## 应用删除
体验完成后如何你需要删除部署的应用,你需要进行如下操作:

238
i18n/zh/docusaurus-plugin-content-docs/version-v1.3.json Normal file
View File

@ -0,0 +1,238 @@
{
"version.label": {
"message": "v1.3",
"description": "The label for version current"
},
"sidebar.docs.category.Getting Started": {
"message": "快速开始",
"description": "The label for category Getting Started in sidebar docs"
},
"sidebar.docs.category.Core Concepts": {
"message": "核心概念",
"description": "The label for Core Concepts in sidebar docs"
},
"sidebar.docs.category.Learning CUE": {
"message": "CUE 语言",
"description": "The label for category Learning CUE in sidebar docs"
},
"sidebar.docs.category.Helm": {
"message": "Helm",
"description": "The label for category Helm in sidebar docs"
},
"sidebar.docs.category.Raw Template": {
"message": "Raw Template",
"description": "The label for category Raw Template in sidebar docs"
},
"sidebar.docs.category.Traits System": {
"message": "运维特征系统",
"description": "The label for category Traits System in sidebar docs"
},
"sidebar.docs.category.Defining Cloud Service": {
"message": "定义 Cloud Service",
"description": "The label for category Defining Cloud Service in sidebar docs"
},
"sidebar.docs.category.Hands-on Lab": {
"message": "实践实验室",
"description": "The label for category Hands-on Lab in sidebar docs"
},
"sidebar.docs.category.Appfile": {
"message": "Appfile",
"description": "The label for category Appfile in sidebar docs"
},
"sidebar.docs.category.Roadmap": {
"message": "路线规划",
"description": "KubeVela 未来的发展计划"
},
"sidebar.docs.category.Application Deployment": {
"message": "Application Deployment",
"description": "The label for category Application Deployment in sidebar docs"
},
"sidebar.docs.category.More Operations": {
"message": "更多操作",
"description": "The label for category More Operations in sidebar docs"
},
"sidebar.docs.category.Platform Operation Guide": {
"message": "Platform Operation Guide",
"description": "The label for category Platform Operation Guide in sidebar docs"
},
"sidebar.docs.category.Using KubeVela CLI": {
"message": "使用命令行工具",
"description": "The label for category Using KubeVela CLI in sidebar docs"
},
"sidebar.docs.category.Managing Applications": {
"message": "管理应用",
"description": "The label for category Managing Applications in sidebar docs"
},
"sidebar.docs.category.References": {
"message": "参考",
"description": "The label for category References in sidebar docs"
},
"sidebar.docs.category.Learning OAM": {
"message": "开放应用模型",
"description": "The label for category Learning OAM in sidebar docs"
},
"sidebar.docs.category.Environment System": {
"message": "交付环境系统",
"description": "The label for category Environment System in sidebar docs"
},
"sidebar.docs.category.Designing Workflow": {
"message": "设计交付工作流",
"description": "The label for category Workflow End User in sidebar docs"
},
"sidebar.docs.category.Install": {
"message": "安装",
"description": "The label for category Install in sidebar docs"
},
"sidebar.docs.doc.Deliver First Application": {
"message": "交付第一个应用",
"description": "The label for doc deliver-first-app in sidebar docs"
},
"sidebar.docs.category.Continuous Delivery": {
"message": "持续交付",
"description": "The label for category Continuous Delivery in sidebar docs"
},
"sidebar.docs.category.Manage Your Application": {
"message": "管理你的应用",
"description": "The label for category Manage Your Application in sidebar docs"
},
"sidebar.docs.category.Workflow System": {
"message": "工作流系统",
"description": "The label for category Workflow System in sidebar docs"
},
"sidebar.docs.category.System Operation": {
"message": "系统运维",
"description": "The label for category System Operation in sidebar docs"
},
"sidebar.docs.category.Customize Traits": {
"message": "自定义运维特征",
"description": "The label for category Customize Traits in sidebar docs"
},
"sidebar.docs.category.Customize Components": {
"message": "自定义组件",
"description": "The label for category Customize Traits in sidebar docs"
},
"sidebar.docs.category.CLI": {
"message": "CLI 命令行",
"description": "The label for category CLI in sidebar docs"
},
"sidebar.docs.category.Capabilities": {
"message": "Capabilities",
"description": "The label for category Capabilities in sidebar docs"
},
"sidebar.docs.category.Appendix": {
"message": "附录",
"description": "The label for category Appendix in sidebar docs"
},
"sidebar.docs.category.Component System": {
"message": "组件系统",
"description": "The label for category Component System in sidebar docs"
},
"sidebar.docs.category.Vela CLI Manuals": {
"message": "Vela CLI 手册",
"description": "The label for category Vela CLI Manuals in sidebar docs"
},
"sidebar.docs.category.Deploying Components": {
"message": "选择待交付组件",
"description": "The label for category Components in sidebar docs"
},
"sidebar.docs.category.Attaching Traits": {
"message": "绑定运维特征",
"description": "The label for category Traits in sidebar docs"
},
"sidebar.docs.category.Defining Policies": {
"message": "设定应用策略",
"description": "The label for category Policies in sidebar docs"
},
"sidebar.docs.category.Best Practices": {
"message": "最佳实践",
"description": "The label for category case studies in sidebar docs"
},
"sidebar.docs.category.Observability": {
"message": "新增可观测性",
"description": "The label for category Observability in sidebar docs"
},
"sidebar.docs.category.Scaling": {
"message": "扩缩容",
"description": "The label for category Scaler in sidebar docs"
},
"sidebar.docs.category.Debugging": {
"message": "调试指南",
"description": "The label for category Debugging in sidebar docs"
},
"sidebar.docs.category.Extension": {
"message": "平台扩展",
"description": "平台扩展参考文档"
},
"sidebar.docs.category.Simple Template": {
"message": "Simple Template",
"description": "The label for category Simple Template in sidebar docs"
},
"sidebar.docs.category.Cloud Services": {
"message": "云服务组件",
"description": "The label for category Cloud Services in sidebar docs"
},
"sidebar.docs.category.CUE": {
"message": "CUE 组件",
"description": "The label for category CUE Components in sidebar docs"
},
"sidebar.docs.category.Addons": {
"message": "插件系统",
"description": "The extended add-ons"
},
"sidebar.docs.category.Tutorials": {
"message": "实践教程",
"description": "KubeVela 实践教程"
},
"sidebar.docs.category.How-to Guides": {
"message": "操作手册",
"description": "CLI 和 Dashboard 的操作指导手册"
},
"sidebar.docs.category.Manage applications": {
"message": "应用管理",
"description": "通过 Dashboard 对应用的管理操作说明"
},
"sidebar.docs.category.Manage traits": {
"message": "运维特征管理",
"description": "通过 Dashboard 对应用的运维特征管理操作说明"
},
"sidebar.docs.category.Manage workflows": {
"message": "工作流管理",
"description": "通过 Dashboard 对应用的工作流管理操作说明"
},
"sidebar.docs.category.Manage triggers": {
"message": "触发器管理",
"description": "通过 Dashboard 对应用触发器的管理操作说明"
},
"sidebar.docs.category.Manage integration configs": {
"message": "集成配置管理",
"description": "外部系统集成相关配置的管理说明"
},
"sidebar.docs.category.Built-in Addons": {
"message": "内置插件",
"description": "内置插件说明"
},
"sidebar.docs.category.Cloud Resources": {
"message": "云资源",
"description": "云资源"
},
"sidebar.docs.category.Supported Cloud Resource": {
"message": "支持的云资源",
"description": "支持的云资源列表"
},
"sidebar.docs.category.Built-in Component Type": {
"message": "内置组件",
"description": "内置组件列表"
},
"sidebar.docs.category.Built-in Trait Type": {
"message": "内置运维特征",
"description": "内置运维特征列表"
},
"sidebar.docs.category.Built-in Policy Type": {
"message": "内置策略",
"description": "内置策略列表"
},
"sidebar.docs.category.Custom Addons": {
"message": "自定义插件",
"description": "自定义插件"
}
}

20
i18n/zh/docusaurus-plugin-content-docs/version-v1.3/how-to/cli/addon/addon.md
View File

@ -1,12 +1,12 @@
---
title: 安装插件
title: 安装插件
---
你可以通过安装 KubeVela 的插件Addon获取更多的系统功能。
你可以通过安装 KubeVela 的插件Addon获取更多的系统功能。
## 查看所有插件
## 查看所有插件
KubeVela 官方团队维护了一个默认的插件仓库 (https://addons.kubevela.net) ,默认情况下会从这个仓库实时发现.
KubeVela 官方团队维护了一个默认的插件仓库 (https://addons.kubevela.net) ,默认情况下会从这个仓库实时发现
```shell
@ -21,7 +21,7 @@ terraform-alibaba Kubernetes Terraform Controller for Alibaba Cloud
terraform-azure Kubernetes Terraform Controller for Azure disabled
```
## 安装插件
## 安装插件
```
$ vela addon enable fluxcd
@ -35,23 +35,23 @@ I0111 21:45:25.660129 89345 apply.go:106] "creating object" name="component-ui
Addon: fluxcd enabled Successfully.
```
安装完成后,插件中的功能会以组件,运维特征,工作流步骤等形式呈现,你可以通过 `vela component``vela trait` 等命令查看新增的能力,也可以在[插件的参考文档](../../../reference/addons/overview)中查看每个官方插件对应的能力.
安装完成后,插件中的功能会以组件,运维特征,工作流步骤等形式呈现,你可以通过 `vela component``vela trait` 等命令查看新增的能力,也可以在[插件的参考文档](../../../reference/addons/overview)中查看每个官方插件对应的能力.
## 删除/卸载已安装的插件
## 删除/卸载已安装的插件
> 删除前请确认插件对应的能力没有被任何应用使用。
> 删除前请确认插件对应的能力没有被任何应用使用。
```
$ vela addon disable fluxcd
Successfully disable addon:fluxcd
```
## 查看插件的下载仓库
## 查看插件的下载仓库
```
$ vela addon registry list
Name Type URL
KubeVela OSS https://addons.kubevela.net
KubeVela helm https://addons.kubevela.net
```
KubeVela 社区在 Github 上维护了一个官方的[正式插件包仓库](https://github.com/oam-dev/catalog/tree/master/addons) 和一个[试验阶段插件包仓库](https://github.com/oam-dev/catalog/tree/master/experimental) 。你在相应的仓库中找到插件包的定义文件。

22
i18n/zh/docusaurus-plugin-content-docs/version-v1.3/how-to/dashboard/addon/overview.md
View File

@ -1,13 +1,13 @@
---
title: 管理插件
title: 管理插件
---
你可以在 VelaUX 的 Addon 页面管理平台插件,以获取更多的系统功能。
你可以在 VelaUX 的 Addon 页面管理平台插件,以获取更多的系统功能。
![alt](../../../resources/addon-list.jpg)
## 启用/停用插件 (Enable/Disable Addon)
## 启用/停用插件 (Enable/Disable Addon)
如下图所示,在某个插件页面点击 `Enable` 启用一个插件
如下图所示,在某个插件页面点击 `Enable` 启用一个插件
![alt](../../../resources/addon.jpg)
@ -15,23 +15,23 @@ title: 管理插件包
![alt](../../../resources/addon-dependency.jpg)
有些复杂的插件需要设置一些参数才能启用,如下图所示。
有些复杂的插件需要设置一些参数才能启用,如下图所示。
![alt](../../../resources/addon-parameter.jpg)
通过点击插件页面的 `Disable` 停用一个插件
> 停用前请确认插件对应的能力没有被任何应用所使用。
> 停用前请确认插件对应的能力没有被任何应用所使用。
你也可以通过点击页面的 `Upgrade` 来更新插件
你也可以通过点击页面的 `Upgrade` 来更新插件。
## 多集群环境中启用插件
## 多集群环境中启用插件
如果你的环境中添加了若干个子集群,启用插件时会在管控集群和所有子集群中均安装此插件包。但如果你的子集群在插件包启用之后,加入环境当中,则需要通过更新操作,让此插件包在子集群中生效
如果插件的部署目标设置为子集群部署,在启用插件时首先需要选择你希望启用的集群。如果插件启用完成后又新增了集群,你需要增加选择新的集群然后更新插件即可
## 插件仓库 (Addon Registry)
## 插件仓库 (Addon Registry)
插件仓库是一个存储、发现和下载插件的地方。 插件仓库的地址可以是一个 Git 仓库或者一个对象存储 Bucket。
插件仓库是一个存储、发现和下载插件的地方。 插件仓库的地址可以是一个 Git 仓库或者一个对象存储 Bucket。
KubeVela 社区在 Github 上维护了一个官方的[正式插件仓库](https://github.com/oam-dev/catalog/tree/master/addons) 和一个[试验阶段插件仓库](https://github.com/oam-dev/catalog/tree/master/experimental) 。

8
i18n/zh/docusaurus-plugin-content-docs/version-v1.3/how-to/dashboard/application/get-application-log.md
View File

@ -1,13 +1,11 @@
---
title: 查看应用运行日志
description: 通过查看应用的运行日志是排查故障的最直接方式
description: 通过查看应用的运行日志是排查故障的最直接方式
---
![pod log](../../../resources/pod-log.jpg)
![pod log](https://static.kubevela.net/images/1.3/pod-log.jpg)
如上图所示,交付到 Kubernetes 集群的应用支持查询容器运行日志,通过展开实例信息,点击容器列表 Actions 列下的日志按钮,即可查询该容器的运行日志。
![pod log](../../../resources/log-show.jpg)
如上图所示,交付到 Kubernetes 集群的应用支持查询容器运行日志,切换到指定环境视图下,选择日志页面,即可通过组件/实例/容器的筛选查看对应的运行日志。
日志查询页面默认为每 5 秒自动刷新,查看最新的日志。若你的应用日志中没有时间信息,可点击 `Show timestamps` 展示日志记录时间。

5
i18n/zh/docusaurus-plugin-content-docs/version-v1.3/how-to/dashboard/cluster/connect-cluster.md
View File

@ -1,5 +0,0 @@
---
title: Connect a kubernetes cluster
---
We support connect and detach the kubernetes cluster.

5
i18n/zh/docusaurus-plugin-content-docs/version-v1.3/how-to/dashboard/cluster/detach-cluster.md
View File

@ -1,5 +0,0 @@
---
title: Detach a kubernetes cluster
---
We support connect and detach the kubernetes cluster.

5
i18n/zh/docusaurus-plugin-content-docs/version-v1.3/how-to/dashboard/cluster/edit-cluster.md
View File

@ -1,5 +0,0 @@
---
title: Edit metadata of kubernetes cluster
---
We support connect and detach the kubernetes cluster.

3
i18n/zh/docusaurus-plugin-content-docs/version-v1.3/how-to/dashboard/cluster/overview.md
View File

@ -1,3 +0,0 @@
---
title: Overview
---

5
i18n/zh/docusaurus-plugin-content-docs/version-v1.3/how-to/dashboard/cluster/set-cluster-dashboard.md
View File

@ -1,5 +0,0 @@
---
title: Set cluster dashboard
---
We support connect and detach the kubernetes cluster.

30
i18n/zh/docusaurus-plugin-content-docs/version-v1.3/how-to/dashboard/user/project.md Normal file
View File

@ -0,0 +1,30 @@
---
title: 项目管理
---
项目提供了应用、环境和资源的逻辑分组它适用于多个团队或项目组使用VelaUX的场景他具有以下能力设定
* 限制应用部署的目标,即哪些集群的哪些命名空间,未来我们将支持为交付目标设置资源限额。
* 限制可用的集成配置,包括镜像仓库、制品仓库、云服务授权等。
* 限制不同的用户的管理权限。
* 限制可使用的组件类型和可部署的资源类型(计划中)。
## 默认项目
VelaUX 安装后会默认生成一个`Default`的项目空间,授权给管理员用户。同时也默认生成了默认交付目标和环境绑定在该项目中。
## 创建项目
具有项目管理权限的用户可查看到 `Platform/Projects` 页面,进入该页面即可创建项目。
![project-list](https://static.kubevela.net/images/1.3/project-list.jpg)
点击右上方的`创建项目` 按钮即可进入项目创建页面,每一个项目需要设置一个负责人,项目创建后负责人自动授予项目管理员角色。
## 编辑项目
项目负责人、别名和描述信息支持更新编辑。点击项目名称进入项目详情页后可继续管理项目下的成员、角色和应用。
## 删除项目
当项目下存在应用等资源时不能删除,如需删除一个项目,需要先删除项目下的应用、环境、交付目标等资源。

62
i18n/zh/docusaurus-plugin-content-docs/version-v1.3/how-to/dashboard/user/rbac.md Normal file
View File

@ -0,0 +1,62 @@
---
title: RBAC 授权
---
RBAC 功能可以限制对 VelaUX 资源的访问。 VelaUX 的 UI 和 API 都会进行严格的权限校验。我们设计了平台级角色和项目级角色,每一个角色可绑定一组权限策略,用户绑定到角色即获取对应的权限。
## 内置权限策略
一个权限策略核心由资源+动作+控制策略组成,我们目前内置了部分权限策略,包括:
```
* Cluster Management resource:[cluster:*/*] action:* effect:allow scope:platform
* Project Management resource:[project:*] action:* effect:allow scope:platform
* Addon Management resource:[addon:*,addonRegistry:*] action:* effect:allow scope:platform
* Target Management resource:[target:*,cluster:*/namespace:*] action:* effect:allow scope:platform
* User Management resource:[user:*] action:* effect:allow scope:platform
* Platform Role Management resource:[role:*, permission:*] action:* effect:allow scope:platform
* Admin resource:[*:*] action:* effect:allow scope:platform
* Project Read resource:[project:{projectName}] action:detail effect:allow scope:project
* App Management resource:[project:{projectName}/application:*/*, definition:* ] action:* effect:allow scope:platform
* Environment Management resource:[project:{projectName}/environment:*] action:* effect:allow scope:platform
* Role Management resource:[project:{projectName}/role:*,project:{projectName}/projectUser:*,project:{projectName}/permission:*] action:* effect:allow scope:project)
```
目前提供的默认权限定义覆盖了所有的资源,可想而知的是,这些权限都可以灵活的自定义,后续根据需要提供对应的 API 和管理页面。
## 内置角色
角色由角色名称和包含的权限集组成,我们内置了一些常用角色:
* Admin系统级角色包含 Admin 权限,即所有资源的所有操作权。
* App Developer项目级角色包括应用开发所需的权限。
* Project Admin项目级角色包括项目下所有资源的管理权限。
## 自定义角色
你可以根据企业或团队需求自定义平台或项目的角色列表。
### 平台角色
进入 Platform/Roles 页面,即可查询和管理平台级角色。
![role list](https://static.kubevela.net/images/1.3/role-dashboard.jpg)
点击右上方的 `添加角色` 按钮即可进入添加页面,填写角色名称选择包含的权限即可。
### 项目角色
首先需要进入项目的详情页面,如果有项目列表查询权限的用户可通过项目列表进入,如果没有列表查询权限的用户可通过应用页面中所属项目入口进入到项目详情页面。
![role list](https://static.kubevela.net/images/1.3/project-dashboard.jpg)
在项目详情页面中切换到角色管理页面,即可添加或修改项目下的角色信息。
![role list](https://static.kubevela.net/images/1.3/project-role.jpg)
## 用户绑定角色
* 平台级角色需要在用户管理页面中进行用户绑定,一个用户可绑定多个平台级角色。
* 项目级角色需要在项目详情页/成员管理中进行设置,需要将用户添加到项目时进行角色绑定,或修改已有用户的角色。

40
i18n/zh/docusaurus-plugin-content-docs/version-v1.3/how-to/dashboard/user/user.md Normal file
View File

@ -0,0 +1,40 @@
---
title: 用户管理
---
VelaUX 安装后有一个内置的管理员用户,可以完全访问系统。建议仅使用管理员用户进行初始配置,然后切换到本地用户或配置 SSO 集成。
## 本地用户管理
本地用户管理和认证能力适用于以下两种场景:
* Restful API 用户,通过分配本地用户以及为其授权,使用账号信息进行认证获取 API 通信 Token。
* 小团队用户,使用单点登录是一个额外的负担,直接使用本地用户认证即可。
### 查看用户列表
具有用户查询权限的用户可以切换到 Platform/Users 页面下,查看所有用户信息。
![user list](https://static.kubevela.net/images/1.3/user-dashboard.jpg)
如上图所示,本地用户列表中展示用户名称、别名、平台级角色,邮箱等基础信息,同时我们会记录用户的上一次登录时间。
### 创建用户
点击右上方的 `新增用户` 按钮即可进入创建用户弹窗页,填写必要的用户信息后即可完成添加。
### 启用/禁用用户
在用户列表中可以点击 禁用/启用 按钮实现对用户的控制,禁用后的用户无法进行登录。
### 重置用户密码
在用户列表中可以点击 重置密码 按钮,然后输入新的秘密提交即可完成修改。
### 更新用户信息
已存在用户支持更新别名、平台角色信息,如果用户邮箱为空,可进行更新设置。
## 单点登录
单点登录是我们建议的方式,请参考 [单点登录](../../../tutorials/sso) 指导文档。

19
i18n/zh/docusaurus-plugin-content-docs/version-v1.3/quick-start.md
View File

@ -25,25 +25,26 @@ title: 交付第一个应用
正常安装 VelaUX 后你需要登陆。默认账号为admin通过以下方式获取密码
```shell
# 首次安装时获取
vela logs -n vela-system --name apiserver addon-velaux | grep "initialized admin username"
```
如果日志中已不存在信息,可查询 `vela-system` 命名空间下的 `admin` 名称的 Secret。
## 选择应用的部署类型/规划应用部署环境
你进入的第一个页面即应用交付管理页面。
你进入的第一个页面即应用交付管理页面,在该页面中你可以查看到有权查看的所有应用列表。管理员初次进入时你可以看到一个只读的 `addon-velaux` 应用它是VelaUX addon的运行应用我们仅能进行运行数据观测
![](./resources/dashboard.png)
![dashboard](https://static.kubevela.net/images/1.3/dashboard.jpg)
然后点击右上角的 `New Application` 按钮开始创建应用,按照 UI 提示填写以下四个维度的信息:
- 应用的名称等基础信息;
<!-- - 选择所属的项目,我们已为你自动生成了默认项目,你也可以点击 `New` 进行创建; -->
- 选择所属的项目,我们已为你自动生成了默认项目,你也可以点击 `New` 进行创建;
- 选择应用的部署类型,本例中我们选择 `webservice` 类型,部署无状态服务,请注意,企业大多数业务应用都可以直接使用该类型进行部署。
- 规划应用交付的环境,我们选择基于默认 `Default` 交付目标创建的默认 `Default` 环境;
![](./resources/new-first-vela-app.jpg)
<!-- TODO v1.2 更新截图,去掉 Proejct -->
![new-app](https://static.kubevela.net/images/1.3/new-app.jpg)
## 设置应用的部署参数
@ -61,14 +62,10 @@ vela logs -n vela-system --name apiserver addon-velaux | grep "initialized admin
## 执行环境的部署
直接点击页面右上方的部署按钮。工作流执行完成后刷新应用实例列表即可查看到已经部署完成的实例
直接点击页面右上方的部署按钮。工作流执行完成后刷新应用部署状态页面即可查看到该应用交付的资源清单和组件状态。切换到实例页面可查询到该应用生成的实例信息
![](./resources/succeed-first-vela-app.jpg)
在部署的过程中,你可以点击 `Check the details` 来查看应用的相关状态信息:
![](./resources/status-first-vela-app.jpg)
## 应用删除
体验完成后如何你需要删除部署的应用,你需要进行如下操作:

26
sidebars.js
View File

@ -104,7 +104,6 @@ module.exports = {
label: "How-to Guides",
collapsed: true,
items: [
// TODO: complete the docs
{
"Manage applications": [
"how-to/dashboard/application/create-application",
@ -129,27 +128,18 @@ module.exports = {
{
"Manage triggers": ["how-to/dashboard/trigger/overview"],
},
// {
// "Manage environment": ["how-to/dashboard/environment/overview"],
// },
{
"Manage target": ["how-to/dashboard/target/overview"],
"Manage resource": ["how-to/dashboard/target/overview"],
},
"how-to/dashboard/user/user",
"how-to/dashboard/user/rbac",
"how-to/dashboard/user/project",
{
"Manage config": ["how-to/dashboard/config/dex-connectors"],
"Manage integration configs": [
"how-to/dashboard/config/dex-connectors",
],
},
// {
// "Manage cluster": [
// "how-to/dashboard/cluster/overview",
// "how-to/dashboard/cluster/connect-cluster",
// "how-to/dashboard/cluster/detach-cluster",
// "how-to/dashboard/cluster/set-cluster-dashboard",
// "how-to/dashboard/cluster/edit-cluster",
// ],
// },
// {
// "Manage addon": ["how-to/dashboard/addon/overview"],
// },
"how-to/dashboard/addon/overview",
],
},
],

10
versioned_docs/version-v1.3/how-to/dashboard/application/get-application-log.md
View File

@ -3,15 +3,11 @@ title: View Application Logs
description: View an application log by KubeVela dashboard
---
![pod log](https://static.kubevela.net/images/1.3/pod-log.jpg)
You can view the logs of application in the environment tab.
Click the icon in the `Action` column, you'll see the running logs for pod.
![pod log](../../../resources/pod-log.jpg)
![pod log](../../../resources/log-show.jpg)
By default, the logs will refresh every 5s. If your logs didn't have timestamp, you can click the `Show timestamps` to see.
### Next Step

30
versioned_docs/version-v1.3/how-to/dashboard/user/project.md Normal file
View File

@ -0,0 +1,30 @@
---
title: Project management
---
Projects provide a logical grouping of applications、environments and targets, which is useful when VelaUX is used by multiple teams. Projects provide the following features:
* restrict where apps may be deployed to (target clusters and namespaces), we plan to support setting resource limits for the target.
* restrict what Integrations can be use(trusted Helm repositories, docker registry or cloud provider)
* defining project roles to provide application RBAC.
* restrict what kinds of objects or component definitions may or may not be deployed(TODO)
## The Default Project
Once installed VelaUX has one default project with name `Default`, and owner by admin user. At the same time, the default target and environment are also generated by default and bound in the project.
## Creating Projects
Users with project management rights can go to `Platform/Projects` pagein this page you could create and delete project.
![project-list](https://static.kubevela.net/images/1.3/project-list.jpg)
Click the `New Project` button, you can open the drawer page for creating a project. Each project should set a name and owner, the owner user can auto grant the project admin role after the project is created.
## Updating Projects
Project owner, alias, and description information support updating. Click the project name and go to the project detail page, you can manage the members and roles in this project.
## Deleting Projects
If there are applications and environments in a project, it can not be deleted. you must delete applications, environments, and targets in the project that you want to delete.

62
versioned_docs/version-v1.3/how-to/dashboard/user/rbac.md Normal file
View File

@ -0,0 +1,62 @@
---
title: RBAC
---
The RBAC feature enabled restriction of access to VelaUX resources. The UI and API could strict permission verification. We designed platform-scope roles and project-scope roles, Each role can be bound to a set of permission policies, and users can obtain corresponding permissions when they are bound to the role.
## Built-in permission policies
A permission policy consists of resources、action and effect, there are some built-in permission policies, including:
```
* Cluster Management resource:[cluster:*/*] action:* effect:allow scope:platform
* Project Management resource:[project:*] action:* effect:allow scope:platform
* Addon Management resource:[addon:*,addonRegistry:*] action:* effect:allow scope:platform
* Target Management resource:[target:*,cluster:*/namespace:*] action:* effect:allow scope:platform
* User Management resource:[user:*] action:* effect:allow scope:platform
* Platform Role Management resource:[role:*, permission:*] action:* effect:allow scope:platform
* Admin resource:[*:*] action:* effect:allow scope:platform
* Project Read resource:[project:{projectName}] action:detail effect:allow scope:project
* App Management resource:[project:{projectName}/application:*/*, definition:* ] action:* effect:allow scope:platform
* Environment Management resource:[project:{projectName}/environment:*] action:* effect:allow scope:platform
* Role Management resource:[project:{projectName}/role:*,project:{projectName}/projectUser:*,project:{projectName}/permission:*] action:* effect:allow scope:project)
```
Currently, built-in permission policies cover all resources. It is conceivable that these permissions can be flexibly customized, we will provide the API and UI page to manage the custom permission.
## Built-in roles
A role consists of a role name and the set of permissions it contains, we have built in some common roles:
* Adminplatform scope roleinclude the `Admin` permissionthat all operation rights of all resources。
* App Developerproject scope roleinclude permissions required for app development.
* Project Adminproject scope roleincluding administrative rights for all resources under the project.
## Custom roles
You can customize the list of roles for a platform or project based on your business or team needs.
### platform scope role
Go to `Platform/Roles` pageyou can get all platform-scope roles。
![role list](https://static.kubevela.net/images/1.3/role-dashboard.jpg)
Click the `New Role` button, you can open the drawer page for creating a role, you should input some required info, such as the role's name, alias and permissions. Click the `Create` button then complete.
### project scope role
First you need to go to the project details page, If users with project list query permission can enter through the project list, If not, you can enter through the application detail page.
![role list](https://static.kubevela.net/images/1.3/project-dashboard.jpg)
Switch to the role management page on the project details page to add or modify role information under the project.
![role list](https://static.kubevela.net/images/1.3/project-role.jpg)
## User bound role
* Platform-scope roles need to be bound to users on the user management page. One user can be bound to multiple platform-scope roles.
* Project-scope roles need to be set in the project member management page, and roles need to be bound when users are added to the project, or modify the existing users' roles.

40
versioned_docs/version-v1.3/how-to/dashboard/user/user.md Normal file
View File

@ -0,0 +1,40 @@
---
title: User management
---
Once installed VelaUX has one built-in `admin` user that has full access to the system. it is recommended to use this user only for initial configuration and then create new user or configure SSO integration.
## Local users/accounts
The local users/accounts feature serves two main use-cases:
* For the restful API usersit is possible to configure an API account with limited permissions and generate an authentication token. users can use token to communicate with the API to create applications, etc.
* For a very small team where use of SSO integration might be considered an overkill. There could only use local users to authentication.
### Get full users list
If login user have list users permission, he could switch to the `Platform/Users` page and get full users list.
![user list](https://static.kubevela.net/images/1.3/user-dashboard.jpg)
As shown in the picture above there are user's name、alias, and platform roles in tables. we will record the user's last login time and show it.
### Creating users
Click the `New User` button, you can open the drawer page for creating a user. you should input some required info, such as the user's name、email, and password. Click the `Create` button then complete.
### Enable/disable users
You can click the disable or enable button, it could set the user's status. If a user is disabled, this user can not login.
### Reset user's password
You can click the reset password button and input a new password then commit it.
### Updating users
For existing users supports updating alias and platform role information. If a user has an empty email, support set a new email.
## SSO
SSO is our recommended way, please refer to [SSO login](../../../tutorials/sso) document.

2
versioned_docs/version-v1.3/platform-engineers/cue/advanced.md
View File

@ -339,7 +339,7 @@ In our Application example above, the name field in the properties and the name
apiVersion: "apps/v1"
kind: "StatefulSet"
metadata: name: context.name
... // Omit other unmodified fields
... // Omit other unmodified field
}
parameter: {
image: string

2
versioned_docs/version-v1.3/quick-start.md
View File

@ -26,6 +26,8 @@ After install VelaUX, you need to log in. Default username is "admin" and you ca
vela logs -n vela-system --name apiserver addon-velaux | grep "initialized admin username"
```
If there is no password in logs, you can get it from secret with the name `admin` in the `vela-system` namespace.
![](./resources/login.png)
## Choosing deployment type and Environment

20
versioned_sidebars/version-v1.3-sidebars.json
View File

@ -313,7 +313,7 @@
{
"collapsed": true,
"type": "category",
"label": "Manage target",
"label": "Manage resource",
"items": [
{
"type": "doc",
@ -321,16 +321,32 @@
}
]
},
{
"type": "doc",
"id": "version-v1.3/how-to/dashboard/user/user"
},
{
"type": "doc",
"id": "version-v1.3/how-to/dashboard/user/rbac"
},
{
"type": "doc",
"id": "version-v1.3/how-to/dashboard/user/project"
},
{
"collapsed": true,
"type": "category",
"label": "Manage config",
"label": "Manage integration configs",
"items": [
{
"type": "doc",
"id": "version-v1.3/how-to/dashboard/config/dex-connectors"
}
]
},
{
"type": "doc",
"id": "version-v1.3/how-to/dashboard/addon/overview"
}
]
}