Skip to content

docs(storage): add LINSTOR GUI documentation #521

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
myasnikovdaniil wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs(storage): add LINSTOR GUI documentation #521

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 62 additions & 0 deletions content/en/docs/next/storage/linstor-gui.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
---
title: "LINSTOR GUI"
linkTitle: "LINSTOR GUI"
description: "Enable and access the optional LINSTOR web console for managing storage nodes, resources, and volumes."
weight: 40
aliases:
- /docs/next/operations/storage/linstor-gui
---

The `linstor-gui` package deploys [LINBIT's LINSTOR GUI](https://github.com/LINBIT/linstor-gui) — a web console
for browsing and managing LINSTOR nodes, resource definitions, volumes, storage pools, and snapshots.
The UI proxies the LINSTOR controller REST API in-cluster using mTLS, so no credentials are ever exposed in the browser.

The package is **opt-in**. The CLI workflow is unchanged — enabling the GUI does not affect any LINSTOR behaviour.
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Use American English spelling 'behavior' for consistency with technical documentation standards.

Suggested change
The package is **opt-in**. The CLI workflow is unchanged — enabling the GUI does not affect any LINSTOR behaviour.
The package is **opt-in**. The CLI workflow is unchanged — enabling the GUI does not affect any LINSTOR behavior.


## Enable the package

Add `cozystack.linstor-gui` to `bundles.enabledPackages` in the [Platform Package]({{% ref "/docs/next/operations/configuration/platform-package" %}}):

```bash
kubectl patch packages.cozystack.io cozystack.cozystack-platform --type=json \
-p '[{"op": "add", "path": "/spec/components/platform/values/bundles/enabledPackages/-", "value": "cozystack.linstor-gui"}]'
```

Wait a minute for the platform chart to reconcile, then verify the HelmRelease has been created:

```bash
kubectl get helmrelease --namespace cozy-linstor linstor-gui
```

## Access the UI

### Option 1 — Keycloak-protected Ingress (recommended)

When [OIDC authentication]({{% ref "/docs/next/operations/oidc" %}}) is enabled, you can publish the UI at
`https://linstor-gui.<root-host>` behind the cluster Keycloak realm.
Add `linstor-gui` to `publishing.exposedServices` in the Platform Package:

```bash
kubectl patch packages.cozystack.io cozystack.cozystack-platform --type=json \
-p '[{"op": "add", "path": "/spec/components/platform/values/publishing/exposedServices/-", "value": "linstor-gui"}]'
```

{{% alert color="info" %}}
The Ingress is only created when both conditions are met: `linstor-gui` is listed in `publishing.exposedServices`
**and** OIDC is enabled (`authentication.oidc.enabled: true`). Without Keycloak there is no authentication
layer in front of the LINSTOR REST API proxy, so the chart deliberately skips the Ingress.
{{% /alert %}}

Access is restricted to members of the `cozystack-cluster-admin` Keycloak group — the same group that grants
cluster-admin RBAC on the host cluster. Once enabled, open `https://linstor-gui.<root-host>` in your browser
and log in with your Keycloak credentials.

### Option 2 — Port-forward

For ad-hoc access without Keycloak, forward the `ClusterIP` service:

```bash
kubectl -n cozy-linstor port-forward svc/linstor-gui 3373:80
```

Then open <http://localhost:3373>.
62 changes: 62 additions & 0 deletions content/en/docs/v1.3/storage/linstor-gui.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
---
title: "LINSTOR GUI"
linkTitle: "LINSTOR GUI"
description: "Enable and access the optional LINSTOR web console for managing storage nodes, resources, and volumes."
weight: 40
aliases:
- /docs/v1.3/operations/storage/linstor-gui
---

The `linstor-gui` package deploys [LINBIT's LINSTOR GUI](https://github.com/LINBIT/linstor-gui) — a web console
for browsing and managing LINSTOR nodes, resource definitions, volumes, storage pools, and snapshots.
The UI proxies the LINSTOR controller REST API in-cluster using mTLS, so no credentials are ever exposed in the browser.

The package is **opt-in**. The CLI workflow is unchanged — enabling the GUI does not affect any LINSTOR behaviour.
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Use American English spelling 'behavior' for consistency with technical documentation standards.

Suggested change
The package is **opt-in**. The CLI workflow is unchanged — enabling the GUI does not affect any LINSTOR behaviour.
The package is **opt-in**. The CLI workflow is unchanged — enabling the GUI does not affect any LINSTOR behavior.


## Enable the package

Add `cozystack.linstor-gui` to `bundles.enabledPackages` in the [Platform Package]({{% ref "/docs/v1.3/operations/configuration/platform-package" %}}):

```bash
kubectl patch packages.cozystack.io cozystack.cozystack-platform --type=json \
-p '[{"op": "add", "path": "/spec/components/platform/values/bundles/enabledPackages/-", "value": "cozystack.linstor-gui"}]'
```

Wait a minute for the platform chart to reconcile, then verify the HelmRelease has been created:

```bash
kubectl get helmrelease --namespace cozy-linstor linstor-gui
```

## Access the UI

### Option 1 — Keycloak-protected Ingress (recommended)

When [OIDC authentication]({{% ref "/docs/v1.3/operations/oidc" %}}) is enabled, you can publish the UI at
`https://linstor-gui.<root-host>` behind the cluster Keycloak realm.
Add `linstor-gui` to `publishing.exposedServices` in the Platform Package:

```bash
kubectl patch packages.cozystack.io cozystack.cozystack-platform --type=json \
-p '[{"op": "add", "path": "/spec/components/platform/values/publishing/exposedServices/-", "value": "linstor-gui"}]'
```

{{% alert color="info" %}}
The Ingress is only created when both conditions are met: `linstor-gui` is listed in `publishing.exposedServices`
**and** OIDC is enabled (`authentication.oidc.enabled: true`). Without Keycloak there is no authentication
layer in front of the LINSTOR REST API proxy, so the chart deliberately skips the Ingress.
{{% /alert %}}

Access is restricted to members of the `cozystack-cluster-admin` Keycloak group — the same group that grants
cluster-admin RBAC on the host cluster. Once enabled, open `https://linstor-gui.<root-host>` in your browser
and log in with your Keycloak credentials.

### Option 2 — Port-forward

For ad-hoc access without Keycloak, forward the `ClusterIP` service:

```bash
kubectl -n cozy-linstor port-forward svc/linstor-gui 3373:80
```

Then open <http://localhost:3373>.