1 # Copyright 2017 The Kubernetes Authors.
3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
7 # http://www.apache.org/licenses/LICENSE-2.0
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 # See the License for the specific language governing permissions and
13 # limitations under the License.
18 name: kubernetes-dashboard
26 k8s-app: kubernetes-dashboard
27 name: kubernetes-dashboard
28 namespace: kubernetes-dashboard
36 k8s-app: kubernetes-dashboard
37 name: kubernetes-dashboard
38 namespace: kubernetes-dashboard
44 k8s-app: kubernetes-dashboard
45 {% if rke_dashboard_exposed %}
55 k8s-app: kubernetes-dashboard
56 name: kubernetes-dashboard-certs
57 namespace: kubernetes-dashboard
66 k8s-app: kubernetes-dashboard
67 name: kubernetes-dashboard-csrf
68 namespace: kubernetes-dashboard
79 k8s-app: kubernetes-dashboard
80 name: kubernetes-dashboard-key-holder
81 namespace: kubernetes-dashboard
90 k8s-app: kubernetes-dashboard
91 name: kubernetes-dashboard-settings
92 namespace: kubernetes-dashboard
97 apiVersion: rbac.authorization.k8s.io/v1
100 k8s-app: kubernetes-dashboard
101 name: kubernetes-dashboard
102 namespace: kubernetes-dashboard
104 # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
106 resources: ["secrets"]
107 resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
108 verbs: ["get", "update", "delete"]
109 # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
111 resources: ["configmaps"]
112 resourceNames: ["kubernetes-dashboard-settings"]
113 verbs: ["get", "update"]
114 # Allow Dashboard to get metrics.
116 resources: ["services"]
117 resourceNames: ["heapster", "dashboard-metrics-scraper"]
120 resources: ["services/proxy"]
121 resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
127 apiVersion: rbac.authorization.k8s.io/v1
130 k8s-app: kubernetes-dashboard
131 name: kubernetes-dashboard
133 # Allow Metrics Scraper to get metrics from the Metrics server
134 - apiGroups: ["metrics.k8s.io"]
135 resources: ["pods", "nodes","namespaces","secrets","persistentvolumeclaims"]
136 verbs: ["get", "list", "watch"]
137 - apiGroups: ["","apps"]
138 resources: ["pods", "nodes","namespaces","secrets","persistentvolumeclaims","replicasets","deployments","events"]
139 verbs: ["get", "list", "watch"]
143 apiVersion: rbac.authorization.k8s.io/v1
147 k8s-app: kubernetes-dashboard
148 name: kubernetes-dashboard
149 namespace: kubernetes-dashboard
151 apiGroup: rbac.authorization.k8s.io
153 name: kubernetes-dashboard
155 - kind: ServiceAccount
156 name: kubernetes-dashboard
157 namespace: kubernetes-dashboard
161 apiVersion: rbac.authorization.k8s.io/v1
162 kind: ClusterRoleBinding
164 name: kubernetes-dashboard
165 namespace: kubernetes-dashboard
167 apiGroup: rbac.authorization.k8s.io
169 name: kubernetes-dashboard
171 - kind: ServiceAccount
172 name: kubernetes-dashboard
173 namespace: kubernetes-dashboard
181 k8s-app: kubernetes-dashboard
182 name: kubernetes-dashboard
183 namespace: kubernetes-dashboard
186 revisionHistoryLimit: 10
189 k8s-app: kubernetes-dashboard
193 k8s-app: kubernetes-dashboard
196 - name: kubernetes-dashboard
197 image: kubernetesui/dashboard:v2.0.0-beta4
198 imagePullPolicy: Always
200 - containerPort: 8443
203 - --auto-generate-certificates
204 - --namespace=kubernetes-dashboard
205 # Uncomment the following line to manually specify Kubernetes API server Host
206 # If not specified, Dashboard will attempt to auto discover the API server and connect
207 # to it. Uncomment only if the default does not work.
208 # - --apiserver-host=http://my-address:port
210 - name: kubernetes-dashboard-certs
212 # Create on-disk volume to store exec logs
220 initialDelaySeconds: 30
223 - name: kubernetes-dashboard-certs
225 secretName: kubernetes-dashboard-certs
228 serviceAccountName: kubernetes-dashboard
229 # Comment the following tolerations if Dashboard must not be deployed on master
231 - key: node-role.kubernetes.io/master
240 k8s-app: dashboard-metrics-scraper
241 name: dashboard-metrics-scraper
242 namespace: kubernetes-dashboard
248 k8s-app: dashboard-metrics-scraper
256 k8s-app: dashboard-metrics-scraper
257 name: dashboard-metrics-scraper
258 namespace: kubernetes-dashboard
261 revisionHistoryLimit: 10
264 k8s-app: dashboard-metrics-scraper
268 k8s-app: dashboard-metrics-scraper
271 - name: dashboard-metrics-scraper
272 image: kubernetesui/metrics-scraper:v1.0.1
274 - containerPort: 8000
281 initialDelaySeconds: 30
286 serviceAccountName: kubernetes-dashboard
287 # Comment the following tolerations if Dashboard must not be deployed on master
289 - key: node-role.kubernetes.io/master