Remove OpenShift specific install manifests

The main difference between the default Dashboard install and the OpenShift variant is the inclusion of the oauth-proxy and related config. Since the oauth-proxy has a number of shortcomings (e.g. lack of proper session timeout / invalidation) and better alternatives exist, remove the oauth-proxy config from the Dashboard install. We have walkthroughs in the Dashboard docs that describe the steps required to set up oauth2-proxy or Envoy as examples. Removing oauth-proxy allows us to simplify the release pipeline and remove the lockdown.py script. As well as removing the oauth-proxy config, remove the `/v1/endpoint` and `/v1/ingress` APIs since they're not used by the Dashboard and were for legacy integration. This allows us to remove our dependency on the OpenShift client and reduce the amount of code that needs to be maintained and tested. Also remove the OpenShift release pipeline since it's incomplete, requires manual changes, and we should be moving our release process to the dogfooding cluster similar to other projects anyway. Since this change removes the lockdown.py script which didn't work on OpenShift there shouldn't be an issues with running the normal release pipeline on OpenShift if we wish to do so.
pmdarius · Sep 23, 2020 · 00cedc4 · 00cedc4
1 parent 0f154af
commit 00cedc4
Show file tree

Hide file tree

Showing 34 changed files with 9 additions and 934 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -6,13 +6,11 @@ config_frontend
 coverage
 dist
 docs
-ingress
 node_modules
 overlays
 packages/components/dist
 packages/components/node_modules
 packages/utils/dist
 tekton
 test
-testdata
 vendor
diff --git a/base/200-clusterrole-dashboard.yaml b/base/200-clusterrole-dashboard.yaml
@@ -29,19 +29,3 @@ rules:
       - deployments
     verbs:
       - list
-  - apiGroups:
-      - route.openshift.io
-    resources:
-      - routes
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - extensions
-      - apps
-    resources:
-      - ingresses
-    verbs:
-      - get
-      - list
-      - watch
diff --git a/cmd/dashboard/main.go b/cmd/dashboard/main.go
@@ -23,7 +23,6 @@ import (
 	"time"
 
 	"github.com/gorilla/csrf"
-	routeclientset "github.com/openshift/client-go/route/clientset/versioned"
 	dashboardclientset "github.com/tektoncd/dashboard/pkg/client/clientset/versioned"
 	"github.com/tektoncd/dashboard/pkg/controllers"
 	"github.com/tektoncd/dashboard/pkg/endpoints"
@@ -121,14 +120,6 @@ func main() {
 	}
 
 	var triggersClient triggersclientset.Interface
-	var routeClient routeclientset.Interface
-
-	if *isOpenshift {
-		routeClient, err = routeclientset.NewForConfig(cfg)
-		if err != nil {
-			logging.Log.Errorf("Error building route clientset: %s", err.Error())
-		}
-	}
 
 	transport, err := rest.TransportFor(cfg)
 	if err != nil {
@@ -154,7 +145,6 @@ func main() {
 		PipelineClient:         pipelineClient,
 		PipelineResourceClient: pipelineResourceClient,
 		K8sClient:              k8sClient,
-		RouteClient:            routeClient,
 		TriggersClient:         triggersClient,
 		Options:                options,
 	}

diff --git a/docs/README.md b/docs/README.md
@@ -109,7 +109,6 @@ Once set up, the dashboard is available in the browser under the address
 
 ## What's next
 
-Tekton Dashboard provides many features such as Webhook extension (for setting
-up a GitHub repository with a Tekton pipeline in the UI), TLS support, and
-Ingress support. For more information, see the
+Try out some of our [walkthroughs](./walkthrough) for more details on deploying and configuring the
+Tekton Dashboard for some common scenarios. For more information, see the
 [Tekton Dashboard GitHub repository](https://github.com/tektoncd/dashboard).
diff --git a/docs/dev/api.md b/docs/dev/api.md
@@ -1,39 +1,10 @@
 # Tekton Dashboard - Backend API
 
 
-The backend API provides the following endpoints at `/v1/namespaces/<namespace>`:
+The backend API provides the following endpoints:
 
 __GET endpoints__
 
-__Dashboard Endpoints__
-```
-GET /v1/namespaces/<namespace>/endpoints
-Get the registered `tekton-dashboard` entry points (route and ingress) host values
-Returns HTTP code 200 and the registered dashboard ingress host value 
-Returns HTTP code 404 if an error occurred getting the ingress
-
-Example payload response is formatted as so:
-
-[
- {
-  "type": "Route",
-  "url": "tekton-dashboard-tekton-pipelines.apps.192.168.222.145.nip.io"
- },
- {
-  "type": "Ingress",
-  "url": "tekton-dashboard.192.168.222.145.nip.io"
- }
-]
-```
-
-__Dashboard Ingress__
-```
-GET /v1/namespaces/<namespace>/ingress
-Get the registered `tekton-dashboard` ingress host value
-Returns HTTP code 200 and the registered dashboard ingress host value 
-Returns HTTP code 404 if an error occurred getting the ingress
-```
-
 __Extensions__
 ```
 GET /v1/extensions
@@ -66,4 +37,3 @@ Example payload response is formatted as so:
  "ReadOnly": true
 }
 ```
-
diff --git a/docs/install.md b/docs/install.md
@@ -8,8 +8,7 @@ This guide explains how to install Tekton Dashboard. It covers the following top
 - [Installing with the installer script](#installing-with-the-installer-script)
 - [Installing Tekton Dashboard on Kubernetes](#installing-tekton-dashboard-on-kubernetes)
 - [Installing Tekton Dashboard on OpenShift](#installing-tekton-dashboard-on-openshift)
-- [Accessing the Dashboard on Kubernetes](#accessing-the-dashboard-on-kubernetes)
-- [Accessing the Dashboard on OpenShift](#accessing-the-dashboard-on-openshift)
+- [Accessing the Dashboard](#accessing-the-dashboard)
 - [Uninstalling the Dashboard on Kubernetes](#uninstalling-the-dashboard-on-kubernetes)
 - [Next steps](#next-steps)
 
@@ -111,15 +110,13 @@ To install Tekton Dashboard on an OpenShift cluster:
    kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/openshift-tekton-dashboard-release.yaml --validate=false
    ```
 
-1. Access the dashboard by determining its route with `kubectl get route tekton-dashboard -n openshift-pipelines`
-
 Congratulations! You have successfully installed Tekton Dashboard on your OpenShift cluster.
 
 **Note for users installing Tekton Pipelines and Triggers outside the OpenShift Pipelines operator:**
 
 Tekton Dashboard on OpenShift works out of the box with the OpenShift Pipelines operator. If you installed Tekton Pipelines and Triggers without using the OpenShift Pipelines operator, you will need to change the following args `--pipelines-namespace=openshift-pipelines` and `--triggers-namespace=openshift-pipelines` and set their values to the namespace where Pipelines and Triggers were respectively deployed.
 
-## Accessing the Dashboard on Kubernetes
+## Accessing the Dashboard
 
 By default, the Dashboard is not exposed outside the cluster.
 
@@ -184,20 +181,6 @@ Notes:
 - The exact `Ingress` resource definition may vary a little depending on the ingress controller installed in the cluster. Some specific annotations may be required for the ingress controller to process the `Ingress` resource correctly
 - If you don't have access to a domain you can use the freely available [`nip.io`](https://nip.io/) service
 
-## Accessing the Dashboard on OpenShift
-
-Assuming you installed the Dashboard following the instructions in [Installing Tekton Dashboard on OpenShift](#installing-tekton-dashboard-on-openshift), you can access the Dashboard by determining its route.
-
-Simply browse the url returned by running the following command to access your Dashboard:
-
-```bash
-kubectl get route tekton-dashboard -n openshift-pipelines
-```
-
-**Known issue:**
-
-If the default ingress certificate in the OpenShift cluster was changed, for example via [this procedure](https://docs.openshift.com/container-platform/4.3/authentication/certificates/replacing-default-ingress-certificate.html), then the oauth-proxy sidecar might not recognize its certificate, and you might arrive at a "500 Internal Error" page instead of the dashboard. Refer to [this workaround](./oauth-certificate-workaround.md) for a procedure to resolve the issue.
-
 ## Uninstalling the Dashboard on Kubernetes
 
 The Dashboard can be uninstalled by running the following command:

diff --git a/docs/oauth-certificate-workaround.md b/docs/oauth-certificate-workaround.md
diff --git a/go.mod b/go.mod
@@ -16,8 +16,6 @@ require (
 	github.com/google/go-cmp v0.5.0
 	github.com/gorilla/csrf v1.7.0
 	github.com/gorilla/websocket v1.4.2
-	github.com/openshift/api v3.9.0+incompatible // indirect
-	github.com/openshift/client-go v0.0.0-20191125132246-f6563a70e19a
 	github.com/tektoncd/pipeline v0.15.2
 	github.com/tektoncd/plumbing v0.0.0-20200430135134-e53521e1d887
 	github.com/tektoncd/triggers v0.6.1

diff --git a/go.sum b/go.sum
@@ -229,6 +229,7 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn
 github.com/cihub/seelog v0.0.0-20170130134532-f561c5e57575/go.mod h1:9d6lWj8KzO/fd/NrVaLscBKmPigpZpn5YawRPw+e3Yo=
 github.com/clarketm/json v1.13.4/go.mod h1:ynr2LRfb0fQU34l07csRNBTcivjySLLiY1YzQqKVfdo=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cloudevents/sdk-go v1.0.0 h1:gS5I0s2qPmdc4GBPlUmzZU7RH30BaiOdcRJ1RkXnPrc=
 github.com/cloudevents/sdk-go v1.0.0/go.mod h1:3TkmM0cFqkhCHOq5JzzRU/RxRkwzoS8TZ+G448qVTog=
 github.com/cloudevents/sdk-go/v2 v2.1.0 h1:bmgrU8k+K2ppZ+G/q5xEQx/Xk9HRtJmkrEO3qtDO2k0=
 github.com/cloudevents/sdk-go/v2 v2.1.0/go.mod h1:3CTrpB4+u7Iaj6fd7E2Xvm5IxMdRoaAhqaRVnOr2rCU=
@@ -855,10 +856,6 @@ github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5X
 github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
-github.com/openshift/api v3.9.0+incompatible h1:fJ/KsefYuZAjmrr3+5U9yZIZbTOpVkDDLDLFresAeYs=
-github.com/openshift/api v3.9.0+incompatible/go.mod h1:dh9o4Fs58gpFXGSYfnVxGR9PnV53I8TW84pQaJDdGiY=
-github.com/openshift/client-go v0.0.0-20191125132246-f6563a70e19a h1:Otk3CuCAEHiMUr4Er6b+csq4Ar6qilAs9h93tbea+qM=
-github.com/openshift/client-go v0.0.0-20191125132246-f6563a70e19a/go.mod h1:6rzn+JTr7+WYS2E1TExP4gByoABxMznR6y2SnUIkmxk=
 github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
 github.com/openzipkin/zipkin-go v0.2.0/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
 github.com/openzipkin/zipkin-go v0.2.2 h1:nY8Hti+WKaP0cRsSeQ026wU03QsM762XBeCXBb9NAWI=

diff --git a/ingress/basic-dashboard-ingress.yaml b/ingress/basic-dashboard-ingress.yaml
diff --git a/ingress/https-ingress.yaml b/ingress/https-ingress.yaml
diff --git a/ingress/ingress-https-setup.sh b/ingress/ingress-https-setup.sh
diff --git a/overlays/installer/k8s/base/kustomization.yaml b/overlays/installer/k8s/base/kustomization.yaml
diff --git a/overlays/installer/k8s/read-write/kustomization.yaml b/overlays/installer/k8s/read-write/kustomization.yaml