diff --git a/bootstrap/helmrepositories/helmrepository-kubernetes-dashboard.yaml b/bootstrap/helmrepositories/helmrepository-kubernetes-dashboard.yaml deleted file mode 100644 index fbd52ad..0000000 --- a/bootstrap/helmrepositories/helmrepository-kubernetes-dashboard.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: kubernetes-dashboard - namespace: flux-system -spec: - interval: 15m - url: https://kubernetes.github.io/dashboard/ diff --git a/bootstrap/kustomizations/kustomization-kubernetes-dashboard.yaml b/bootstrap/kustomizations/kustomization-kubernetes-dashboard.yaml deleted file mode 100644 index e5c0ce6..0000000 --- a/bootstrap/kustomizations/kustomization-kubernetes-dashboard.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: kubernetes-dashboard - namespace: flux-system -spec: - interval: 15m - path: ./kubernetes-dashboard - prune: true # remove any elements later removed from the above path - timeout: 2m # if not set, this defaults to interval duration, which is 1h - sourceRef: - kind: GitRepository - name: flux-system - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: kubernetes-dashboard - namespace: kubernetes-dashboard diff --git a/bootstrap/namespaces/namespace-kubernetes-dashboard.yaml b/bootstrap/namespaces/namespace-kubernetes-dashboard.yaml deleted file mode 100644 index 7f5196a..0000000 --- a/bootstrap/namespaces/namespace-kubernetes-dashboard.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: kubernetes-dashboard diff --git a/kubernetes-dashboard/dns-endpoint-kubernetes-dashboard.yaml b/kubernetes-dashboard/dns-endpoint-kubernetes-dashboard.yaml deleted file mode 100644 index a6f4383..0000000 --- a/kubernetes-dashboard/dns-endpoint-kubernetes-dashboard.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: externaldns.k8s.io/v1alpha1 -kind: DNSEndpoint -metadata: - name: kubernetes-dashboard.michaelthomson.dev - namespace: kubernetes-dashboard -spec: - endpoints: - - dnsName: kubernetes-dashboard.michaelthomson.dev - recordTTL: 180 - recordType: CNAME - targets: - - server.michaelthomson.dev diff --git a/kubernetes-dashboard/helmrelease-kubernetes-dashboard.yaml b/kubernetes-dashboard/helmrelease-kubernetes-dashboard.yaml deleted file mode 100644 index ed9526c..0000000 --- a/kubernetes-dashboard/helmrelease-kubernetes-dashboard.yaml +++ /dev/null @@ -1,389 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: kubernetes-dashboard - namespace: kubernetes-dashboard -spec: - chart: - spec: - chart: kubernetes-dashboard - version: 6.0.x - sourceRef: - kind: HelmRepository - name: kubernetes-dashboard - namespace: flux-system - interval: 15m - timeout: 5m - releaseName: kubernetes-dashboard - values: - # Copyright 2017 The Kubernetes Authors. - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - - # Default values for kubernetes-dashboard - # This is a YAML-formatted file. - # Declare name/value pairs to be passed into your templates. - # name: value - - image: - ## Repository for container - repository: kubernetesui/dashboard - tag: "" # If not defined, uses appVersion of Chart.yaml - pullPolicy: IfNotPresent - pullSecrets: [] - - ## Number of replicas - replicaCount: 1 - - ## @param commonLabels Labels to add to all deployed objects - ## - commonLabels: {} - ## @param commonAnnotations Annotations to add to all deployed objects - ## - commonAnnotations: {} - - ## Here annotations can be added to the kubernetes dashboard deployment - annotations: {} - ## Here labels can be added to the kubernetes dashboard deployment - labels: {} - - ## Additional container arguments - ## - extraArgs: - # - --enable-insecure-login - # - --enable-skip-login - # - --system-banner="Welcome to Kubernetes" - - ## Additional container environment variables - ## - extraEnv: [] - # - name: SOME_VAR - # value: 'some value' - - ## Additional volumes to be added to kubernetes dashboard pods - ## - extraVolumes: [] - # - name: dashboard-kubeconfig - # secret: - # defaultMode: 420 - # secretName: dashboard-kubeconfig - - ## Additional volumeMounts to be added to kubernetes dashboard container - ## - extraVolumeMounts: [] - # - mountPath: /kubeconfig - # name: dashboard-kubeconfig - # readOnly: true - - ## Array of extra K8s manifests to deploy - ## - extraManifests: [] - # - apiVersion: v1 - # kind: ConfigMap - # metadata: - # name: additional-configmap - # data: - # mykey: myvalue - - ## Annotations to be added to kubernetes dashboard pods - # podAnnotations: - - ## SecurityContext to be added to kubernetes dashboard pods - ## To disable set the following configuration to null: - # securityContext: null - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - - ## SecurityContext defaults for the kubernetes dashboard container and metrics scraper container - ## To disable set the following configuration to null: - # containerSecurityContext: null - containerSecurityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsUser: 1001 - runAsGroup: 2001 - capabilities: - drop: ["ALL"] - - ## @param podLabels Extra labels for OAuth2 Proxy pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param podAnnotations Annotations for OAuth2 Proxy pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - - ## Node labels for pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## List of node taints to tolerate (requires Kubernetes >= 1.6) - tolerations: [] - # - key: "key" - # operator: "Equal|Exists" - # value: "value" - # effect: "NoSchedule|PreferNoSchedule|NoExecute" - - ## Affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - affinity: {} - - ## Name of Priority Class of pods - # priorityClassName: "" - - ## Pod resource requests & limits - resources: - requests: - cpu: 100m - memory: 200Mi - limits: - cpu: 2 - memory: 200Mi - - ## Serve application over HTTP without TLS - ## - ## Note: If set to true, you may want to add --enable-insecure-login to extraArgs - protocolHttp: false - - service: - type: ClusterIP - # Dashboard service port - externalPort: 80 - - ## LoadBalancerSourcesRange is a list of allowed CIDR values, which are combined with ServicePort to - ## set allowed inbound rules on the security group assigned to the master load balancer - # loadBalancerSourceRanges: [] - - # clusterIP: "" - - ## A user-specified IP address for load balancer to use as External IP (if supported) - # loadBalancerIP: - - ## Additional Kubernetes Dashboard Service annotations - annotations: {} - - ## Here labels can be added to the Kubernetes Dashboard service - labels: {} - - ## Enable or disable the kubernetes.io/cluster-service label. Should be disabled for GKE clusters >=1.15. - ## Otherwise, the addon manager will presume ownership of the service and try to delete it. - clusterServiceLabel: - enabled: true - key: "kubernetes.io/cluster-service" - - ingress: - ## If true, Kubernetes Dashboard Ingress will be created. - ## - enabled: true - - ## Kubernetes Dashboard Ingress labels - # labels: - # key: value - - ## Kubernetes Dashboard Ingress annotations - annotations: - traefik.ingress.kubernetes.io/router.tls: "true" - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd - - ## If you plan to use TLS backend with enableInsecureLogin set to false - ## (default), you need to uncomment the below. - ## If you use ingress-nginx < 0.21.0 - # nginx.ingress.kubernetes.io/secure-backends: "true" - ## if you use ingress-nginx >= 0.21.0 - # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - - ## Kubernetes Dashboard Ingress Class - className: "traefik" - - ## Kubernetes Dashboard Ingress paths - ## Both `/` and `/*` are required to work on gce ingress. - paths: - - / - # - /* - - ## Custom Kubernetes Dashboard Ingress paths. Will override default paths. - ## - customPaths: [] - # - pathType: ImplementationSpecific - # backend: - # service: - # name: ssl-redirect - # port: - # name: use-annotation - # - pathType: ImplementationSpecific - # backend: - # service: - # name: >- - # {{ include "kubernetes-dashboard.fullname" . }} - # port: - # # Don't use string here, use only integer value! - # number: 443 - ## Kubernetes Dashboard Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - kubernetes-dashboard.michaelthomson.dev - ## Kubernetes Dashboard Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: letsencrypt-wildcard-cert-michaelthomson.dev - hosts: - - kubernetes-dashboard.michaelthomson.dev - - # Global dashboard settings - settings: - {} - ## Cluster name that appears in the browser window title if it is set - # clusterName: "" - ## Max number of items that can be displayed on each list page - # itemsPerPage: 10 - ## Number of seconds between every auto-refresh of logs - # logsAutoRefreshTimeInterval: 5 - ## Number of seconds between every auto-refresh of every resource. Set 0 to disable - # resourceAutoRefreshTimeInterval: 5 - ## Hide all access denied warnings in the notification panel - # disableAccessDeniedNotifications: false - - ## Pinned CRDs that will be displayed in dashboard's menu - pinnedCRDs: - [] - # - kind: customresourcedefinition - ## Fully qualified name of a CRD - # name: prometheuses.monitoring.coreos.com - ## Display name - # displayName: Prometheus - ## Is this CRD namespaced? - # namespaced: true - - ## Metrics Scraper - ## Container to scrape, store, and retrieve a window of time from the Metrics Server. - ## refs: https://github.com/kubernetes-sigs/dashboard-metrics-scraper - metricsScraper: - ## Wether to enable dashboard-metrics-scraper - enabled: false - image: - repository: kubernetesui/metrics-scraper - tag: v1.0.9 - resources: {} - ## SecurityContext especially for the kubernetes dashboard metrics scraper container - ## If not set, the global containterSecurityContext values will define these values - # containerSecurityContext: - # allowPrivilegeEscalation: false - # readOnlyRootFilesystem: true - # runAsUser: 1001 - # runAsGroup: 2001 - # args: - # - --log-level=info - # - --logtostderr=true - - ## Optional Metrics Server sub-chart - ## Enable this if you don't already have metrics-server enabled on your cluster and - ## want to use it with dashboard metrics-scraper - ## refs: - ## - https://github.com/kubernetes-sigs/metrics-server - ## - https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server - metrics-server: - enabled: false - ## Example for additional args - # args: - # - --kubelet-preferred-address-types=InternalIP - # - --kubelet-insecure-tls - - rbac: - # Specifies whether namespaced RBAC resources (Role, Rolebinding) should be created - create: true - - # Specifies whether cluster-wide RBAC resources (ClusterRole, ClusterRolebinding) to access metrics should be created - # Independent from rbac.create parameter. - clusterRoleMetrics: true - - # Start in ReadOnly mode. - # Specifies whether cluster-wide RBAC resources (ClusterRole, ClusterRolebinding) with read only permissions to all resources listed inside the cluster should be created - # Only dashboard-related Secrets and ConfigMaps will still be available for writing. - # - # The basic idea of the clusterReadOnlyRole - # is not to hide all the secrets and sensitive data but more - # to avoid accidental changes in the cluster outside the standard CI/CD. - # - # It is NOT RECOMMENDED to use this version in production. - # Instead you should review the role and remove all potentially sensitive parts such as - # access to persistentvolumes, pods/log etc. - # - # Independent from rbac.create parameter. - clusterReadOnlyRole: false - # It is possible to add additional rules if read only role is enabled. - # This can be useful, for example, to show CRD resources. - # clusterReadOnlyRoleAdditionalRules: [] - - # If the default role permissions are not enough, it is possible to add additional permissions. - # roleAdditionalRules: [] - - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - - livenessProbe: - # Number of seconds to wait before sending first probe - initialDelaySeconds: 30 - # Number of seconds to wait for probe response - timeoutSeconds: 30 - - ## podDisruptionBudget - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - podDisruptionBudget: - enabled: false - ## Minimum available instances; ignored if there is no PodDisruptionBudget - minAvailable: - ## Maximum unavailable instances; ignored if there is no PodDisruptionBudget - maxUnavailable: - - ## PodSecurityContext for pod level securityContext - # securityContext: - # runAsUser: 1001 - # runAsGroup: 2001 - - networkPolicy: - # Whether to create a network policy that allows/restricts access to the service - enabled: false - - # Whether to set network policy to deny all ingress traffic for the kubernetes-dashboard - ingressDenyAll: false - - ## podSecurityPolicy for fine-grained authorization of pod creation and updates - ## Note that PSP is deprecated and has been removed from kubernetes 1.25 onwards. - ## For 1.25+ consider enabling PodSecurityAdmission, refer to chart README.md. - podSecurityPolicy: - # Specifies whether a pod security policy should be created - enabled: false - - serviceMonitor: - # Whether or not to create a Prometheus Operator service monitor. - enabled: false - ## Here labels can be added to the serviceMonitor - labels: {} - ## Here annotations can be added to the serviceMonitor - annotations: {} - - ## Optional containers, i.e. for auth addons. - optionalContainers: - enabled: false - containers: []