Post-Installation Steps
Create Github OAuth App and set secrets in vault
The Platform-Portal authenticates via GitHub OAuth App. Therefore you need to create a OAuth App in your developer settings. Click the button "New OAuth App".
For Github Codespaces:
The URL of the Codespace has a random name and ID like https://crispy-robot-g44qvrx9jpx29xx7.github.dev/. Copy the hostname (codespace name) except ".github.dev" and set the URLs of the created OAuth App like this:
- Homepage URL:
<copied hostname>-6691.app.github.dev - Authorization callback URL:
<copied hostname>-6691.app.github.dev/api/auth/github
For local KinD Cluster:
- Homepage URL:
https://backstage.127-0-0-1.nip.io - Authorization callback URL:
https://backstage.127-0-0-1.nip.io/api/auth/github
For remote Kubernetes Cluster:
- Homepage URL and Authorization callback URL must match "https://backstage.${KUBRIX_CUSTOMER_DOMAIN}"
Example:
- Homepage URL:
backstage.demo-johnny.kubrix.cloud - Authorization callback URL:
backstage.demo-johnny.kubrix.cloud/api/auth/github
After clicking "Register application", click on "Generate a new client secret".
Use the value of the "Client ID" for the variable GITHUB_CLIENTID in the step below.
Use the generated client secret as the value for the variable GITHUB_CLIENTSECRET in the step below.
Then set GITHUB_CLIENTSECRET and GITHUB_CLIENTID from your Github OAuth App and set them in vault via kubectl/curl:
export GITHUB_CLIENTID="<client-id-from-step-before>"
export GITHUB_CLIENTSECRET="<client-secret-from-step-before>"
export VAULT_HOSTNAME=$(kubectl get ingress -o jsonpath='{.items[*].spec.rules[*].host}' -n vault)
export VAULT_TOKEN=$(kubectl get secret -n vault vault-init -o=jsonpath='{.data.root_token}' | base64 -d)
curl -k --header "X-Vault-Token:$VAULT_TOKEN" --request PATCH --header "Content-Type: application/merge-patch+json" --data "{\"data\": {\"GITHUB_CLIENTSECRET\": \"${GITHUB_CLIENTSECRET}\", \"GITHUB_CLIENTID\": \"${GITHUB_CLIENTID}\"}}" https://${VAULT_HOSTNAME}/v1/kubrix-kv/data/portal/backstage/base
kubectl delete externalsecret -n backstage sx-cnp-secret
kubectl rollout restart deployment -n backstage sx-backstage
Login
When kubriX installed sucessfully you can access the platform services via these URLs and login with these credentials:
| Tool | URL | Username | Password |
|---|---|---|---|
| Backstage | https://backstage.127-0-0-1.nip.io | via github | via github |
| ArgoCD | https://argocd.127-0-0-1.nip.io/ | admin | kubectl get secret -n argocd argocd-initial-admin-secret -o=jsonpath='{.data.password}' | base64 -d |
| Kargo | https://kargo.127-0-0-1.nip.io | - | kubectl get secret -n kargo kargo-admin-secret -o=jsonpath='{.data.ADMIN_ACCOUNT_PASSWORD}' | base64 -d |
| Grafana | https://grafana.127-0-0-1.nip.io | kubectl get secret -n grafana grafana-admin-secret -o=jsonpath='{.data.userKey}' | base64 -d | kubectl get secret -n grafana grafana-admin-secret -o=jsonpath='{.data.passwordKey}' | base64 -d |
| Keycloak | https://keycloak.127-0-0-1.nip.io | admin | kubectl get secret -n keycloak keycloak-admin -o=jsonpath='{.data.admin-password}' | base64 -d |
| FalcoUI | https://falco.127-0-0-1.nip.io | kubectl get secret -n falco falco-ui-creds -o=jsonpath='{.data.FALCOSIDEKICK_UI_USER}' | base64 -d | awk -F: '{print $1}' | kubectl get secret -n falco falco-ui-creds -o=jsonpath='{.data.FALCOSIDEKICK_UI_USER}' | base64 -d | awk -F: '{print $2}' |
Verify installation
Check if all ArgoCD applications are synced and healthy:
kubectl get applications -n argocd
Known issue: The application sx-bootstrap-app can be OutOfSync periodically due to the sub-application sx-kyverno.
This will get fixed with https://github.com/suxess-it/kubriX/issues/1406
Next steps
- Configuration Guide – customize kubriX for your needs
- User Guide – start deploying apps