1. # Copyright 2017 The Kubernetes Authors.
    2. #
    3. # Licensed under the Apache License, Version 2.0 (the "License");
    4. # you may not use this file except in compliance with the License.
    5. # You may obtain a copy of the License at
    6. #
    7. #     http://www.apache.org/licenses/LICENSE-2.0
    8. #
    9. # Unless required by applicable law or agreed to in writing, software
    10. # distributed under the License is distributed on an "AS IS" BASIS,
    11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. # See the License for the specific language governing permissions and
    13. # limitations under the License.
    15. # ------------------- Dashboard Secrets ------------------- #
    17. apiVersion: v1
    18. kind: Secret
    19. metadata:
    20.   labels:
    21.     k8s-app: kubernetes-dashboard
    22.   name: kubernetes-dashboard-certs
    23.   namespace: kube-system
    24. type: Opaque
    26. ---
    28. apiVersion: v1
    29. kind: Secret
    30. metadata:
    31.   labels:
    32.     k8s-app: kubernetes-dashboard
    33.   name: kubernetes-dashboard-csrf
    34.   namespace: kube-system
    35. type: Opaque
    36. data:
    37.   csrf: ""
    39. ---
    40. # ------------------- Dashboard Service Account ------------------- #
    42. apiVersion: v1
    43. kind: ServiceAccount
    44. metadata:
    45.   labels:
    46.     k8s-app: kubernetes-dashboard
    47.   name: kubernetes-dashboard
    48.   namespace: kube-system
    50. ---
    51. # ------------------- Dashboard Role & Role Binding ------------------- #
    53. kind: Role
    54. apiVersion: rbac.authorization.k8s.io/v1
    55. metadata:
    56.   name: kubernetes-dashboard-minimal
    57.   namespace: kube-system
    58. rules:
    59.   # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
    60. - apiGroups: [""]
    61.   resources: ["secrets"]
    62.   verbs: ["create"]
    63.   # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
    64. - apiGroups: [""]
    65.   resources: ["configmaps"]
    66.   verbs: ["create"]
    67.   # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
    68. - apiGroups: [""]
    69.   resources: ["secrets"]
    70.   resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
    71.   verbs: ["get", "update", "delete"]
    72.   # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
    73. - apiGroups: [""]
    74.   resources: ["configmaps"]
    75.   resourceNames: ["kubernetes-dashboard-settings"]
    76.   verbs: ["get", "update"]
    77.   # Allow Dashboard to get metrics from heapster.
    78. - apiGroups: [""]
    79.   resources: ["services"]
    80.   resourceNames: ["heapster"]
    81.   verbs: ["proxy"]
    82. - apiGroups: [""]
    83.   resources: ["services/proxy"]
    84.   resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
    85.   verbs: ["get"]
    87. ---
    88. apiVersion: rbac.authorization.k8s.io/v1
    89. kind: RoleBinding
    90. metadata:
    91.   name: kubernetes-dashboard-minimal
    92.   namespace: kube-system
    93. roleRef:
    94.   apiGroup: rbac.authorization.k8s.io
    95.   kind: Role
    96.   name: kubernetes-dashboard-minimal
    97. subjects:
    98. - kind: ServiceAccount
    99.   name: kubernetes-dashboard
    100.   namespace: kube-system
    102. ---
    103. # ------------------- Dashboard Deployment ------------------- #
    105. kind: Deployment
    106. apiVersion: apps/v1
    107. metadata:
    108.   labels:
    109.     k8s-app: kubernetes-dashboard
    110.   name: kubernetes-dashboard
    111.   namespace: kube-system
    112. spec:
    113.   replicas: 1
    114.   revisionHistoryLimit: 10
    115.   selector:
    116.     matchLabels:
    117.       k8s-app: kubernetes-dashboard
    118.   template:
    119.     metadata:
    120.       labels:
    121.         k8s-app: kubernetes-dashboard
    122.     spec:
    123.       containers:
    124.       - name: kubernetes-dashboard
    125.         image: siriuszg/kubernetes-dashboard-amd64:v1.10.0
    126.         ports:
    127.         - containerPort: 8443
    128.           protocol: TCP
    129.         args:
    130.           - --auto-generate-certificates
    131.           - --token-ttl=43200
    132.           # Uncomment the following line to manually specify Kubernetes API server Host
    133.           # If not specified, Dashboard will attempt to auto discover the API server and connect
    134.           # to it. Uncomment only if the default does not work.
    135.           # - --apiserver-host=http://my-address:port
    136.         volumeMounts:
    137.         - name: kubernetes-dashboard-certs
    138.           mountPath: /certs
    139.           # Create on-disk volume to store exec logs
    140.         - mountPath: /tmp
    141.           name: tmp-volume
    142.         livenessProbe:
    143.           httpGet:
    144.             scheme: HTTPS
    145.             path: /
    146.             port: 8443
    147.           initialDelaySeconds: 30
    148.           timeoutSeconds: 30
    149.       volumes:
    150.       - name: kubernetes-dashboard-certs
    151.         secret:
    152.           secretName: kubernetes-dashboard-certs
    153.       - name: tmp-volume
    154.         emptyDir: {}
    155.       serviceAccountName: kubernetes-dashboard
    156.       # Comment the following tolerations if Dashboard must not be deployed on master
    157.       tolerations:
    158.       - key: node-role.kubernetes.io/master
    159.         effect: NoSchedule
    161. ---
    162. # ------------------- Dashboard Service ------------------- #
    164. kind: Service
    165. apiVersion: v1
    166. metadata:
    167.   labels:
    168.     k8s-app: kubernetes-dashboard
    169.   name: kubernetes-dashboard
    170.   namespace: kube-system
    171. spec:
    172.   ports:
    173.     - port: 443
    174.       targetPort: 8443
    175.   type: NodePort
    176.   selector:
    177.     k8s-app: kubernetes-dashboard