k8s dashboard

Copyright 2017 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the “License”);

you may not use this file except in compliance with the License.

You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an “AS IS” BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.

Configuration to deploy release version of the Dashboard UI compatible with

Kubernetes 1.8.

Example usage: kubectl create -f <this_file>

------------------- Dashboard Secret -------------------

apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kube-system
type: Opaque

---

------------------- Dashboard Service Account -------------------

apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system

---

------------------- Dashboard Role & Role Binding -------------------

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
rules:

Allow Dashboard to create ‘kubernetes-dashboard-key-holder’ secret.

• apiGroups: [""]
  resources: [“secrets”]
  verbs: [“create”]

  Allow Dashboard to create ‘kubernetes-dashboard-settings’ config map.

• apiGroups: [""]
  resources: [“configmaps”]
  verbs: [“create”]

  Allow Dashboard to get, update and delete Dashboard exclusive secrets.

• apiGroups: [""]
  resources: [“secrets”]
  resourceNames: [“kubernetes-dashboard-key-holder”, “kubernetes-dashboard-certs”]
  verbs: [“get”, “update”, “delete”]

  Allow Dashboard to get and update ‘kubernetes-dashboard-settings’ config map.

• apiGroups: [""]
  resources: [“configmaps”]
  resourceNames: [“kubernetes-dashboard-settings”]
  verbs: [“get”, “update”]

  Allow Dashboard to get metrics from heapster.

• apiGroups: [""]
  resources: [“services”]
  resourceNames: [“heapster”]
  verbs: [“proxy”]
• apiGroups: [""]
  resources: [“services/proxy”]
  resourceNames: [“heapster”, “http:heapster:”, “https:heapster:”]
  verbs: [“get”]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard-minimal
subjects:

• kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system

---

------------------- Dashboard Deployment -------------------

kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
serviceAccountName: kubernetes-dashboard
containers:
- name: kubernetes-dashboard
image: registry.cn-shanghai.aliyuncs.com/cdc-preprod-public/kubernetesui_dashboard:v2.0.4
ports:
- containerPort: 9090
protocol: TCP
args:
#- --auto-generate-certificates
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
#- --apiserver-host=http://10.0.1.168:8080
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule

---

------------------- Dashboard Service -------------------

kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
ports:
- port: 9090
targetPort: 9090
selector:
k8s-app: kubernetes-dashboard

------------------------------------------------------------

kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-external
namespace: kube-system
spec:
ports:
- port: 9090
targetPort: 9090
nodePort: 30090
type: NodePort
selector:
k8s-app: kubernetes-dashboard