Skip to content

docs: add developer guide for cluster access with kubectl #patch#479

Merged
venkatamutyala merged 4 commits into
mainfrom
access-cluster-with-kubectl
Jun 13, 2026
Merged

docs: add developer guide for cluster access with kubectl #patch#479
venkatamutyala merged 4 commits into
mainfrom
access-cluster-with-kubectl

Conversation

@venkatamutyala

Copy link
Copy Markdown
Contributor

What

Adds a developer-facing guide: Access Your Cluster with kubectl (docs/deploy-applications/access-cluster-kubectl.mdx), placed under Developers in the sidebar next to Add Secrets.

The page covers:

  • Prerequisites — kubectl, krew, and oidc-login (links to upstream install/setup docs), GitHub team membership, and the kubeconfig from the cluster-info page.
  • Create your kubeconfig — copy it from the cluster-info page into ~/.kube/config.
  • Connect and sign in — the GitHub device-code flow.
  • Access tiers — the three permission tiers (reader / debugger / operator) with dynamic GitHub team names.
  • Namespace-scoped access + Troubleshooting (Forbidden triage, expired device code, stale token cache, IP allowlist timeout).

Site changes

  • New CAPTAIN_NAMESPACE sentinel in the swizzled CodeBlock — renders the reader's environment namespace (the first label of their Captain Domain), so commands like kubectl get pods -n <ns> are copy-paste ready.
  • CSS rule so an inline <CaptainDomain /> inside a <code> chip blends into a single monospace token (used for the team names in the tiers table).
  • Documented both in .ai/reference.md.

Supersedes #477

The original PR mixed operator-side concerns (Traefik IngressRouteTCP exposure, RBAC manifests, a hand-built kubeconfig script) into a Traefik how-to. Those now live in the per-cluster GitOps repos, and the kubeconfig is served from the cluster-info page — so this is a clean, end-user-only doc on a fresh branch. The accidental yarn.lock from #477 is not included (repo uses npm).

Validated with a full docusaurus build (passes onBrokenLinks: throw).

Adds an end-user guide covering kubectl/krew/oidc-login prerequisites,
creating the kubeconfig from the cluster-info page, GitHub device-code
sign-in, the three access tiers (reader/debugger/operator), and
namespace-scoped access with troubleshooting.

Adds a CAPTAIN_NAMESPACE sentinel to the swizzled CodeBlock so commands
render with the reader's environment namespace (the first label of the
Captain Domain), and a CSS rule so an inline CaptainDomain inside a code
chip blends into a single monospace token.

Supersedes the operator-focused draft in PR #477: the Traefik exposure
and RBAC manifests now live in the per-cluster GitOps repos, and the
hand-built kubeconfig script is replaced by the cluster-info kubeconfig.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new developer-facing documentation page explaining how to access GlueOps clusters with kubectl via GitHub OIDC, and extends the docs site’s dynamic “Captain Domain” rendering to support a namespace sentinel for copy/paste-ready commands.

Changes:

  • Added a new tutorial doc: Access Your Cluster with kubectl (OIDC device-code login, namespace-scoped access, tiers, troubleshooting).
  • Extended the swizzled CodeBlock replacement to support CAPTAIN_NAMESPACE (first label of the Captain Domain).
  • Updated styling so <CaptainDomain /> embedded inside inline <code> renders as a single “token”, and wired the new doc into navigation/next-steps.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
src/theme/CodeBlock/index.tsx Adds CAPTAIN_NAMESPACE sentinel replacement alongside CAPTAIN_DOMAIN.
src/css/custom.css Adjusts inline domain styling when nested inside <code> to avoid “chip-within-a-chip”.
sidebars.js Adds the new kubectl access doc under the Developers sidebar section.
docs/deploy-applications/hello-world.mdx Links to the new kubectl access guide in “Next steps”.
docs/deploy-applications/access-cluster-kubectl.mdx New tutorial doc describing kubectl access flow, tiers, and troubleshooting.
.ai/reference.md Documents the new sentinel/component patterns for dynamic domain/namespace rendering.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/theme/CodeBlock/index.tsx
Comment thread src/css/custom.css
Comment thread .ai/reference.md
- clarify oidc-login is installed via krew and needs ~/.krew/bin on PATH
- soften device-code wording (browser may open automatically)
- use 'kubectl oidc-login clean' instead of rm -rf for token cache
- note connection may be refused (not only hang) when IP not allowlisted
- correct .ai/reference.md Verify convention: developers now have
  namespace-scoped kubectl access, so scoped kubectl verification is
  acceptable (was: 'platform users do not have kubectl access')
- cross-link the kubectl access guide from the ExternalSecret tip
Copilot AI review requested due to automatic review settings June 13, 2026 02:51

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

Comment thread src/css/custom.css
Comment thread src/theme/CodeBlock/index.tsx
- reference.md: drop stale 'three patterns' count (table lists more)
- custom.css: fully blend custom-domain token inside code chips
  (reset border/radius, not just background)
- e2e: add CAPTAIN_NAMESPACE coverage on the new access page
  (default + custom domain), closing the regression gap
- e2e: fix pre-existing playwright version mismatch (@playwright/test
  1.49.1 vs base image 1.58.2) that broke the entire suite
@venkatamutyala venkatamutyala merged commit 89ab7e6 into main Jun 13, 2026
2 checks passed
@venkatamutyala venkatamutyala deleted the access-cluster-with-kubectl branch June 13, 2026 03:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants