1 # Copyright 2017 The Kubernetes Authors.
3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
7 # http://www.apache.org/licenses/LICENSE-2.0
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 # See the License for the specific language governing permissions and
13 # limitations under the License.
15 # ------------------- Dashboard Secrets ------------------- #
21 k8s-app: kubernetes-dashboard
22 name: kubernetes-dashboard-certs
23 namespace: kube-system
32 k8s-app: kubernetes-dashboard
33 name: kubernetes-dashboard-csrf
34 namespace: kube-system
40 # ------------------- Dashboard Service Account ------------------- #
46 k8s-app: kubernetes-dashboard
47 name: kubernetes-dashboard
48 namespace: kube-system
51 # ------------------- Dashboard Role & Role Binding ------------------- #
54 apiVersion: rbac.authorization.k8s.io/v1
56 name: kubernetes-dashboard-minimal
57 namespace: kube-system
59 # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
61 resources: ["secrets"]
63 # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
65 resources: ["configmaps"]
67 # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
69 resources: ["secrets"]
70 resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
71 verbs: ["get", "update", "delete"]
72 # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
74 resources: ["configmaps"]
75 resourceNames: ["kubernetes-dashboard-settings"]
76 verbs: ["get", "update"]
77 # Allow Dashboard to get metrics from heapster.
79 resources: ["services"]
80 resourceNames: ["heapster"]
83 resources: ["services/proxy"]
84 resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
88 apiVersion: rbac.authorization.k8s.io/v1
91 name: kubernetes-dashboard-minimal
92 namespace: kube-system
94 apiGroup: rbac.authorization.k8s.io
96 name: kubernetes-dashboard-minimal
98 - kind: ServiceAccount
99 name: kubernetes-dashboard
100 namespace: kube-system
103 # ------------------- Dashboard Deployment ------------------- #
109 k8s-app: kubernetes-dashboard
110 name: kubernetes-dashboard
111 namespace: kube-system
114 revisionHistoryLimit: 10
117 k8s-app: kubernetes-dashboard
121 k8s-app: kubernetes-dashboard
124 - name: kubernetes-dashboard
125 image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
127 - containerPort: 8443
130 - --auto-generate-certificates
131 # Uncomment the following line to manually specify Kubernetes API server Host
132 # If not specified, Dashboard will attempt to auto discover the API server and connect
133 # to it. Uncomment only if the default does not work.
134 # - --apiserver-host=http://my-address:port
136 - name: kubernetes-dashboard-certs
138 # Create on-disk volume to store exec logs
146 initialDelaySeconds: 30
149 - name: kubernetes-dashboard-certs
151 secretName: kubernetes-dashboard-certs
154 serviceAccountName: kubernetes-dashboard
155 # Comment the following tolerations if Dashboard must not be deployed on master
157 - key: node-role.kubernetes.io/master
161 # ------------------- Dashboard Service ------------------- #
167 k8s-app: kubernetes-dashboard
168 name: kubernetes-dashboard
169 namespace: kube-system
175 k8s-app: kubernetes-dashboard
176 {% if rke_dashboard_exposed %}