-
You will need a Kubernetes cluster running Antrea.
-
Ensure that Helm 3 is installed. We recommend using a recent version of Helm if possible. Refer to the Helm documentation for compatibility between Helm and Kubernetes versions.
-
Add the Antrea Helm chart repository:
helm repo add antrea https://charts.antrea.io helm repo update
To install the Antrea UI Helm chart, use the following command:
helm install antrea-ui antrea/antrea-ui --namespace kube-system
The chart should be installed in the same namespace as Antrea.
This will install the latest released version of Antrea UI. You can also install
a specific version of the UI with --version <TAG>
.
To install an unreleased version of Antrea UI, you will need to clone this repository:
git clone https://github.com/antrea-io/antrea-ui.git
cd antrea-ui
helm install antrea-ui build/charts/antrea-ui --namespace kube-system
To upgrade the Antrea UI Helm chart, use the following commands:
helm upgrade antrea-ui antrea/antrea-ui --namespace kube-system [--version <TAG>]
The list of values supported by the chart can be found here.
If you installed the Helm chart using the command above, without overriding any chart values, you will need to:
- Forward a local port to the
antrea-ui
Service:kubectl -n kube-system port-forward service/antrea-ui 3000:3000
- Connect to this local port with your browser, by visiting
http://localhost:3000
The default admin
password is admin
. You can change it in the Settings
tab.
We recommend accessing the Antrea UI over HTTPS. It can be done one of 2 ways:
- If you are using an Ingress Controller, you can terminate TLS at Ingress. This does not require any customization when installing the antrea-ui Helm chart. You need to create the appropriate Ingress resource, exposing an HTTPS route for the antrea-ui Service. Refer to this for an example.
- Otherwise, you can enable HTTPS directly in the Antrea UI web server. There are different 4 methods for doing so, which are described below.
This is the simplest option to enable HTTPS. Helm will generate a self-signed TLS certificate and key, which will be used by the web server. Note that the certificate will be re-generated every time the Helm template function runs.
cat <<EOF >> values-auto.yml
https:
enable: true
method: "auto"
EOF
helm install antrea-ui build/charts/antrea-ui --namespace kube-system -f values-auto.yml
When the installation completes, the certificate PEM data will be displayed, in case you would like to import it into the trust store for your browser.
With this option, you will need to provide your own TLS certificate and key. This is useful if you already have your own trusted CA certificate that you can use to generate a new signed certificate.
cat <<EOF >> values-user.yml
https:
enable: true
method: "user"
user:
cert: "<base64-encoded PEM certificate>"
key: "<base64-encoded PEM key>"
EOF
helm install antrea-ui build/charts/antrea-ui --namespace kube-system -f values-user.yml
The certificate should include localhost
as a Subject Alternate Name (SAN).
With this option, you will need to provide your own CA certificate and key. Helm will generate a signed certificate using the provided data.
cat <<EOF >> values-userCA.yml
https:
enable: true
method: "userCA"
userCA:
cert: "<base64-encoded PEM CA certificate>"
key: "<base64-encoded PEM CA key>"
EOF
helm install antrea-ui build/charts/antrea-ui --namespace kube-system -f values-userCA.yml
With this option, you will need to provide a K8s Secret of type kubernetes.io/tls, which includes the tls.crt and tls.key data fields.
cat <<EOF >> values-secret.yml
https:
enable: true
method: "secret"
secretName: "<name>"
EOF
helm install antrea-ui antrea/antrea-ui --namespace kube-system -f values-secret.yml
If you do not provide a secretName
, it will default to "antrea-ui-tls"
.
With this method, you can integrate with cert-manager. Refer to this for an example.
Refer to this document for instructions on how to configure SSO for Antrea UI.