apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: kubernetes-dashboard namespace: kubernetes-dashboard spec: chart: spec: chart: kubernetes-dashboard version: 7.0.0-alpha1 sourceRef: kind: HelmRepository name: kubernetes-dashboard namespace: flux-system interval: 15m timeout: 5m releaseName: kubernetes-dashboard values: # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # General configuration shared across resources app: image: pullPolicy: IfNotPresent pullSecrets: [] scaling: # Default number of replicas replicas: 1 revisionHistoryLimit: 10 scheduling: # Node labels for pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ nodeSelector: {} security: # SecurityContext to be added to pods # To disable set the following configuration to null: # securityContext: null securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault # ContainerSecurityContext to be added to containers # To disable set the following configuration to null: # containerSecurityContext: null containerSecurityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 capabilities: drop: ["ALL"] # Pod Disruption Budget configuration # Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ podDisruptionBudget: enabled: false minAvailable: 0 maxUnavailable: 0 networkPolicy: enabled: false ingressDenyAll: false # Common labels & annotations shared across all deployed resources labels: {} annotations: {} settings: ## Global dashboard settings ## Note: Use all or none. Dashboard does not support default value merging currently. global: # # Cluster name that appears in the browser window title if it is set # clusterName: "" # # Max number of items that can be displayed on each list page # itemsPerPage: 10 # # Number of seconds between every auto-refresh of logs # logsAutoRefreshTimeInterval: 5 # # Number of seconds between every auto-refresh of every resource. Set 0 to disable # resourceAutoRefreshTimeInterval: 5 # # Hide all access denied warnings in the notification panel # disableAccessDeniedNotifications: false ## Pinned CRDs that will be displayed in dashboard's menu pinnedCRDs: [] # - kind: customresourcedefinition # # Fully qualified name of a CRD # name: prometheus.monitoring.coreos.com # # Display name # displayName: Prometheus # # Is this CRD namespaced? # namespaced: true ingress: enabled: false hosts: # Keep 'localhost' host only if you want to access Dashboard using 'kubectl port-forward ...' on: # https://localhost:8443 - localhost # - kubernetes.dashboard.domain.com ingressClassName: internal-nginx pathType: ImplementationSpecific secretName: kubernetes-dashboard-certs issuer: name: selfsigned # Scope determines what kind of issuer annotation will be used on ingress resource # - default - adds 'cert-manager.io/issuer' # - cluster - adds 'cert-manager.io/cluster-issuer' # - disabled - disables cert-manager annotations scope: default labels: {} annotations: {} paths: web: / api: /api # Use the following toleration if Dashboard can be deployed on a tainted control-plane nodes # - key: node-role.kubernetes.io/control-plane # effect: NoSchedule tolerations: [] # API deployment configuration api: role: api image: repository: docker.io/kubernetesui/dashboard-api tag: v1.0.0 containers: ports: - name: api containerPort: 9000 protocol: TCP # Additional container arguments # Full list of arguments: https://github.com/kubernetes/dashboard/blob/master/docs/common/arguments.md # args: # - --system-banner="Welcome to the Kubernetes Dashboard" args: [] # Additional container environment variables # env: # - name: SOME_VAR # value: 'some value' env: [] # Additional volume mounts # - mountPath: /kubeconfig # name: dashboard-kubeconfig # readOnly: true volumeMounts: # Create volume mount to store exec logs (required) - mountPath: /tmp name: tmp-volume # TODO: Validate configuration resources: requests: cpu: 100m memory: 200Mi limits: cpu: 250m memory: 400Mi # Additional volumes # - name: dashboard-kubeconfig # secret: # defaultMode: 420 # secretName: dashboard-kubeconfig volumes: # Create on-disk volume to store exec logs (required) - name: tmp-volume emptyDir: {} nodeSelector: {} # Labels & annotations shared between API related resources labels: {} annotations: {} # WEB UI deployment configuration web: role: web image: repository: docker.io/kubernetesui/dashboard-web tag: v1.0.0 containers: ports: - name: web containerPort: 8000 protocol: TCP # Additional container arguments # Full list of arguments: https://github.com/kubernetes/dashboard/blob/master/docs/common/arguments.md # args: # - --system-banner="Welcome to the Kubernetes Dashboard" args: [] # Additional container environment variables # env: # - name: SOME_VAR # value: 'some value' env: [] # Additional volume mounts # - mountPath: /kubeconfig # name: dashboard-kubeconfig # readOnly: true volumeMounts: # Create volume mount to store logs (required) - mountPath: /tmp name: tmp-volume # TODO: Validate configuration resources: requests: cpu: 100m memory: 200Mi limits: cpu: 250m memory: 400Mi # Additional volumes # - name: dashboard-kubeconfig # secret: # defaultMode: 420 # secretName: dashboard-kubeconfig volumes: # Create on-disk volume to store exec logs (required) - name: tmp-volume emptyDir: {} nodeSelector: # TODO: check if it's really needed since we offer cross platform images for darwin/windows/linux kubernetes.io/os: linux # Labels & annotations shared between WEB UI related resources labels: {} annotations: {} ### Metrics Scraper ### Container to scrape, store, and retrieve a window of time from the Metrics Server. ### refs: https://github.com/kubernetes-sigs/dashboard-metrics-scraper metricsScraper: enabled: true role: metrics-scraper image: repository: docker.io/kubernetesui/metrics-scraper tag: v1.0.9 containers: ports: - containerPort: 8000 protocol: TCP args: [] # Additional container environment variables # env: # - name: SOME_VAR # value: 'some value' env: [] # Additional volume mounts # - mountPath: /kubeconfig # name: dashboard-kubeconfig # readOnly: true volumeMounts: # Create volume mount to store logs (required) - mountPath: /tmp name: tmp-volume # TODO: Validate configuration resources: requests: cpu: 100m memory: 200Mi limits: cpu: 250m memory: 400Mi livenessProbe: httpGet: scheme: HTTP path: / port: 8000 initialDelaySeconds: 30 timeoutSeconds: 30 # Additional volumes # - name: dashboard-kubeconfig # secret: # defaultMode: 420 # secretName: dashboard-kubeconfig volumes: # Create on-disk volume to store exec logs (required) - name: tmp-volume emptyDir: {} nodeSelector: # TODO: check if it's really needed since we offer cross platform images for darwin/windows/linux kubernetes.io/os: linux # Labels & annotations shared between WEB UI related resources labels: {} annotations: {} ## Optional Metrics Server sub-chart configuration ## Enable this if you don't already have metrics-server enabled on your cluster and ## want to use it with dashboard metrics-scraper ## refs: ## - https://github.com/kubernetes-sigs/metrics-server ## - https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server metrics-server: enabled: true args: - --kubelet-preferred-address-types=InternalIP - --kubelet-insecure-tls ## Optional Cert Manager sub-chart configuration ## Enable this if you don't already have cert-manager enabled on your cluster. cert-manager: enabled: false installCRDs: true ## Optional Nginx Ingress sub-chart configuration ## Enable this if you don't already have nginx-ingress enabled on your cluster. nginx: enabled: false controller: electionID: ingress-controller-leader ingressClassResource: name: internal-nginx default: false controllerValue: k8s.io/internal-ingress-nginx service: type: ClusterIP ## Extra configurations: ## - manifests ## - predefined roles ## - prometheus ## - etc... extras: # Extra Kubernetes manifests to be deployed # manifests: # - apiVersion: v1 # kind: ConfigMap # metadata: # name: additional-configmap # data: # mykey: myvalue manifests: [] # Start in ReadOnly mode. # Specifies whether cluster-wide RBAC resources (ClusterRole, ClusterRolebinding) with read only permissions to all resources listed inside the cluster should be created # Only dashboard-related Secrets and ConfigMaps will still be available for writing. # # The basic idea of the clusterReadOnlyRole # is not to hide all the secrets and sensitive data but more # to avoid accidental changes in the cluster outside the standard CI/CD. # # It is NOT RECOMMENDED to use this version in production. # Instead, you should review the role and remove all potentially sensitive parts such as # access to persistentvolumes, pods/log etc. clusterReadOnlyRole: false # It is possible to add additional rules if read only role is enabled. # This can be useful, for example, to show CRD resources. clusterReadOnlyRoleAdditionalRules: [] serviceMonitor: # Whether to create a Prometheus Operator service monitor. enabled: false # Here labels can be added to the serviceMonitor labels: {} # Here annotations can be added to the serviceMonitor annotations: {}