github.com/alibaba/sealer@v0.8.6-0.20220430115802-37a2bdaa8173/test/suites/build/fixtures/lite_build/recommended.yaml (about) 1 # Copyright 2017 The Kubernetes Authors. 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 apiVersion: v1 16 kind: Namespace 17 metadata: 18 name: kubernetes-dashboard 19 20 --- 21 22 apiVersion: v1 23 kind: ServiceAccount 24 metadata: 25 labels: 26 k8s-app: kubernetes-dashboard 27 name: kubernetes-dashboard 28 namespace: kubernetes-dashboard 29 30 --- 31 32 kind: Service 33 apiVersion: v1 34 metadata: 35 labels: 36 k8s-app: kubernetes-dashboard 37 name: kubernetes-dashboard 38 namespace: kubernetes-dashboard 39 spec: 40 ports: 41 - port: 443 42 targetPort: 8443 43 selector: 44 k8s-app: kubernetes-dashboard 45 46 --- 47 48 apiVersion: v1 49 kind: Secret 50 metadata: 51 labels: 52 k8s-app: kubernetes-dashboard 53 name: kubernetes-dashboard-certs 54 namespace: kubernetes-dashboard 55 type: Opaque 56 57 --- 58 59 apiVersion: v1 60 kind: Secret 61 metadata: 62 labels: 63 k8s-app: kubernetes-dashboard 64 name: kubernetes-dashboard-csrf 65 namespace: kubernetes-dashboard 66 type: Opaque 67 data: 68 csrf: "" 69 70 --- 71 72 apiVersion: v1 73 kind: Secret 74 metadata: 75 labels: 76 k8s-app: kubernetes-dashboard 77 name: kubernetes-dashboard-key-holder 78 namespace: kubernetes-dashboard 79 type: Opaque 80 81 --- 82 83 kind: ConfigMap 84 apiVersion: v1 85 metadata: 86 labels: 87 k8s-app: kubernetes-dashboard 88 name: kubernetes-dashboard-settings 89 namespace: kubernetes-dashboard 90 91 --- 92 93 kind: Role 94 apiVersion: rbac.authorization.k8s.io/v1 95 metadata: 96 labels: 97 k8s-app: kubernetes-dashboard 98 name: kubernetes-dashboard 99 namespace: kubernetes-dashboard 100 rules: 101 # Allow Dashboard to get, update and delete Dashboard exclusive secrets. 102 - apiGroups: [ "" ] 103 resources: [ "secrets" ] 104 resourceNames: [ "kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf" ] 105 verbs: [ "get", "update", "delete" ] 106 # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. 107 - apiGroups: [ "" ] 108 resources: [ "configmaps" ] 109 resourceNames: [ "kubernetes-dashboard-settings" ] 110 verbs: [ "get", "update" ] 111 # Allow Dashboard to get metrics. 112 - apiGroups: [ "" ] 113 resources: [ "services" ] 114 resourceNames: [ "heapster", "dashboard-metrics-scraper" ] 115 verbs: [ "proxy" ] 116 - apiGroups: [ "" ] 117 resources: [ "services/proxy" ] 118 resourceNames: [ "heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper" ] 119 verbs: [ "get" ] 120 121 --- 122 123 kind: ClusterRole 124 apiVersion: rbac.authorization.k8s.io/v1 125 metadata: 126 labels: 127 k8s-app: kubernetes-dashboard 128 name: kubernetes-dashboard 129 rules: 130 # Allow Metrics Scraper to get metrics from the Metrics server 131 - apiGroups: [ "metrics.k8s.io" ] 132 resources: [ "pods", "nodes" ] 133 verbs: [ "get", "list", "watch" ] 134 135 --- 136 137 apiVersion: rbac.authorization.k8s.io/v1 138 kind: RoleBinding 139 metadata: 140 labels: 141 k8s-app: kubernetes-dashboard 142 name: kubernetes-dashboard 143 namespace: kubernetes-dashboard 144 roleRef: 145 apiGroup: rbac.authorization.k8s.io 146 kind: Role 147 name: kubernetes-dashboard 148 subjects: 149 - kind: ServiceAccount 150 name: kubernetes-dashboard 151 namespace: kubernetes-dashboard 152 153 --- 154 155 apiVersion: rbac.authorization.k8s.io/v1 156 kind: ClusterRoleBinding 157 metadata: 158 name: kubernetes-dashboard 159 roleRef: 160 apiGroup: rbac.authorization.k8s.io 161 kind: ClusterRole 162 name: kubernetes-dashboard 163 subjects: 164 - kind: ServiceAccount 165 name: kubernetes-dashboard 166 namespace: kubernetes-dashboard 167 168 --- 169 170 kind: Deployment 171 apiVersion: apps/v1 172 metadata: 173 labels: 174 k8s-app: kubernetes-dashboard 175 name: kubernetes-dashboard 176 namespace: kubernetes-dashboard 177 spec: 178 replicas: 1 179 revisionHistoryLimit: 10 180 selector: 181 matchLabels: 182 k8s-app: kubernetes-dashboard 183 template: 184 metadata: 185 labels: 186 k8s-app: kubernetes-dashboard 187 spec: 188 containers: 189 - name: kubernetes-dashboard 190 image: kubernetesui/dashboard:v2.2.0 191 imagePullPolicy: Always 192 ports: 193 - containerPort: 8443 194 protocol: TCP 195 args: 196 - --auto-generate-certificates 197 - --namespace=kubernetes-dashboard 198 # Uncomment the following line to manually specify Kubernetes API server Host 199 # If not specified, Dashboard will attempt to auto discover the API server and connect 200 # to it. Uncomment only if the default does not work. 201 # - --apiserver-host=http://my-address:port 202 volumeMounts: 203 - name: kubernetes-dashboard-certs 204 mountPath: /certs 205 # Create on-disk volume to store exec logs 206 - mountPath: /tmp 207 name: tmp-volume 208 livenessProbe: 209 httpGet: 210 scheme: HTTPS 211 path: / 212 port: 8443 213 initialDelaySeconds: 30 214 timeoutSeconds: 30 215 securityContext: 216 allowPrivilegeEscalation: false 217 readOnlyRootFilesystem: true 218 runAsUser: 1001 219 runAsGroup: 2001 220 volumes: 221 - name: kubernetes-dashboard-certs 222 secret: 223 secretName: kubernetes-dashboard-certs 224 - name: tmp-volume 225 emptyDir: { } 226 serviceAccountName: kubernetes-dashboard 227 nodeSelector: 228 "kubernetes.io/os": linux 229 # Comment the following tolerations if Dashboard must not be deployed on master 230 tolerations: 231 - key: node-role.kubernetes.io/master 232 effect: NoSchedule 233 234 --- 235 236 kind: Service 237 apiVersion: v1 238 metadata: 239 labels: 240 k8s-app: dashboard-metrics-scraper 241 name: dashboard-metrics-scraper 242 namespace: kubernetes-dashboard 243 spec: 244 ports: 245 - port: 8000 246 targetPort: 8000 247 selector: 248 k8s-app: dashboard-metrics-scraper 249 250 --- 251 252 kind: Deployment 253 apiVersion: apps/v1 254 metadata: 255 labels: 256 k8s-app: dashboard-metrics-scraper 257 name: dashboard-metrics-scraper 258 namespace: kubernetes-dashboard 259 spec: 260 replicas: 1 261 revisionHistoryLimit: 10 262 selector: 263 matchLabels: 264 k8s-app: dashboard-metrics-scraper 265 template: 266 metadata: 267 labels: 268 k8s-app: dashboard-metrics-scraper 269 annotations: 270 seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' 271 spec: 272 containers: 273 - name: dashboard-metrics-scraper 274 image: kubernetesui/metrics-scraper:v1.0.6 275 ports: 276 - containerPort: 8000 277 protocol: TCP 278 livenessProbe: 279 httpGet: 280 scheme: HTTP 281 path: / 282 port: 8000 283 initialDelaySeconds: 30 284 timeoutSeconds: 30 285 volumeMounts: 286 - mountPath: /tmp 287 name: tmp-volume 288 securityContext: 289 allowPrivilegeEscalation: false 290 readOnlyRootFilesystem: true 291 runAsUser: 1001 292 runAsGroup: 2001 293 serviceAccountName: kubernetes-dashboard 294 nodeSelector: 295 "kubernetes.io/os": linux 296 # Comment the following tolerations if Dashboard must not be deployed on master 297 tolerations: 298 - key: node-role.kubernetes.io/master 299 effect: NoSchedule 300 volumes: 301 - name: tmp-volume 302 emptyDir: { }