From 0960bc888b5de5ca2cfbd8ff0def931e67e765f2 Mon Sep 17 00:00:00 2001
From: Michael Edgar <medgar@redhat.com>
Date: Thu, 16 May 2024 13:44:14 -0400
Subject: [PATCH] Use host network for compose, document service account setup

Signed-off-by: Michael Edgar <medgar@redhat.com>
---
 README.md    | 11 ++++++++---
 compose.yaml | 21 +++++++--------------
 2 files changed, 15 insertions(+), 17 deletions(-)

diff --git a/README.md b/README.md
index 8f6a09b91..fca94ba59 100644
--- a/README.md
+++ b/README.md
@@ -40,10 +40,15 @@ file and credentials to connect to the Kubernetes cluster where Strimzi and Kafk
    CONSOLE_API_SERVICE_ACCOUNT_TOKEN=<TOKEN>
    CONSOLE_API_KUBERNETES_API_SERVER_URL=https://my-kubernetes-api.example.com:6443
    ```
-   The service account token may be obtain using the `kubectl create token` command. For example, to create a token
-   that expires in 1 year:
+   The service account token may be obtain using the `kubectl create token` command. For example, to create a service account
+   named "console-server" (from [console-server.serviceaccount.yaml](./install/resources/console/console-server.serviceaccount.yaml)
+   with the correct permissions and a token that expires in 1 year ([yq](https://github.com/mikefarah/yq/releases) required):
    ```shell
-   kubectl create token <service account name> -n <service account namespace> --duration=$((365*24))h
+   export NAMESPACE=<service account namespace>
+   kubectl apply -n ${NAMESPACE} -f ./install/resources/console/console-server.clusterrole.yaml
+   kubectl apply -n ${NAMESPACE} -f ./install/resources/console/console-server.serviceaccount.yaml
+   yq '.subjects[0].namespace = strenv(NAMESPACE)' ./install/resources/console/console-server.clusterrolebinding.yaml | kubectl apply -n ${NAMESPACE} -f -
+   kubectl create token console-server -n ${NAMESPACE} --duration=$((365*24))h
    ```
 
 3. By default, the provided configuration will use the latest console release container images. If you would like to
diff --git a/compose.yaml b/compose.yaml
index fb2947c23..ca69d1eaa 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,34 +1,27 @@
 ---
 version: '3.9'
 
-networks:
-  streams-console:
-    driver: bridge
-
 services:
   console-api:
     image: ${CONSOLE_API_IMAGE}
-    hostname: api
     container_name: console-api
+    network_mode: host
     volumes:
       - ${PWD}/console-config.yaml:/deployments/console-config.yaml:z
     environment:
       CONSOLE_CONFIG_PATH: /deployments/console-config.yaml
       QUARKUS_KUBERNETES_CLIENT_API_SERVER_URL: ${CONSOLE_API_KUBERNETES_API_SERVER_URL}
+      QUARKUS_KUBERNETES_CLIENT_TRUST_CERTS: "true"
       QUARKUS_KUBERNETES_CLIENT_TOKEN: ${CONSOLE_API_SERVICE_ACCOUNT_TOKEN}
-    networks:
-      - streams-console
 
   console-ui:
     image: ${CONSOLE_UI_IMAGE}
-    hostname: ui
     container_name: console-ui
-    ports:
-      - "3000:3000"
+    network_mode: host
     environment:
+      HOSTNAME: localhost
+      PORT: 3005
       CONSOLE_METRICS_PROMETHEUS_URL: ${CONSOLE_METRICS_PROMETHEUS_URL}
       NEXTAUTH_SECRET: ${CONSOLE_UI_NEXTAUTH_SECRET}
-      NEXTAUTH_URL: http://localhost:3000
-      BACKEND_URL: http://api:8080/
-    networks:
-      - streams-console
+      NEXTAUTH_URL: http://localhost:3005
+      BACKEND_URL: http://localhost:8080/