github.com/alibaba/sealer@v0.8.6-0.20220430115802-37a2bdaa8173/applications/dashboard/v2.2.0/dashboard.yaml (about) 1 # Copyright 2017 The Kubernetes Authors. 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 apiVersion: v1 16 kind: Namespace 17 metadata: 18 name: kubernetes-dashboard 19 20 --- 21 22 apiVersion: v1 23 kind: ServiceAccount 24 metadata: 25 labels: 26 k8s-app: kubernetes-dashboard 27 name: kubernetes-dashboard 28 namespace: kubernetes-dashboard 29 30 --- 31 32 kind: Service 33 apiVersion: v1 34 metadata: 35 labels: 36 k8s-app: kubernetes-dashboard 37 name: kubernetes-dashboard 38 namespace: kubernetes-dashboard 39 spec: 40 ports: 41 - port: 443 42 targetPort: 8443 43 selector: 44 k8s-app: kubernetes-dashboard 45 46 --- 47 48 apiVersion: v1 49 kind: Secret 50 metadata: 51 labels: 52 k8s-app: kubernetes-dashboard 53 name: kubernetes-dashboard-certs 54 namespace: kubernetes-dashboard 55 type: Opaque 56 57 --- 58 59 apiVersion: v1 60 kind: Secret 61 metadata: 62 labels: 63 k8s-app: kubernetes-dashboard 64 name: kubernetes-dashboard-csrf 65 namespace: kubernetes-dashboard 66 type: Opaque 67 data: 68 csrf: "" 69 70 --- 71 72 apiVersion: v1 73 kind: Secret 74 metadata: 75 labels: 76 k8s-app: kubernetes-dashboard 77 name: kubernetes-dashboard-key-holder 78 namespace: kubernetes-dashboard 79 type: Opaque 80 81 --- 82 83 kind: ConfigMap 84 apiVersion: v1 85 metadata: 86 labels: 87 k8s-app: kubernetes-dashboard 88 name: kubernetes-dashboard-settings 89 namespace: kubernetes-dashboard 90 91 --- 92 93 kind: Role 94 apiVersion: rbac.authorization.k8s.io/v1 95 metadata: 96 labels: 97 k8s-app: kubernetes-dashboard 98 name: kubernetes-dashboard 99 namespace: kubernetes-dashboard 100 rules: 101 # Allow Dashboard to get, update and delete Dashboard exclusive secrets. 102 - apiGroups: [ "" ] 103 resources: [ "secrets" ] 104 resourceNames: [ "kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf" ] 105 verbs: [ "get", "update", "delete" ] 106 # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. 107 - apiGroups: [ "" ] 108 resources: [ "configmaps" ] 109 resourceNames: [ "kubernetes-dashboard-settings" ] 110 verbs: [ "get", "update" ] 111 # Allow Dashboard to get metrics. 112 - apiGroups: [ "" ] 113 resources: [ "services" ] 114 resourceNames: [ "heapster", "dashboard-metrics-scraper" ] 115 verbs: [ "proxy" ] 116 - apiGroups: [ "" ] 117 resources: [ "services/proxy" ] 118 resourceNames: [ "heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper" ] 119 verbs: [ "get" ] 120 121 --- 122 123 kind: ClusterRole 124 apiVersion: rbac.authorization.k8s.io/v1 125 metadata: 126 labels: 127 k8s-app: kubernetes-dashboard 128 name: kubernetes-dashboard 129 rules: 130 # Allow Metrics Scraper to get metrics from the Metrics server 131 - apiGroups: [ "metrics.k8s.io" ] 132 resources: [ "pods", "nodes" ] 133 verbs: [ "get", "list", "watch" ] 134 135 --- 136 137 apiVersion: rbac.authorization.k8s.io/v1 138 kind: RoleBinding 139 metadata: 140 labels: 141 k8s-app: kubernetes-dashboard 142 name: kubernetes-dashboard 143 namespace: kubernetes-dashboard 144 roleRef: 145 apiGroup: rbac.authorization.k8s.io 146 kind: Role 147 name: kubernetes-dashboard 148 subjects: 149 - kind: ServiceAccount 150 name: kubernetes-dashboard 151 namespace: kubernetes-dashboard 152 153 --- 154 155 apiVersion: rbac.authorization.k8s.io/v1 156 kind: ClusterRoleBinding 157 metadata: 158 name: kubernetes-dashboard 159 roleRef: 160 apiGroup: rbac.authorization.k8s.io 161 kind: ClusterRole 162 name: kubernetes-dashboard 163 subjects: 164 - kind: ServiceAccount 165 name: kubernetes-dashboard 166 namespace: kubernetes-dashboard 167 --- 168 kind: Deployment 169 apiVersion: apps/v1 170 metadata: 171 labels: 172 k8s-app: kubernetes-dashboard 173 name: kubernetes-dashboard 174 namespace: kubernetes-dashboard 175 spec: 176 replicas: 1 177 revisionHistoryLimit: 10 178 selector: 179 matchLabels: 180 k8s-app: kubernetes-dashboard 181 template: 182 metadata: 183 labels: 184 k8s-app: kubernetes-dashboard 185 spec: 186 containers: 187 - name: kubernetes-dashboard 188 image: kubernetesui/dashboard:v2.2.0 189 imagePullPolicy: Always 190 ports: 191 - containerPort: 8443 192 protocol: TCP 193 args: 194 - --auto-generate-certificates 195 - --namespace=kubernetes-dashboard 196 # Uncomment the following line to manually specify Kubernetes API server Host 197 # If not specified, Dashboard will attempt to auto discover the API server and connect 198 # to it. Uncomment only if the default does not work. 199 # - --apiserver-host=http://my-address:port 200 volumeMounts: 201 - name: kubernetes-dashboard-certs 202 mountPath: /certs 203 # Create on-disk volume to store exec logs 204 - mountPath: /tmp 205 name: tmp-volume 206 livenessProbe: 207 httpGet: 208 scheme: HTTPS 209 path: / 210 port: 8443 211 initialDelaySeconds: 30 212 timeoutSeconds: 30 213 securityContext: 214 allowPrivilegeEscalation: false 215 readOnlyRootFilesystem: true 216 runAsUser: 1001 217 runAsGroup: 2001 218 volumes: 219 - name: kubernetes-dashboard-certs 220 secret: 221 secretName: kubernetes-dashboard-certs 222 - name: tmp-volume 223 emptyDir: { } 224 serviceAccountName: kubernetes-dashboard 225 nodeSelector: 226 "kubernetes.io/os": linux 227 # Comment the following tolerations if Dashboard must not be deployed on master 228 tolerations: 229 - key: node-role.kubernetes.io/master 230 effect: NoSchedule 231 232 --- 233 234 kind: Service 235 apiVersion: v1 236 metadata: 237 labels: 238 k8s-app: dashboard-metrics-scraper 239 name: dashboard-metrics-scraper 240 namespace: kubernetes-dashboard 241 spec: 242 ports: 243 - port: 8000 244 targetPort: 8000 245 selector: 246 k8s-app: dashboard-metrics-scraper 247 248 --- 249 kind: Deployment 250 apiVersion: apps/v1 251 metadata: 252 labels: 253 k8s-app: dashboard-metrics-scraper 254 name: dashboard-metrics-scraper 255 namespace: kubernetes-dashboard 256 spec: 257 replicas: 1 258 revisionHistoryLimit: 10 259 selector: 260 matchLabels: 261 k8s-app: dashboard-metrics-scraper 262 template: 263 metadata: 264 labels: 265 k8s-app: dashboard-metrics-scraper 266 annotations: 267 seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' 268 spec: 269 containers: 270 - name: dashboard-metrics-scraper 271 image: kubernetesui/metrics-scraper:v1.0.6 272 ports: 273 - containerPort: 8000 274 protocol: TCP 275 livenessProbe: 276 httpGet: 277 scheme: HTTP 278 path: / 279 port: 8000 280 initialDelaySeconds: 30 281 timeoutSeconds: 30 282 volumeMounts: 283 - mountPath: /tmp 284 name: tmp-volume 285 securityContext: 286 allowPrivilegeEscalation: false 287 readOnlyRootFilesystem: true 288 runAsUser: 1001 289 runAsGroup: 2001 290 serviceAccountName: kubernetes-dashboard 291 nodeSelector: 292 "kubernetes.io/os": linux 293 # Comment the following tolerations if Dashboard must not be deployed on master 294 tolerations: 295 - key: node-role.kubernetes.io/master 296 effect: NoSchedule 297 volumes: 298 - name: tmp-volume 299 emptyDir: { }