mthomson/fleet-infra
1
0
Fork 0
mirror of https://github.com/michaelthomson0797/fleet-infra.git synced 2026-02-04 13:09:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

k8s dash v7 -> v6

Browse Source
This commit is contained in:
Michael Thomson
2023-11-24 12:47:15 -05:00
parent 6328bad177
commit 95ac24a3c5
1 changed files with 326 additions and 294 deletions
Download Patch File Download Diff File Expand all files Collapse all files

620
kubernetes-dashboard/helmrelease-kubernetes-dashboard.yaml
View File

@@ -7,7 +7,7 @@ spec:
chart: chart:
spec: spec:
chart: kubernetes-dashboard chart: kubernetes-dashboard
version: 7.0.0-alpha1 version: 6.0.x
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: kubernetes-dashboard name: kubernetes-dashboard
@@ -30,308 +30,288 @@ spec:
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
# General configuration shared across resources # Default values for kubernetes-dashboard
app: # This is a YAML-formatted file.
image: # Declare name/value pairs to be passed into your templates.
pullPolicy: IfNotPresent # name: value
pullSecrets: []
scaling:
# Default number of replicas
replicas: 1
revisionHistoryLimit: 10
scheduling:
# Node labels for pod assignment
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}
security:
# SecurityContext to be added to pods
# To disable set the following configuration to null:
# securityContext: null
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
# ContainerSecurityContext to be added to containers
# To disable set the following configuration to null:
# containerSecurityContext: null
containerSecurityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
capabilities:
drop: ["ALL"]
# Pod Disruption Budget configuration
# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
podDisruptionBudget:
enabled: false
minAvailable: 0
maxUnavailable: 0
networkPolicy:
enabled: false
ingressDenyAll: false
# Common labels & annotations shared across all deployed resources
labels: {}
annotations: {}
settings:
## Global dashboard settings
## Note: Use all or none. Dashboard does not support default value merging currently.
global:
# # Cluster name that appears in the browser window title if it is set
# clusterName: ""
# # Max number of items that can be displayed on each list page
# itemsPerPage: 10
# # Number of seconds between every auto-refresh of logs
# logsAutoRefreshTimeInterval: 5
# # Number of seconds between every auto-refresh of every resource. Set 0 to disable
# resourceAutoRefreshTimeInterval: 5
# # Hide all access denied warnings in the notification panel
# disableAccessDeniedNotifications: false
## Pinned CRDs that will be displayed in dashboard's menu
pinnedCRDs: []
# - kind: customresourcedefinition
# # Fully qualified name of a CRD
# name: prometheus.monitoring.coreos.com
# # Display name
# displayName: Prometheus
# # Is this CRD namespaced?
# namespaced: true
ingress:
enabled: false
hosts:
# Keep 'localhost' host only if you want to access Dashboard using 'kubectl port-forward ...' on:
# https://localhost:8443
- localhost
# - kubernetes.dashboard.domain.com
ingressClassName: internal-nginx
pathType: ImplementationSpecific
secretName: kubernetes-dashboard-certs
issuer:
name: selfsigned
# Scope determines what kind of issuer annotation will be used on ingress resource
# - default - adds 'cert-manager.io/issuer'
# - cluster - adds 'cert-manager.io/cluster-issuer'
# - disabled - disables cert-manager annotations
scope: default
labels: {}
annotations: {}
paths:
web: /
api: /api
# Use the following toleration if Dashboard can be deployed on a tainted control-plane nodes
# - key: node-role.kubernetes.io/control-plane
# effect: NoSchedule
tolerations: []
# API deployment configuration image:
api: ## Repository for container
role: api repository: kubernetesui/dashboard
image: tag: "" # If not defined, uses appVersion of Chart.yaml
repository: docker.io/kubernetesui/dashboard-api pullPolicy: IfNotPresent
tag: v1.0.0 pullSecrets: []
containers:
ports: ## Number of replicas
- name: api replicaCount: 1
containerPort: 9000
protocol: TCP ## @param commonLabels Labels to add to all deployed objects
# Additional container arguments ##
# Full list of arguments: https://github.com/kubernetes/dashboard/blob/master/docs/common/arguments.md commonLabels: {}
# args: ## @param commonAnnotations Annotations to add to all deployed objects
# - --system-banner="Welcome to the Kubernetes Dashboard" ##
args: [] commonAnnotations: {}
# Additional container environment variables
# env: ## Here annotations can be added to the kubernetes dashboard deployment
# - name: SOME_VAR annotations: {}
# value: 'some value' ## Here labels can be added to the kubernetes dashboard deployment
env: [] labels: {}
# Additional volume mounts
# - mountPath: /kubeconfig ## Additional container arguments
# name: dashboard-kubeconfig ##
# readOnly: true extraArgs:
volumeMounts: - --enable-insecure-login
# Create volume mount to store exec logs (required) # - --enable-skip-login
- mountPath: /tmp # - --system-banner="Welcome to Kubernetes"
name: tmp-volume
# TODO: Validate configuration ## Additional container environment variables
resources: ##
requests: extraEnv: []
cpu: 100m # - name: SOME_VAR
memory: 200Mi # value: 'some value'
limits:
cpu: 250m ## Additional volumes to be added to kubernetes dashboard pods
memory: 400Mi ##
# Additional volumes extraVolumes: []
# - name: dashboard-kubeconfig # - name: dashboard-kubeconfig
# secret: # secret:
# defaultMode: 420 # defaultMode: 420
# secretName: dashboard-kubeconfig # secretName: dashboard-kubeconfig
volumes:
# Create on-disk volume to store exec logs (required) ## Additional volumeMounts to be added to kubernetes dashboard container
- name: tmp-volume ##
emptyDir: {} extraVolumeMounts: []
nodeSelector: {} # - mountPath: /kubeconfig
# Labels & annotations shared between API related resources # name: dashboard-kubeconfig
labels: {} # readOnly: true
## Array of extra K8s manifests to deploy
##
extraManifests: []
# - apiVersion: v1
# kind: ConfigMap
# metadata:
# name: additional-configmap
# data:
# mykey: myvalue
## Annotations to be added to kubernetes dashboard pods
# podAnnotations:
## SecurityContext to be added to kubernetes dashboard pods
## To disable set the following configuration to null:
# securityContext: null
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
## SecurityContext defaults for the kubernetes dashboard container and metrics scraper container
## To disable set the following configuration to null:
# containerSecurityContext: null
containerSecurityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
capabilities:
drop: ["ALL"]
## @param podLabels Extra labels for OAuth2 Proxy pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param podAnnotations Annotations for OAuth2 Proxy pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## List of node taints to tolerate (requires Kubernetes >= 1.6)
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute"
## Affinity for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
## Name of Priority Class of pods
# priorityClassName: ""
## Pod resource requests & limits
resources:
requests:
cpu: 100m
memory: 200Mi
limits:
cpu: 2
memory: 200Mi
## Serve application over HTTP without TLS
##
## Note: If set to true, you may want to add --enable-insecure-login to extraArgs
protocolHttp: false
service:
type: ClusterIP
# Dashboard service port
externalPort: 443
## LoadBalancerSourcesRange is a list of allowed CIDR values, which are combined with ServicePort to
## set allowed inbound rules on the security group assigned to the master load balancer
# loadBalancerSourceRanges: []
# clusterIP: ""
## A user-specified IP address for load balancer to use as External IP (if supported)
# loadBalancerIP:
## Additional Kubernetes Dashboard Service annotations
annotations: {} annotations: {}
# WEB UI deployment configuration ## Here labels can be added to the Kubernetes Dashboard service
web:
role: web
image:
repository: docker.io/kubernetesui/dashboard-web
tag: v1.0.0
containers:
ports:
- name: web
containerPort: 8000
protocol: TCP
# Additional container arguments
# Full list of arguments: https://github.com/kubernetes/dashboard/blob/master/docs/common/arguments.md
# args:
# - --system-banner="Welcome to the Kubernetes Dashboard"
args: []
# Additional container environment variables
# env:
# - name: SOME_VAR
# value: 'some value'
env: []
# Additional volume mounts
# - mountPath: /kubeconfig
# name: dashboard-kubeconfig
# readOnly: true
volumeMounts:
# Create volume mount to store logs (required)
- mountPath: /tmp
name: tmp-volume
# TODO: Validate configuration
resources:
requests:
cpu: 100m
memory: 200Mi
limits:
cpu: 250m
memory: 400Mi
# Additional volumes
# - name: dashboard-kubeconfig
# secret:
# defaultMode: 420
# secretName: dashboard-kubeconfig
volumes:
# Create on-disk volume to store exec logs (required)
- name: tmp-volume
emptyDir: {}
nodeSelector:
# TODO: check if it's really needed since we offer cross platform images for darwin/windows/linux
kubernetes.io/os: linux
# Labels & annotations shared between WEB UI related resources
labels: {} labels: {}
annotations: {}
### Metrics Scraper ## Enable or disable the kubernetes.io/cluster-service label. Should be disabled for GKE clusters >=1.15.
### Container to scrape, store, and retrieve a window of time from the Metrics Server. ## Otherwise, the addon manager will presume ownership of the service and try to delete it.
### refs: https://github.com/kubernetes-sigs/dashboard-metrics-scraper clusterServiceLabel:
enabled: true
key: "kubernetes.io/cluster-service"
ingress:
## If true, Kubernetes Dashboard Ingress will be created.
##
enabled: false
## Kubernetes Dashboard Ingress labels
# labels:
# key: value
## Kubernetes Dashboard Ingress annotations
# annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: 'true'
## If you plan to use TLS backend with enableInsecureLogin set to false
## (default), you need to uncomment the below.
## If you use ingress-nginx < 0.21.0
# nginx.ingress.kubernetes.io/secure-backends: "true"
## if you use ingress-nginx >= 0.21.0
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
## Kubernetes Dashboard Ingress Class
# className: "example-lb"
## Kubernetes Dashboard Ingress paths
## Both `/` and `/*` are required to work on gce ingress.
paths:
- /
# - /*
## Custom Kubernetes Dashboard Ingress paths. Will override default paths.
##
customPaths: []
# - pathType: ImplementationSpecific
# backend:
# service:
# name: ssl-redirect
# port:
# name: use-annotation
# - pathType: ImplementationSpecific
# backend:
# service:
# name: >-
# {{ include "kubernetes-dashboard.fullname" . }}
# port:
# # Don't use string here, use only integer value!
# number: 443
## Kubernetes Dashboard Ingress hostnames
## Must be provided if Ingress is enabled
##
# hosts:
# - kubernetes-dashboard.domain.com
## Kubernetes Dashboard Ingress TLS configuration
## Secrets must be manually created in the namespace
##
# tls:
# - secretName: kubernetes-dashboard-tls
# hosts:
# - kubernetes-dashboard.domain.com
# Global dashboard settings
settings:
{}
## Cluster name that appears in the browser window title if it is set
# clusterName: ""
## Max number of items that can be displayed on each list page
# itemsPerPage: 10
## Number of seconds between every auto-refresh of logs
# logsAutoRefreshTimeInterval: 5
## Number of seconds between every auto-refresh of every resource. Set 0 to disable
# resourceAutoRefreshTimeInterval: 5
## Hide all access denied warnings in the notification panel
# disableAccessDeniedNotifications: false
## Pinned CRDs that will be displayed in dashboard's menu
pinnedCRDs:
[]
# - kind: customresourcedefinition
## Fully qualified name of a CRD
# name: prometheuses.monitoring.coreos.com
## Display name
# displayName: Prometheus
## Is this CRD namespaced?
# namespaced: true
## Metrics Scraper
## Container to scrape, store, and retrieve a window of time from the Metrics Server.
## refs: https://github.com/kubernetes-sigs/dashboard-metrics-scraper
metricsScraper: metricsScraper:
enabled: true ## Wether to enable dashboard-metrics-scraper
role: metrics-scraper enabled: false
image: image:
repository: docker.io/kubernetesui/metrics-scraper repository: kubernetesui/metrics-scraper
tag: v1.0.9 tag: v1.0.9
containers: resources: {}
ports: ## SecurityContext especially for the kubernetes dashboard metrics scraper container
- containerPort: 8000 ## If not set, the global containterSecurityContext values will define these values
protocol: TCP # containerSecurityContext:
args: [] # allowPrivilegeEscalation: false
# Additional container environment variables # readOnlyRootFilesystem: true
# env: # runAsUser: 1001
# - name: SOME_VAR # runAsGroup: 2001
# value: 'some value' # args:
env: [] # - --log-level=info
# Additional volume mounts # - --logtostderr=true
# - mountPath: /kubeconfig
# name: dashboard-kubeconfig
# readOnly: true
volumeMounts:
# Create volume mount to store logs (required)
- mountPath: /tmp
name: tmp-volume
# TODO: Validate configuration
resources:
requests:
cpu: 100m
memory: 200Mi
limits:
cpu: 250m
memory: 400Mi
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
# Additional volumes
# - name: dashboard-kubeconfig
# secret:
# defaultMode: 420
# secretName: dashboard-kubeconfig
volumes:
# Create on-disk volume to store exec logs (required)
- name: tmp-volume
emptyDir: {}
nodeSelector:
# TODO: check if it's really needed since we offer cross platform images for darwin/windows/linux
kubernetes.io/os: linux
# Labels & annotations shared between WEB UI related resources
labels: {}
annotations: {}
## Optional Metrics Server sub-chart
## Optional Metrics Server sub-chart configuration
## Enable this if you don't already have metrics-server enabled on your cluster and ## Enable this if you don't already have metrics-server enabled on your cluster and
## want to use it with dashboard metrics-scraper ## want to use it with dashboard metrics-scraper
## refs: ## refs:
## - https://github.com/kubernetes-sigs/metrics-server ## - https://github.com/kubernetes-sigs/metrics-server
## - https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server ## - https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server
metrics-server: metrics-server:
enabled: true
args:
- --kubelet-preferred-address-types=InternalIP
- --kubelet-insecure-tls
## Optional Cert Manager sub-chart configuration
## Enable this if you don't already have cert-manager enabled on your cluster.
cert-manager:
enabled: false enabled: false
installCRDs: true ## Example for additional args
# args:
# - --kubelet-preferred-address-types=InternalIP
# - --kubelet-insecure-tls
## Optional Nginx Ingress sub-chart configuration rbac:
## Enable this if you don't already have nginx-ingress enabled on your cluster. # Specifies whether namespaced RBAC resources (Role, Rolebinding) should be created
nginx: create: true
enabled: false
controller: # Specifies whether cluster-wide RBAC resources (ClusterRole, ClusterRolebinding) to access metrics should be created
electionID: ingress-controller-leader # Independent from rbac.create parameter.
ingressClassResource: clusterRoleMetrics: true
name: internal-nginx
default: false
controllerValue: k8s.io/internal-ingress-nginx
service:
type: ClusterIP
## Extra configurations:
## - manifests
## - predefined roles
## - prometheus
## - etc...
extras:
# Extra Kubernetes manifests to be deployed
# manifests:
# - apiVersion: v1
# kind: ConfigMap
# metadata:
# name: additional-configmap
# data:
# mykey: myvalue
manifests: []
# Start in ReadOnly mode. # Start in ReadOnly mode.
# Specifies whether cluster-wide RBAC resources (ClusterRole, ClusterRolebinding) with read only permissions to all resources listed inside the cluster should be created # Specifies whether cluster-wide RBAC resources (ClusterRole, ClusterRolebinding) with read only permissions to all resources listed inside the cluster should be created
# Only dashboard-related Secrets and ConfigMaps will still be available for writing. # Only dashboard-related Secrets and ConfigMaps will still be available for writing.
@@ -341,16 +321,68 @@ spec:
# to avoid accidental changes in the cluster outside the standard CI/CD. # to avoid accidental changes in the cluster outside the standard CI/CD.
# #
# It is NOT RECOMMENDED to use this version in production. # It is NOT RECOMMENDED to use this version in production.
# Instead, you should review the role and remove all potentially sensitive parts such as # Instead you should review the role and remove all potentially sensitive parts such as
# access to persistentvolumes, pods/log etc. # access to persistentvolumes, pods/log etc.
#
# Independent from rbac.create parameter.
clusterReadOnlyRole: false clusterReadOnlyRole: false
# It is possible to add additional rules if read only role is enabled. # It is possible to add additional rules if read only role is enabled.
# This can be useful, for example, to show CRD resources. # This can be useful, for example, to show CRD resources.
clusterReadOnlyRoleAdditionalRules: [] # clusterReadOnlyRoleAdditionalRules: []
serviceMonitor:
# Whether to create a Prometheus Operator service monitor. # If the default role permissions are not enough, it is possible to add additional permissions.
enabled: false # roleAdditionalRules: []
# Here labels can be added to the serviceMonitor
labels: {} serviceAccount:
# Here annotations can be added to the serviceMonitor # Specifies whether a service account should be created
annotations: {} create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
livenessProbe:
# Number of seconds to wait before sending first probe
initialDelaySeconds: 30
# Number of seconds to wait for probe response
timeoutSeconds: 30
## podDisruptionBudget
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
podDisruptionBudget:
enabled: false
## Minimum available instances; ignored if there is no PodDisruptionBudget
minAvailable:
## Maximum unavailable instances; ignored if there is no PodDisruptionBudget
maxUnavailable:
## PodSecurityContext for pod level securityContext
# securityContext:
# runAsUser: 1001
# runAsGroup: 2001
networkPolicy:
# Whether to create a network policy that allows/restricts access to the service
enabled: false
# Whether to set network policy to deny all ingress traffic for the kubernetes-dashboard
ingressDenyAll: false
## podSecurityPolicy for fine-grained authorization of pod creation and updates
## Note that PSP is deprecated and has been removed from kubernetes 1.25 onwards.
## For 1.25+ consider enabling PodSecurityAdmission, refer to chart README.md.
podSecurityPolicy:
# Specifies whether a pod security policy should be created
enabled: false
serviceMonitor:
# Whether or not to create a Prometheus Operator service monitor.
enabled: false
## Here labels can be added to the serviceMonitor
labels: {}
## Here annotations can be added to the serviceMonitor
annotations: {}
## Optional containers, i.e. for auth addons.
optionalContainers:
enabled: false
containers: []