kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml

1. # Copyright 2017 The Kubernetes Authors.
2. #
3. # Licensed under the Apache License, Version 2.0 (the "License");
4. # you may not use this file except in compliance with the License.
5. # You may obtain a copy of the License at
6. #
7. #     http://www.apache.org/licenses/LICENSE-2.0
8. #
9. # Unless required by applicable law or agreed to in writing, software
10. # distributed under the License is distributed on an "AS IS" BASIS,
11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12. # See the License for the specific language governing permissions and
13. # limitations under the License.
14.  
15. apiVersion: v1
16. kind: Namespace
17. metadata:
18.   name: kubernetes-dashboard
19.  
20. ---
21.  
22. apiVersion: v1
23. kind: ServiceAccount
24. metadata:
25.   labels:
26.     k8s-app: kubernetes-dashboard
27.   name: kubernetes-dashboard
28.   namespace: kubernetes-dashboard
29.  
30. ---
31.  
32. kind: Service
33. apiVersion: v1
34. metadata:
35.   labels:
36.     k8s-app: kubernetes-dashboard
37.   name: kubernetes-dashboard
38.   namespace: kubernetes-dashboard
39. spec:
40.   ports:
41.     - port: 443
42.       targetPort: 8443
43.       nodePort: 30051
44.   type: NodePort
45.   selector:
46.     k8s-app: kubernetes-dashboard
47.  
48. ---
49.  
50. apiVersion: v1
51. kind: Secret
52. metadata:
53.   labels:
54.     k8s-app: kubernetes-dashboard
55.   name: kubernetes-dashboard-certs
56.   namespace: kubernetes-dashboard
57. type: Opaque
58.  
59. ---
60.  
61. apiVersion: v1
62. kind: Secret
63. metadata:
64.   labels:
65.     k8s-app: kubernetes-dashboard
66.   name: kubernetes-dashboard-csrf
67.   namespace: kubernetes-dashboard
68. type: Opaque
69. data:
70.   csrf: ""
71.  
72. ---
73.  
74. apiVersion: v1
75. kind: Secret
76. metadata:
77.   labels:
78.     k8s-app: kubernetes-dashboard
79.   name: kubernetes-dashboard-key-holder
80.   namespace: kubernetes-dashboard
81. type: Opaque
82.  
83. ---
84.  
85. kind: ConfigMap
86. apiVersion: v1
87. metadata:
88.   labels:
89.     k8s-app: kubernetes-dashboard
90.   name: kubernetes-dashboard-settings
91.   namespace: kubernetes-dashboard
92.  
93. ---
94.  
95. kind: Role
96. apiVersion: rbac.authorization.k8s.io/v1
97. metadata:
98.   labels:
99.     k8s-app: kubernetes-dashboard
100.   name: kubernetes-dashboard
101.   namespace: kubernetes-dashboard
102. rules:
103.  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
104.   - apiGroups: [""]
105.     resources: ["secrets"]
106.     resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
107.     verbs: ["get", "update", "delete"]
108.     # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
109.   - apiGroups: [""]
110.     resources: ["configmaps"]
111.     resourceNames: ["kubernetes-dashboard-settings"]
112.     verbs: ["get", "update"]
113.     # Allow Dashboard to get metrics.
114.   - apiGroups: [""]
115.     resources: ["services"]
116.     resourceNames: ["heapster", "dashboard-metrics-scraper"]
117.     verbs: ["proxy"]
118.   - apiGroups: [""]
119.     resources: ["services/proxy"]
120.     resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
121.     verbs: ["get"]
122.  
123. ---
124.  
125. kind: ClusterRole
126. apiVersion: rbac.authorization.k8s.io/v1
127. metadata:
128.   labels:
129.     k8s-app: kubernetes-dashboard
130.   name: kubernetes-dashboard
131. rules:
132.  # Allow Metrics Scraper to get metrics from the Metrics server
133.   - apiGroups: ["metrics.k8s.io"]
134.     resources: ["pods", "nodes"]
135.     verbs: ["get", "list", "watch"]
136.  
137. ---
138.  
139. apiVersion: rbac.authorization.k8s.io/v1
140. kind: RoleBinding
141. metadata:
142.   labels:
143.     k8s-app: kubernetes-dashboard
144.   name: kubernetes-dashboard
145.   namespace: kubernetes-dashboard
146. roleRef:
147.   apiGroup: rbac.authorization.k8s.io
148.   kind: Role
149.   name: kubernetes-dashboard
150. subjects:
151.   - kind: ServiceAccount
152.     name: kubernetes-dashboard
153.     namespace: kubernetes-dashboard
154.  
155. ---
156.  
157. apiVersion: rbac.authorization.k8s.io/v1
158. kind: ClusterRoleBinding
159. metadata:
160.   name: kubernetes-dashboard
161. roleRef:
162.   apiGroup: rbac.authorization.k8s.io
163.   kind: ClusterRole
164.   name: kubernetes-dashboard
165. subjects:
166.   - kind: ServiceAccount
167.     name: kubernetes-dashboard
168.     namespace: kubernetes-dashboard
169.  
170. ---
171.  
172. kind: Deployment
173. apiVersion: apps/v1
174. metadata:
175.   labels:
176.     k8s-app: kubernetes-dashboard
177.   name: kubernetes-dashboard
178.   namespace: kubernetes-dashboard
179. spec:
180.   replicas: 1
181.   revisionHistoryLimit: 10
182.   selector:
183.     matchLabels:
184.       k8s-app: kubernetes-dashboard
185.   template:
186.     metadata:
187.       labels:
188.         k8s-app: kubernetes-dashboard
189.     spec:
190.       containers:
191.         - name: kubernetes-dashboard
192.           image: kubernetesui/dashboard:v2.4.0
193.           imagePullPolicy: Always
194.           ports:
195.             - containerPort: 8443
196.               protocol: TCP
197.           args:
198.            - --tls-cert-file=certificate.crt
199.             - --tls-key-file=key.key
200.             #- --auto-generate-certificates
201.             - --namespace=kubernetes-dashboard
202.             # Uncomment the following line to manually specify Kubernetes API server Host
203.             # If not specified, Dashboard will attempt to auto discover the API server and connect
204.             # to it. Uncomment only if the default does not work.
205.             # - --apiserver-host=http://my-address:port
206.           volumeMounts:
207.             - name: kubernetes-dashboard-certs
208.               mountPath: /certs
209.               # Create on-disk volume to store exec logs
210.             - mountPath: /tmp
211.               name: tmp-volume
212.           livenessProbe:
213.             httpGet:
214.               scheme: HTTPS
215.               path: /
216.               port: 8443
217.             initialDelaySeconds: 30
218.             timeoutSeconds: 30
219.           securityContext:
220.             allowPrivilegeEscalation: false
221.             readOnlyRootFilesystem: true
222.             runAsUser: 1001
223.             runAsGroup: 2001
224.       volumes:
225.         - name: kubernetes-dashboard-certs
226.           secret:
227.             secretName: kubernetes-dashboard-certs
228.         - name: tmp-volume
229.           emptyDir: {}
230.       serviceAccountName: kubernetes-dashboard
231.       nodeSelector:
232.         "kubernetes.io/os": linux
233.       # Comment the following tolerations if Dashboard must not be deployed on master
234.       tolerations:
235.         - key: node-role.kubernetes.io/master
236.           effect: NoSchedule
237.  
238. ---
239.  
240. kind: Service
241. apiVersion: v1
242. metadata:
243.   labels:
244.     k8s-app: dashboard-metrics-scraper
245.   name: dashboard-metrics-scraper
246.   namespace: kubernetes-dashboard
247. spec:
248.   ports:
249.     - port: 8000
250.       targetPort: 8000
251.   selector:
252.     k8s-app: dashboard-metrics-scraper
253.  
254. ---
255.  
256. kind: Deployment
257. apiVersion: apps/v1
258. metadata:
259.   labels:
260.     k8s-app: dashboard-metrics-scraper
261.   name: dashboard-metrics-scraper
262.   namespace: kubernetes-dashboard
263. spec:
264.   replicas: 1
265.   revisionHistoryLimit: 10
266.   selector:
267.     matchLabels:
268.       k8s-app: dashboard-metrics-scraper
269.   template:
270.     metadata:
271.       labels:
272.         k8s-app: dashboard-metrics-scraper
273.     spec:
274.       securityContext:
275.         seccompProfile:
276.           type: RuntimeDefault
277.       containers:
278.         - name: dashboard-metrics-scraper
279.           image: kubernetesui/metrics-scraper:v1.0.7
280.           ports:
281.             - containerPort: 8000
282.               protocol: TCP
283.           livenessProbe:
284.             httpGet:
285.               scheme: HTTP
286.               path: /
287.               port: 8000
288.             initialDelaySeconds: 30
289.             timeoutSeconds: 30
290.           volumeMounts:
291.           - mountPath: /tmp
292.             name: tmp-volume
293.           securityContext:
294.             allowPrivilegeEscalation: false
295.             readOnlyRootFilesystem: true
296.             runAsUser: 1001
297.             runAsGroup: 2001
298.       serviceAccountName: kubernetes-dashboard
299.       nodeSelector:
300.         "kubernetes.io/os": linux
301.       # Comment the following tolerations if Dashboard must not be deployed on master
302.       tolerations:
303.         - key: node-role.kubernetes.io/master
304.           effect: NoSchedule
305.       volumes:
306.         - name: tmp-volume
307.           emptyDir: {}