NnRkLLQ9

· 2 years ago · Dec 11, 2022, 11:00 PM
1apiVersion: v1
2kind: Namespace
3metadata:
4  name: kubernetes-dashboard
5
6---
7
8apiVersion: v1
9kind: ServiceAccount
10metadata:
11  labels:
12    k8s-app: kubernetes-dashboard
13  name: kubernetes-dashboard
14  namespace: kubernetes-dashboard
15
16---
17
18kind: Service
19apiVersion: v1
20metadata:
21  labels:
22    k8s-app: kubernetes-dashboard
23  name: kubernetes-dashboard
24  namespace: kubernetes-dashboard
25spec:
26  type: NodePort
27  ports:
28    - port: 443
29      targetPort: 8443
30      nodePort: 30005
31  selector:
32    k8s-app: kubernetes-dashboard
33
34---
35
36apiVersion: v1
37kind: Secret
38metadata:
39  labels:
40    k8s-app: kubernetes-dashboard
41  name: kubernetes-dashboard-certs
42  namespace: kubernetes-dashboard
43type: Opaque
44
45---
46
47apiVersion: v1
48kind: Secret
49metadata:
50  labels:
51    k8s-app: kubernetes-dashboard
52  name: kubernetes-dashboard-csrf
53  namespace: kubernetes-dashboard
54type: Opaque
55data:
56  csrf: ""
57
58---
59
60apiVersion: v1
61kind: Secret
62metadata:
63  labels:
64    k8s-app: kubernetes-dashboard
65  name: kubernetes-dashboard-key-holder
66  namespace: kubernetes-dashboard
67type: Opaque
68
69---
70
71kind: ConfigMap
72apiVersion: v1
73metadata:
74  labels:
75    k8s-app: kubernetes-dashboard
76  name: kubernetes-dashboard-settings
77  namespace: kubernetes-dashboard
78
79---
80
81kind: Role
82apiVersion: rbac.authorization.k8s.io/v1
83metadata:
84  labels:
85    k8s-app: kubernetes-dashboard
86  name: kubernetes-dashboard
87  namespace: kubernetes-dashboard
88rules:
89  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
90  - apiGroups: [""]
91    resources: ["secrets"]
92    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
93    verbs: ["get", "update", "delete"]
94    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
95  - apiGroups: [""]
96    resources: ["configmaps"]
97    resourceNames: ["kubernetes-dashboard-settings"]
98    verbs: ["get", "update"]
99    # Allow Dashboard to get metrics.
100  - apiGroups: [""]
101    resources: ["services"]
102    resourceNames: ["heapster", "dashboard-metrics-scraper"]
103    verbs: ["proxy"]
104  - apiGroups: [""]
105    resources: ["services/proxy"]
106    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
107    verbs: ["get"]
108
109---
110
111kind: ClusterRole
112apiVersion: rbac.authorization.k8s.io/v1
113metadata:
114  labels:
115    k8s-app: kubernetes-dashboard
116  name: kubernetes-dashboard
117rules:
118  # Allow Metrics Scraper to get metrics from the Metrics server
119  - apiGroups: ["metrics.k8s.io"]
120    resources: ["pods", "nodes"]
121    verbs: ["get", "list", "watch"]
122
123---
124
125apiVersion: rbac.authorization.k8s.io/v1
126kind: RoleBinding
127metadata:
128  labels:
129    k8s-app: kubernetes-dashboard
130  name: kubernetes-dashboard
131  namespace: kubernetes-dashboard
132roleRef:
133  apiGroup: rbac.authorization.k8s.io
134  kind: Role
135  name: kubernetes-dashboard
136subjects:
137  - kind: ServiceAccount
138    name: kubernetes-dashboard
139    namespace: kubernetes-dashboard
140
141---
142
143apiVersion: rbac.authorization.k8s.io/v1
144kind: ClusterRoleBinding
145metadata:
146  name: kubernetes-dashboard
147roleRef:
148  apiGroup: rbac.authorization.k8s.io
149  kind: ClusterRole
150  name: kubernetes-dashboard
151subjects:
152  - kind: ServiceAccount
153    name: kubernetes-dashboard
154    namespace: kubernetes-dashboard
155
156---
157
158kind: Deployment
159apiVersion: apps/v1
160metadata:
161  labels:
162    k8s-app: kubernetes-dashboard
163  name: kubernetes-dashboard
164  namespace: kubernetes-dashboard
165spec:
166  replicas: 1
167  revisionHistoryLimit: 10
168  selector:
169    matchLabels:
170      k8s-app: kubernetes-dashboard
171  template:
172    metadata:
173      labels:
174        k8s-app: kubernetes-dashboard
175    spec:
176      securityContext:
177        seccompProfile:
178          type: RuntimeDefault
179      containers:
180        - name: kubernetes-dashboard
181          image: kubernetesui/dashboard:v2.6.1
182          imagePullPolicy: Always
183          ports:
184            - containerPort: 8443
185              protocol: TCP
186          args:
187            - --auto-generate-certificates
188            - --namespace=kubernetes-dashboard
189            # Uncomment the following line to manually specify Kubernetes API server Host
190            # If not specified, Dashboard will attempt to auto discover the API server and connect
191            # to it. Uncomment only if the default does not work.
192            # - --apiserver-host=http://my-address:port
193          volumeMounts:
194            - name: kubernetes-dashboard-certs
195              mountPath: /certs
196              # Create on-disk volume to store exec logs
197            - mountPath: /tmp
198              name: tmp-volume
199          livenessProbe:
200            httpGet:
201              scheme: HTTPS
202              path: /
203              port: 8443
204            initialDelaySeconds: 30
205            timeoutSeconds: 30
206          securityContext:
207            allowPrivilegeEscalation: false
208            readOnlyRootFilesystem: true
209            runAsUser: 1001
210            runAsGroup: 2001
211      volumes:
212        - name: kubernetes-dashboard-certs
213          secret:
214            secretName: kubernetes-dashboard-certs
215        - name: tmp-volume
216          emptyDir: {}
217      serviceAccountName: kubernetes-dashboard
218      nodeSelector:
219        "kubernetes.io/os": linux
220      # Comment the following tolerations if Dashboard must not be deployed on master
221      tolerations:
222        - key: node-role.kubernetes.io/master
223          effect: NoSchedule
224
225---
226
227kind: Service
228apiVersion: v1
229metadata:
230  labels:
231    k8s-app: dashboard-metrics-scraper
232  name: dashboard-metrics-scraper
233  namespace: kubernetes-dashboard
234spec:
235  ports:
236    - port: 8000
237      targetPort: 8000
238  selector:
239    k8s-app: dashboard-metrics-scraper
240
241---
242
243kind: Deployment
244apiVersion: apps/v1
245metadata:
246  labels:
247    k8s-app: dashboard-metrics-scraper
248  name: dashboard-metrics-scraper
249  namespace: kubernetes-dashboard
250spec:
251  replicas: 1
252  revisionHistoryLimit: 10
253  selector:
254    matchLabels:
255      k8s-app: dashboard-metrics-scraper
256  template:
257    metadata:
258      labels:
259        k8s-app: dashboard-metrics-scraper
260    spec:
261      securityContext:
262        seccompProfile:
263          type: RuntimeDefault
264      containers:
265        - name: dashboard-metrics-scraper
266          image: kubernetesui/metrics-scraper:v1.0.8
267          ports:
268            - containerPort: 8000
269              protocol: TCP
270          livenessProbe:
271            httpGet:
272              scheme: HTTP
273              path: /
274              port: 8000
275            initialDelaySeconds: 30
276            timeoutSeconds: 30
277          volumeMounts:
278          - mountPath: /tmp
279            name: tmp-volume
280          securityContext:
281            allowPrivilegeEscalation: false
282            readOnlyRootFilesystem: true
283            runAsUser: 1001
284            runAsGroup: 2001
285      serviceAccountName: kubernetes-dashboard
286      nodeSelector:
287        "kubernetes.io/os": linux
288      # Comment the following tolerations if Dashboard must not be deployed on master
289      tolerations:
290        - key: node-role.kubernetes.io/master
291          effect: NoSchedule
292      volumes:
293        - name: tmp-volume
294          emptyDir: {}