cluster_config_dir: "{{ app_data_path }}/cluster"
# Whether dashboard is exposed.
rke_dashboard_exposed: true
+rke_dns: {}
rke_etcd:
# By default rke creates bind mount:
# /var/lib/etcd -> /var/lib/rancher/etcd
rke:
# rke (rancher) images
- etcd: rancher/coreos-etcd:v3.2.24-rancher1
- alpine: rancher/rke-tools:v0.1.27
- nginx_proxy: rancher/rke-tools:v0.1.27
- cert_downloader: rancher/rke-tools:v0.1.27
- kubernetes_services_sidecar: rancher/rke-tools:v0.1.27
- kubedns: rancher/k8s-dns-kube-dns:1.15.0
- dnsmasq: rancher/k8s-dns-dnsmasq-nanny:1.15.0
- kubedns_sidecar: rancher/k8s-dns-sidecar:1.15.0
- kubedns_autoscaler: rancher/cluster-proportional-autoscaler:1.0.0
- coredns: coredns/coredns:1.2.6
- coredns_autoscaler: rancher/cluster-proportional-autoscaler:1.0.0
- kubernetes: rancher/hyperkube:v1.13.5-rancher1
- flannel: rancher/coreos-flannel:v0.10.0-rancher1
- flannel_cni: rancher/flannel-cni:v0.3.0-rancher1
- calico_node: rancher/calico-node:v3.4.0
- calico_cni: rancher/calico-cni:v3.4.0
- calico_controllers: ""
- calico_ctl: rancher/calico-ctl:v2.0.0
- canal_node: rancher/calico-node:v3.4.0
- canal_cni: rancher/calico-cni:v3.4.0
- canal_flannel: rancher/coreos-flannel:v0.10.0
- weave_node: weaveworks/weave-kube:2.5.0
- weave_cni: weaveworks/weave-npc:2.5.0
- pod_infra_container: rancher/pause:3.1
- ingress: rancher/nginx-ingress-controller:0.21.0-rancher3
- ingress_backend: rancher/nginx-ingress-controller-defaultbackend:1.4-rancher1
- metrics_server: rancher/metrics-server:v0.3.1
+ etcd: "rancher/coreos-etcd:v3.3.10-rancher1"
+ alpine: "rancher/rke-tools:v0.1.50"
+ nginx_proxy: "rancher/rke-tools:v0.1.50"
+ cert_downloader: "rancher/rke-tools:v0.1.50"
+ kubernetes_services_sidecar: "rancher/rke-tools:v0.1.50"
+ kubedns: "rancher/k8s-dns-kube-dns:1.15.0"
+ dnsmasq: "rancher/k8s-dns-dnsmasq-nanny:1.15.0"
+ kubedns_sidecar: "rancher/k8s-dns-sidecar:1.15.0"
+ kubedns_autoscaler: "rancher/cluster-proportional-autoscaler:1.3.0"
+ coredns: "rancher/coredns-coredns:1.3.1"
+ coredns_autoscaler: "rancher/cluster-proportional-autoscaler:1.3.0"
+ kubernetes: "rancher/hyperkube:v1.15.4-rancher1"
+ flannel: "rancher/coreos-flannel:v0.11.0-rancher1"
+ flannel_cni: "rancher/flannel-cni:v0.3.0-rancher5"
+ calico_node: "rancher/calico-node:v3.7.4"
+ calico_cni: "rancher/calico-cni:v3.7.4"
+ calico_controllers: "rancher/calico-kube-controllers:v3.7.4"
+ calico_ctl: "rancher/calico-ctl:v2.0.0"
+ canal_node: "rancher/calico-node:v3.7.4"
+ canal_cni: "rancher/calico-cni:v3.7.4"
+ canal_flannel: "rancher/coreos-flannel:v0.11.0"
+ weave_node: "weaveworks/weave-kube:2.5.2"
+ weave_cni: "weaveworks/weave-npc:2.5.2"
+ pod_infra_container: "rancher/pause:3.1"
+ ingress: "rancher/nginx-ingress-controller:nginx-0.25.1-rancher1"
+ ingress_backend: "rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1"
+ metrics_server: "rancher/metrics-server:v0.3.3"
# See the License for the specific language governing permissions and
# limitations under the License.
-# ------------------- Dashboard Secrets ------------------- #
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: kubernetes-dashboard
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ k8s-app: kubernetes-dashboard
+ name: kubernetes-dashboard
+ namespace: kubernetes-dashboard
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ k8s-app: kubernetes-dashboard
+ name: kubernetes-dashboard
+ namespace: kubernetes-dashboard
+spec:
+ ports:
+ - port: 443
+ targetPort: 8443
+ selector:
+ k8s-app: kubernetes-dashboard
+{% if rke_dashboard_exposed %}
+ type: NodePort
+{% endif %}
+
+---
apiVersion: v1
kind: Secret
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
- namespace: kube-system
+ namespace: kubernetes-dashboard
type: Opaque
---
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
- namespace: kube-system
+ namespace: kubernetes-dashboard
type: Opaque
data:
csrf: ""
---
-# ------------------- Dashboard Service Account ------------------- #
apiVersion: v1
-kind: ServiceAccount
+kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kube-system
+ name: kubernetes-dashboard-key-holder
+ namespace: kubernetes-dashboard
+type: Opaque
+
+---
+
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ labels:
+ k8s-app: kubernetes-dashboard
+ name: kubernetes-dashboard-settings
+ namespace: kubernetes-dashboard
---
-# ------------------- Dashboard Role & Role Binding ------------------- #
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
- name: kubernetes-dashboard-minimal
- namespace: kube-system
+ labels:
+ k8s-app: kubernetes-dashboard
+ name: kubernetes-dashboard
+ namespace: kubernetes-dashboard
rules:
- # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
-- apiGroups: [""]
- resources: ["secrets"]
- verbs: ["create"]
- # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
-- apiGroups: [""]
- resources: ["configmaps"]
- verbs: ["create"]
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
-- apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
-- apiGroups: [""]
- resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
- verbs: ["get", "update"]
- # Allow Dashboard to get metrics from heapster.
-- apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster"]
- verbs: ["proxy"]
-- apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
- verbs: ["get"]
+ - apiGroups: [""]
+ resources: ["secrets"]
+ resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
+ verbs: ["get", "update", "delete"]
+ # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ resourceNames: ["kubernetes-dashboard-settings"]
+ verbs: ["get", "update"]
+ # Allow Dashboard to get metrics.
+ - apiGroups: [""]
+ resources: ["services"]
+ resourceNames: ["heapster", "dashboard-metrics-scraper"]
+ verbs: ["proxy"]
+ - apiGroups: [""]
+ resources: ["services/proxy"]
+ resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
+ verbs: ["get"]
+
+---
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ labels:
+ k8s-app: kubernetes-dashboard
+ name: kubernetes-dashboard
+rules:
+ # Allow Metrics Scraper to get metrics from the Metrics server
+ - apiGroups: ["metrics.k8s.io"]
+ resources: ["pods", "nodes","namespaces","secrets","persistentvolumeclaims"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["","apps"]
+ resources: ["pods", "nodes","namespaces","secrets","persistentvolumeclaims","replicasets","deployments","events"]
+ verbs: ["get", "list", "watch"]
---
+
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
- name: kubernetes-dashboard-minimal
- namespace: kube-system
+ labels:
+ k8s-app: kubernetes-dashboard
+ name: kubernetes-dashboard
+ namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
- name: kubernetes-dashboard-minimal
+ name: kubernetes-dashboard
subjects:
-- kind: ServiceAccount
+ - kind: ServiceAccount
+ name: kubernetes-dashboard
+ namespace: kubernetes-dashboard
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: kubernetes-dashboard
+ namespace: kubernetes-dashboard
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
name: kubernetes-dashboard
- namespace: kube-system
+subjects:
+ - kind: ServiceAccount
+ name: kubernetes-dashboard
+ namespace: kubernetes-dashboard
---
-# ------------------- Dashboard Deployment ------------------- #
kind: Deployment
apiVersion: apps/v1
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
- namespace: kube-system
+ namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
k8s-app: kubernetes-dashboard
spec:
containers:
- - name: kubernetes-dashboard
- image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
- ports:
- - containerPort: 8443
- protocol: TCP
- args:
- - --auto-generate-certificates
- # Uncomment the following line to manually specify Kubernetes API server Host
- # If not specified, Dashboard will attempt to auto discover the API server and connect
- # to it. Uncomment only if the default does not work.
- # - --apiserver-host=http://my-address:port
- volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
- - mountPath: /tmp
- name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
+ - name: kubernetes-dashboard
+ image: kubernetesui/dashboard:v2.0.0-beta4
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8443
+ protocol: TCP
+ args:
+ - --auto-generate-certificates
+ - --namespace=kubernetes-dashboard
+ # Uncomment the following line to manually specify Kubernetes API server Host
+ # If not specified, Dashboard will attempt to auto discover the API server and connect
+ # to it. Uncomment only if the default does not work.
+ # - --apiserver-host=http://my-address:port
+ volumeMounts:
+ - name: kubernetes-dashboard-certs
+ mountPath: /certs
+ # Create on-disk volume to store exec logs
+ - mountPath: /tmp
+ name: tmp-volume
+ livenessProbe:
+ httpGet:
+ scheme: HTTPS
+ path: /
+ port: 8443
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
+ - name: kubernetes-dashboard-certs
+ secret:
+ secretName: kubernetes-dashboard-certs
+ - name: tmp-volume
+ emptyDir: {}
serviceAccountName: kubernetes-dashboard
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- - key: node-role.kubernetes.io/master
- effect: NoSchedule
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
---
-# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kube-system
+ k8s-app: dashboard-metrics-scraper
+ name: dashboard-metrics-scraper
+ namespace: kubernetes-dashboard
spec:
ports:
- - port: 443
- targetPort: 8443
+ - port: 8000
+ targetPort: 8000
selector:
- k8s-app: kubernetes-dashboard
-{% if rke_dashboard_exposed %}
- type: NodePort
-{% endif %}
+ k8s-app: dashboard-metrics-scraper
+
+---
+
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ k8s-app: dashboard-metrics-scraper
+ name: dashboard-metrics-scraper
+ namespace: kubernetes-dashboard
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ k8s-app: dashboard-metrics-scraper
+ template:
+ metadata:
+ labels:
+ k8s-app: dashboard-metrics-scraper
+ spec:
+ containers:
+ - name: dashboard-metrics-scraper
+ image: kubernetesui/metrics-scraper:v1.0.1
+ ports:
+ - containerPort: 8000
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ scheme: HTTP
+ path: /
+ port: 8000
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard
+ # Comment the following tolerations if Dashboard must not be deployed on master
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
+ volumes:
+ - name: tmp-volume
+ emptyDir: {}
-coredns/coredns:1.2.6
-gcr.io/kubernetes-helm/tiller:v2.12.3
-k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
-rancher/calico-cni:v3.4.0
+rancher/calico-cni:v3.7.4
rancher/calico-ctl:v2.0.0
-rancher/calico-node:v3.4.0
-rancher/cluster-proportional-autoscaler:1.0.0
-rancher/coreos-etcd:v3.2.24-rancher1
-rancher/coreos-flannel:v0.10.0
-rancher/coreos-flannel:v0.10.0-rancher1
-rancher/flannel-cni:v0.3.0-rancher1
-rancher/hyperkube:v1.13.5-rancher1
+rancher/calico-kube-controllers:v3.7.4
+rancher/calico-node:v3.7.4
+rancher/cluster-proportional-autoscaler:1.3.0
+rancher/coredns-coredns:1.3.1
+rancher/coreos-etcd:v3.3.10-rancher1
+rancher/coreos-flannel:v0.11.0
+rancher/coreos-flannel:v0.11.0-rancher1
+rancher/flannel-cni:v0.3.0-rancher5
+rancher/hyperkube:v1.15.4-rancher1
rancher/k8s-dns-dnsmasq-nanny:1.15.0
rancher/k8s-dns-kube-dns:1.15.0
rancher/k8s-dns-sidecar:1.15.0
-rancher/metrics-server:v0.3.1
-rancher/nginx-ingress-controller-defaultbackend:1.4-rancher1
-rancher/nginx-ingress-controller:0.21.0-rancher3
+rancher/metrics-server:v0.3.3
+rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1
+rancher/nginx-ingress-controller:nginx-0.25.1-rancher1
rancher/pause:3.1
-rancher/rke-tools:v0.1.27
-weaveworks/weave-kube:2.5.0
-weaveworks/weave-npc:2.5.0
+rancher/rke-tools:v0.1.50
+weaveworks/weave-kube:2.5.2
+weaveworks/weave-npc:2.5.2
Code Review / oom / offline-installer.git / commitdiff