Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / offline-installer / cc634d2b109aed5dd51e02a8e6bdc16bd598353c / . / ansible / roles / rke / templates / kubernetes-dashboard.yaml.j2
blob: 7dd9692c759e13c5be7f9a8d21d56a35b40925de [file] [log] [blame]
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]1# Copyright 2017 The Kubernetes Authors.
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]15apiVersion: v1
16kind: Namespace
17metadata:
18 name: kubernetes-dashboard
19
20---
21
22apiVersion: v1
23kind: ServiceAccount
24metadata:
25 labels:
26 k8s-app: kubernetes-dashboard
27 name: kubernetes-dashboard
28 namespace: kubernetes-dashboard
29
30---
31
32kind: Service
33apiVersion: v1
34metadata:
35 labels:
36 k8s-app: kubernetes-dashboard
37 name: kubernetes-dashboard
38 namespace: kubernetes-dashboard
39spec:
40 ports:
41 - port: 443
42 targetPort: 8443
43 selector:
44 k8s-app: kubernetes-dashboard
45{% if rke_dashboard_exposed %}
46 type: NodePort
47{% endif %}
48
49---
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]50
51apiVersion: v1
52kind: Secret
53metadata:
54 labels:
55 k8s-app: kubernetes-dashboard
56 name: kubernetes-dashboard-certs
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]57 namespace: kubernetes-dashboard
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]58type: Opaque
59
60---
61
62apiVersion: v1
63kind: Secret
64metadata:
65 labels:
66 k8s-app: kubernetes-dashboard
67 name: kubernetes-dashboard-csrf
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]68 namespace: kubernetes-dashboard
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]69type: Opaque
70data:
71 csrf: ""
72
73---
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]74
75apiVersion: v1
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]76kind: Secret
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]77metadata:
78 labels:
79 k8s-app: kubernetes-dashboard
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]80 name: kubernetes-dashboard-key-holder
81 namespace: kubernetes-dashboard
82type: Opaque
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]83
84---
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]85
86kind: ConfigMap
87apiVersion: v1
88metadata:
89 labels:
90 k8s-app: kubernetes-dashboard
91 name: kubernetes-dashboard-settings
92 namespace: kubernetes-dashboard
93
94---
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]95
96kind: Role
97apiVersion: rbac.authorization.k8s.io/v1
98metadata:
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]99 labels:
100 k8s-app: kubernetes-dashboard
101 name: kubernetes-dashboard
102 namespace: kubernetes-dashboard
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]103rules:
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]104 # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]105 - apiGroups: [""]
106 resources: ["secrets"]
107 resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
108 verbs: ["get", "update", "delete"]
109 # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
110 - apiGroups: [""]
111 resources: ["configmaps"]
112 resourceNames: ["kubernetes-dashboard-settings"]
113 verbs: ["get", "update"]
114 # Allow Dashboard to get metrics.
115 - apiGroups: [""]
116 resources: ["services"]
117 resourceNames: ["heapster", "dashboard-metrics-scraper"]
118 verbs: ["proxy"]
119 - apiGroups: [""]
120 resources: ["services/proxy"]
121 resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
122 verbs: ["get"]
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]123
124---
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]125
126kind: ClusterRole
127apiVersion: rbac.authorization.k8s.io/v1
128metadata:
129 labels:
130 k8s-app: kubernetes-dashboard
131 name: kubernetes-dashboard
132rules:
133 # Allow Metrics Scraper to get metrics from the Metrics server
134 - apiGroups: ["metrics.k8s.io"]
135 resources: ["pods", "nodes","namespaces","secrets","persistentvolumeclaims"]
136 verbs: ["get", "list", "watch"]
137 - apiGroups: ["","apps"]
138 resources: ["pods", "nodes","namespaces","secrets","persistentvolumeclaims","replicasets","deployments","events"]
139 verbs: ["get", "list", "watch"]
140
141---
142
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]143apiVersion: rbac.authorization.k8s.io/v1
144kind: RoleBinding
145metadata:
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]146 labels:
147 k8s-app: kubernetes-dashboard
148 name: kubernetes-dashboard
149 namespace: kubernetes-dashboard
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]150roleRef:
151 apiGroup: rbac.authorization.k8s.io
152 kind: Role
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]153 name: kubernetes-dashboard
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]154subjects:
155 - kind: ServiceAccount
156 name: kubernetes-dashboard
157 namespace: kubernetes-dashboard
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]158
159---
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]160
161apiVersion: rbac.authorization.k8s.io/v1
162kind: ClusterRoleBinding
163metadata:
164 name: kubernetes-dashboard
165 namespace: kubernetes-dashboard
166roleRef:
167 apiGroup: rbac.authorization.k8s.io
168 kind: ClusterRole
169 name: kubernetes-dashboard
170subjects:
171 - kind: ServiceAccount
172 name: kubernetes-dashboard
173 namespace: kubernetes-dashboard
174
175---
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]176
177kind: Deployment
178apiVersion: apps/v1
179metadata:
180 labels:
181 k8s-app: kubernetes-dashboard
182 name: kubernetes-dashboard
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]183 namespace: kubernetes-dashboard
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]184spec:
185 replicas: 1
186 revisionHistoryLimit: 10
187 selector:
188 matchLabels:
189 k8s-app: kubernetes-dashboard
190 template:
191 metadata:
192 labels:
193 k8s-app: kubernetes-dashboard
194 spec:
195 containers:
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]196 - name: kubernetes-dashboard
197 image: kubernetesui/dashboard:v2.0.0-beta4
198 imagePullPolicy: Always
199 ports:
200 - containerPort: 8443
201 protocol: TCP
202 args:
203 - --auto-generate-certificates
204 - --namespace=kubernetes-dashboard
205 # Uncomment the following line to manually specify Kubernetes API server Host
206 # If not specified, Dashboard will attempt to auto discover the API server and connect
207 # to it. Uncomment only if the default does not work.
208 # - --apiserver-host=http://my-address:port
209 volumeMounts:
210 - name: kubernetes-dashboard-certs
211 mountPath: /certs
212 # Create on-disk volume to store exec logs
213 - mountPath: /tmp
214 name: tmp-volume
215 livenessProbe:
216 httpGet:
217 scheme: HTTPS
218 path: /
219 port: 8443
220 initialDelaySeconds: 30
221 timeoutSeconds: 30
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]222 volumes:
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]223 - name: kubernetes-dashboard-certs
224 secret:
225 secretName: kubernetes-dashboard-certs
226 - name: tmp-volume
227 emptyDir: {}
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]228 serviceAccountName: kubernetes-dashboard
229 # Comment the following tolerations if Dashboard must not be deployed on master
230 tolerations:
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]231 - key: node-role.kubernetes.io/master
232 effect: NoSchedule
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]233
234---
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]235
236kind: Service
237apiVersion: v1
238metadata:
239 labels:
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]240 k8s-app: dashboard-metrics-scraper
241 name: dashboard-metrics-scraper
242 namespace: kubernetes-dashboard
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]243spec:
244 ports:
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]245 - port: 8000
246 targetPort: 8000
Petr Ospalý67acfb52019-04-20 05:25:23 +0200[diff] [blame]247 selector:
Tomáš Levora39505562019-10-03 13:31:54 +0200[diff] [blame]248 k8s-app: dashboard-metrics-scraper
249
250---
251
252kind: Deployment
253apiVersion: apps/v1
254metadata:
255 labels:
256 k8s-app: dashboard-metrics-scraper
257 name: dashboard-metrics-scraper
258 namespace: kubernetes-dashboard
259spec:
260 replicas: 1
261 revisionHistoryLimit: 10
262 selector:
263 matchLabels:
264 k8s-app: dashboard-metrics-scraper
265 template:
266 metadata:
267 labels:
268 k8s-app: dashboard-metrics-scraper
269 spec:
270 containers:
271 - name: dashboard-metrics-scraper
272 image: kubernetesui/metrics-scraper:v1.0.1
273 ports:
274 - containerPort: 8000
275 protocol: TCP
276 livenessProbe:
277 httpGet:
278 scheme: HTTP
279 path: /
280 port: 8000
281 initialDelaySeconds: 30
282 timeoutSeconds: 30
283 volumeMounts:
284 - mountPath: /tmp
285 name: tmp-volume
286 serviceAccountName: kubernetes-dashboard
287 # Comment the following tolerations if Dashboard must not be deployed on master
288 tolerations:
289 - key: node-role.kubernetes.io/master
290 effect: NoSchedule
291 volumes:
292 - name: tmp-volume
293 emptyDir: {}