2024-03-30 01:04:08 +00:00
apiVersion : helm.toolkit.fluxcd.io/v2beta1
kind : HelmRelease
metadata :
name : kubernetes-dashboard
namespace : kubernetes-system
spec :
chart :
spec :
chart : kubernetes-dashboard
sourceRef :
kind : HelmRepository
name : kubernetes-dashboard
namespace : flux-system
interval : 15m0s
timeout : 5m
releaseName : kubernetes-dashboard
values :
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for kubernetes-dashboard
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
image :
## Repository for container
repository : kubernetesui/dashboard
tag : "" # If not defined, uses appVersion of Chart.yaml
pullPolicy : IfNotPresent
pullSecrets : [ ]
## Number of replicas
replicaCount : 1
## @param commonLabels Labels to add to all deployed objects
##
commonLabels : {}
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations : {}
## Here annotations can be added to the kubernetes dashboard deployment
annotations : {}
## Here labels can be added to the kubernetes dashboard deployment
labels : {}
## Additional container arguments
##
2024-03-30 01:10:53 +00:00
extraArgs :
- --enable-skip-login
- --enable-insecure-login
- --system-banner="Welcome to Kubernetes"
2024-03-30 01:04:08 +00:00
## Additional container environment variables
##
extraEnv : [ ]
# - name: SOME_VAR
# value: 'some value'
## Additional volumes to be added to kubernetes dashboard pods
##
extraVolumes : [ ]
# - name: dashboard-kubeconfig
# secret:
# defaultMode: 420
# secretName: dashboard-kubeconfig
## Additional volumeMounts to be added to kubernetes dashboard container
##
extraVolumeMounts : [ ]
# - mountPath: /kubeconfig
# name: dashboard-kubeconfig
# readOnly: true
## Array of extra K8s manifests to deploy
##
extraManifests : [ ]
# - apiVersion: v1
# kind: ConfigMap
# metadata:
# name: additional-configmap
# data:
# mykey: myvalue
## Annotations to be added to kubernetes dashboard pods
# podAnnotations:
## SecurityContext to be added to kubernetes dashboard pods
## To disable set the following configuration to null:
# securityContext: null
securityContext :
runAsNonRoot : true
seccompProfile :
type : RuntimeDefault
## SecurityContext defaults for the kubernetes dashboard container and metrics scraper container
## To disable set the following configuration to null:
# containerSecurityContext: null
containerSecurityContext :
allowPrivilegeEscalation : false
readOnlyRootFilesystem : true
runAsUser : 1001
runAsGroup : 2001
capabilities :
drop : [ "ALL" ]
## @param podLabels Extra labels for OAuth2 Proxy pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels : {}
## @param podAnnotations Annotations for OAuth2 Proxy pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations : {}
## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector : {}
## List of node taints to tolerate (requires Kubernetes >= 1.6)
tolerations : [ ]
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute"
## Affinity for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity : {}
## Name of Priority Class of pods
# priorityClassName: ""
## Pod resource requests & limits
resources :
requests :
cpu : 100m
memory : 200Mi
limits :
cpu : 2
memory : 200Mi
## Serve application over HTTP without TLS
##
## Note: If set to true, you may want to add --enable-insecure-login to extraArgs
protocolHttp : false
service :
type : LoadBalancer
# Dashboard service port
externalPort : 443
## LoadBalancerSourcesRange is a list of allowed CIDR values, which are combined with ServicePort to
## set allowed inbound rules on the security group assigned to the master load balancer
# loadBalancerSourceRanges: []
# clusterIP: ""
## A user-specified IP address for load balancer to use as External IP (if supported)
# loadBalancerIP:
## Additional Kubernetes Dashboard Service annotations
annotations : {}
## Here labels can be added to the Kubernetes Dashboard service
labels : {}
## Enable or disable the kubernetes.io/cluster-service label. Should be disabled for GKE clusters >=1.15.
## Otherwise, the addon manager will presume ownership of the service and try to delete it.
clusterServiceLabel :
enabled : true
key : "kubernetes.io/cluster-service"
ingress :
## If true, Kubernetes Dashboard Ingress will be created.
##
enabled : false
## Kubernetes Dashboard Ingress labels
# labels:
# key: value
## Kubernetes Dashboard Ingress annotations
# annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: 'true'
## If you plan to use TLS backend with enableInsecureLogin set to false
## (default), you need to uncomment the below.
## If you use ingress-nginx < 0.21.0
# nginx.ingress.kubernetes.io/secure-backends: "true"
## if you use ingress-nginx >= 0.21.0
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
## Kubernetes Dashboard Ingress Class
# className: "example-lb"
## Kubernetes Dashboard Ingress paths
## Both `/` and `/*` are required to work on gce ingress.
paths :
- /
# - /*
## Custom Kubernetes Dashboard Ingress paths. Will override default paths.
##
customPaths : [ ]
# - pathType: ImplementationSpecific
# backend:
# service:
# name: ssl-redirect
# port:
# name: use-annotation
# - pathType: ImplementationSpecific
# backend:
# service:
# name: >-
# {{ include "kubernetes-dashboard.fullname" . }}
# port:
# # Don't use string here, use only integer value!
# number: 443
## Kubernetes Dashboard Ingress hostnames
## Must be provided if Ingress is enabled
##
# hosts:
# - kubernetes-dashboard.domain.com
## Kubernetes Dashboard Ingress TLS configuration
## Secrets must be manually created in the namespace
##
# tls:
# - secretName: kubernetes-dashboard-tls
# hosts:
# - kubernetes-dashboard.domain.com
# Global dashboard settings
settings :
{}
## Cluster name that appears in the browser window title if it is set
# clusterName: ""
## Max number of items that can be displayed on each list page
# itemsPerPage: 10
## Number of seconds between every auto-refresh of logs
# logsAutoRefreshTimeInterval: 5
## Number of seconds between every auto-refresh of every resource. Set 0 to disable
# resourceAutoRefreshTimeInterval: 5
## Hide all access denied warnings in the notification panel
# disableAccessDeniedNotifications: false
## Pinned CRDs that will be displayed in dashboard's menu
pinnedCRDs :
[ ]
# - kind: customresourcedefinition
## Fully qualified name of a CRD
# name: prometheuses.monitoring.coreos.com
## Display name
# displayName: Prometheus
## Is this CRD namespaced?
# namespaced: true
## Metrics Scraper
## Container to scrape, store, and retrieve a window of time from the Metrics Server.
## refs: https://github.com/kubernetes-sigs/dashboard-metrics-scraper
metricsScraper :
## Wether to enable dashboard-metrics-scraper
enabled : false
image :
repository : kubernetesui/metrics-scraper
tag : v1.0.9
resources : {}
## SecurityContext especially for the kubernetes dashboard metrics scraper container
## If not set, the global containterSecurityContext values will define these values
# containerSecurityContext:
# allowPrivilegeEscalation: false
# readOnlyRootFilesystem: true
# runAsUser: 1001
# runAsGroup: 2001
# args:
# - --log-level=info
# - --logtostderr=true
## Optional Metrics Server sub-chart
## Enable this if you don't already have metrics-server enabled on your cluster and
## want to use it with dashboard metrics-scraper
## refs:
## - https://github.com/kubernetes-sigs/metrics-server
## - https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server
metrics-server :
enabled : false
## Example for additional args
# args:
# - --kubelet-preferred-address-types=InternalIP
# - --kubelet-insecure-tls
rbac :
# Specifies whether namespaced RBAC resources (Role, Rolebinding) should be created
create : true
# Specifies whether cluster-wide RBAC resources (ClusterRole, ClusterRolebinding) to access metrics should be created
# Independent from rbac.create parameter.
clusterRoleMetrics : true
# Start in ReadOnly mode.
# Specifies whether cluster-wide RBAC resources (ClusterRole, ClusterRolebinding) with read only permissions to all resources listed inside the cluster should be created
# Only dashboard-related Secrets and ConfigMaps will still be available for writing.
#
# The basic idea of the clusterReadOnlyRole
# is not to hide all the secrets and sensitive data but more
# to avoid accidental changes in the cluster outside the standard CI/CD.
#
# It is NOT RECOMMENDED to use this version in production.
# Instead you should review the role and remove all potentially sensitive parts such as
# access to persistentvolumes, pods/log etc.
#
# Independent from rbac.create parameter.
clusterReadOnlyRole : false
# It is possible to add additional rules if read only role is enabled.
# This can be useful, for example, to show CRD resources.
# clusterReadOnlyRoleAdditionalRules: []
# If the default role permissions are not enough, it is possible to add additional permissions.
# roleAdditionalRules: []
serviceAccount :
# Specifies whether a service account should be created
create : true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name :
livenessProbe :
# Number of seconds to wait before sending first probe
initialDelaySeconds : 30
# Number of seconds to wait for probe response
timeoutSeconds : 30
## podDisruptionBudget
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
podDisruptionBudget :
enabled : false
## Minimum available instances; ignored if there is no PodDisruptionBudget
minAvailable :
## Maximum unavailable instances; ignored if there is no PodDisruptionBudget
maxUnavailable :
## PodSecurityContext for pod level securityContext
# securityContext:
# runAsUser: 1001
# runAsGroup: 2001
networkPolicy :
# Whether to create a network policy that allows/restricts access to the service
enabled : false
# Whether to set network policy to deny all ingress traffic for the kubernetes-dashboard
ingressDenyAll : false
## podSecurityPolicy for fine-grained authorization of pod creation and updates
## Note that PSP is deprecated and has been removed from kubernetes 1.25 onwards.
## For 1.25+ consider enabling PodSecurityAdmission, refer to chart README.md.
podSecurityPolicy :
# Specifies whether a pod security policy should be created
enabled : false
serviceMonitor :
# Whether or not to create a Prometheus Operator service monitor.
enabled : false
## Here labels can be added to the serviceMonitor
labels : {}
## Here annotations can be added to the serviceMonitor
annotations : {}
## Optional containers, i.e. for auth addons.
optionalContainers :
enabled : false
containers : [ ]
