{{- /* Note: dashboard addon is deprecated */}} apiVersion: v1 kind: Namespace metadata: labels: addonmanager.kubernetes.io/mode: Reconcile name: kubernetes-dashboard --- apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard addonmanager.kubernetes.io/mode: Reconcile name: kubernetes-dashboard namespace: kubernetes-dashboard --- kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard addonmanager.kubernetes.io/mode: Reconcile name: kubernetes-dashboard namespace: kubernetes-dashboard spec: ports: - port: 443 targetPort: 8443 selector: k8s-app: kubernetes-dashboard --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard addonmanager.kubernetes.io/mode: EnsureExists name: kubernetes-dashboard-certs namespace: kubernetes-dashboard type: Opaque --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard addonmanager.kubernetes.io/mode: EnsureExists name: kubernetes-dashboard-csrf namespace: kubernetes-dashboard type: Opaque data: csrf: "" --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard addonmanager.kubernetes.io/mode: EnsureExists name: kubernetes-dashboard-key-holder namespace: kubernetes-dashboard type: Opaque --- kind: ConfigMap apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard addonmanager.kubernetes.io/mode: EnsureExists name: kubernetes-dashboard-settings namespace: kubernetes-dashboard --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: k8s-app: kubernetes-dashboard addonmanager.kubernetes.io/mode: Reconcile name: kubernetes-dashboard namespace: kubernetes-dashboard rules: {{- /* Allow Dashboard to get, update and delete Dashboard exclusive secrets. */}} - apiGroups: [""] resources: ["secrets"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] verbs: ["get", "update", "delete"] {{- /* Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. */}} - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] {{- /* Allow Dashboard to get metrics. */}} - apiGroups: [""] resources: ["services"] resourceNames: ["heapster", "dashboard-metrics-scraper"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] verbs: ["get"] --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: k8s-app: kubernetes-dashboard addonmanager.kubernetes.io/mode: Reconcile name: kubernetes-dashboard rules: {{- /* Allow Metrics Scraper to get metrics from the Metrics server */}} - apiGroups: ["metrics.k8s.io"] resources: ["pods", "nodes"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: k8s-app: kubernetes-dashboard addonmanager.kubernetes.io/mode: Reconcile name: kubernetes-dashboard namespace: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: addonmanager.kubernetes.io/mode: Reconcile name: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubernetes-dashboard subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kubernetes-dashboard --- kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: kubernetes-dashboard addonmanager.kubernetes.io/mode: Reconcile name: kubernetes-dashboard namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: containers: - name: kubernetes-dashboard image: {{ContainerImage "kubernetes-dashboard"}} imagePullPolicy: IfNotPresent ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates - --namespace=kubernetes-dashboard {{- /* Uncomment the following line to manually specify Kubernetes API server Host */}} {{- /* If not specified, Dashboard will attempt to auto discover the API server and connect */}} {{- /* to it. Uncomment only if the default does not work. */}} {{- /* - --apiserver-host=http://my-address:port */}} resources: requests: cpu: {{ContainerCPUReqs "kubernetes-dashboard"}} memory: {{ContainerMemReqs "kubernetes-dashboard"}} limits: cpu: {{ContainerCPULimits "kubernetes-dashboard"}} memory: {{ContainerMemLimits "kubernetes-dashboard"}} volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs {{- /* Create on-disk volume to store exec logs */}} - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard nodeSelector: kubernetes.io/os: linux {{/* Comment the following tolerations if Dashboard must not be deployed on master */}} tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule operator: "Exists" - key: node-role.kubernetes.io/control-plane effect: NoSchedule operator: "Exists" --- kind: Service apiVersion: v1 metadata: labels: k8s-app: dashboard-metrics-scraper addonmanager.kubernetes.io/mode: Reconcile name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: ports: - port: 8000 targetPort: 8000 selector: k8s-app: dashboard-metrics-scraper --- kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: dashboard-metrics-scraper addonmanager.kubernetes.io/mode: Reconcile name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: dashboard-metrics-scraper template: metadata: labels: k8s-app: dashboard-metrics-scraper annotations: seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' spec: containers: - name: dashboard-metrics-scraper image: {{ContainerImage "kubernetes-dashboard-metrics-scraper"}} ports: - containerPort: 8000 protocol: TCP livenessProbe: httpGet: scheme: HTTP path: / port: 8000 initialDelaySeconds: 30 timeoutSeconds: 30 resources: requests: cpu: {{ContainerCPUReqs "kubernetes-dashboard-metrics-scraper"}} memory: {{ContainerMemReqs "kubernetes-dashboard-metrics-scraper"}} limits: cpu: {{ContainerCPULimits "kubernetes-dashboard-metrics-scraper"}} memory: {{ContainerMemLimits "kubernetes-dashboard-metrics-scraper"}} volumeMounts: - mountPath: /tmp name: tmp-volume securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 serviceAccountName: kubernetes-dashboard nodeSelector: kubernetes.io/os: linux {{- /* Comment the following tolerations if Dashboard must not be deployed on master */}} tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule operator: "Exists" - key: node-role.kubernetes.io/control-plane effect: NoSchedule operator: "Exists" volumes: - name: tmp-volume emptyDir: {}