Switch default install mode to read-only

Update release pipeline to rename release manifests for consistency with other Tekton projects. The default release is provided by `release.yaml` which installs the Dashboard in read-only mode. `release-full.yaml` provides the read/write version. Update the installer script to switch the default behaviour to install the Dashboard in read-only mode. Replace the `--read-only` flag with `--read-write` to override the default behaviour and produce the read/write manifests. Update tests and documentation to reflect the new defaults.
aroslavsedr · Jan 10, 2023 · e549cc1 · e549cc1
1 parent e92f5b4
commit e549cc1
Show file tree

Hide file tree

Showing 12 changed files with 70 additions and 62 deletions.
diff --git a/cmd/dashboard/main.go b/cmd/dashboard/main.go
@@ -32,7 +32,7 @@ var (
 	triggersNamespace  = flag.String("triggers-namespace", "", "Namespace where Tekton triggers is installed (assumes same namespace as dashboard if not specified)")
 	kubeConfigPath     = flag.String("kube-config", "", "Path to kube config file")
 	portNumber         = flag.Int("port", 8080, "Dashboard port number")
-	readOnly           = flag.Bool("read-only", false, "Enable or disable read only mode")
+	readOnly           = flag.Bool("read-only", true, "Enable or disable read-only mode")
 	logoutURL          = flag.String("logout-url", "", "If set, enables logout on the frontend and binds the logout button to this url")
 	tenantNamespace    = flag.String("namespace", "", "If set, limits the scope of resources watched to this namespace only")
 	logLevel           = flag.String("log-level", "info", "Minimum log level output by the logger")

diff --git a/docs/dev/README.md b/docs/dev/README.md
@@ -94,7 +94,7 @@ These options are documented below:
 | `--pipelines-namespace` | Namespace where Tekton pipelines is installed (assumes same namespace as dashboard if not set) | `string` | `""` |
 | `--triggers-namespace` | Namespace where Tekton triggers is installed (assumes same namespace as dashboard if not set) | `string` | `""` |
 | `--port` | Dashboard port number | `int` | `8080` |
-| `--read-only` | Enable or disable read only mode | `bool` | `false` |
+| `--read-only` | Enable or disable read-only mode | `bool` | `true` |
 | `--logout-url` | If set, enables logout on the frontend and binds the logout button to this url | `string` | `""` |
 | `--namespace` | If set, limits the scope of resources watched to this namespace only | `string` | `""` |
 | `--log-level` | Minimum log level output by the logger | `string` | `"info"` |

diff --git a/docs/dev/installer.md b/docs/dev/installer.md
@@ -10,7 +10,7 @@ It covers the following topics:
   - [Installing on Kubernetes](#installing-on-kubernetes)
   - [OpenShift with Tekton Pipelines and Triggers installed by OpenShift Pipelines Operator](#openshift-with-tekton-pipelines-and-triggers-installed-by-openshift-pipelines-operator)
   - [Installing in a custom namespace](#installing-in-a-custom-namespace)
-  - [Read only install](#read-only-install)
+  - [Read/write install](#read-write-install)
   - [Installing for single namespace visibility](#installing-for-single-namespace-visibility)
   - [Install ingress](#install-ingress)
 - [Uninstall command](#uninstall-command)
@@ -20,9 +20,7 @@ It covers the following topics:
 
 ## Before you begin
 
-Installing the Dashboard is not always easy, especially when the setup involves custom namespaces or a different installation process.
-
-The `installer` makes it easy to install the Tekton Dashboard by allowing command line options to customize the manifests at install time.
+The `installer` script makes it easy to install the Tekton Dashboard by allowing command line options to customize the manifests at install time.
 
 For example, this allows the `installer` script to ensure that the deployed Dashboard and the RBAC permissions are consistent.
 
@@ -71,13 +69,13 @@ Accepted options:
         [--namespace <namespace>]               Will override install namespace
         [--nightly]                             Will download manifests from the nightly releases channel
         [--output <file>]                       Will output built manifests in the file instead of in the console
-        [--pipelines-namespace <namespace>]     Override the namespace where Tekton Pipelines is installed (defaults to tekton-pipelines)
+        [--pipelines-namespace <namespace>]     Override the namespace where Tekton Pipelines is installed (defaults to Dashboard install namespace)
         [--platform <platform>]                 Override the platform to build for
-        [--read-only]                           Will build manifests for a readonly deployment
+        [--read-write]                          Will build manifests for a read/write deployment
         [--stream-logs false]                   Will disable log streaming and use polling instead
         [--tag <tag>]                           Tag used for the image produced by ko
         [--tenant-namespace <namespace>]        Will limit the visibility to the specified namespace only
-        [--triggers-namespace <namespace>]      Override the namespace where Tekton Triggers is installed (defaults to tekton-pipelines)
+        [--triggers-namespace <namespace>]      Override the namespace where Tekton Triggers is installed (defaults to Dashboard install namespace)
         [--version <version>]                   Will download manifests for specified version or build everything using kustomize/ko
 ```
 
@@ -124,12 +122,12 @@ CUSTOM_NAMESPACE=my-namespace
 ./scripts/installer install --namespace $CUSTOM_NAMESPACE
 ```
 
-### Read only install
+### Read/write install
 
-To install the Dashboard add the `--read-only` option when calling the `installer` script:
+To install the Dashboard add the `--read-write` option when calling the `installer` script:
 
 ```bash
-./scripts/installer install --read-only
+./scripts/installer install --read-write
 ```
 
 ### Installing for single namespace visibility

diff --git a/docs/install.md b/docs/install.md
@@ -47,14 +47,25 @@ Each Tekton Dashboard release is tested against specific Tekton Pipelines and Te
 
 To install Tekton Dashboard on a Kubernetes cluster:
 
-1. Run the following command to install Tekton Dashboard and its dependencies:
+1. Run the following command to install Tekton Dashboard:
 
    ```bash
-   kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/tekton-dashboard-release.yaml
+   kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml
    ```
 
+   This will install the Dashboard in read-only mode by default.
+
    Previous versions are available at `previous/$VERSION_NUMBER/*.yaml`, e.g.
-   https://storage.googleapis.com/tekton-releases/dashboard/previous/v0.26.0/tekton-dashboard-release.yaml
+   https://storage.googleapis.com/tekton-releases/dashboard/previous/v0.32.0/release.yaml
+
+   To install in read/write mode, use release-full.yaml.
+
+   v0.31.0 and earlier used a different naming scheme for the release manifests:
+
+   | Mode | Current | v0.31.0 and earlier |
+   |------|---------|---------------------|
+   | read-only | release.yaml | tekton-dashboard-release-readonly.yaml |
+   | read/write | release-full.yaml | tekton-dashboard-release.yaml |
 
 1. Monitor the installation using the following command until all components show a `Running` status:
 
@@ -72,11 +83,11 @@ Congratulations! You have successfully installed Tekton Dashboard on your Kubern
 
 You can refer to the dev docs for more info on [how to use the installer](./dev/installer.md).
 
-For example, to install the latest release in read only mode:
+For example, to install the latest release in read/write mode:
 
 ```bash
 curl -sL https://raw.githubusercontent.com/tektoncd/dashboard/main/scripts/release-installer | \
-   bash -s -- install latest --read-only
+   bash -s -- install latest --read-write
 ```
 
 ## Accessing the Dashboard
@@ -201,10 +212,10 @@ If you're using one of these proxies to provide authentication but still want to
 The Dashboard can be uninstalled by running the following command:
 
 ```bash
-kubectl delete --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/tekton-dashboard-release.yaml
+kubectl delete --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml
 ```
 
-The above command assumes that the latest version was installed, refer to [Installing Tekton Dashboard on Kubernetes](#installing-tekton-dashboard-on-kubernetes) to find the correct `--filename` argument if another version was installed.
+The above command assumes that the current latest version was installed, refer to [Installing Tekton Dashboard on Kubernetes](#installing-tekton-dashboard-on-kubernetes) to find the correct `--filename` argument if another version was installed.
 
 ## Next steps
 

diff --git a/docs/tutorial.md b/docs/tutorial.md
@@ -93,7 +93,7 @@ Hit *Ctrl + C* to stop monitoring.
 
    ```bash
    kubectl apply --filename \
-   https://storage.googleapis.com/tekton-releases/dashboard/latest/tekton-dashboard-release.yaml
+   https://storage.googleapis.com/tekton-releases/dashboard/latest/release-full.yaml
    ```
 
 1. Monitor the installation:

diff --git a/scripts/installer b/scripts/installer
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright 2021-2022 The Tekton Authors
+# Copyright 2021-2023 The Tekton Authors
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -12,7 +12,7 @@
 # limitations under the License.
 
 # dashboard flavour
-READONLY="false"
+READONLY="true"
 
 # configuration default values
 DEBUG="false"
@@ -107,10 +107,10 @@ download() {
     local url="$BASE_RELEASE_URL/previous/$DASHBOARD_VERSION/installer-"
   fi
 
-  url="${url}tekton-dashboard-release"
+  url="${url}release"
 
-  if [ "$READONLY" == "true" ]; then
-    url="${url}-readonly"
+  if [ "$READONLY" == "false" ]; then
+    url="${url}-full"
   fi
 
   url="${url}.yaml"
@@ -417,13 +417,13 @@ help () {
   echo -e "\t[--namespace <namespace>]\t\tWill override install namespace"
   echo -e "\t[--nightly]\t\t\t\tWill download manifests from the nightly releases channel"
   echo -e "\t[--output <file>]\t\t\tWill output built manifests in the file instead of in the console"
-  echo -e "\t[--pipelines-namespace <namespace>]\tOverride the namespace where Tekton Pipelines is installed (defaults to tekton-pipelines)"
+  echo -e "\t[--pipelines-namespace <namespace>]\tOverride the namespace where Tekton Pipelines is installed (defaults to Dashboard install namespace)"
   echo -e "\t[--platform <platform>]\t\t\tOverride the platform to build for"
-  echo -e "\t[--read-only]\t\t\t\tWill build manifests for a readonly deployment"
+  echo -e "\t[--read-write]\t\t\t\tWill build manifests for a read/write deployment"
   echo -e "\t[--stream-logs false]\t\t\tWill disable log streaming and use polling instead"
   echo -e "\t[--tag <tag>]\t\t\t\tTag used for the image produced by ko"
   echo -e "\t[--tenant-namespace <namespace>]\tWill limit the visibility to the specified namespace only"
-  echo -e "\t[--triggers-namespace <namespace>]\tOverride the namespace where Tekton Triggers is installed (defaults to tekton-pipelines)"
+  echo -e "\t[--triggers-namespace <namespace>]\tOverride the namespace where Tekton Triggers is installed (defaults to Dashboard install namespace)"
   echo -e "\t[--version <version>]\t\t\tWill download manifests for specified version or build everything using kustomize/ko"
 }
 
@@ -482,8 +482,8 @@ while [[ $# -gt 0 ]]; do
     '--nightly')
       BASE_RELEASE_URL="https://storage.googleapis.com/tekton-releases-nightly/dashboard"
       ;;
-    '--read-only')
-      READONLY="true"
+    '--read-write')
+      READONLY="false"
       ;;
     '--stream-logs')
       shift

diff --git a/scripts/prepare-kind-cluster b/scripts/prepare-kind-cluster
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright 2020-2022 The Tekton Authors
+# Copyright 2020-2023 The Tekton Authors
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -14,7 +14,7 @@
 set -e
 
 CLUSTERNAME=tekton-dashboard
-DEFAULT_OPTIONS="--log-format console"
+DEFAULT_OPTIONS="--log-format console --read-write"
 ENABLE_INGRESS="false"
 KUBERNETES_NODE_IMAGE="kindest/node:v1.25.3@sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1"
 

diff --git a/tekton/prerelease-checks.yaml b/tekton/prerelease-checks.yaml
@@ -32,7 +32,7 @@ spec:
         echo "Checking release file"
         # Check if the release file already exists
         # gsutil retuns 1 if the object was not found
-        if gsutil stat $(params.releaseBucket)/previous/$(params.versionTag)/tekton-dashboard-release.yaml; then
+        if gsutil stat $(params.releaseBucket)/previous/$(params.versionTag)/release.yaml; then
           echo "Release file already exists for $(params.versionTag) in the release bucket,"
           echo "but no git tag was found. To continue remove the release file first."
           exit 1

diff --git a/tekton/publish.yaml b/tekton/publish.yaml
@@ -108,12 +108,12 @@ spec:
         cp ${PROJECT_ROOT}/scripts/installer $OUTPUT_RELEASE_DIR/installer
 
         # build manifests for installer
-        kustomize build overlays/installer/read-write --load-restrictor LoadRestrictionsNone | ko resolve --platform=$(params.platforms) --preserve-import-paths -t $(params.versionTag) -f - > $OUTPUT_RELEASE_DIR/installer-tekton-dashboard-release.yaml
-        kustomize build overlays/installer/read-only  --load-restrictor LoadRestrictionsNone | ko resolve --platform=$(params.platforms) --preserve-import-paths -t $(params.versionTag) -f - > $OUTPUT_RELEASE_DIR/installer-tekton-dashboard-release-readonly.yaml
+        kustomize build overlays/installer/read-only  --load-restrictor LoadRestrictionsNone | ko resolve --platform=$(params.platforms) --preserve-import-paths -t $(params.versionTag) -f - > $OUTPUT_RELEASE_DIR/installer-release.yaml
+        kustomize build overlays/installer/read-write --load-restrictor LoadRestrictionsNone | ko resolve --platform=$(params.platforms) --preserve-import-paths -t $(params.versionTag) -f - > $OUTPUT_RELEASE_DIR/installer-release-full.yaml
 
         # build pre configured manifests
-        ./scripts/installer release --debug                         --platform $(params.platforms) --tag $(params.versionTag) --output $OUTPUT_RELEASE_DIR/tekton-dashboard-release.yaml
-        ./scripts/installer release --debug --read-only             --platform $(params.platforms) --tag $(params.versionTag) --output $OUTPUT_RELEASE_DIR/tekton-dashboard-release-readonly.yaml
+        ./scripts/installer release --debug              --platform $(params.platforms) --tag $(params.versionTag) --output $OUTPUT_RELEASE_DIR/release.yaml
+        ./scripts/installer release --debug --read-write --platform $(params.platforms) --tag $(params.versionTag) --output $OUTPUT_RELEASE_DIR/release-full.yaml
 
     - name: koparse
       image: gcr.io/tekton-releases/dogfooding/koparse:latest
@@ -129,7 +129,7 @@ spec:
 
         # Parse the built images from the release.yaml generated by ko
         koparse \
-          --path $OUTPUT_RELEASE_DIR/tekton-dashboard-release.yaml \
+          --path $OUTPUT_RELEASE_DIR/release.yaml \
           --base ${IMAGES_PATH} --images ${IMAGES} > /workspace/built_images
 
     - name: tag-images

diff --git a/tekton/release-cheat-sheet.md b/tekton/release-cheat-sheet.md
@@ -63,10 +63,9 @@ the dashboard repo, a terminal window and a text editor.
     (...)
     📝 Results
 
-    NAME                                         VALUE
-    commit-sha                                   6ea31d92a97420d4b7af94745c45b02447ceaa19
-    tekton-dashboard-release                     https://storage.googleapis.com/tekton-releases/dashboard/previous/v0.19.0/tekton-dashboard-release.yaml
-    tekton-dashboard-release-readonly            https://storage.googleapis.com/tekton-releases/dashboard/previous/v0.19.0/tekton-dashboard-release-readonly.yaml
+    NAME                    VALUE
+    release                 https://storage.googleapis.com/tekton-releases/dashboard/previous/v0.32.0/release.yaml
+    release-full            https://storage.googleapis.com/tekton-releases/dashboard/previous/v0.32.0/release-full.yaml
 
     (...)
     ```
@@ -121,12 +120,12 @@ Creating the release announcement is currently a manual process but will be auto
 
      ```bash
      # Test latest
-     kubectl --context my-dev-cluster apply --filename     https://storage.googleapis.com/tekton-releases/dashboard/latest/tekton-dashboard-release.yaml
+     kubectl --context my-dev-cluster apply --filename     https://storage.googleapis.com/tekton-releases/dashboard/latest/release-full.yaml
      ```
 
      ```bash
      # Test backport
-     kubectl --context my-dev-cluster apply --filename     https://storage.googleapis.com/tekton-releases/dashboard/previous/v0.19.2/tekton-dashboard-release.yaml
+     kubectl --context my-dev-cluster apply --filename     https://storage.googleapis.com/tekton-releases/dashboard/previous/v0.32.0/release-full.yaml
      ```
 
 1. Announce the release in Slack channels #general, #announcements, and #dashboard.

diff --git a/tekton/release-pipeline.yaml b/tekton/release-pipeline.yaml
@@ -41,9 +41,9 @@ spec:
     - name: release-file
       description: the URL of the release file
       value: $(tasks.report-bucket.results.release)
-    - name: release-file-readonly
+    - name: release-file-full
       description: the URL of the release file
-      value: $(tasks.report-bucket.results.release-readonly)
+      value: $(tasks.report-bucket.results.release-full)
   tasks:
     - name: git-clone
       taskRef:
@@ -159,17 +159,17 @@ spec:
           - name: versionTag
         results:
           - name: release
-            description: The full URL of the release file in the bucket
-            type: string
-          - name: release-readonly
             description: The full URL of the release file (read-only) in the bucket
             type: string
+          - name: release-full
+            description: The full URL of the release file (read/write) in the bucket
+            type: string
         steps:
           - name: create-results
             image: alpine
             script: |
               BASE_URL=$(echo "$(params.releaseBucket)/previous/$(params.versionTag)")
               # If the bucket is in the gs:// return the corresponding public https URL
               BASE_URL=$(echo ${BASE_URL} | sed 's,gs://,https://storage.googleapis.com/,g')
-              echo "${BASE_URL}/tekton-dashboard-release.yaml" > $(results.release.path)
-              echo "${BASE_URL}/tekton-dashboard-release-readonly.yaml" > $(results.release-readonly.path)
+              echo "${BASE_URL}/release.yaml" > $(results.release.path)
+              echo "${BASE_URL}/release-full.yaml" > $(results.release-full.path)
diff --git a/test/e2e-tests.sh b/test/e2e-tests.sh
@@ -48,9 +48,9 @@ test_dashboard() {
   # kubectl or proxy (to create the necessary resources)
   local creationMethod=$1
 
-  local readonly=false
-  if [[ "${@:2}" =~ "--read-only" ]]; then
-    readonly=true
+  local readonly=true
+  if [[ "${@:2}" =~ "--read-write" ]]; then
+    readonly=false
   fi
   header "Setting up environment (${@:2})"
   $tekton_repo_dir/scripts/installer install ${@:2}
@@ -204,8 +204,8 @@ if [ -z "$SKIP_BUILD_TEST" ]; then
 	header "Validating that we can build the release manifests"
 	echo "Building manifests for k8s"
 	$tekton_repo_dir/scripts/installer release                          || fail_test "Failed to build manifests for k8s"
-	echo "Building manifests for k8s --read-only"
-	$tekton_repo_dir/scripts/installer release --read-only              || fail_test "Failed to build manifests for k8s --read-only"
+	echo "Building manifests for k8s --read-write"
+	$tekton_repo_dir/scripts/installer release --read-write              || fail_test "Failed to build manifests for k8s --read-write"
 fi
 
 header "Building browser E2E image"
@@ -228,8 +228,8 @@ export DASHBOARD_NAMESPACE=tekton-pipelines
 export TEST_NAMESPACE=tekton-test
 export TENANT_NAMESPACE=""
 
-test_dashboard proxy ${PLATFORM}
-test_dashboard kubectl ${PLATFORM} --read-only
+test_dashboard proxy ${PLATFORM} --read-write
+test_dashboard kubectl ${PLATFORM}
 
 header "Test Dashboard custom namespace"
 if [ -z "$TEST_CUSTOM_INSTALL_NAMESPACE" ]; then
@@ -239,8 +239,8 @@ else
   export TEST_NAMESPACE=tekton-test
   export TENANT_NAMESPACE=""
 
-  test_dashboard proxy ${PLATFORM} --namespace $DASHBOARD_NAMESPACE
-  test_dashboard kubectl ${PLATFORM} --read-only --namespace $DASHBOARD_NAMESPACE
+  test_dashboard proxy ${PLATFORM} --read-write --namespace $DASHBOARD_NAMESPACE
+  test_dashboard kubectl ${PLATFORM} --namespace $DASHBOARD_NAMESPACE
 fi
 
 # TODO: this feature will be expanded to support multiple namespaces
@@ -252,8 +252,8 @@ else
   export TEST_NAMESPACE=tekton-tenant
   export TENANT_NAMESPACE=tekton-tenant
 
-  test_dashboard proxy --namespace $DASHBOARD_NAMESPACE --tenant-namespace $TENANT_NAMESPACE
-  test_dashboard kubectl --read-only --namespace $DASHBOARD_NAMESPACE --tenant-namespace $TENANT_NAMESPACE
+  test_dashboard proxy --read-write --namespace $DASHBOARD_NAMESPACE --tenant-namespace $TENANT_NAMESPACE
+  test_dashboard kubectl --namespace $DASHBOARD_NAMESPACE --tenant-namespace $TENANT_NAMESPACE
 fi
 
 success