· 5 years ago · May 14, 2020, 10:12 AM
1# Copyright 2017 The Kubernetes Authors.
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: v1
16kind: Namespace
17metadata:
18 name: development
19
20---
21
22apiVersion: v1
23kind: ServiceAccount
24metadata:
25 labels:
26 k8s-app: kubernetes-dashboard
27 name: kubernetes-dashboard
28
29
30---
31
32kind: Service
33apiVersion: v1
34metadata:
35 labels:
36 k8s-app: kubernetes-dashboard
37 name: kubernetes-dashboard
38
39spec:
40 ports:
41 - port: 443
42 targetPort: 8443
43 selector:
44 k8s-app: kubernetes-dashboard
45
46---
47
48apiVersion: v1
49kind: Secret
50metadata:
51 labels:
52 k8s-app: kubernetes-dashboard
53 name: kubernetes-dashboard-certs
54
55type: Opaque
56
57---
58
59apiVersion: v1
60kind: Secret
61metadata:
62 labels:
63 k8s-app: kubernetes-dashboard
64 name: kubernetes-dashboard-csrf
65
66type: Opaque
67data:
68 csrf: ""
69
70---
71
72apiVersion: v1
73kind: Secret
74metadata:
75 labels:
76 k8s-app: kubernetes-dashboard
77 name: kubernetes-dashboard-key-holder
78
79type: Opaque
80
81---
82
83kind: ConfigMap
84apiVersion: v1
85metadata:
86 labels:
87 k8s-app: kubernetes-dashboard
88 name: kubernetes-dashboard-settings
89
90
91---
92
93kind: Role
94apiVersion: rbac.authorization.k8s.io/v1
95metadata:
96 labels:
97 k8s-app: kubernetes-dashboard
98 name: kubernetes-dashboard
99
100rules:
101 # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
102 - apiGroups: [""]
103 resources: ["secrets"]
104 resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
105 verbs: ["get", "update", "delete"]
106 # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
107 - apiGroups: [""]
108 resources: ["configmaps"]
109 resourceNames: ["kubernetes-dashboard-settings"]
110 verbs: ["get", "update"]
111 # Allow Dashboard to get metrics.
112 - apiGroups: [""]
113 resources: ["services"]
114 resourceNames: ["heapster", "dashboard-metrics-scraper"]
115 verbs: ["proxy"]
116 - apiGroups: [""]
117 resources: ["services/proxy"]
118 resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
119 verbs: ["get"]
120
121---
122
123kind: ClusterRole
124apiVersion: rbac.authorization.k8s.io/v1
125metadata:
126 labels:
127 k8s-app: kubernetes-dashboard
128 name: kubernetes-dashboard
129rules:
130 # Allow Metrics Scraper to get metrics from the Metrics server
131 - apiGroups: ["metrics.k8s.io"]
132 resources: ["pods", "nodes"]
133 verbs: ["get", "list", "watch"]
134
135---
136
137apiVersion: rbac.authorization.k8s.io/v1
138kind: RoleBinding
139metadata:
140 labels:
141 k8s-app: kubernetes-dashboard
142 name: kubernetes-dashboard
143
144roleRef:
145 apiGroup: rbac.authorization.k8s.io
146 kind: Role
147 name: kubernetes-dashboard
148subjects:
149 - kind: ServiceAccount
150 name: kubernetes-dashboard
151 namespace: {{ .Release.Namespace }}
152
153---
154
155apiVersion: rbac.authorization.k8s.io/v1
156kind: ClusterRoleBinding
157metadata:
158 name: kubernetes-dashboard
159roleRef:
160 apiGroup: rbac.authorization.k8s.io
161 kind: ClusterRole
162 name: kubernetes-dashboard
163subjects:
164 - kind: ServiceAccount
165 name: kubernetes-dashboard
166 namespace: {{ .Release.Namespace }}
167
168---
169
170kind: Deployment
171apiVersion: apps/v1
172metadata:
173 labels:
174 k8s-app: kubernetes-dashboard
175 name: kubernetes-dashboard
176
177spec:
178 replicas: 1
179 revisionHistoryLimit: 10
180 selector:
181 matchLabels:
182 k8s-app: kubernetes-dashboard
183 template:
184 metadata:
185 labels:
186 k8s-app: kubernetes-dashboard
187 spec:
188 containers:
189 - name: kubernetes-dashboard
190 image: kubernetesui/dashboard:v2.0.0-beta8
191 imagePullPolicy: Always
192 ports:
193 - containerPort: 8443
194 protocol: TCP
195 args:
196 - --auto-generate-certificates
197 - --namespace={{ .Release.Namespace }}
198 - --enable-skip-login
199 # Uncomment the following line to manually specify Kubernetes API server Host
200 # If not specified, Dashboard will attempt to auto discover the API server and connect
201 # to it. Uncomment only if the default does not work.
202 # - --apiserver-host=http://my-address:port
203 volumeMounts:
204 - name: kubernetes-dashboard-certs
205 mountPath: /certs
206 # Create on-disk volume to store exec logs
207 - mountPath: /tmp
208 name: tmp-volume
209 livenessProbe:
210 httpGet:
211 scheme: HTTPS
212 path: /
213 port: 8443
214 initialDelaySeconds: 30
215 timeoutSeconds: 30
216 securityContext:
217 allowPrivilegeEscalation: false
218 readOnlyRootFilesystem: true
219 runAsUser: 1001
220 runAsGroup: 2001
221 volumes:
222 - name: kubernetes-dashboard-certs
223 secret:
224 secretName: kubernetes-dashboard-certs
225 - name: tmp-volume
226 emptyDir: {}
227 serviceAccountName: kubernetes-dashboard
228 nodeSelector:
229 "beta.kubernetes.io/os": linux
230 # Comment the following tolerations if Dashboard must not be deployed on master
231 tolerations:
232 - key: node-role.kubernetes.io/master
233 effect: NoSchedule
234
235---
236
237kind: Service
238apiVersion: v1
239metadata:
240 labels:
241 k8s-app: dashboard-metrics-scraper
242 name: dashboard-metrics-scraper
243
244spec:
245 ports:
246 - port: 8000
247 targetPort: 8000
248 selector:
249 k8s-app: dashboard-metrics-scraper
250
251---
252
253kind: Deployment
254apiVersion: apps/v1
255metadata:
256 labels:
257 k8s-app: dashboard-metrics-scraper
258 name: dashboard-metrics-scraper
259
260spec:
261 replicas: 1
262 revisionHistoryLimit: 10
263 selector:
264 matchLabels:
265 k8s-app: dashboard-metrics-scraper
266 template:
267 metadata:
268 labels:
269 k8s-app: dashboard-metrics-scraper
270 annotations:
271 seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
272 spec:
273 containers:
274 - name: dashboard-metrics-scraper
275 image: kubernetesui/metrics-scraper:v1.0.1
276 ports:
277 - containerPort: 8000
278 protocol: TCP
279 livenessProbe:
280 httpGet:
281 scheme: HTTP
282 path: /
283 port: 8000
284 initialDelaySeconds: 30
285 timeoutSeconds: 30
286 volumeMounts:
287 - mountPath: /tmp
288 name: tmp-volume
289 securityContext:
290 allowPrivilegeEscalation: false
291 readOnlyRootFilesystem: true
292 runAsUser: 1001
293 runAsGroup: 2001
294 serviceAccountName: kubernetes-dashboard
295 nodeSelector:
296 "beta.kubernetes.io/os": linux
297 # Comment the following tolerations if Dashboard must not be deployed on master
298 tolerations:
299 - key: node-role.kubernetes.io/master
300 effect: NoSchedule
301 volumes:
302 - name: tmp-volume
303 emptyDir: {}