Home Reference Source

dashboard

Build Status Doc Status codecov Go Report Card

Docker infrastructure management with security and simplicity as goals. It allows to list all containers on a daemon, start / stop / restart / monitor each one and deploy docker-compose app without volumes.

Getting Started

Docker

Docker's images are available, vibioh/dashboard-front and vibioh/dashboard-api, and a sample docker-compose.yml. Everything is almost configured, you only have to tweak domain's name, mainly configured for being used with traefik, and adjust some secrets.

Websocket

By default, your origin domain name has to start with dashboard (e.g. dashboard.vibioh.fr) in order to allow websockets to work. You can override it by setting -ws option to the API server.

Roles

You have to configure roles by setting -users on the API server with the following format:

[user1]:[role1],[role2]|[user2]:[role1]

Username must match with the authentification providers (see next section).

Role can be admin, multi or anything else.

Authentification

Authentification has been externalized into its own services in vibioh/auth. Check out this project for configuring authentification for Dashboard.

GitHub OAuth Provider

Create your OAuth app on GitHub interface. The authorization callback URL must be in the form of https://[URL_OF_DASHBOARD]/auth/github.

HotDeploy

At deploy time, if the new containers have HEALTHCHECK, dashboard will wait during at most 5 minutes for an healthy status. When all containers with healthcheck are healthy, old containers are stopped and removed. Load-balancer with Docker's healthcheck (e.g. traefik) will handle route change without downtime based on that healthcheck.

If no healthcheck is provided, dashboard doesn't know if your container is ready for business, so it's a simple launch new containers then destroy old containers, without waiting time.

If you don't have an healthcheck on your container, check vibioh/alcotest for having a simple HTTP Client that request the defined endpoint.

Another Docker Infrastructure Manager ?

Why creating another infrastructure manager when Rancher or Portainer exists ?

Because :

And, maybe, I want to have fun with golang and ReactJS 🙄 😏

Why without volumes ?

First goal of this tool was to be available for students to deploy containers on my own server. Trust doesn't mean no control and if a student mounts a too critical volumes (e.g. /) with a root user, he can potentially become root on the server, which I don't want ! So volumes are not allowed, and some security options are setted by default.

Build

Server

In order to build the server stuff, run the following command.

make

It will compile API server.

Usage of dashboard:
  -authUrl string
        URL of auth service
  -c string
        URL to healthcheck (check and exit)
  -corsHeaders string
        Access-Control-Allow-Headers (default "Content-Type")
  -corsMethods string
        Access-Control-Allow-Methods (default "GET")
  -corsOrigin string
        Access-Control-Allow-Origin (default "*")
  -csp string
        Content-Security-Policy (default "default-src 'self'")
  -dockerHost string
        Docker Host (default "unix:///var/run/docker.sock")
  -dockerVersion string
        Docker API Version
  -hsts
        Indicate Strict Transport Security (default true)
  -prometheusMetricsHost string
        Prometheus - Allowed hostname to call metrics endpoint (default "localhost")
  -prometheusMetricsPath string
        Prometheus - Metrics endpoint path (default "/metrics")
  -rateCount int
        Rate IP count (default 60)
  -rateDelay duration
        Rate IP delay (default 1m0s)
  -tlscert string
        TLS PEM Certificate file
  -tlshosts string
        TLS Self-signed certificate hosts, comma separated (default "localhost")
  -tlskey string
        TLS PEM Key file
  -users string
        List of allowed users and profiles (e.g. user:profile1,profile2|user2:profile3
  -ws string
        Allowed WebSocket Origin pattern (default "^dashboard")

Front

In order to build the front stuff, run the following command:

npm install
npm run build

Local run

export ADMIN_PASSWORD=`bcrypt admin`
docker-compose -p dashboard -f docker-compose.local.yml up -d