kubernetes/dashboard/v2.4.0/aio/deploy/alternative.yaml

1. # Copyright 2017 The Kubernetes Authors.
2. #
3. # Licensed under the Apache License, Version 2.0 (the "License");
4. # you may not use this file except in compliance with the License.
5. # You may obtain a copy of the License at
6. #
7. #     http://www.apache.org/licenses/LICENSE-2.0
8. #
9. # Unless required by applicable law or agreed to in writing, software
10. # distributed under the License is distributed on an "AS IS" BASIS,
11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12. # See the License for the specific language governing permissions and
13. # limitations under the License.
14. # https://github.com/kubernetes/dashboard/blob/master/docs/common/dashboard-arguments.md#arguments
15. # https://github.com/kubernetes/dashboard/blob/master/docs/user/installation.md
16.  
17. apiVersion: v1
18. kind: Namespace
19. metadata:
20.   name: kubernetes-dashboard
21.  
22. ---
23.  
24. apiVersion: v1
25. kind: ServiceAccount
26. metadata:
27.   labels:
28.     k8s-app: kubernetes-dashboard
29.   name: kubernetes-dashboard
30.   namespace: kubernetes-dashboard
31.  
32. ---
33.  
34. kind: Service
35. apiVersion: v1
36. metadata:
37.   labels:
38.     k8s-app: kubernetes-dashboard
39.   name: kubernetes-dashboard
40.   namespace: kubernetes-dashboard
41. spec:
42.   ports:
43.     - port: 80
44.       targetPort: 9090
45.       nodePort: 30051
46.   type: NodePort
47.   selector:
48.     k8s-app: kubernetes-dashboard
49.  
50. ---
51.  
52. apiVersion: v1
53. kind: Secret
54. metadata:
55.   labels:
56.     k8s-app: kubernetes-dashboard
57.   name: kubernetes-dashboard-csrf
58.   namespace: kubernetes-dashboard
59. type: Opaque
60. data:
61.   csrf: ""
62.  
63. ---
64.  
65. apiVersion: v1
66. kind: Secret
67. metadata:
68.   labels:
69.     k8s-app: kubernetes-dashboard
70.   name: kubernetes-dashboard-key-holder
71.   namespace: kubernetes-dashboard
72. type: Opaque
73.  
74. ---
75.  
76. kind: ConfigMap
77. apiVersion: v1
78. metadata:
79.   labels:
80.     k8s-app: kubernetes-dashboard
81.   name: kubernetes-dashboard-settings
82.   namespace: kubernetes-dashboard
83.  
84. ---
85.  
86. kind: Role
87. apiVersion: rbac.authorization.k8s.io/v1
88. metadata:
89.   labels:
90.     k8s-app: kubernetes-dashboard
91.   name: kubernetes-dashboard
92.   namespace: kubernetes-dashboard
93. rules:
94.  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
95.   - apiGroups: [""]
96.     resources: ["secrets"]
97.     resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
98.     verbs: ["get", "update", "delete"]
99.     # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
100.   - apiGroups: [""]
101.     resources: ["configmaps"]
102.     resourceNames: ["kubernetes-dashboard-settings"]
103.     verbs: ["get", "update"]
104.     # Allow Dashboard to get metrics.
105.   - apiGroups: [""]
106.     resources: ["services"]
107.     resourceNames: ["heapster", "dashboard-metrics-scraper"]
108.     verbs: ["proxy"]
109.   - apiGroups: [""]
110.     resources: ["services/proxy"]
111.     resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
112.     verbs: ["get"]
113.  
114. ---
115.  
116. kind: ClusterRole
117. apiVersion: rbac.authorization.k8s.io/v1
118. metadata:
119.   labels:
120.     k8s-app: kubernetes-dashboard
121.   name: kubernetes-dashboard
122. rules:
123.  # Allow Metrics Scraper to get metrics from the Metrics server
124.   - apiGroups: ["metrics.k8s.io"]
125.     resources: ["pods", "nodes"]
126.     verbs: ["get", "list", "watch"]
127.  
128. ---
129.  
130. apiVersion: rbac.authorization.k8s.io/v1
131. kind: RoleBinding
132. metadata:
133.   labels:
134.     k8s-app: kubernetes-dashboard
135.   name: kubernetes-dashboard
136.   namespace: kubernetes-dashboard
137. roleRef:
138.   apiGroup: rbac.authorization.k8s.io
139.   kind: Role
140.   name: kubernetes-dashboard
141. subjects:
142.   - kind: ServiceAccount
143.     name: kubernetes-dashboard
144.     namespace: kubernetes-dashboard
145.  
146. ---
147.  
148. apiVersion: rbac.authorization.k8s.io/v1
149. kind: ClusterRoleBinding
150. metadata:
151.   name: kubernetes-dashboard
152. roleRef:
153.   apiGroup: rbac.authorization.k8s.io
154.   kind: ClusterRole
155.   name: kubernetes-dashboard
156. subjects:
157.   - kind: ServiceAccount
158.     name: kubernetes-dashboard
159.     namespace: kubernetes-dashboard
160.  
161. ---
162.  
163. kind: Deployment
164. apiVersion: apps/v1
165. metadata:
166.   labels:
167.     k8s-app: kubernetes-dashboard
168.   name: kubernetes-dashboard
169.   namespace: kubernetes-dashboard
170. spec:
171.   replicas: 1
172.   revisionHistoryLimit: 10
173.   selector:
174.     matchLabels:
175.       k8s-app: kubernetes-dashboard
176.   template:
177.     metadata:
178.       labels:
179.         k8s-app: kubernetes-dashboard
180.     spec:
181.       containers:
182.         - name: kubernetes-dashboard
183.           image: kubernetesui/dashboard:v2.4.0
184.           ports:
185.             - containerPort: 9090
186.               protocol: TCP
187.           args:
188.            - --namespace=kubernetes-dashboard
189.             - --enable-insecure-login=true
190.             - --insecure-port=9090
191.             - --insecure-bind-address=0.0.0.0
192.           # Uncomment the following line to manually specify Kubernetes API server Host
193.           # If not specified, Dashboard will attempt to auto discover the API server and connect
194.           # to it. Uncomment only if the default does not work.
195.           # - --apiserver-host=http://my-address:port
196.           volumeMounts:
197.            # Create on-disk volume to store exec logs
198.             - mountPath: /tmp
199.               name: tmp-volume
200.           livenessProbe:
201.             httpGet:
202.               path: /
203.               port: 9090
204.             initialDelaySeconds: 30
205.             timeoutSeconds: 30
206.           securityContext:
207.             allowPrivilegeEscalation: false
208.             readOnlyRootFilesystem: true
209.             runAsUser: 1001
210.             runAsGroup: 2001
211.       volumes:
212.         - name: tmp-volume
213.           emptyDir: {}
214.       serviceAccountName: kubernetes-dashboard
215.       nodeSelector:
216.         "kubernetes.io/os": linux
217.       # Comment the following tolerations if Dashboard must not be deployed on master
218.       tolerations:
219.         - key: node-role.kubernetes.io/master
220.           effect: NoSchedule
221.  
222. ---
223.  
224. kind: Service
225. apiVersion: v1
226. metadata:
227.   labels:
228.     k8s-app: dashboard-metrics-scraper
229.   name: dashboard-metrics-scraper
230.   namespace: kubernetes-dashboard
231. spec:
232.   ports:
233.     - port: 8000
234.       targetPort: 8000
235.   selector:
236.     k8s-app: dashboard-metrics-scraper
237.  
238. ---
239.  
240. kind: Deployment
241. apiVersion: apps/v1
242. metadata:
243.   labels:
244.     k8s-app: dashboard-metrics-scraper
245.   name: dashboard-metrics-scraper
246.   namespace: kubernetes-dashboard
247. spec:
248.   replicas: 1
249.   revisionHistoryLimit: 10
250.   selector:
251.     matchLabels:
252.       k8s-app: dashboard-metrics-scraper
253.   template:
254.     metadata:
255.       labels:
256.         k8s-app: dashboard-metrics-scraper
257.     spec:
258.       securityContext:
259.         seccompProfile:
260.           type: RuntimeDefault
261.       containers:
262.         - name: dashboard-metrics-scraper
263.           image: kubernetesui/metrics-scraper:v1.0.7
264.           ports:
265.             - containerPort: 8000
266.               protocol: TCP
267.           livenessProbe:
268.             httpGet:
269.               scheme: HTTP
270.               path: /
271.               port: 8000
272.             initialDelaySeconds: 30
273.             timeoutSeconds: 30
274.           volumeMounts:
275.           - mountPath: /tmp
276.             name: tmp-volume
277.           securityContext:
278.             allowPrivilegeEscalation: false
279.             readOnlyRootFilesystem: true
280.             runAsUser: 1001
281.             runAsGroup: 2001
282.       serviceAccountName: kubernetes-dashboard
283.       nodeSelector:
284.         "kubernetes.io/os": linux
285.       # Comment the following tolerations if Dashboard must not be deployed on master
286.       tolerations:
287.         - key: node-role.kubernetes.io/master
288.           effect: NoSchedule
289.       volumes:
290.         - name: tmp-volume
291.           emptyDir: {}