Upgrade Kubernetes Dashboard to v2.0.5

author Bartek Grzybowski <b.grzybowski@partner.samsung.com>

Wed, 31 Mar 2021 18:55:55 +0000 (20:55 +0200)

committer Bartek Grzybowski <b.grzybowski@partner.samsung.com>

Wed, 31 Mar 2021 19:04:55 +0000 (21:04 +0200)
author Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Wed, 31 Mar 2021 18:55:55 +0000 (20:55 +0200)
committer Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Wed, 31 Mar 2021 19:04:55 +0000 (21:04 +0200)
diff --git a/ansible/roles/rke/templates/kubernetes-dashboard.yaml.j2 b/ansible/roles/rke/templates/kubernetes-dashboard.yaml.j2

index 7dd9692..aca2dad 100644 (file)
--- a/ansible/roles/rke/templates/kubernetes-dashboard.yaml.j2
+++ b/ansible/roles/rke/templates/kubernetes-dashboard.yaml.j2
@@ -162,7 +162,6 @@ apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
@@ -194,7 +193,7 @@ spec:
      spec:
        containers:
          - name: kubernetes-dashboard
-          image: kubernetesui/dashboard:v2.0.0-beta4
+          image: kubernetesui/dashboard:v2.0.5
            imagePullPolicy: Always
            ports:
              - containerPort: 8443
@@ -219,6 +218,11 @@ spec:
                port: 8443
              initialDelaySeconds: 30
              timeoutSeconds: 30
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsUser: 1001
+            runAsGroup: 2001
        volumes:
          - name: kubernetes-dashboard-certs
            secret:
@@ -226,6 +230,8 @@ spec:
          - name: tmp-volume
            emptyDir: {}
        serviceAccountName: kubernetes-dashboard
+      nodeSelector:
+        "kubernetes.io/os": linux
        # Comment the following tolerations if Dashboard must not be deployed on master
        tolerations:
          - key: node-role.kubernetes.io/master
@@ -266,10 +272,12 @@ spec:
      metadata:
        labels:
          k8s-app: dashboard-metrics-scraper
+      annotations:
+        seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
      spec:
        containers:
          - name: dashboard-metrics-scraper
-          image: kubernetesui/metrics-scraper:v1.0.1
+          image: kubernetesui/metrics-scraper:v1.0.6
            ports:
              - containerPort: 8000
                protocol: TCP
@@ -283,7 +291,14 @@ spec:
            volumeMounts:
            - mountPath: /tmp
              name: tmp-volume
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsUser: 1001
+            runAsGroup: 2001
        serviceAccountName: kubernetes-dashboard
+      nodeSelector:
+        "kubernetes.io/os": linux
        # Comment the following tolerations if Dashboard must not be deployed on master
        tolerations:
          - key: node-role.kubernetes.io/master
diff --git a/build/data_lists/k8s_docker_images.list b/build/data_lists/k8s_docker_images.list

index c7b1dbf..ec6e8f8 100644 (file)
--- a/build/data_lists/k8s_docker_images.list
+++ b/build/data_lists/k8s_docker_images.list
@@ -1,3 +1,3 @@
  gcr.io/kubernetes-helm/tiller:v2.16.6
-kubernetesui/dashboard:v2.0.0-beta4
-kubernetesui/metrics-scraper:v1.0.1
+kubernetesui/dashboard:v2.0.5
+kubernetesui/metrics-scraper:v1.0.6
author	Bartek Grzybowski <b.grzybowski@partner.samsung.com>
	Wed, 31 Mar 2021 18:55:55 +0000 (20:55 +0200)
committer	Bartek Grzybowski <b.grzybowski@partner.samsung.com>
	Wed, 31 Mar 2021 19:04:55 +0000 (21:04 +0200)
ansible/roles/rke/templates/kubernetes-dashboard.yaml.j2		patch \| blob \| history
build/data_lists/k8s_docker_images.list		patch \| blob \| history