Add kubernetes dashboard helm release
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
580f7644f8
commit
828c1cccad
387
kubernetes-dashboard/helmrelease-kubernetes-dashboard.yaml
Normal file
387
kubernetes-dashboard/helmrelease-kubernetes-dashboard.yaml
Normal file
@ -0,0 +1,387 @@
|
|||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: kubernetes-dashboard
|
||||||
|
namespace: kubernetes-system
|
||||||
|
spec:
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: kubernetes-dashboard
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: kubernetes-dashboard
|
||||||
|
namespace: flux-system
|
||||||
|
interval: 15m0s
|
||||||
|
timeout: 5m
|
||||||
|
releaseName: kubernetes-dashboard
|
||||||
|
values:
|
||||||
|
# Copyright 2017 The Kubernetes Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
# Default values for kubernetes-dashboard
|
||||||
|
# This is a YAML-formatted file.
|
||||||
|
# Declare name/value pairs to be passed into your templates.
|
||||||
|
# name: value
|
||||||
|
|
||||||
|
image:
|
||||||
|
## Repository for container
|
||||||
|
repository: kubernetesui/dashboard
|
||||||
|
tag: "" # If not defined, uses appVersion of Chart.yaml
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
pullSecrets: []
|
||||||
|
|
||||||
|
## Number of replicas
|
||||||
|
replicaCount: 1
|
||||||
|
|
||||||
|
## @param commonLabels Labels to add to all deployed objects
|
||||||
|
##
|
||||||
|
commonLabels: {}
|
||||||
|
## @param commonAnnotations Annotations to add to all deployed objects
|
||||||
|
##
|
||||||
|
commonAnnotations: {}
|
||||||
|
|
||||||
|
## Here annotations can be added to the kubernetes dashboard deployment
|
||||||
|
annotations: {}
|
||||||
|
## Here labels can be added to the kubernetes dashboard deployment
|
||||||
|
labels: {}
|
||||||
|
|
||||||
|
## Additional container arguments
|
||||||
|
##
|
||||||
|
# extraArgs:
|
||||||
|
# - --enable-skip-login
|
||||||
|
# - --enable-insecure-login
|
||||||
|
# - --system-banner="Welcome to Kubernetes"
|
||||||
|
|
||||||
|
## Additional container environment variables
|
||||||
|
##
|
||||||
|
extraEnv: []
|
||||||
|
# - name: SOME_VAR
|
||||||
|
# value: 'some value'
|
||||||
|
|
||||||
|
## Additional volumes to be added to kubernetes dashboard pods
|
||||||
|
##
|
||||||
|
extraVolumes: []
|
||||||
|
# - name: dashboard-kubeconfig
|
||||||
|
# secret:
|
||||||
|
# defaultMode: 420
|
||||||
|
# secretName: dashboard-kubeconfig
|
||||||
|
|
||||||
|
## Additional volumeMounts to be added to kubernetes dashboard container
|
||||||
|
##
|
||||||
|
extraVolumeMounts: []
|
||||||
|
# - mountPath: /kubeconfig
|
||||||
|
# name: dashboard-kubeconfig
|
||||||
|
# readOnly: true
|
||||||
|
|
||||||
|
## Array of extra K8s manifests to deploy
|
||||||
|
##
|
||||||
|
extraManifests: []
|
||||||
|
# - apiVersion: v1
|
||||||
|
# kind: ConfigMap
|
||||||
|
# metadata:
|
||||||
|
# name: additional-configmap
|
||||||
|
# data:
|
||||||
|
# mykey: myvalue
|
||||||
|
|
||||||
|
## Annotations to be added to kubernetes dashboard pods
|
||||||
|
# podAnnotations:
|
||||||
|
|
||||||
|
## SecurityContext to be added to kubernetes dashboard pods
|
||||||
|
## To disable set the following configuration to null:
|
||||||
|
# securityContext: null
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
|
|
||||||
|
## SecurityContext defaults for the kubernetes dashboard container and metrics scraper container
|
||||||
|
## To disable set the following configuration to null:
|
||||||
|
# containerSecurityContext: null
|
||||||
|
containerSecurityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsUser: 1001
|
||||||
|
runAsGroup: 2001
|
||||||
|
capabilities:
|
||||||
|
drop: ["ALL"]
|
||||||
|
|
||||||
|
## @param podLabels Extra labels for OAuth2 Proxy pods
|
||||||
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
||||||
|
##
|
||||||
|
podLabels: {}
|
||||||
|
## @param podAnnotations Annotations for OAuth2 Proxy pods
|
||||||
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
||||||
|
##
|
||||||
|
podAnnotations: {}
|
||||||
|
|
||||||
|
## Node labels for pod assignment
|
||||||
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||||
|
##
|
||||||
|
nodeSelector: {}
|
||||||
|
|
||||||
|
## List of node taints to tolerate (requires Kubernetes >= 1.6)
|
||||||
|
tolerations: []
|
||||||
|
# - key: "key"
|
||||||
|
# operator: "Equal|Exists"
|
||||||
|
# value: "value"
|
||||||
|
# effect: "NoSchedule|PreferNoSchedule|NoExecute"
|
||||||
|
|
||||||
|
## Affinity for pod assignment
|
||||||
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||||
|
affinity: {}
|
||||||
|
|
||||||
|
## Name of Priority Class of pods
|
||||||
|
# priorityClassName: ""
|
||||||
|
|
||||||
|
## Pod resource requests & limits
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 200Mi
|
||||||
|
limits:
|
||||||
|
cpu: 2
|
||||||
|
memory: 200Mi
|
||||||
|
|
||||||
|
## Serve application over HTTP without TLS
|
||||||
|
##
|
||||||
|
## Note: If set to true, you may want to add --enable-insecure-login to extraArgs
|
||||||
|
protocolHttp: false
|
||||||
|
|
||||||
|
service:
|
||||||
|
type: LoadBalancer
|
||||||
|
# Dashboard service port
|
||||||
|
externalPort: 443
|
||||||
|
|
||||||
|
## LoadBalancerSourcesRange is a list of allowed CIDR values, which are combined with ServicePort to
|
||||||
|
## set allowed inbound rules on the security group assigned to the master load balancer
|
||||||
|
# loadBalancerSourceRanges: []
|
||||||
|
|
||||||
|
# clusterIP: ""
|
||||||
|
|
||||||
|
## A user-specified IP address for load balancer to use as External IP (if supported)
|
||||||
|
# loadBalancerIP:
|
||||||
|
|
||||||
|
## Additional Kubernetes Dashboard Service annotations
|
||||||
|
annotations: {}
|
||||||
|
|
||||||
|
## Here labels can be added to the Kubernetes Dashboard service
|
||||||
|
labels: {}
|
||||||
|
|
||||||
|
## Enable or disable the kubernetes.io/cluster-service label. Should be disabled for GKE clusters >=1.15.
|
||||||
|
## Otherwise, the addon manager will presume ownership of the service and try to delete it.
|
||||||
|
clusterServiceLabel:
|
||||||
|
enabled: true
|
||||||
|
key: "kubernetes.io/cluster-service"
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
## If true, Kubernetes Dashboard Ingress will be created.
|
||||||
|
##
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
## Kubernetes Dashboard Ingress labels
|
||||||
|
# labels:
|
||||||
|
# key: value
|
||||||
|
|
||||||
|
## Kubernetes Dashboard Ingress annotations
|
||||||
|
# annotations:
|
||||||
|
# kubernetes.io/ingress.class: nginx
|
||||||
|
# kubernetes.io/tls-acme: 'true'
|
||||||
|
|
||||||
|
## If you plan to use TLS backend with enableInsecureLogin set to false
|
||||||
|
## (default), you need to uncomment the below.
|
||||||
|
## If you use ingress-nginx < 0.21.0
|
||||||
|
# nginx.ingress.kubernetes.io/secure-backends: "true"
|
||||||
|
## if you use ingress-nginx >= 0.21.0
|
||||||
|
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
||||||
|
|
||||||
|
## Kubernetes Dashboard Ingress Class
|
||||||
|
# className: "example-lb"
|
||||||
|
|
||||||
|
## Kubernetes Dashboard Ingress paths
|
||||||
|
## Both `/` and `/*` are required to work on gce ingress.
|
||||||
|
paths:
|
||||||
|
- /
|
||||||
|
# - /*
|
||||||
|
|
||||||
|
## Custom Kubernetes Dashboard Ingress paths. Will override default paths.
|
||||||
|
##
|
||||||
|
customPaths: []
|
||||||
|
# - pathType: ImplementationSpecific
|
||||||
|
# backend:
|
||||||
|
# service:
|
||||||
|
# name: ssl-redirect
|
||||||
|
# port:
|
||||||
|
# name: use-annotation
|
||||||
|
# - pathType: ImplementationSpecific
|
||||||
|
# backend:
|
||||||
|
# service:
|
||||||
|
# name: >-
|
||||||
|
# {{ include "kubernetes-dashboard.fullname" . }}
|
||||||
|
# port:
|
||||||
|
# # Don't use string here, use only integer value!
|
||||||
|
# number: 443
|
||||||
|
## Kubernetes Dashboard Ingress hostnames
|
||||||
|
## Must be provided if Ingress is enabled
|
||||||
|
##
|
||||||
|
# hosts:
|
||||||
|
# - kubernetes-dashboard.domain.com
|
||||||
|
## Kubernetes Dashboard Ingress TLS configuration
|
||||||
|
## Secrets must be manually created in the namespace
|
||||||
|
##
|
||||||
|
# tls:
|
||||||
|
# - secretName: kubernetes-dashboard-tls
|
||||||
|
# hosts:
|
||||||
|
# - kubernetes-dashboard.domain.com
|
||||||
|
|
||||||
|
# Global dashboard settings
|
||||||
|
settings:
|
||||||
|
{}
|
||||||
|
## Cluster name that appears in the browser window title if it is set
|
||||||
|
# clusterName: ""
|
||||||
|
## Max number of items that can be displayed on each list page
|
||||||
|
# itemsPerPage: 10
|
||||||
|
## Number of seconds between every auto-refresh of logs
|
||||||
|
# logsAutoRefreshTimeInterval: 5
|
||||||
|
## Number of seconds between every auto-refresh of every resource. Set 0 to disable
|
||||||
|
# resourceAutoRefreshTimeInterval: 5
|
||||||
|
## Hide all access denied warnings in the notification panel
|
||||||
|
# disableAccessDeniedNotifications: false
|
||||||
|
|
||||||
|
## Pinned CRDs that will be displayed in dashboard's menu
|
||||||
|
pinnedCRDs:
|
||||||
|
[]
|
||||||
|
# - kind: customresourcedefinition
|
||||||
|
## Fully qualified name of a CRD
|
||||||
|
# name: prometheuses.monitoring.coreos.com
|
||||||
|
## Display name
|
||||||
|
# displayName: Prometheus
|
||||||
|
## Is this CRD namespaced?
|
||||||
|
# namespaced: true
|
||||||
|
|
||||||
|
## Metrics Scraper
|
||||||
|
## Container to scrape, store, and retrieve a window of time from the Metrics Server.
|
||||||
|
## refs: https://github.com/kubernetes-sigs/dashboard-metrics-scraper
|
||||||
|
metricsScraper:
|
||||||
|
## Wether to enable dashboard-metrics-scraper
|
||||||
|
enabled: false
|
||||||
|
image:
|
||||||
|
repository: kubernetesui/metrics-scraper
|
||||||
|
tag: v1.0.9
|
||||||
|
resources: {}
|
||||||
|
## SecurityContext especially for the kubernetes dashboard metrics scraper container
|
||||||
|
## If not set, the global containterSecurityContext values will define these values
|
||||||
|
# containerSecurityContext:
|
||||||
|
# allowPrivilegeEscalation: false
|
||||||
|
# readOnlyRootFilesystem: true
|
||||||
|
# runAsUser: 1001
|
||||||
|
# runAsGroup: 2001
|
||||||
|
# args:
|
||||||
|
# - --log-level=info
|
||||||
|
# - --logtostderr=true
|
||||||
|
|
||||||
|
## Optional Metrics Server sub-chart
|
||||||
|
## Enable this if you don't already have metrics-server enabled on your cluster and
|
||||||
|
## want to use it with dashboard metrics-scraper
|
||||||
|
## refs:
|
||||||
|
## - https://github.com/kubernetes-sigs/metrics-server
|
||||||
|
## - https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server
|
||||||
|
metrics-server:
|
||||||
|
enabled: false
|
||||||
|
## Example for additional args
|
||||||
|
# args:
|
||||||
|
# - --kubelet-preferred-address-types=InternalIP
|
||||||
|
# - --kubelet-insecure-tls
|
||||||
|
|
||||||
|
rbac:
|
||||||
|
# Specifies whether namespaced RBAC resources (Role, Rolebinding) should be created
|
||||||
|
create: true
|
||||||
|
|
||||||
|
# Specifies whether cluster-wide RBAC resources (ClusterRole, ClusterRolebinding) to access metrics should be created
|
||||||
|
# Independent from rbac.create parameter.
|
||||||
|
clusterRoleMetrics: true
|
||||||
|
|
||||||
|
# Start in ReadOnly mode.
|
||||||
|
# Specifies whether cluster-wide RBAC resources (ClusterRole, ClusterRolebinding) with read only permissions to all resources listed inside the cluster should be created
|
||||||
|
# Only dashboard-related Secrets and ConfigMaps will still be available for writing.
|
||||||
|
#
|
||||||
|
# The basic idea of the clusterReadOnlyRole
|
||||||
|
# is not to hide all the secrets and sensitive data but more
|
||||||
|
# to avoid accidental changes in the cluster outside the standard CI/CD.
|
||||||
|
#
|
||||||
|
# It is NOT RECOMMENDED to use this version in production.
|
||||||
|
# Instead you should review the role and remove all potentially sensitive parts such as
|
||||||
|
# access to persistentvolumes, pods/log etc.
|
||||||
|
#
|
||||||
|
# Independent from rbac.create parameter.
|
||||||
|
clusterReadOnlyRole: false
|
||||||
|
# It is possible to add additional rules if read only role is enabled.
|
||||||
|
# This can be useful, for example, to show CRD resources.
|
||||||
|
# clusterReadOnlyRoleAdditionalRules: []
|
||||||
|
|
||||||
|
# If the default role permissions are not enough, it is possible to add additional permissions.
|
||||||
|
# roleAdditionalRules: []
|
||||||
|
|
||||||
|
serviceAccount:
|
||||||
|
# Specifies whether a service account should be created
|
||||||
|
create: true
|
||||||
|
# The name of the service account to use.
|
||||||
|
# If not set and create is true, a name is generated using the fullname template
|
||||||
|
name:
|
||||||
|
|
||||||
|
livenessProbe:
|
||||||
|
# Number of seconds to wait before sending first probe
|
||||||
|
initialDelaySeconds: 30
|
||||||
|
# Number of seconds to wait for probe response
|
||||||
|
timeoutSeconds: 30
|
||||||
|
|
||||||
|
## podDisruptionBudget
|
||||||
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
||||||
|
podDisruptionBudget:
|
||||||
|
enabled: false
|
||||||
|
## Minimum available instances; ignored if there is no PodDisruptionBudget
|
||||||
|
minAvailable:
|
||||||
|
## Maximum unavailable instances; ignored if there is no PodDisruptionBudget
|
||||||
|
maxUnavailable:
|
||||||
|
|
||||||
|
## PodSecurityContext for pod level securityContext
|
||||||
|
# securityContext:
|
||||||
|
# runAsUser: 1001
|
||||||
|
# runAsGroup: 2001
|
||||||
|
|
||||||
|
networkPolicy:
|
||||||
|
# Whether to create a network policy that allows/restricts access to the service
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
# Whether to set network policy to deny all ingress traffic for the kubernetes-dashboard
|
||||||
|
ingressDenyAll: false
|
||||||
|
|
||||||
|
## podSecurityPolicy for fine-grained authorization of pod creation and updates
|
||||||
|
## Note that PSP is deprecated and has been removed from kubernetes 1.25 onwards.
|
||||||
|
## For 1.25+ consider enabling PodSecurityAdmission, refer to chart README.md.
|
||||||
|
podSecurityPolicy:
|
||||||
|
# Specifies whether a pod security policy should be created
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
serviceMonitor:
|
||||||
|
# Whether or not to create a Prometheus Operator service monitor.
|
||||||
|
enabled: false
|
||||||
|
## Here labels can be added to the serviceMonitor
|
||||||
|
labels: {}
|
||||||
|
## Here annotations can be added to the serviceMonitor
|
||||||
|
annotations: {}
|
||||||
|
|
||||||
|
## Optional containers, i.e. for auth addons.
|
||||||
|
optionalContainers:
|
||||||
|
enabled: false
|
||||||
|
containers: []
|
Loading…
Reference in New Issue
Block a user