name change kapow => kuill

.travis.yml

@@ -19,12 +19,12 @@ install:
 - dep ensure
 script:
 - make release
-- upx bin/kapow
+- upx bin/kuill
 - make docker
 after_deploy:
 - make docker VERSION=$TRAVIS_TAG
 - docker login -u $DOCKER_USER -p $DOCKER_PASS
-- export REPO=mattdeboer/kapow
+- export REPO=mattdeboer/kuill
 - docker push $REPO:$TRAVIS_TAG
 - docker tag $REPO:$TRAVIS_TAG $REPO:latest
 - docker push $REPO:latest
@@ -37,7 +37,7 @@ deploy:
   skip_cleanup: true
   api_key:
     secure: lq0mEuK2HbH6AvF5IiJFvrwbODcCa4XRATMmiGGNUgxteZxe/ez2HxxOk1p6XclR4DePVe9eSK+Qf+q6MJgw1eyYgpVz6HnVaoOekZmuc64P3Ro1jpwKJR1EvrbDtpJLWcT96Yixy6zC7Ez1BwqQsSWRYSecwK0q2XTfdYgV/Lt/rh0p6L0abRctvHuNe+Fxazp2+cRzKI/sCJJTB5X3jaG2hSAnQOkEwUF2P0+68t7S75C9tLYNmEuK1zDQDoq0DN1VDRAcgCxKA4jeq2ebcCjEDUOP/l1TeCX0loEUVA7IMyFRDSe1wfcQPWjMjKxSbqNowg6UTR1TcO0vUE/1wY0ZbXFbyyiQ9pijT25IqwH1LPRmZE9CUjfEdVirAxthiCXI5bHgVd6lWqkuXWU2hdHBFc9c6tq7/TDn2s/1JihaIeH4I8C3/xkQfLD3ZYjJEKSIya0gU3KgGaTqk5ekaq2AXjkfvtXVA9CbjXSHkci6qweCfcT+npk11Q1bnfvmX3UjUmn0GJlp27T61NE5iLz6TRCTpYsWQZTLMNS9aVHTUtS5YdaCVLyg9nAGvXF04f1MIYp+oBAvxyQuDLuPDVB4NSpYzWMyuX0AocWs3h4aOdTil7I5Zne8vBosBs3UJoeZxmRx+slEeTa38uwvMHVhg2ELhXwaLsnjklacK+U=
-  file: bin/kapow
+  file: bin/kuill
   on:
-    repo: matt-deboer/kapow
+    repo: matt-deboer/kuill
     tags: true

Dockerfile

@@ -1,7 +1,7 @@
 FROM alpine:3.5
-COPY bin/kapow /kapow
+COPY bin/kuill /kuill
 COPY ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 
 COPY templates/ /templates/
 
-ENTRYPOINT ["/kapow"]
+ENTRYPOINT ["/kuill"]

README.md

@@ -1,14 +1,11 @@
-kapow
-==============
 
-[![Build Status](https://travis-ci.org/matt-deboer/kapow.svg?branch=master)](https://travis-ci.org/matt-deboer/kapow)
-[![Docker Pulls](https://img.shields.io/docker/pulls/mattdeboer/kapow.svg)](https://hub.docker.com/r/mattdeboer/kapow/)
+![](./kuill.png)
+===
 
-**_kubernetes authenticating proxy operations window !_**
-Ok, it's not just for _ops_, but I was already committed to the acronym :)
+[![Build Status](https://travis-ci.org/matt-deboer/kuill.svg?branch=master)](https://travis-ci.org/matt-deboer/kuill)
+[![Docker Pulls](https://img.shields.io/docker/pulls/mattdeboer/kuill.svg)](https://hub.docker.com/r/mattdeboer/kuill/)
 
-
-## **~~ This project is in an early alpha state; use it to your own risk/surprise! ~~**
+A new UI for kubernetes.
 
 Motivation
 ---
@@ -22,20 +19,21 @@ Other than gaining more experience in Golang and React, and learning a lot about
 
 See [this discussion](https://github.com/kubernetes/dashboard/issues/574#issuecomment-282360783) for details surrounding the vulnerabilities introduced by running the existing dashboard in a multi-tenant environment.
 
-### What makes Kapow different?
+### What makes kuill different?
 
-Other than the purely cosmetic differences, **Kapow** acts as an authenticating proxy, sending every request using the identity of the authenticated user; this means that a user of Kapow has the same privileges they would have using `kubectl` in their shell.
+Other than the purely cosmetic differences, **kuill** acts as an authenticating proxy, sending every request using the identity of the authenticated user; this means that a user of kuill has the same privileges** they would have using `kubectl` in their shell.
+
+** _There is a service account which grants kuill access to proxy requests to nodes in order to access their status summary details_
 
----
 
 Setup
 ---
 
-As **kapow** works by acting as an authenticating-proxy, you must configure your cluster to use an authenticating proxy; see [the kubernetes docs](https://kubernetes.io/docs/admin/authentication/#authenticating-proxy) for details.
+As **kuill** works by acting as an authenticating-proxy, you must configure your cluster to use an authenticating proxy; see [the kubernetes docs](https://kubernetes.io/docs/admin/authentication/#authenticating-proxy) for details.
 
-Part of this equation involves configuring **kapow** to use a certificate having a CN matching one of the `--requestheader-allowed-names` values you specified above, and signed by the `--requestheader-client-ca-file` you specified.
+Part of this equation involves configuring **kuill** to use a certificate having a CN matching one of the `--requestheader-allowed-names` values you specified above, and signed by the `--requestheader-client-ca-file` you specified.
 
-Additionally, `kapow` must be configured to integrate with one or more identity providers, of which SAML2 and
+Additionally, `kuill` must be configured to integrate with one or more identity providers, of which SAML2 and
 OpenID+Connect are currently supported.
 
 ---
@@ -54,12 +52,12 @@ Prerequisites:
 TL;DR ? -> clone the repo, and run: &nbsp; <code>hack/test-drive-minikube.sh</code>
 </div>
 <div style="padding: 10px; background-color: #7a612e;">
-TL;DR, and also super-trusting of strangers ? run: &nbsp; <code>sh -c "$(curl -sL https://raw.githubusercontent.com/matt-deboer/kapow/master/hack/test-drive-minikube.sh)"</code>
+TL;DR, and also super-trusting of strangers ? run: &nbsp; <code>sh -c "$(curl -sL https://raw.githubusercontent.com/matt-deboer/kuill/master/hack/test-drive-minikube.sh)"</code>
 </div>
 
 1. Start a new `minikube` cluster.
 
-    You'll need to add some additional flags on creation (due to the fact that `kapow` acts
+    You'll need to add some additional flags on creation (due to the fact that `kuill` acts
     as an authenticating proxy--configured by flags on the apiserver):
 
     ```sh
@@ -82,7 +80,7 @@ TL;DR, and also super-trusting of strangers ? run: &nbsp; <code>sh -c "$(curl -s
     kubectl create clusterrolebinding kube-system-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default
     ```
 
-1. Generate certificates for `kapow` using the minikube cluster ca (and a little help from the `cfssl` docker image)
+1. Generate certificates for `kuill` using the minikube cluster ca (and a little help from the `cfssl` docker image)
 
     ```sh
     mkdir -p ~/.minikube/certs/auth-proxy
@@ -103,17 +101,17 @@ TL;DR, and also super-trusting of strangers ? run: &nbsp; <code>sh -c "$(curl -s
         cfssljson -bare auth-proxy - && rm -f auth-proxy.csr && rm -f ca.key && mv ca.crt ca.pem'
     ```
 
-1. Create a secret containing the certs (for use by `kapow`)
+1. Create a secret containing the certs (for use by `kuill`)
 
     ```sh
     kubectl --context minikube create secret generic auth-proxy-certs \
       --from-file  ~/.minikube/certs/auth-proxy -n kube-system
     ```
 
-1. Deploy `kapow`
+1. Deploy `kuill`
 
     ```sh
-    curl -sL https://raw.githubusercontent.com/matt-deboer/kapow/master/hack/deploy/kapow-minikube.yml | \
+    curl -sL https://raw.githubusercontent.com/matt-deboer/kuill/master/hack/deploy/kuill-minikube.yml | \
        kubectl --context minikube apply -f -
     ```
 
@@ -150,18 +148,22 @@ Roadmap:
   - [ ] Create e2e tests for the most basic features
   - [ ] Working minikube example deployment/guide
   - [ ] Test on GKE deployments--can we even have an authenticating proxy configured?
-  - [ ] Come up with a better name !
+  - [ ] Come up with a better name ! (kuill)
   - [ ] Support for Third Party Resources / Custom Resource Definitions
+
 - [ ] Overview/Homepage:
   - [ ] Local storage (or cookies) used to remember previous selected namespaces for a given user
   - [ ] Provide better hints/tool-tips to explain what functions are available, and what they mean
+
 - [ ] Workloads:
   - [ ] Provide validation of resource creation/modification
   - [ ] Test authorization for edit/create/delete actions using kube apis before
         displaying/enabling the associated controls
   - [ ] Provide utilization metrics with pods/deployments/etc., and corresponding summaries by selection
+
 - [ ] Cluster:
   - [ ] Use tabs for PersistentVolumes, StorageClasses, TPRs(CustomResources)
+
 - [ ] Access Controls:
   - [ ] Update styles to be consistent with Workloads/Cluster
   - [ ] Add 'Can user X do action Y on resource Z?' button/check to aid with permissions

docs/login_flow.wsd

@@ -3,8 +3,8 @@
 scale 1
 hide footbox
 
-participant "Kapow UI" as b
-participant "Kapow Server" as k
+participant "kuill UI" as b
+participant "kuill Server" as k
 participant "OIDC Provider" as o
 activate b
 b -> k: /login

hack/deploy/kapow-minikube.yml

@@ -5,13 +5,13 @@ items:
 - kind: ServiceAccount
   apiVersion: v1
   metadata:
-    name: kapow
+    name: kuill
     namespace: kube-system
 
 - kind: Role
   apiVersion: rbac.authorization.k8s.io/v1beta1
   metadata:
-    name: kapow-serviceaccount
+    name: kuill-serviceaccount
     namespace: kube-system
   rules:
   - apiGroups: [""]
@@ -21,63 +21,63 @@ items:
 - kind: RoleBinding
   apiVersion: rbac.authorization.k8s.io/v1alpha1
   metadata:
-    name: kapow-serviceaccount
+    name: kuill-serviceaccount
     namespace: kube-system
   subjects:
     - kind: ServiceAccount
-      name: kapow
+      name: kuill
   roleRef:
     kind: Role
-    name: kapow-serviceaccount
+    name: kuill-serviceaccount
     apiGroup: "rbac.authorization.k8s.io"
 
 - kind: Deployment
   apiVersion: extensions/v1beta1
   metadata:
     labels:
-      name: kapow
-    name: kapow
+      name: kuill
+    name: kuill
     namespace: kube-system
   spec:
     replicas: 1
     selector:
       matchLabels:
-        name: kapow
+        name: kuill
     template:
       metadata:
         labels:
-          name: kapow
-          service: kapow
+          name: kuill
+          service: kuill
       spec:
         volumes:
         - name: auth-proxy-certs
           secret:
             secretName: auth-proxy-certs
         containers:
-        - image: mattdeboer/kapow
-          name: kapow
+        - image: mattdeboer/kuill
+          name: kuill
           volumeMounts: 
           - name: auth-proxy-certs
             mountPath: /certs
             readOnly: true
           env:
-          - name: KAPOW_PORT
+          - name: kuill_PORT
             value: "8443"
-          - name: KAPOW_ANONYMOUS_GROUPS
+          - name: kuill_ANONYMOUS_GROUPS
             value: system:masters
-          - name: KAPOW_SERVER_CERT
+          - name: kuill_SERVER_CERT
             value: /certs/auth-proxy.pem
-          - name: KAPOW_SERVER_KEY
+          - name: kuill_SERVER_KEY
             value: /certs/auth-proxy-key.pem
-          - name: KAPOW_KUBERNETES_CLIENT_CERT
+          - name: kuill_KUBERNETES_CLIENT_CERT
             value: /certs/auth-proxy.pem
-          - name: KAPOW_KUBERNETES_CLIENT_KEY
+          - name: kuill_KUBERNETES_CLIENT_KEY
             value: /certs/auth-proxy-key.pem
-          - name: KAPOW_KUBERNETES_CLIENT_CA
+          - name: kuill_KUBERNETES_CLIENT_CA
             value: /certs/ca.pem
-          - name: KAPOW_VERBOSE
+          - name: kuill_VERBOSE
             value: "true"
-          - name: KAPOW_TRACE_REQUESTS
+          - name: kuill_TRACE_REQUESTS
             value: "true"
           ports:
           - containerPort: 8443
@@ -86,14 +86,14 @@ items:
 - kind: Service
   apiVersion: v1
   metadata:
-    name: kapow
+    name: kuill
     namespace: kube-system
   spec:
     ports:
-    - name: kapow
+    - name: kuill
       port: 8443
       targetPort: 8443
       nodePort: 30443
     selector:
-      name: kapow
+      name: kuill
     type: NodePort

hack/minikube-dev.sh

@@ -3,7 +3,7 @@ set -e
 
 SCRIPT_DIR=$(cd $(dirname $0) && pwd)
 ROOT=$(cd ${SCRIPT_DIR}/.. && pwd)
-# starts up kapow locally, pointed at the apiserver from minikube
+# starts up kuill locally, pointed at the apiserver from minikube
 
 status=$(minikube status)
 
@@ -19,7 +19,7 @@ ${SCRIPT_DIR}/get-certs.sh
 
 make -s -C ${ROOT} start-ui &
 
-${ROOT}/bin/kapow \
+${ROOT}/bin/kuill \
   --port 8888 \
   --verbose --trace-requests \
   --server-cert ${ROOT}/certs/server-cert.pem \

hack/test-drive-minikube.sh

@@ -35,7 +35,7 @@ kubectl --context minikube create secret generic auth-proxy-certs \
   --from-file  ~/.minikube/certs/auth-proxy -n kube-system
 
 if [ "$1" != "nodeploy" ]; then
-  curl -sL https://raw.githubusercontent.com/matt-deboer/kapow/master/hack/deploy/kapow-minikube.yml | \
+  curl -sL https://raw.githubusercontent.com/matt-deboer/kuill/master/hack/deploy/kuill-minikube.yml | \
         kubectl --context minikube apply -f -
 
   while ! curl -skL --fail "https://$(minikube ip):30443/"; do sleep 2; done

pkg/auth/auth.go

@@ -15,7 +15,7 @@ import (
 )
 
 const (
-	sessionTokenName = "kapow"
+	sessionTokenName = "kuill"
 	claimExpires     = "exp"
 	claimNotBefore   = "nbf"
 	claimCSRFToken   = "csrf"

pkg/auth/doc.go

@@ -1,2 +1,2 @@
-// Package auth provides authentication support for the kapow app
-package auth // import "github.com/matt-deboer/kapow/pkg/auth"
+// Package auth provides authentication support for the kuill app
+package auth // import "github.com/matt-deboer/kuill/pkg/auth"

pkg/metrics/doc.go

@@ -1,2 +1,2 @@
-// Package metrics provides metrics support for the kapow app
-package metrics // import "github.com/matt-deboer/kapow/pkg/metrics"
+// Package metrics provides metrics support for the kuill app
+package metrics // import "github.com/matt-deboer/kuill/pkg/metrics"

pkg/metrics/metrics.go

@@ -16,7 +16,7 @@ import (
 	"github.com/ericchiang/k8s"
 	apiv1 "github.com/ericchiang/k8s/api/v1"
 	"github.com/ghodss/yaml"
-	"github.com/matt-deboer/kapow/pkg/auth"
+	"github.com/matt-deboer/kuill/pkg/auth"
 	log "github.com/sirupsen/logrus"
 )
 

pkg/proxy/doc.go

@@ -1,2 +1,2 @@
 // Package proxy provides kubernetes authenticating proxy for api requests
-package proxy // import "github.com/matt-deboer/kapow/pkg/proxy"
+package proxy // import "github.com/matt-deboer/kuill/pkg/proxy"

pkg/proxy/proxy.go

@@ -12,7 +12,7 @@ import (
 	"net/http/httputil"
 
 	"github.com/gorilla/websocket"
-	"github.com/matt-deboer/kapow/pkg/auth"
+	"github.com/matt-deboer/kuill/pkg/auth"
 	log "github.com/sirupsen/logrus"
 )
 

pkg/server/main.go

@@ -11,11 +11,11 @@ import (
 
 	"encoding/base64"
 
-	"github.com/matt-deboer/kapow/pkg/auth"
-	"github.com/matt-deboer/kapow/pkg/metrics"
-	"github.com/matt-deboer/kapow/pkg/proxy"
-	"github.com/matt-deboer/kapow/pkg/templates"
-	"github.com/matt-deboer/kapow/pkg/version"
+	"github.com/matt-deboer/kuill/pkg/auth"
+	"github.com/matt-deboer/kuill/pkg/metrics"
+	"github.com/matt-deboer/kuill/pkg/proxy"
+	"github.com/matt-deboer/kuill/pkg/templates"
+	"github.com/matt-deboer/kuill/pkg/version"
 	log "github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
 	"golang.org/x/oauth2"
@@ -34,7 +34,7 @@ func main() {
 	app := cli.NewApp()
 	app.Name = Name
 	app.Usage = `
-		Launch a server which simultaneously provides the Kapow UI,
+		Launch a server which simultaneously provides the kuill UI,
 		and acts as an OIDC server endpoint and Authenticating Proxy for
 		the Kubernetes API.
 		`

pkg/ui/public/index.html

@@ -13,7 +13,7 @@
       work correctly both with client-side routing and a non-root public URL.
       Learn how to configure a non-root public URL by running `npm run build`.
     -->
-    <title>Kapow!</title>
+    <title>kuill!</title>
   </head>
   <body>
     <div id="root"></div>