feat(helm)!: Update Chart kubernetes-dashboard to 7.10.4

[renovate]

This PR contains the following updates:

Package	Update	Change
kubernetes-dashboard	major	5.8.0 -> 7.10.4

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

kubernetes/dashboard (kubernetes-dashboard)

v7.10.4

Compare Source

What's Changed

• fix: use correct Kong service port for ingress based on TLS settings by @​hamadodene in https://github.com/kubernetes/dashboard/pull/9863

New Contributors

• @​hamadodene made their first contribution in https://github.com/kubernetes/dashboard/pull/9863

Full Changelog: kubernetes/dashboard@kubernetes-dashboard-7.10.3...kubernetes-dashboard-7.10.4

Installation

helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard

Compatibility

Kubernetes version	1.29	1.30	1.31	1.32
Compatibility	?	?	?	✓

• ✓ Fully supported version range.
• ? Due to breaking changes between Kubernetes API versions, some features might not work correctly in the Dashboard.

Images

docker.io/kubernetesui/dashboard-api:1.10.2
docker.io/kubernetesui/dashboard-auth:1.2.3
docker.io/kubernetesui/dashboard-metrics-scraper:1.2.2
docker.io/kubernetesui/dashboard-web:1.6.1

v7.10.3

Compare Source

What's Changed

• chore(chart): further extend services configuration by @​floreks in https://github.com/kubernetes/dashboard/pull/9904

Full Changelog: kubernetes/dashboard@kubernetes-dashboard-7.10.2...kubernetes-dashboard-7.10.3

Installation

helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard

Compatibility

Kubernetes version	1.29	1.30	1.31	1.32
Compatibility	?	?	?	✓

• ✓ Fully supported version range.
• ? Due to breaking changes between Kubernetes API versions, some features might not work correctly in the Dashboard.

Images

docker.io/kubernetesui/dashboard-api:1.10.2
docker.io/kubernetesui/dashboard-auth:1.2.3
docker.io/kubernetesui/dashboard-metrics-scraper:1.2.2
docker.io/kubernetesui/dashboard-web:1.6.1

v7.10.2

Compare Source

What's Changed

• docs: Fixing redirects from docs/user-guide which were removed in website repo by @​panyam in https://github.com/kubernetes/dashboard/pull/9851
• fix: workload charts are black for certain languages by @​HanNguyen-dev in https://github.com/kubernetes/dashboard/pull/9067
• chore(deps): bump github.com/air-verse/air from 1.61.5 to 1.61.7 in /modules/common/tools by @​dependabot in https://github.com/kubernetes/dashboard/pull/9867
• chore(deps): bump core-js from 3.39.0 to 3.40.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9840
• chore(deps): bump docker/setup-qemu-action from 3.2.0 to 3.3.0 by @​dependabot in https://github.com/kubernetes/dashboard/pull/9841
• chore(deps-dev): bump @​graphql-mesh/transform-replace-field from 0.103.11 to 0.103.12 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9843
• chore(deps-dev): bump wait-on from 8.0.1 to 8.0.2 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9844
• chore(deps): bump ace-builds from 1.37.3 to 1.37.5 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9864
• chore(deps-dev): bump @​graphql-mesh/runtime from 0.105.11 to 0.105.12 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9845
• chore(deps-dev): bump @​graphql-mesh/cli from 0.98.16 to 0.98.17 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9842
• chore(deps-dev): bump @​graphql-mesh/openapi from 0.108.12 to 0.108.14 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9859
• chore(deps-dev): bump @​types/node from 22.10.5 to 22.10.7 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9868
• chore(deps-dev): bump sass from 1.83.1 to 1.83.4 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9869
• chore(deps-dev): bump ts-loader from 9.5.1 to 9.5.2 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9870
• chore(deps-dev): bump eslint-config-prettier from 9.1.0 to 10.0.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9875
• chore(deps): bump helm/chart-releaser-action from 1.6.0 to 1.7.0 by @​dependabot in https://github.com/kubernetes/dashboard/pull/9871
• chore(deps): bump helm/chart-testing-action from 2.6.1 to 2.7.0 by @​dependabot in https://github.com/kubernetes/dashboard/pull/9872
• chore(deps): bump actions/setup-go from 5.2.0 to 5.3.0 by @​dependabot in https://github.com/kubernetes/dashboard/pull/9873
• chore(deps-dev): bump lint-staged from 15.3.0 to 15.4.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9877
• chore(deps-dev): bump stylelint from 16.12.0 to 16.13.2 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9878
• chore(deps-dev): bump @​typescript-eslint/parser from 8.19.1 to 8.21.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9880
• chore(deps-dev): bump eslint-plugin-prettier from 5.2.1 to 5.2.3 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9874
• chore(deps): bump codecov/codecov-action from 5.1.2 to 5.2.0 by @​dependabot in https://github.com/kubernetes/dashboard/pull/9882
• chore(deps-dev): bump jest-preset-angular from 14.4.2 to 14.5.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9879
• chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.19.1 to 8.21.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9876
• Cronjob status.lastSuccessfulTime not populated by a manually triggered job by @​avanish23 in https://github.com/kubernetes/dashboard/pull/9881
• chore(deps): bump codecov/codecov-action from 5.2.0 to 5.3.0 by @​dependabot in https://github.com/kubernetes/dashboard/pull/9883
• chore(deps-dev): bump @​graphql-mesh/transform-replace-field from 0.103.12 to 0.103.13 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9884
• chore(deps-dev): bump @​types/node from 22.10.7 to 22.10.10 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9887
• chore(deps-dev): bump cypress from 13.17.0 to 14.0.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9889
• chore(deps-dev): bump lint-staged from 15.4.1 to 15.4.2 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9890
• chore(deps-dev): bump @​graphql-mesh/openapi from 0.108.14 to 0.108.15 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9888
• chore(deps-dev): bump @​graphql-mesh/cli from 0.98.17 to 0.98.18 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9885
• chore(deps-dev): bump @​graphql-mesh/runtime from 0.105.12 to 0.105.13 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9886
• chore(chart): release 7.10.2 by @​floreks in https://github.com/kubernetes/dashboard/pull/9903

New Contributors

• @​panyam made their first contribution in https://github.com/kubernetes/dashboard/pull/9851
• @​HanNguyen-dev made their first contribution in https://github.com/kubernetes/dashboard/pull/9067

Full Changelog: kubernetes/dashboard@kubernetes-dashboard-7.10.1...kubernetes-dashboard-7.10.2

Installation

helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard

Compatibility

Kubernetes version	1.29	1.30	1.31	1.32
Compatibility	?	?	?	✓

• ✓ Fully supported version range.
• ? Due to breaking changes between Kubernetes API versions, some features might not work correctly in the Dashboard.

Images

docker.io/kubernetesui/dashboard-api:1.10.2
docker.io/kubernetesui/dashboard-auth:1.2.3
docker.io/kubernetesui/dashboard-metrics-scraper:1.2.2
docker.io/kubernetesui/dashboard-web:1.6.1

v7.10.1

Compare Source

What's Changed

• chore(deps-dev): bump @​types/node from 22.8.4 to 22.9.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9633
• chore(deps-dev): bump @​graphql-mesh/runtime from 0.103.11 to 0.103.12 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9617
• chore(deps): bump tslib from 2.8.0 to 2.8.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9625
• chore(deps): bump core-js from 3.38.1 to 3.39.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9618
• chore(deps-dev): bump sass from 1.80.5 to 1.80.6 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9630
• chore(deps-dev): bump stylelint-no-unsupported-browser-features from 8.0.1 to 8.0.2 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9631
• chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 in /modules/auth by @​dependabot in https://github.com/kubernetes/dashboard/pull/9632
• chore(deps-dev): bump @​graphql-mesh/openapi from 0.107.4 to 0.107.5 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9616
• chore(deps-dev): bump sass-loader from 16.0.2 to 16.0.3 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9624
• chore(deps-dev): bump @​graphql-mesh/transform-replace-field from 0.102.10 to 0.102.11 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9619
• chore(deps-dev): bump concurrently from 9.0.1 to 9.1.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9636
• chore(deps-dev): bump @​graphql-mesh/cli from 0.93.0 to 0.97.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9642
• chore(deps-dev): bump @​typescript-eslint/parser from 8.12.2 to 8.13.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9640
• chore(deps-dev): bump @​graphql-mesh/runtime from 0.103.12 to 0.104.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9639
• chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.12.2 to 8.13.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9637
• chore(deps): bump ace-builds from 1.36.3 to 1.36.4 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9638
• chore(deps-dev): bump cypress from 13.15.1 to 13.15.2 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9641
• chore(deps): bump golang.org/x/text from 0.19.0 to 0.20.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9643
• chore(deps): bump sigs.k8s.io/kind from 0.24.0 to 0.25.0 in /modules/common/tools by @​dependabot in https://github.com/kubernetes/dashboard/pull/9645
• chore(deps-dev): bump @​graphql-mesh/openapi from 0.107.5 to 0.107.6 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9648
• chore(deps-dev): bump sass from 1.80.6 to 1.80.7 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9655
• chore(deps-dev): bump @​typescript-eslint/parser from 8.13.0 to 8.14.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9652
• chore(deps-dev): bump @​graphql-mesh/runtime from 0.104.0 to 0.104.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9646
• chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.13.0 to 8.14.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9651
• chore(deps-dev): bump @​graphql-mesh/cli from 0.97.0 to 0.97.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9647
• chore(deps): bump codecov/codecov-action from 4.6.0 to 5.0.0 by @​dependabot in https://github.com/kubernetes/dashboard/pull/9659
• chore(deps-dev): bump sass from 1.80.7 to 1.81.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9660
• chore(deps): bump @​swimlane/ngx-charts from 20.5.0 to 21.0.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9661
• chore(deps-dev): bump @​graphql-mesh/transform-replace-field from 0.102.11 to 0.102.12 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9649
• chore(deps): bump ace-builds from 1.36.4 to 1.36.5 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9662
• chore(deps): bump codecov/codecov-action from 5.0.0 to 5.0.2 by @​dependabot in https://github.com/kubernetes/dashboard/pull/9663
• chore(deps-dev): bump @​graphql-mesh/runtime from 0.104.1 to 0.104.2 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9667
• chore(deps-dev): bump jest-preset-angular from 14.2.4 to 14.3.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9669
• chore(deps-dev): bump @​graphql-mesh/openapi from 0.107.6 to 0.107.7 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9666
• chore(deps-dev): bump @​graphql-mesh/transform-replace-field from 0.102.12 to 0.102.13 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9665
• chore(deps-dev): bump @​graphql-mesh/cli from 0.97.1 to 0.97.2 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9668
• chore(deps): bump cross-spawn from 7.0.3 to 7.0.5 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9670
• chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.14.0 to 8.15.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9671
• chore(deps-dev): bump husky from 9.1.6 to 9.1.7 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9672
• chore(deps-dev): bump jest-preset-angular from 14.3.0 to 14.3.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9673
• chore(deps-dev): bump @​typescript-eslint/parser from 8.14.0 to 8.15.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9674
• chore(deps-dev): bump @​types/node from 22.9.0 to 22.9.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9681
• chore(deps): bump codecov/codecov-action from 5.0.2 to 5.0.4 by @​dependabot in https://github.com/kubernetes/dashboard/pull/9676
• chore(deps): bump ngx-cookie-service from 18.0.0 to 19.0.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9677
• chore(deps-dev): bump jest-preset-angular from 14.3.1 to 14.3.2 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9679
• chore(deps-dev): bump cypress from 13.15.2 to 13.16.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9680
• chore(deps): bump codecov/codecov-action from 5.0.4 to 5.0.7 by @​dependabot in https://github.com/kubernetes/dashboard/pull/9690
• chore(deps-dev): bump @​graphql-mesh/cli from 0.97.2 to 0.98.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9692
• chore(deps-dev): bump @​graphql-mesh/openapi from 0.107.7 to 0.108.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9694
• chore(deps-dev): bump @​graphql-mesh/runtime from 0.104.2 to 0.105.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9691
• chore(deps-dev): bump @​graphql-mesh/transform-replace-field from 0.102.13 to 0.103.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9693
• chore(deps-dev): bump ng-extract-i18n-merge from 2.12.0 to 2.13.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9698
• chore(deps-dev): bump jest-preset-angular from 14.3.2 to 14.3.3 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9699
• chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.15.0 to 8.16.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9706
• chore(deps-dev): bump prettier from 3.3.3 to 3.4.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9716
• chore(deps-dev): bump @​graphql-mesh/openapi from 0.108.0 to 0.108.5 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9724
• chore(deps-dev): bump @​graphql-mesh/cli from 0.98.0 to 0.98.5 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9723
• chore(deps-dev): bump ng-extract-i18n-merge from 2.13.0 to 2.13.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9717
• chore(deps-dev): bump @​types/node from 22.9.1 to 22.10.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9718
• chore(deps-dev): bump @​types/jasmine from 5.1.4 to 5.1.5 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9728
• chore(deps-dev): bump @​graphql-mesh/transform-replace-field from 0.103.0 to 0.103.5 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9721
• chore(deps-dev): bump @​typescript-eslint/parser from 8.15.0 to 8.17.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9726
• chore(deps-dev): bump @​graphql-mesh/runtime from 0.105.0 to 0.105.5 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9722
• chore(deps-dev): bump node-gyp from 10.2.0 to 10.3.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9725
• chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.15.0 to 8.17.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9727
• fix: typo error in args for api module by @​warjiang in https://github.com/kubernetes/dashboard/pull/9741
• chore(deps-dev): bump sass-loader from 16.0.3 to 16.0.4 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9738
• chore(deps-dev): bump jest-preset-angular from 14.3.3 to 14.4.2 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9731
• chore(deps): bump golang.org/x/text from 0.20.0 to 0.21.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9739
• chore(deps): bump codecov/codecov-action from 5.0.7 to 5.1.1 by @​dependabot in https://github.com/kubernetes/dashboard/pull/9740
• chore(deps-dev): bump cypress from 13.16.0 to 13.16.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9737
• chore(deps-dev): bump stylelint from 16.10.0 to 16.11.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9730
• chore(deps-dev): bump jasmine-core from 5.4.0 to 5.5.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9733
• chore(deps-dev): bump prettier from 3.4.1 to 3.4.2 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9734
• chore(deps-dev): bump node-gyp from 10.3.1 to 11.0.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9736
• chore(deps-dev): bump stylelint-config-standard-scss from 13.1.0 to 14.0.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9729
• chore(deps-dev): bump sass from 1.81.0 to 1.82.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9732
• chore(deps): bump github.com/gohugoio/hugo from 0.134.3 to 0.139.4 in /modules/common/tools by @​dependabot in https://github.com/kubernetes/dashboard/pull/9743
• chore(deps): bump nanoid from 3.3.7 to 3.3.8 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9744
• chore(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by @​dependabot in https://github.com/kubernetes/dashboard/pull/9753
• chore(deps-dev): bump @​typescript-eslint/parser from 8.17.0 to 8.18.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9751
• chore(deps-dev): bump lint-staged from 15.2.10 to 15.2.11 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9761
• chore(deps-dev): bump @​graphql-mesh/runtime from 0.105.5 to 0.105.6 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9747
• chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.17.0 to 8.18.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9748
• chore(deps-dev): bump @​graphql-mesh/openapi from 0.108.5 to 0.108.6 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9752
• chore(deps-dev): bump @​graphql-mesh/cli from 0.98.5 to 0.98.7 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9749
• chore(deps-dev): bump @​graphql-mesh/transform-replace-field from 0.103.5 to 0.103.8 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9767
• chore(deps-dev): bump @​graphql-mesh/transform-replace-field from 0.103.8 to 0.103.9 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9787
• chore(deps): bump golang.org/x/crypto from 0.26.0 to 0.31.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9768
• chore(deps): bump golang.org/x/crypto from 0.28.0 to 0.31.0 in /modules/api by @​dependabot in https://github.com/kubernetes/dashboard/pull/9769
• chore(deps): bump golang.org/x/crypto from 0.29.0 to 0.31.0 in /modules/common/tools by @​dependabot in https://github.com/kubernetes/dashboard/pull/9770
• chore(deps-dev): bump @​types/node from 22.10.1 to 22.10.2 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9771
• chore(deps-dev): bump webpack-dev-server from 5.1.0 to 5.2.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9779
• chore(deps-dev): bump @​graphql-mesh/runtime from 0.105.6 to 0.105.8 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9772
• chore(deps-dev): bump sass from 1.82.0 to 1.83.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9786
• chore(deps-dev): bump @​graphql-mesh/cli from 0.98.7 to 0.98.10 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9785
• Correct misplaced quoting in sample user documentation. by @​jgiszczak in https://github.com/kubernetes/dashboard/pull/9742
• chore(deps-dev): bump @​graphql-mesh/openapi from 0.108.6 to 0.108.8 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9777
• chore(deps-dev): bump graphql from 16.9.0 to 16.10.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9789
• chore(deps-dev): bump stylelint from 16.11.0 to 16.12.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9790
• chore(deps-dev): bump @​graphql-mesh/openapi from 0.108.8 to 0.108.10 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9792
• chore(deps-dev): bump @​graphql-mesh/cli from 0.98.10 to 0.98.14 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9793
• chore(deps-dev): bump @​graphql-mesh/openapi from 0.108.10 to 0.108.11 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9797
• chore(deps-dev): bump @​typescript-eslint/parser from 8.18.0 to 8.18.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9801
• chore(deps): bump docker/setup-buildx-action from 3.7.1 to 3.8.0 by @​dependabot in https://github.com/kubernetes/dashboard/pull/9803
• chore(deps-dev): bump @​graphql-mesh/transform-replace-field from 0.103.9 to 0.103.10 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9798
• chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.18.0 to 8.18.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9800
• chore(deps-dev): bump @​graphql-mesh/runtime from 0.105.8 to 0.105.9 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9799
• chore(deps): bump github.com/air-verse/air from 1.61.1 to 1.61.5 in /modules/common/tools by @​dependabot in https://github.com/kubernetes/dashboard/pull/9795
• chore(deps): bump ace-builds from 1.36.5 to 1.37.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9806
• chore(deps-dev): bump cypress from 13.16.1 to 13.17.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9807
• chore(deps): bump @​swimlane/ngx-charts from 21.0.0 to 21.1.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9808
• chore(deps): bump codecov/codecov-action from 5.1.1 to 5.1.2 by @​dependabot in https://github.com/kubernetes/dashboard/pull/9810
• chore(deps): bump ace-builds from 1.37.0 to 1.37.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9812
• chore(deps): bump @​swimlane/ngx-charts from 21.1.0 to 21.1.2 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9813
• chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.18.1 to 8.18.2 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9814
• chore(deps): bump helm/kind-action from 1.10.0 to 1.12.0 by @​dependabot in https://github.com/kubernetes/dashboard/pull/9816
• chore(deps-dev): bump @​graphql-mesh/transform-replace-field from 0.103.10 to 0.103.11 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9819
• chore(deps-dev): bump @​typescript-eslint/parser from 8.18.1 to 8.18.2 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9815
• chore(deps-dev): bump @​graphql-mesh/openapi from 0.108.11 to 0.108.12 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9820
• chore(deps-dev): bump @​graphql-mesh/runtime from 0.105.9 to 0.105.10 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9817
• chore(deps-dev): bump @​graphql-mesh/cli from 0.98.14 to 0.98.15 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9818
• chore(deps-dev): bump lint-staged from 15.2.11 to 15.3.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9821
• chore(deps-dev): bump concurrently from 9.1.0 to 9.1.2 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9825
• chore(deps-dev): bump @​graphql-mesh/runtime from 0.105.10 to 0.105.11 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9827
• chore(deps-dev): bump @​types/node from 22.10.2 to 22.10.5 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9831
• chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.18.2 to 8.19.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9823
• chore(deps-dev): bump @​graphql-mesh/cli from 0.98.15 to 0.98.16 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9828
• chore(deps-dev): bump @​typescript-eslint/parser from 8.18.2 to 8.19.0 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9824
• chore(deps): Bump k8s modules to 0.32.0 by @​shu-mutou in https://github.com/kubernetes/dashboard/pull/9794
• chore(deps): fix dependency vulnerabilities by @​floreks in https://github.com/kubernetes/dashboard/pull/9838
• chore(deps-dev): bump sass from 1.83.0 to 1.83.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9833
• chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.19.0 to 8.19.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9835
• chore(deps-dev): bump @​typescript-eslint/parser from 8.19.0 to 8.19.1 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9834
• chore(deps): bump ace-builds from 1.37.1 to 1.37.3 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9839
• chore(chart): release 7.10.1 by @​floreks in https://github.com/kubernetes/dashboard/pull/9849

New Contributors

• @​warjiang made their first contribution in https://github.com/kubernetes/dashboard/pull/9741
• @​jgiszczak made their first contribution in https://github.com/kubernetes/dashboard/pull/9742

Full Changelog: kubernetes/dashboard@kubernetes-dashboard-7.10.0...kubernetes-dashboard-7.10.1

Installation

helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard

Compatibility

Kubernetes version	1.29	1.30	1.31	1.32
Compatibility	?	?	?	✓

• ✓ Fully supported version range.
• ? Due to breaking changes between Kubernetes API versions, some features might not work correctly in the Dashboard.

Images

docker.io/kubernetesui/dashboard-api:1.10.2
docker.io/kubernetesui/dashboard-auth:1.2.3
docker.io/kubernetesui/dashboard-metrics-scraper:1.2.2
docker.io/kubernetesui/dashboard-web:1.6.1

v7.10.0

Compare Source

What's Changed

• fix(api): ssar resource kind name and resource updates by @​floreks in https://github.com/kubernetes/dashboard/pull/9599
• fix(signin button): signin button is clickable when token is autofilled by browser by @​lsq645599166 in https://github.com/kubernetes/dashboard/pull/9610
• feat: allow hiding "All namespaces" in namespaces dropdown list by @​avanish23 in https://github.com/kubernetes/dashboard/pull/9547
• chore(chart): release 7.10.0 by @​floreks in https://github.com/kubernetes/dashboard/pull/9621

Dependency updates

• chore(deps-dev): bump @​babel/core from 7.25.8 to 7.25.9 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9565
• chore(deps-dev): bump @​types/node from 22.7.8 to 22.7.9 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9569
• chore(deps): bump http-proxy-middleware from 2.0.6 to 2.0.7 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9574
• chore(deps-dev): bump @​graphql-mesh/transform-replace-field from 0.102.7 to 0.102.9 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9578
• chore(deps-dev): bump @​graphql-mesh/openapi from 0.107.1 to 0.107.3 in /modules/web by @​dependabot in https://github.com/kubernetes/dashboard/pull/9575
• chore(deps-dev): bump @​babel/preset-env from 7.25.8 to 7.25.9 in /modules/web by @​dependabot in [https://github.com/chore(deps-dev): bump @babel/preset-env from 7.25.8 to 7.25.9 in /modules/web kubernetes/dashboard#9564](https://redirect.github.com/kubernetes/das

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.0.0

@@ -1,5 +1,15 @@
 ---
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
+# Source: kubernetes-dashboard/charts/kong/templates/service-account.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: kubernetes-dashboard-kong
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+# Source: kubernetes-dashboard/templates/rbac/api/serviceaccount.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,17 +23,16 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/serviceaccount.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -38,42 +47,125 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
-# kubernetes-dashboard-certs
 apiVersion: v1
-kind: Secret
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/rbac/web/serviceaccount.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: v1
+kind: ServiceAccount
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+# Source: kubernetes-dashboard/templates/secrets/csrf.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 ---
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
 apiVersion: v1
 kind: Secret
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
 name: kubernetes-dashboard-csrf
-type: Opaque
+data:
+ private.key: "QjdYcXNYUVo4M0ZuN1hrNEFJWnc5RVROdmYrVFFUWVBHbDdNVG9OV0NmdTlTdmEyM0xEZVBMVEdaZ2ZreU9UQk56dUNLbnpqMFllaEM2TFBlajQvK3RiNWR3M2F2SGQzakJKU3Rtcm9BK0RCSUZwSWVYMHpBMEYyZ0JlNVExclR6aUwvMk1wQSsxZGxLQ1hqL1ZuTzNpYUpaaUdobzRNanVmcmpPQXVFNnEzQURvNXN2QTd2SlN1UGsyalB4aGpxSzhhN2VpMHdSRGpYUW12Zk5RQlJiVllBQkdLZkFwM1dlcnhSRHk0MXBVcjlLbkQ2WC9pVVdreTB0OEs0QkY5NTZZR2ZlM3RCZ092cDVMNkViUmwrWGo0Y2FkQXpaN3M3S1N2bjBuNGs0TVIwWWZkRitWTSsvUDlIYTdIRm81K2hSajZ3U3ZnTllWNU9WaGJLelF3akRnPT0="
+# Source: kubernetes-dashboard/templates/config/gateway.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 ---
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
 apiVersion: v1
-kind: Secret
+kind: ConfigMap
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kong-dbless-config
+data:
+ kong.yml: |
+ _format_version: "3.0"
+ services:
+ - name: auth
+ host: kubernetes-dashboard-auth
+ port: 8000
+ protocol: http
+ routes:
+ - name: authLogin
+ paths:
+ - /api/v1/login
+ strip_path: false
+ - name: authCsrf
+ paths:
+ - /api/v1/csrftoken/login
+ strip_path: false
+ - name: api
+ host: kubernetes-dashboard-api
+ port: 8000
+ protocol: http
+ routes:
+ - name: api
+ paths:
+ - /api
+ strip_path: false
+ - name: metrics
+ paths:
+ - /metrics
+ strip_path: false
+ - name: web
+ host: kubernetes-dashboard-web
+ port: 8000
+ protocol: http
+ routes:
+ - name: root
+ paths:
+ - /
+ strip_path: false
+# Source: kubernetes-dashboard/templates/config/settings.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -92,14 +184,12 @@
 kind: ConfigMap
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
 name: kubernetes-dashboard-settings
 data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/clusterrole.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -117,18 +207,17 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
- name: "kubernetes-dashboard-metrics"
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 rules:
 # Allow Metrics Scraper to get metrics from the Metrics server
 - apiGroups: ["metrics.k8s.io"]
 resources: ["pods", "nodes"]
 verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/clusterrolebinding.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -146,21 +235,20 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
- name: "kubernetes-dashboard-metrics"
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: ClusterRole
- name: kubernetes-dashboard-metrics
+ name: kubernetes-dashboard-metrics-scraper
 subjects:
 - kind: ServiceAccount
- name: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
+# Source: kubernetes-dashboard/templates/rbac/api/role.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -175,36 +263,50 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
-apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
- name: kubernetes-dashboard
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
+ # Allow Dashboard API to get metrics from metrics-scraper.
 - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
+ resources: ["services/proxy"]
+ resourceNames: ["kubernetes-dashboard-metrics-scraper", "http:kubernetes-dashboard-metrics-scraper"]
+ verbs: ["get"]
+# Source: kubernetes-dashboard/templates/rbac/web/role.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+rules:
+ # Allow Dashboard Web to get and update 'kubernetes-dashboard-settings' config map.
 - apiGroups: [""]
 resources: ["configmaps"]
 resourceNames: ["kubernetes-dashboard-settings"]
 verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
+# Source: kubernetes-dashboard/templates/rbac/api/rolebinding.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -222,21 +324,19 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
- name: kubernetes-dashboard
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: Role
- name: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 subjects:
 - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
+ name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/rbac/web/rolebinding.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -251,28 +351,169 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: kubernetes-dashboard-web
+subjects:
+ - kind: ServiceAccount
+ name: kubernetes-dashboard-web
+---
+# Source: kubernetes-dashboard/charts/kong/templates/service-kong-manager.yaml
 apiVersion: v1
 kind: Service
 metadata:
- name: kubernetes-dashboard
+ name: kubernetes-dashboard-kong-manager
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+spec:
+ type: NodePort
+ ports:
+ - name: kong-manager
+ port: 8002
+ targetPort: 8002
+ protocol: TCP
+ - name: kong-manager-tls
+ port: 8445
+ targetPort: 8445
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+---
+# Source: kubernetes-dashboard/charts/kong/templates/service-kong-proxy.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: kubernetes-dashboard-kong-proxy
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ enable-metrics: "true"
+spec:
+ type: ClusterIP
+ ports:
+ - name: kong-proxy-tls
+ port: 443
+ targetPort: 8443
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+# Source: kubernetes-dashboard/templates/services/api.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Service
+apiVersion: v1
+metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
+ name: kubernetes-dashboard-api
+spec:
+ ports:
+ - name: api
+ port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/services/auth.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ name: kubernetes-dashboard-auth
+spec:
+ ports:
+ - name: auth
+ port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+# Source: kubernetes-dashboard/templates/services/metrics-scraper.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ name: kubernetes-dashboard-metrics-scraper
 spec:
- type: ClusterIP
 ports:
- - port: 443
- targetPort: https
- name: https
+ - port: 8000
 selector:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/services/web.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -287,109 +528,602 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ name: kubernetes-dashboard-web
+spec:
+ ports:
+ - name: web
+ port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+---
+# Source: kubernetes-dashboard/charts/kong/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
- name: kubernetes-dashboard
- annotations:
+ name: kubernetes-dashboard-kong
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/component: app
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ template:
+ metadata:
+ annotations:
+ kuma.io/service-account-token-volume: kubernetes-dashboard-kong-token
+ kuma.io/gateway: "enabled"
+ traffic.sidecar.istio.io/includeInboundPorts: ""
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/component: app
+ app: kubernetes-dashboard-kong
+ version: "3.6"
+ spec:
+ serviceAccountName: kubernetes-dashboard-kong
+ automountServiceAccountToken: false
+ initContainers:
+ - name: clear-stale-pid
+ image: kong:3.6
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+ seccompProfile:
+ type: RuntimeDefault
+ resources: {}
+ command:
+ - "rm"
+ - "-vrf"
+ - "$KONG_PREFIX/pids"
+ env:
+ - name: KONG_ADMIN_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_GUI_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_GUI_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_LISTEN
+ value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl"
+ - name: KONG_CLUSTER_LISTEN
+ value: "off"
+ - name: KONG_DATABASE
+ value: "off"
+ - name: KONG_DECLARATIVE_CONFIG
+ value: "/kong_dbless/kong.yml"
+ - name: KONG_DNS_ORDER
+ value: "LAST,A,SRV,CNAME"
+ - name: KONG_LUA_PACKAGE_PATH
+ value: "/opt/?.lua;/opt/?/init.lua;;"
+ - name: KONG_NGINX_WORKER_PROCESSES
+ value: "2"
+ - name: KONG_PORTAL_API_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PORTAL_API_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PORT_MAPS
+ value: "443:8443"
+ - name: KONG_PREFIX
+ value: "/kong_prefix/"
+ - name: KONG_PROXY_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PROXY_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PROXY_LISTEN
+ value: "0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl"
+ - name: KONG_PROXY_STREAM_ACCESS_LOG
+ value: "/dev/stdout basic"
+ - name: KONG_PROXY_STREAM_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ROUTER_FLAVOR
+ value: "traditional"
+ - name: KONG_STATUS_ACCESS_LOG
+ value: "off"
+ - name: KONG_STATUS_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_STATUS_LISTEN
+ value: "0.0.0.0:8100, [::]:8100"
+ - name: KONG_STREAM_LISTEN
+ value: "off"
+ volumeMounts:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ mountPath: /kong_prefix/
+ - name: kubernetes-dashboard-kong-tmp
+ mountPath: /tmp
+ - name: kong-custom-dbless-config-volume
+ mountPath: /kong_dbless/
+ containers:
+ - name: "proxy"
+ image: kong:3.6
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+ seccompProfile:
+ type: RuntimeDefault
+ env:
+ - name: KONG_ADMIN_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_GUI_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_GUI_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_LISTEN
+ value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl"
+ - name: KONG_CLUSTER_LISTEN
+ value: "off"
+ - name: KONG_DATABASE
+ value: "off"
+ - name: KONG_DECLARATIVE_CONFIG
+ value: "/kong_dbless/kong.yml"
+ - name: KONG_DNS_ORDER
+ value: "LAST,A,SRV,CNAME"
+ - name: KONG_LUA_PACKAGE_PATH
+ value: "/opt/?.lua;/opt/?/init.lua;;"
+ - name: KONG_NGINX_WORKER_PROCESSES
+ value: "2"
+ - name: KONG_PORTAL_API_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PORTAL_API_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PORT_MAPS
+ value: "443:8443"
+ - name: KONG_PREFIX
+ value: "/kong_prefix/"
+ - name: KONG_PROXY_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PROXY_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PROXY_LISTEN
+ value: "0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl"
+ - name: KONG_PROXY_STREAM_ACCESS_LOG
+ value: "/dev/stdout basic"
+ - name: KONG_PROXY_STREAM_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ROUTER_FLAVOR
+ value: "traditional"
+ - name: KONG_STATUS_ACCESS_LOG
+ value: "off"
+ - name: KONG_STATUS_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_STATUS_LISTEN
+ value: "0.0.0.0:8100, [::]:8100"
+ - name: KONG_STREAM_LISTEN
+ value: "off"
+ - name: KONG_NGINX_DAEMON
+ value: "off"
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - kong
+ - quit
+ - --wait=15
+ ports:
+ - name: proxy-tls
+ containerPort: 8443
+ protocol: TCP
+ - name: status
+ containerPort: 8100
+ protocol: TCP
+ volumeMounts:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ mountPath: /kong_prefix/
+ - name: kubernetes-dashboard-kong-tmp
+ mountPath: /tmp
+ - name: kong-custom-dbless-config-volume
+ mountPath: /kong_dbless/
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /status/ready
+ port: status
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /status
+ port: status
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ resources: {}
+ securityContext: {}
+ terminationGracePeriodSeconds: 30
+ volumes:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ emptyDir:
+ sizeLimit: 256Mi
+ - name: kubernetes-dashboard-kong-tmp
+ emptyDir:
+ sizeLimit: 1Gi
+ - name: kubernetes-dashboard-kong-token
+ projected:
+ sources:
+ - serviceAccountToken:
+ expirationSeconds: 3607
+ path: token
+ - configMap:
+ items:
+ - key: ca.crt
+ path: ca.crt
+ name: kube-root-ca.crt
+ - downwardAPI:
+ items:
+ - fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ path: namespace
+ - name: kong-custom-dbless-config-volume
+ configMap:
+ name: kong-dbless-config
+# Source: kubernetes-dashboard/templates/deployments/api.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
+ name: kubernetes-dashboard-api
 spec:
- replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
+ replicas: 3
+ revisionHistoryLimit: 10
 selector:
 matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
 template:
 metadata:
- annotations:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
 spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
 containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
+ - name: kubernetes-dashboard-api
+ image: "docker.io/kubernetesui/dashboard-api:1.2.0"
 imagePullPolicy: IfNotPresent
 args:
 - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
+ - --metrics-scraper-service-name=kubernetes-dashboard-metrics-scraper
+ env:
+ - name: CSRF_KEY
+ valueFrom:
+ secretKeyRef:
+ name: kubernetes-dashboard-csrf
+ key: private.key
 ports:
- - name: https
- containerPort: 8443
+ - containerPort: 8000
+ name: api
 protocol: TCP
 volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
 - mountPath: /tmp
 name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 2001
+ runAsUser: 1001
 resources:
 limits:
- cpu: 2
- memory: 200Mi
+ cpu: 250m
+ memory: 400Mi
 requests:
 cpu: 100m
 memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/deployments/auth.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ name: kubernetes-dashboard-auth
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ spec:
+ containers:
+ - name: kubernetes-dashboard-auth
+ image: "docker.io/kubernetesui/dashboard-auth:1.1.0"
+ imagePullPolicy: IfNotPresent
+ args:
+ env:
+ - name: CSRF_KEY
+ valueFrom:
+ secretKeyRef:
+ name: kubernetes-dashboard-csrf
+ key: private.key
+ ports:
+ - containerPort: 8000
+ name: auth
+ protocol: TCP
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmp-volume
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
 readOnlyRootFilesystem: true
 runAsGroup: 2001
 runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+# Source: kubernetes-dashboard/templates/deployments/metrics-scraper.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ name: kubernetes-dashboard-metrics-scraper
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ spec:
+ containers:
+ - name: kubernetes-dashboard-metrics-scraper
+ image: "docker.io/kubernetesui/dashboard-metrics-scraper:1.1.1"
 imagePullPolicy: IfNotPresent
 ports:
 - containerPort: 8000
 protocol: TCP
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmp-volume
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 2001
+ runAsUser: 1001
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
 livenessProbe:
 httpGet:
- scheme: HTTP
 path: /
 port: 8000
+ scheme: HTTP
 initialDelaySeconds: 30
 timeoutSeconds: 30
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/deployments/web.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ name: kubernetes-dashboard-web
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ spec:
+ containers:
+ - name: kubernetes-dashboard-web
+ image: "docker.io/kubernetesui/dashboard-web:1.2.0"
+ imagePullPolicy: IfNotPresent
+ args:
+ - --settings-config-map-name=kubernetes-dashboard-settings
+ - --locale-config=/locale_conf.json
+ ports:
+ - containerPort: 8000
+ name: web
+ protocol: TCP
 volumeMounts:
 - mountPath: /tmp
 name: tmp-volume
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
 readOnlyRootFilesystem: true
 runAsGroup: 2001
 runAsUser: 1001
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
 volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-web
 ---
 
 ---

[forensics-bot]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.0.1

@@ -1,5 +1,15 @@
 ---
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
+# Source: kubernetes-dashboard/charts/kong/templates/service-account.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: kubernetes-dashboard-kong
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+# Source: kubernetes-dashboard/templates/rbac/api/serviceaccount.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,17 +23,16 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/serviceaccount.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -38,42 +47,125 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
-# kubernetes-dashboard-certs
 apiVersion: v1
-kind: Secret
+kind: ServiceAccount
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/rbac/web/serviceaccount.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+# Source: kubernetes-dashboard/templates/secrets/csrf.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 ---
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
 apiVersion: v1
 kind: Secret
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
 name: kubernetes-dashboard-csrf
-type: Opaque
+data:
+ private.key: "eHRvaTluSmVUWUVQb1UwZ1ZVdkdyK2ZrazI0TWpjTHBMVWw4TTFlM3M2NldkV1RZVWdIQmNKRTd4amhHM3BSb3NUNG5CVWFsVnRqbmJDWmJZbUpKS1d5bEg2R2JFNnMxbWduWWF6Rm40NCtNWmVJbStsK25wL1N2cVJTYXdnRFZHdklZcHQxNkh2MktLSmM5cVBQNDJza3EySC94M2c1K0V3QlZTdWhqTVg2YmpsdzFDOHJhVkhoa1QzMFFlbUpYb0ViY2xXYWhKb1hMVk1FSlFIN1hUOWtabDR4aklxNkZnSlBBRVZBUlVROVV2TXNKY25Ib2xyNGRZMGlkOXp6ZHYyc3ZHVzFTR0kxcUNZb0ZKRjhkMmVyVFVUN09aMjVtWk1Pdk85ZEZLUEZsaElXNWpXM3AyMFFPTUlCNnJGU3l1UUpQT0RJbXR0NjljdFlUZzZrS2pRPT0="
+# Source: kubernetes-dashboard/templates/config/gateway.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 ---
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
 apiVersion: v1
-kind: Secret
+kind: ConfigMap
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kong-dbless-config
+data:
+ kong.yml: |
+ _format_version: "3.0"
+ services:
+ - name: auth
+ host: kubernetes-dashboard-auth
+ port: 8000
+ protocol: http
+ routes:
+ - name: authLogin
+ paths:
+ - /api/v1/login
+ strip_path: false
+ - name: authCsrf
+ paths:
+ - /api/v1/csrftoken/login
+ strip_path: false
+ - name: api
+ host: kubernetes-dashboard-api
+ port: 8000
+ protocol: http
+ routes:
+ - name: api
+ paths:
+ - /api
+ strip_path: false
+ - name: metrics
+ paths:
+ - /metrics
+ strip_path: false
+ - name: web
+ host: kubernetes-dashboard-web
+ port: 8000
+ protocol: http
+ routes:
+ - name: root
+ paths:
+ - /
+ strip_path: false
+# Source: kubernetes-dashboard/templates/config/settings.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -92,14 +184,12 @@
 kind: ConfigMap
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-settings
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web-settings
 data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/clusterrole.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -117,18 +207,17 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
- name: "kubernetes-dashboard-metrics"
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 rules:
 # Allow Metrics Scraper to get metrics from the Metrics server
 - apiGroups: ["metrics.k8s.io"]
 resources: ["pods", "nodes"]
 verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/clusterrolebinding.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -146,21 +235,20 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
- name: "kubernetes-dashboard-metrics"
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: ClusterRole
- name: kubernetes-dashboard-metrics
+ name: kubernetes-dashboard-metrics-scraper
 subjects:
 - kind: ServiceAccount
- name: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
+# Source: kubernetes-dashboard/templates/rbac/api/role.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -175,36 +263,50 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
-apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
- name: kubernetes-dashboard
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
+ # Allow Dashboard API to get metrics from metrics-scraper.
 - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
+ resources: ["services/proxy"]
+ resourceNames: ["kubernetes-dashboard-metrics-scraper", "http:kubernetes-dashboard-metrics-scraper"]
+ verbs: ["get"]
+# Source: kubernetes-dashboard/templates/rbac/web/role.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+rules:
+ # Allow Dashboard Web to get and update 'kubernetes-dashboard-settings' config map.
 - apiGroups: [""]
 resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
+ resourceNames: ["kubernetes-dashboard-web-settings"]
 verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
+# Source: kubernetes-dashboard/templates/rbac/api/rolebinding.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -222,21 +324,98 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
- name: kubernetes-dashboard
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: Role
- name: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 subjects:
 - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
+ name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/rbac/web/rolebinding.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: kubernetes-dashboard-web
+subjects:
+ - kind: ServiceAccount
+ name: kubernetes-dashboard-web
+---
+# Source: kubernetes-dashboard/charts/kong/templates/service-kong-manager.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: kubernetes-dashboard-kong-manager
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+spec:
+ type: NodePort
+ ports:
+ - name: kong-manager
+ port: 8002
+ targetPort: 8002
+ protocol: TCP
+ - name: kong-manager-tls
+ port: 8445
+ targetPort: 8445
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+---
+# Source: kubernetes-dashboard/charts/kong/templates/service-kong-proxy.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: kubernetes-dashboard-kong-proxy
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ enable-metrics: "true"
+spec:
+ type: ClusterIP
+ ports:
+ - name: kong-proxy-tls
+ port: 443
+ targetPort: 8443
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+# Source: kubernetes-dashboard/templates/services/api.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -251,28 +430,58 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
+kind: Service
 apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
+ name: kubernetes-dashboard-api
+spec:
+ ports:
+ - name: api
+ port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/services/auth.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
 kind: Service
+apiVersion: v1
 metadata:
- name: kubernetes-dashboard
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ name: kubernetes-dashboard-auth
 spec:
- type: ClusterIP
 ports:
- - port: 443
- targetPort: https
- name: https
+ - name: auth
+ port: 8000
 selector:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+# Source: kubernetes-dashboard/templates/services/metrics-scraper.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -287,109 +496,644 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ name: kubernetes-dashboard-metrics-scraper
+spec:
+ ports:
+ - port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/services/web.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ name: kubernetes-dashboard-web
+spec:
+ ports:
+ - name: web
+ port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+---
+# Source: kubernetes-dashboard/charts/kong/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
- name: kubernetes-dashboard
- annotations:
+ name: kubernetes-dashboard-kong
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/component: app
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ template:
+ metadata:
+ annotations:
+ kuma.io/service-account-token-volume: kubernetes-dashboard-kong-token
+ kuma.io/gateway: "enabled"
+ traffic.sidecar.istio.io/includeInboundPorts: ""
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/component: app
+ app: kubernetes-dashboard-kong
+ version: "3.6"
+ spec:
+ serviceAccountName: kubernetes-dashboard-kong
+ automountServiceAccountToken: false
+ initContainers:
+ - name: clear-stale-pid
+ image: kong:3.6
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+ seccompProfile:
+ type: RuntimeDefault
+ resources: {}
+ command:
+ - "rm"
+ - "-vrf"
+ - "$KONG_PREFIX/pids"
+ env:
+ - name: KONG_ADMIN_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_GUI_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_GUI_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_LISTEN
+ value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl"
+ - name: KONG_CLUSTER_LISTEN
+ value: "off"
+ - name: KONG_DATABASE
+ value: "off"
+ - name: KONG_DECLARATIVE_CONFIG
+ value: "/kong_dbless/kong.yml"
+ - name: KONG_DNS_ORDER
+ value: "LAST,A,SRV,CNAME"
+ - name: KONG_LUA_PACKAGE_PATH
+ value: "/opt/?.lua;/opt/?/init.lua;;"
+ - name: KONG_NGINX_WORKER_PROCESSES
+ value: "2"
+ - name: KONG_PORTAL_API_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PORTAL_API_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PORT_MAPS
+ value: "443:8443"
+ - name: KONG_PREFIX
+ value: "/kong_prefix/"
+ - name: KONG_PROXY_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PROXY_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PROXY_LISTEN
+ value: "0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl"
+ - name: KONG_PROXY_STREAM_ACCESS_LOG
+ value: "/dev/stdout basic"
+ - name: KONG_PROXY_STREAM_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ROUTER_FLAVOR
+ value: "traditional"
+ - name: KONG_STATUS_ACCESS_LOG
+ value: "off"
+ - name: KONG_STATUS_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_STATUS_LISTEN
+ value: "0.0.0.0:8100, [::]:8100"
+ - name: KONG_STREAM_LISTEN
+ value: "off"
+ volumeMounts:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ mountPath: /kong_prefix/
+ - name: kubernetes-dashboard-kong-tmp
+ mountPath: /tmp
+ - name: kong-custom-dbless-config-volume
+ mountPath: /kong_dbless/
+ containers:
+ - name: "proxy"
+ image: kong:3.6
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+ seccompProfile:
+ type: RuntimeDefault
+ env:
+ - name: KONG_ADMIN_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_GUI_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_GUI_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_LISTEN
+ value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl"
+ - name: KONG_CLUSTER_LISTEN
+ value: "off"
+ - name: KONG_DATABASE
+ value: "off"
+ - name: KONG_DECLARATIVE_CONFIG
+ value: "/kong_dbless/kong.yml"
+ - name: KONG_DNS_ORDER
+ value: "LAST,A,SRV,CNAME"
+ - name: KONG_LUA_PACKAGE_PATH
+ value: "/opt/?.lua;/opt/?/init.lua;;"
+ - name: KONG_NGINX_WORKER_PROCESSES
+ value: "2"
+ - name: KONG_PORTAL_API_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PORTAL_API_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PORT_MAPS
+ value: "443:8443"
+ - name: KONG_PREFIX
+ value: "/kong_prefix/"
+ - name: KONG_PROXY_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PROXY_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PROXY_LISTEN
+ value: "0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl"
+ - name: KONG_PROXY_STREAM_ACCESS_LOG
+ value: "/dev/stdout basic"
+ - name: KONG_PROXY_STREAM_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ROUTER_FLAVOR
+ value: "traditional"
+ - name: KONG_STATUS_ACCESS_LOG
+ value: "off"
+ - name: KONG_STATUS_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_STATUS_LISTEN
+ value: "0.0.0.0:8100, [::]:8100"
+ - name: KONG_STREAM_LISTEN
+ value: "off"
+ - name: KONG_NGINX_DAEMON
+ value: "off"
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - kong
+ - quit
+ - --wait=15
+ ports:
+ - name: proxy-tls
+ containerPort: 8443
+ protocol: TCP
+ - name: status
+ containerPort: 8100
+ protocol: TCP
+ volumeMounts:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ mountPath: /kong_prefix/
+ - name: kubernetes-dashboard-kong-tmp
+ mountPath: /tmp
+ - name: kong-custom-dbless-config-volume
+ mountPath: /kong_dbless/
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /status/ready
+ port: status
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /status
+ port: status
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ resources: {}
+ securityContext: {}
+ terminationGracePeriodSeconds: 30
+ volumes:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ emptyDir:
+ sizeLimit: 256Mi
+ - name: kubernetes-dashboard-kong-tmp
+ emptyDir:
+ sizeLimit: 1Gi
+ - name: kubernetes-dashboard-kong-token
+ projected:
+ sources:
+ - serviceAccountToken:
+ expirationSeconds: 3607
+ path: token
+ - configMap:
+ items:
+ - key: ca.crt
+ path: ca.crt
+ name: kube-root-ca.crt
+ - downwardAPI:
+ items:
+ - fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ path: namespace
+ - name: kong-custom-dbless-config-volume
+ configMap:
+ name: kong-dbless-config
+# Source: kubernetes-dashboard/templates/deployments/api.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
+ annotations:
+ name: kubernetes-dashboard-api
 spec:
- replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
+ replicas: 3
+ revisionHistoryLimit: 10
 selector:
 matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
 template:
 metadata:
- annotations:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
+ annotations:
+ rollme: "SmAc0"
 spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
 containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
+ - name: kubernetes-dashboard-api
+ image: "docker.io/kubernetesui/dashboard-api:1.2.0"
 imagePullPolicy: IfNotPresent
 args:
 - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
+ - --metrics-scraper-service-name=kubernetes-dashboard-metrics-scraper
+ env:
+ - name: CSRF_KEY
+ valueFrom:
+ secretKeyRef:
+ name: kubernetes-dashboard-csrf
+ key: private.key
 ports:
- - name: https
- containerPort: 8443
+ - containerPort: 8000
+ name: api
 protocol: TCP
 volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
 - mountPath: /tmp
 name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 2001
+ runAsUser: 1001
 resources:
 limits:
- cpu: 2
- memory: 200Mi
+ cpu: 250m
+ memory: 400Mi
 requests:
 cpu: 100m
 memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/deployments/auth.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ annotations:
+ name: kubernetes-dashboard-auth
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ annotations:
+ rollme: "zV7os"
+ spec:
+ containers:
+ - name: kubernetes-dashboard-auth
+ image: "docker.io/kubernetesui/dashboard-auth:1.1.0"
+ imagePullPolicy: IfNotPresent
+ args:
+ env:
+ - name: CSRF_KEY
+ valueFrom:
+ secretKeyRef:
+ name: kubernetes-dashboard-csrf
+ key: private.key
+ ports:
+ - containerPort: 8000
+ name: auth
+ protocol: TCP
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmp-volume
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
 readOnlyRootFilesystem: true
 runAsGroup: 2001
 runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+# Source: kubernetes-dashboard/templates/deployments/metrics-scraper.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ annotations:
+ name: kubernetes-dashboard-metrics-scraper
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ annotations:
+ spec:
+ containers:
+ - name: kubernetes-dashboard-metrics-scraper
+ image: "docker.io/kubernetesui/dashboard-metrics-scraper:1.1.1"
 imagePullPolicy: IfNotPresent
 ports:
 - containerPort: 8000
 protocol: TCP
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmp-volume
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 2001
+ runAsUser: 1001
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
 livenessProbe:
 httpGet:
- scheme: HTTP
 path: /
 port: 8000
+ scheme: HTTP
 initialDelaySeconds: 30
 timeoutSeconds: 30
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/deployments/web.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ annotations:
+ name: kubernetes-dashboard-web
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ annotations:
+ spec:
+ containers:
+ - name: kubernetes-dashboard-web
+ image: "docker.io/kubernetesui/dashboard-web:1.2.1"
+ imagePullPolicy: IfNotPresent
+ args:
+ - --namespace=default
+ - --settings-config-map-name=kubernetes-dashboard-web-settings
+ ports:
+ - containerPort: 8000
+ name: web
+ protocol: TCP
 volumeMounts:
 - mountPath: /tmp
 name: tmp-volume
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
 readOnlyRootFilesystem: true
 runAsGroup: 2001
 runAsUser: 1001
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
 volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-web
 ---
 
 ---

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.1.0

@@ -1,5 +1,15 @@
 ---
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
+# Source: kubernetes-dashboard/charts/kong/templates/service-account.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: kubernetes-dashboard-kong
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+# Source: kubernetes-dashboard/templates/rbac/api/serviceaccount.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,17 +23,16 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/serviceaccount.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -38,42 +47,125 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
-# kubernetes-dashboard-certs
 apiVersion: v1
-kind: Secret
+kind: ServiceAccount
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/rbac/web/serviceaccount.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+# Source: kubernetes-dashboard/templates/secrets/csrf.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 ---
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
 apiVersion: v1
 kind: Secret
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
 name: kubernetes-dashboard-csrf
-type: Opaque
+data:
+ private.key: "VDRUbEFaWUYreDY0OHRndEQ0aUZGS2xmRkpDRU9ZTmJ4TENZVlpOWkovT0ZtckQvamtEdlBYWGN1Tk5mVTZyb0NicGsyZVlQNGw5b1VQWDhXMCszZnhJaVorMnJQWC8vcTcyUDkxNE4rZ2ZGOHU4Znk0WmtvYjRuYUlTazRFa0p6UkFRWklkek1MMWtISjdEMDFGQWxvR3QzaG9rRFQ1RlEvVkN1MS9XdEdheVNELytEdWpEU1Jaak0rZEU1M3VXZFR3MUN2SGhxNkFjN3BaZm5RbDZ0Uk4wcFl1bHRBQkdtRGtSZWUrQ1hLa3hmeGNtdCtmaXpkSGxjYXRVYTRvZVRsOVpLY3NEWVQwcmpBWDdRV0ZvekFLcUMrM2ZrcmlpTFVSb3Mvc0lja290cmZFSmpCdHdoQ3JJcjFzY25RS21kejFCVi9KYUx0V1ZSdzJkTEp4Wk13PT0="
+# Source: kubernetes-dashboard/templates/config/gateway.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 ---
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
 apiVersion: v1
-kind: Secret
+kind: ConfigMap
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kong-dbless-config
+data:
+ kong.yml: |
+ _format_version: "3.0"
+ services:
+ - name: auth
+ host: kubernetes-dashboard-auth
+ port: 8000
+ protocol: http
+ routes:
+ - name: authLogin
+ paths:
+ - /api/v1/login
+ strip_path: false
+ - name: authCsrf
+ paths:
+ - /api/v1/csrftoken/login
+ strip_path: false
+ - name: api
+ host: kubernetes-dashboard-api
+ port: 8000
+ protocol: http
+ routes:
+ - name: api
+ paths:
+ - /api
+ strip_path: false
+ - name: metrics
+ paths:
+ - /metrics
+ strip_path: false
+ - name: web
+ host: kubernetes-dashboard-web
+ port: 8000
+ protocol: http
+ routes:
+ - name: root
+ paths:
+ - /
+ strip_path: false
+# Source: kubernetes-dashboard/templates/config/settings.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -92,14 +184,12 @@
 kind: ConfigMap
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-settings
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web-settings
 data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/clusterrole.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -117,18 +207,17 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
- name: "kubernetes-dashboard-metrics"
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 rules:
 # Allow Metrics Scraper to get metrics from the Metrics server
 - apiGroups: ["metrics.k8s.io"]
 resources: ["pods", "nodes"]
 verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/clusterrolebinding.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -146,21 +235,20 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
- name: "kubernetes-dashboard-metrics"
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: ClusterRole
- name: kubernetes-dashboard-metrics
+ name: kubernetes-dashboard-metrics-scraper
 subjects:
 - kind: ServiceAccount
- name: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
+# Source: kubernetes-dashboard/templates/rbac/api/role.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -175,36 +263,50 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
-apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
- name: kubernetes-dashboard
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
+ # Allow Dashboard API to get metrics from metrics-scraper.
 - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
+ resources: ["services/proxy"]
+ resourceNames: ["kubernetes-dashboard-metrics-scraper", "http:kubernetes-dashboard-metrics-scraper"]
+ verbs: ["get"]
+# Source: kubernetes-dashboard/templates/rbac/web/role.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+rules:
+ # Allow Dashboard Web to get and update 'kubernetes-dashboard-settings' config map.
 - apiGroups: [""]
 resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
+ resourceNames: ["kubernetes-dashboard-web-settings"]
 verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
+# Source: kubernetes-dashboard/templates/rbac/api/rolebinding.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -222,21 +324,98 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
- name: kubernetes-dashboard
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: Role
- name: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 subjects:
 - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
+ name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/rbac/web/rolebinding.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: kubernetes-dashboard-web
+subjects:
+ - kind: ServiceAccount
+ name: kubernetes-dashboard-web
+---
+# Source: kubernetes-dashboard/charts/kong/templates/service-kong-manager.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: kubernetes-dashboard-kong-manager
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+spec:
+ type: NodePort
+ ports:
+ - name: kong-manager
+ port: 8002
+ targetPort: 8002
+ protocol: TCP
+ - name: kong-manager-tls
+ port: 8445
+ targetPort: 8445
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+---
+# Source: kubernetes-dashboard/charts/kong/templates/service-kong-proxy.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: kubernetes-dashboard-kong-proxy
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ enable-metrics: "true"
+spec:
+ type: ClusterIP
+ ports:
+ - name: kong-proxy-tls
+ port: 443
+ targetPort: 8443
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+# Source: kubernetes-dashboard/templates/services/api.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -251,28 +430,58 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
+kind: Service
 apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
+ name: kubernetes-dashboard-api
+spec:
+ ports:
+ - name: api
+ port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/services/auth.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
 kind: Service
+apiVersion: v1
 metadata:
- name: kubernetes-dashboard
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ name: kubernetes-dashboard-auth
 spec:
- type: ClusterIP
 ports:
- - port: 443
- targetPort: https
- name: https
+ - name: auth
+ port: 8000
 selector:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+# Source: kubernetes-dashboard/templates/services/metrics-scraper.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -287,109 +496,644 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ name: kubernetes-dashboard-metrics-scraper
+spec:
+ ports:
+ - port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/services/web.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ name: kubernetes-dashboard-web
+spec:
+ ports:
+ - name: web
+ port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+---
+# Source: kubernetes-dashboard/charts/kong/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
- name: kubernetes-dashboard
- annotations:
+ name: kubernetes-dashboard-kong
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/component: app
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ template:
+ metadata:
+ annotations:
+ kuma.io/service-account-token-volume: kubernetes-dashboard-kong-token
+ kuma.io/gateway: "enabled"
+ traffic.sidecar.istio.io/includeInboundPorts: ""
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/component: app
+ app: kubernetes-dashboard-kong
+ version: "3.6"
+ spec:
+ serviceAccountName: kubernetes-dashboard-kong
+ automountServiceAccountToken: false
+ initContainers:
+ - name: clear-stale-pid
+ image: kong:3.6
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+ seccompProfile:
+ type: RuntimeDefault
+ resources: {}
+ command:
+ - "rm"
+ - "-vrf"
+ - "$KONG_PREFIX/pids"
+ env:
+ - name: KONG_ADMIN_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_GUI_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_GUI_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_LISTEN
+ value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl"
+ - name: KONG_CLUSTER_LISTEN
+ value: "off"
+ - name: KONG_DATABASE
+ value: "off"
+ - name: KONG_DECLARATIVE_CONFIG
+ value: "/kong_dbless/kong.yml"
+ - name: KONG_DNS_ORDER
+ value: "LAST,A,SRV,CNAME"
+ - name: KONG_LUA_PACKAGE_PATH
+ value: "/opt/?.lua;/opt/?/init.lua;;"
+ - name: KONG_NGINX_WORKER_PROCESSES
+ value: "2"
+ - name: KONG_PORTAL_API_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PORTAL_API_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PORT_MAPS
+ value: "443:8443"
+ - name: KONG_PREFIX
+ value: "/kong_prefix/"
+ - name: KONG_PROXY_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PROXY_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PROXY_LISTEN
+ value: "0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl"
+ - name: KONG_PROXY_STREAM_ACCESS_LOG
+ value: "/dev/stdout basic"
+ - name: KONG_PROXY_STREAM_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ROUTER_FLAVOR
+ value: "traditional"
+ - name: KONG_STATUS_ACCESS_LOG
+ value: "off"
+ - name: KONG_STATUS_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_STATUS_LISTEN
+ value: "0.0.0.0:8100, [::]:8100"
+ - name: KONG_STREAM_LISTEN
+ value: "off"
+ volumeMounts:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ mountPath: /kong_prefix/
+ - name: kubernetes-dashboard-kong-tmp
+ mountPath: /tmp
+ - name: kong-custom-dbless-config-volume
+ mountPath: /kong_dbless/
+ containers:
+ - name: "proxy"
+ image: kong:3.6
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+ seccompProfile:
+ type: RuntimeDefault
+ env:
+ - name: KONG_ADMIN_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_GUI_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_GUI_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_LISTEN
+ value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl"
+ - name: KONG_CLUSTER_LISTEN
+ value: "off"
+ - name: KONG_DATABASE
+ value: "off"
+ - name: KONG_DECLARATIVE_CONFIG
+ value: "/kong_dbless/kong.yml"
+ - name: KONG_DNS_ORDER
+ value: "LAST,A,SRV,CNAME"
+ - name: KONG_LUA_PACKAGE_PATH
+ value: "/opt/?.lua;/opt/?/init.lua;;"
+ - name: KONG_NGINX_WORKER_PROCESSES
+ value: "2"
+ - name: KONG_PORTAL_API_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PORTAL_API_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PORT_MAPS
+ value: "443:8443"
+ - name: KONG_PREFIX
+ value: "/kong_prefix/"
+ - name: KONG_PROXY_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PROXY_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PROXY_LISTEN
+ value: "0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl"
+ - name: KONG_PROXY_STREAM_ACCESS_LOG
+ value: "/dev/stdout basic"
+ - name: KONG_PROXY_STREAM_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ROUTER_FLAVOR
+ value: "traditional"
+ - name: KONG_STATUS_ACCESS_LOG
+ value: "off"
+ - name: KONG_STATUS_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_STATUS_LISTEN
+ value: "0.0.0.0:8100, [::]:8100"
+ - name: KONG_STREAM_LISTEN
+ value: "off"
+ - name: KONG_NGINX_DAEMON
+ value: "off"
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - kong
+ - quit
+ - --wait=15
+ ports:
+ - name: proxy-tls
+ containerPort: 8443
+ protocol: TCP
+ - name: status
+ containerPort: 8100
+ protocol: TCP
+ volumeMounts:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ mountPath: /kong_prefix/
+ - name: kubernetes-dashboard-kong-tmp
+ mountPath: /tmp
+ - name: kong-custom-dbless-config-volume
+ mountPath: /kong_dbless/
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /status/ready
+ port: status
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /status
+ port: status
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ resources: {}
+ securityContext: {}
+ terminationGracePeriodSeconds: 30
+ volumes:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ emptyDir:
+ sizeLimit: 256Mi
+ - name: kubernetes-dashboard-kong-tmp
+ emptyDir:
+ sizeLimit: 1Gi
+ - name: kubernetes-dashboard-kong-token
+ projected:
+ sources:
+ - serviceAccountToken:
+ expirationSeconds: 3607
+ path: token
+ - configMap:
+ items:
+ - key: ca.crt
+ path: ca.crt
+ name: kube-root-ca.crt
+ - downwardAPI:
+ items:
+ - fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ path: namespace
+ - name: kong-custom-dbless-config-volume
+ configMap:
+ name: kong-dbless-config
+# Source: kubernetes-dashboard/templates/deployments/api.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
+ annotations:
+ name: kubernetes-dashboard-api
 spec:
- replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
+ replicas: 3
+ revisionHistoryLimit: 10
 selector:
 matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
 template:
 metadata:
- annotations:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
+ annotations:
+ rollme: "VP9jn"
 spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
 containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
+ - name: kubernetes-dashboard-api
+ image: "docker.io/kubernetesui/dashboard-api:1.2.0"
 imagePullPolicy: IfNotPresent
 args:
 - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
+ - --metrics-scraper-service-name=kubernetes-dashboard-metrics-scraper
+ env:
+ - name: CSRF_KEY
+ valueFrom:
+ secretKeyRef:
+ name: kubernetes-dashboard-csrf
+ key: private.key
 ports:
- - name: https
- containerPort: 8443
+ - containerPort: 8000
+ name: api
 protocol: TCP
 volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
 - mountPath: /tmp
 name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 2001
+ runAsUser: 1001
 resources:
 limits:
- cpu: 2
- memory: 200Mi
+ cpu: 250m
+ memory: 400Mi
 requests:
 cpu: 100m
 memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/deployments/auth.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ annotations:
+ name: kubernetes-dashboard-auth
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ annotations:
+ rollme: "RTVWV"
+ spec:
+ containers:
+ - name: kubernetes-dashboard-auth
+ image: "docker.io/kubernetesui/dashboard-auth:1.1.0"
+ imagePullPolicy: IfNotPresent
+ args:
+ env:
+ - name: CSRF_KEY
+ valueFrom:
+ secretKeyRef:
+ name: kubernetes-dashboard-csrf
+ key: private.key
+ ports:
+ - containerPort: 8000
+ name: auth
+ protocol: TCP
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmp-volume
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
 readOnlyRootFilesystem: true
 runAsGroup: 2001
 runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+# Source: kubernetes-dashboard/templates/deployments/metrics-scraper.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ annotations:
+ name: kubernetes-dashboard-metrics-scraper
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ annotations:
+ spec:
+ containers:
+ - name: kubernetes-dashboard-metrics-scraper
+ image: "docker.io/kubernetesui/dashboard-metrics-scraper:1.1.1"
 imagePullPolicy: IfNotPresent
 ports:
 - containerPort: 8000
 protocol: TCP
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmp-volume
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 2001
+ runAsUser: 1001
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
 livenessProbe:
 httpGet:
- scheme: HTTP
 path: /
 port: 8000
+ scheme: HTTP
 initialDelaySeconds: 30
 timeoutSeconds: 30
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/deployments/web.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ annotations:
+ name: kubernetes-dashboard-web
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ annotations:
+ spec:
+ containers:
+ - name: kubernetes-dashboard-web
+ image: "docker.io/kubernetesui/dashboard-web:1.2.1"
+ imagePullPolicy: IfNotPresent
+ args:
+ - --namespace=default
+ - --settings-config-map-name=kubernetes-dashboard-web-settings
+ ports:
+ - containerPort: 8000
+ name: web
+ protocol: TCP
 volumeMounts:
 - mountPath: /tmp
 name: tmp-volume
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
 readOnlyRootFilesystem: true
 runAsGroup: 2001
 runAsUser: 1001
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
 volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-web
 ---
 
 ---

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.1.1

@@ -1,5 +1,15 @@
 ---
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
+# Source: kubernetes-dashboard/charts/kong/templates/service-account.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: kubernetes-dashboard-kong
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+# Source: kubernetes-dashboard/templates/rbac/api/serviceaccount.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,17 +23,16 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/serviceaccount.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -38,42 +47,129 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
-# kubernetes-dashboard-certs
 apiVersion: v1
-kind: Secret
+kind: ServiceAccount
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/rbac/web/serviceaccount.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+# Source: kubernetes-dashboard/templates/secrets/csrf.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 ---
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
 apiVersion: v1
 kind: Secret
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
 name: kubernetes-dashboard-csrf
-type: Opaque
+data:
+ private.key: "RytUS3ZzYlRyZldDUUZkc1RHWWtKREZuV25TUnZUbXJHVDZiRitrVnZzeXB2b1VlZmFxM0l6WmlrWCs5YWFjVmF0alJITHhRNklpOU9SejlUYXZoZzVZQXJkNWdta2MwUmY0Uk5yWXRWRFRNZnp4K2tZdmx6WTRNZ0ZiTFZ1UUpxbkRyWjhNT2ZRTGdQWjgyRGdxYmp5b1FvOWtSNVhCY3phZlc3UnpVdEM0bUF4c1FreDRJUVRQRTdHM1EzVkQ3aUtmb3lYNitFaFhxcGNqeTVnN1ZEYk83aDhPcW9XUXdUc3RBZFJYNTkwN1RLQ3UxWVRENDJOOStQRGVRU3hYNE05c0MwK203OGpMaEg5QlJCcW9McG1ZZWdYbjc0R1hYMkZZWkhHVEd3OUhuQ0JWcnJGNXU0U2xzcWlaU3l2UUNlQjgvRTBpMlJ3bFo3VURPRkcvSjFBPT0="
+# Source: kubernetes-dashboard/templates/config/gateway.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 ---
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
 apiVersion: v1
-kind: Secret
+kind: ConfigMap
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kong-dbless-config
+data:
+ kong.yml: |
+ _format_version: "3.0"
+ services:
+ - name: auth
+ host: kubernetes-dashboard-auth
+ port: 8000
+ protocol: http
+ routes:
+ - name: authLogin
+ paths:
+ - /api/v1/login
+ strip_path: false
+ - name: authCsrf
+ paths:
+ - /api/v1/csrftoken/login
+ strip_path: false
+ - name: authMe
+ paths:
+ - /api/v1/me
+ strip_path: false
+ - name: api
+ host: kubernetes-dashboard-api
+ port: 8000
+ protocol: http
+ routes:
+ - name: api
+ paths:
+ - /api
+ strip_path: false
+ - name: metrics
+ paths:
+ - /metrics
+ strip_path: false
+ - name: web
+ host: kubernetes-dashboard-web
+ port: 8000
+ protocol: http
+ routes:
+ - name: root
+ paths:
+ - /
+ strip_path: false
+# Source: kubernetes-dashboard/templates/config/settings.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -92,14 +188,12 @@
 kind: ConfigMap
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-settings
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web-settings
 data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/clusterrole.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -117,18 +211,17 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
- name: "kubernetes-dashboard-metrics"
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 rules:
 # Allow Metrics Scraper to get metrics from the Metrics server
 - apiGroups: ["metrics.k8s.io"]
 resources: ["pods", "nodes"]
 verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/clusterrolebinding.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -146,21 +239,20 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
- name: "kubernetes-dashboard-metrics"
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: ClusterRole
- name: kubernetes-dashboard-metrics
+ name: kubernetes-dashboard-metrics-scraper
 subjects:
 - kind: ServiceAccount
- name: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
+# Source: kubernetes-dashboard/templates/rbac/api/role.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -175,36 +267,50 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
-apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
- name: kubernetes-dashboard
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
+ # Allow Dashboard API to get metrics from metrics-scraper.
 - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
+ resources: ["services/proxy"]
+ resourceNames: ["kubernetes-dashboard-metrics-scraper", "http:kubernetes-dashboard-metrics-scraper"]
+ verbs: ["get"]
+# Source: kubernetes-dashboard/templates/rbac/web/role.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+rules:
+ # Allow Dashboard Web to get and update 'kubernetes-dashboard-settings' config map.
 - apiGroups: [""]
 resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
+ resourceNames: ["kubernetes-dashboard-web-settings"]
 verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
+# Source: kubernetes-dashboard/templates/rbac/api/rolebinding.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -222,21 +328,98 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
- name: kubernetes-dashboard
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: Role
- name: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 subjects:
 - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
+ name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/rbac/web/rolebinding.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: kubernetes-dashboard-web
+subjects:
+ - kind: ServiceAccount
+ name: kubernetes-dashboard-web
+---
+# Source: kubernetes-dashboard/charts/kong/templates/service-kong-manager.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: kubernetes-dashboard-kong-manager
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+spec:
+ type: NodePort
+ ports:
+ - name: kong-manager
+ port: 8002
+ targetPort: 8002
+ protocol: TCP
+ - name: kong-manager-tls
+ port: 8445
+ targetPort: 8445
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+---
+# Source: kubernetes-dashboard/charts/kong/templates/service-kong-proxy.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: kubernetes-dashboard-kong-proxy
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ enable-metrics: "true"
+spec:
+ type: ClusterIP
+ ports:
+ - name: kong-proxy-tls
+ port: 443
+ targetPort: 8443
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+# Source: kubernetes-dashboard/templates/services/api.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -251,28 +434,58 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
+kind: Service
 apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
+ name: kubernetes-dashboard-api
+spec:
+ ports:
+ - name: api
+ port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/services/auth.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
 kind: Service
+apiVersion: v1
 metadata:
- name: kubernetes-dashboard
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ name: kubernetes-dashboard-auth
 spec:
- type: ClusterIP
 ports:
- - port: 443
- targetPort: https
- name: https
+ - name: auth
+ port: 8000
 selector:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+# Source: kubernetes-dashboard/templates/services/metrics-scraper.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -287,109 +500,644 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ name: kubernetes-dashboard-metrics-scraper
+spec:
+ ports:
+ - port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/services/web.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ name: kubernetes-dashboard-web
+spec:
+ ports:
+ - name: web
+ port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+---
+# Source: kubernetes-dashboard/charts/kong/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
- name: kubernetes-dashboard
- annotations:
+ name: kubernetes-dashboard-kong
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/component: app
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ template:
+ metadata:
+ annotations:
+ kuma.io/service-account-token-volume: kubernetes-dashboard-kong-token
+ kuma.io/gateway: "enabled"
+ traffic.sidecar.istio.io/includeInboundPorts: ""
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/component: app
+ app: kubernetes-dashboard-kong
+ version: "3.6"
+ spec:
+ serviceAccountName: kubernetes-dashboard-kong
+ automountServiceAccountToken: false
+ initContainers:
+ - name: clear-stale-pid
+ image: kong:3.6
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+ seccompProfile:
+ type: RuntimeDefault
+ resources: {}
+ command:
+ - "rm"
+ - "-vrf"
+ - "$KONG_PREFIX/pids"
+ env:
+ - name: KONG_ADMIN_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_GUI_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_GUI_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_LISTEN
+ value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl"
+ - name: KONG_CLUSTER_LISTEN
+ value: "off"
+ - name: KONG_DATABASE
+ value: "off"
+ - name: KONG_DECLARATIVE_CONFIG
+ value: "/kong_dbless/kong.yml"
+ - name: KONG_DNS_ORDER
+ value: "LAST,A,SRV,CNAME"
+ - name: KONG_LUA_PACKAGE_PATH
+ value: "/opt/?.lua;/opt/?/init.lua;;"
+ - name: KONG_NGINX_WORKER_PROCESSES
+ value: "2"
+ - name: KONG_PORTAL_API_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PORTAL_API_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PORT_MAPS
+ value: "443:8443"
+ - name: KONG_PREFIX
+ value: "/kong_prefix/"
+ - name: KONG_PROXY_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PROXY_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PROXY_LISTEN
+ value: "0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl"
+ - name: KONG_PROXY_STREAM_ACCESS_LOG
+ value: "/dev/stdout basic"
+ - name: KONG_PROXY_STREAM_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ROUTER_FLAVOR
+ value: "traditional"
+ - name: KONG_STATUS_ACCESS_LOG
+ value: "off"
+ - name: KONG_STATUS_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_STATUS_LISTEN
+ value: "0.0.0.0:8100, [::]:8100"
+ - name: KONG_STREAM_LISTEN
+ value: "off"
+ volumeMounts:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ mountPath: /kong_prefix/
+ - name: kubernetes-dashboard-kong-tmp
+ mountPath: /tmp
+ - name: kong-custom-dbless-config-volume
+ mountPath: /kong_dbless/
+ containers:
+ - name: "proxy"
+ image: kong:3.6
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+ seccompProfile:
+ type: RuntimeDefault
+ env:
+ - name: KONG_ADMIN_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_GUI_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_GUI_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_LISTEN
+ value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl"
+ - name: KONG_CLUSTER_LISTEN
+ value: "off"
+ - name: KONG_DATABASE
+ value: "off"
+ - name: KONG_DECLARATIVE_CONFIG
+ value: "/kong_dbless/kong.yml"
+ - name: KONG_DNS_ORDER
+ value: "LAST,A,SRV,CNAME"
+ - name: KONG_LUA_PACKAGE_PATH
+ value: "/opt/?.lua;/opt/?/init.lua;;"
+ - name: KONG_NGINX_WORKER_PROCESSES
+ value: "2"
+ - name: KONG_PORTAL_API_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PORTAL_API_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PORT_MAPS
+ value: "443:8443"
+ - name: KONG_PREFIX
+ value: "/kong_prefix/"
+ - name: KONG_PROXY_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PROXY_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PROXY_LISTEN
+ value: "0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl"
+ - name: KONG_PROXY_STREAM_ACCESS_LOG
+ value: "/dev/stdout basic"
+ - name: KONG_PROXY_STREAM_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ROUTER_FLAVOR
+ value: "traditional"
+ - name: KONG_STATUS_ACCESS_LOG
+ value: "off"
+ - name: KONG_STATUS_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_STATUS_LISTEN
+ value: "0.0.0.0:8100, [::]:8100"
+ - name: KONG_STREAM_LISTEN
+ value: "off"
+ - name: KONG_NGINX_DAEMON
+ value: "off"
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - kong
+ - quit
+ - --wait=15
+ ports:
+ - name: proxy-tls
+ containerPort: 8443
+ protocol: TCP
+ - name: status
+ containerPort: 8100
+ protocol: TCP
+ volumeMounts:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ mountPath: /kong_prefix/
+ - name: kubernetes-dashboard-kong-tmp
+ mountPath: /tmp
+ - name: kong-custom-dbless-config-volume
+ mountPath: /kong_dbless/
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /status/ready
+ port: status
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /status
+ port: status
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ resources: {}
+ securityContext: {}
+ terminationGracePeriodSeconds: 30
+ volumes:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ emptyDir:
+ sizeLimit: 256Mi
+ - name: kubernetes-dashboard-kong-tmp
+ emptyDir:
+ sizeLimit: 1Gi
+ - name: kubernetes-dashboard-kong-token
+ projected:
+ sources:
+ - serviceAccountToken:
+ expirationSeconds: 3607
+ path: token
+ - configMap:
+ items:
+ - key: ca.crt
+ path: ca.crt
+ name: kube-root-ca.crt
+ - downwardAPI:
+ items:
+ - fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ path: namespace
+ - name: kong-custom-dbless-config-volume
+ configMap:
+ name: kong-dbless-config
+# Source: kubernetes-dashboard/templates/deployments/api.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
+ annotations:
+ name: kubernetes-dashboard-api
 spec:
- replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
+ replicas: 3
+ revisionHistoryLimit: 10
 selector:
 matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
 template:
 metadata:
- annotations:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
+ annotations:
+ rollme: "ghRiy"
 spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
 containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
+ - name: kubernetes-dashboard-api
+ image: "docker.io/kubernetesui/dashboard-api:1.2.0"
 imagePullPolicy: IfNotPresent
 args:
 - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
+ - --metrics-scraper-service-name=kubernetes-dashboard-metrics-scraper
+ env:
+ - name: CSRF_KEY
+ valueFrom:
+ secretKeyRef:
+ name: kubernetes-dashboard-csrf
+ key: private.key
 ports:
- - name: https
- containerPort: 8443
+ - containerPort: 8000
+ name: api
 protocol: TCP
 volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
 - mountPath: /tmp
 name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 2001
+ runAsUser: 1001
 resources:
 limits:
- cpu: 2
- memory: 200Mi
+ cpu: 250m
+ memory: 400Mi
 requests:
 cpu: 100m
 memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/deployments/auth.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ annotations:
+ name: kubernetes-dashboard-auth
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ annotations:
+ rollme: "SZowN"
+ spec:
+ containers:
+ - name: kubernetes-dashboard-auth
+ image: "docker.io/kubernetesui/dashboard-auth:1.1.1"
+ imagePullPolicy: IfNotPresent
+ args:
+ env:
+ - name: CSRF_KEY
+ valueFrom:
+ secretKeyRef:
+ name: kubernetes-dashboard-csrf
+ key: private.key
+ ports:
+ - containerPort: 8000
+ name: auth
+ protocol: TCP
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmp-volume
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
 readOnlyRootFilesystem: true
 runAsGroup: 2001
 runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+# Source: kubernetes-dashboard/templates/deployments/metrics-scraper.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ annotations:
+ name: kubernetes-dashboard-metrics-scraper
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ annotations:
+ spec:
+ containers:
+ - name: kubernetes-dashboard-metrics-scraper
+ image: "docker.io/kubernetesui/dashboard-metrics-scraper:1.1.1"
 imagePullPolicy: IfNotPresent
 ports:
 - containerPort: 8000
 protocol: TCP
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmp-volume
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 2001
+ runAsUser: 1001
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
 livenessProbe:
 httpGet:
- scheme: HTTP
 path: /
 port: 8000
+ scheme: HTTP
 initialDelaySeconds: 30
 timeoutSeconds: 30
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/deployments/web.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ annotations:
+ name: kubernetes-dashboard-web
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ annotations:
+ spec:
+ containers:
+ - name: kubernetes-dashboard-web
+ image: "docker.io/kubernetesui/dashboard-web:1.2.2"
+ imagePullPolicy: IfNotPresent
+ args:
+ - --namespace=default
+ - --settings-config-map-name=kubernetes-dashboard-web-settings
+ ports:
+ - containerPort: 8000
+ name: web
+ protocol: TCP
 volumeMounts:
 - mountPath: /tmp
 name: tmp-volume
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
 readOnlyRootFilesystem: true
 runAsGroup: 2001
 runAsUser: 1001
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
 volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-web
 ---
 
 ---

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.1.2

@@ -1,5 +1,15 @@
 ---
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
+# Source: kubernetes-dashboard/charts/kong/templates/service-account.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: kubernetes-dashboard-kong
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+# Source: kubernetes-dashboard/templates/rbac/api/serviceaccount.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,17 +23,16 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/serviceaccount.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -38,42 +47,129 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
-# kubernetes-dashboard-certs
 apiVersion: v1
-kind: Secret
+kind: ServiceAccount
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/rbac/web/serviceaccount.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+# Source: kubernetes-dashboard/templates/secrets/csrf.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 ---
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
 apiVersion: v1
 kind: Secret
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
 name: kubernetes-dashboard-csrf
-type: Opaque
+data:
+ private.key: "ZGM3Q2JkdUlwTzRaWHpPejZ1cXlxejd4dHBncmU1S1BTamhuSXpkQ1JlQWdtaDRGV1d3ejRlVVFNV1l3SzhXT1IzdWdwVGxnK2drT1pnZTZMbkQ4czRLRVFvMGY3NnRrSUFNU2FEdUI1WmY2T3Z6UDBabFJBYi9aYzE5YXpyTjEyK1UrWXFyU2FhZ0dOOVBCYXF5UkZFM2VNMDJYYkEwdnp1dVRDV0NaNEpJUDUrRytaUXFUTEtVSWdQSS9oNWFxVEpEVzRFNlJSRDNNb3o1Q2ZpT3NMcEtuRFFBeFdzbWNqN3JmTTlreVNJUVFnR2d5b1ZhSDlYMC9IUmRBSXV0TUdGUzhhN0NtcnpIS3BqWHkzQ2xUV3F4ckFrMXhWVXZFVkpoUzE5RjA3T1I5dFFycDAxSUE5WFJzelYyOGRPbTRNN3JxbnZYMEJ1dXgxbG53T3hNMFFnPT0="
+# Source: kubernetes-dashboard/templates/config/gateway.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 ---
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
 apiVersion: v1
-kind: Secret
+kind: ConfigMap
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kong-dbless-config
+data:
+ kong.yml: |
+ _format_version: "3.0"
+ services:
+ - name: auth
+ host: kubernetes-dashboard-auth
+ port: 8000
+ protocol: http
+ routes:
+ - name: authLogin
+ paths:
+ - /api/v1/login
+ strip_path: false
+ - name: authCsrf
+ paths:
+ - /api/v1/csrftoken/login
+ strip_path: false
+ - name: authMe
+ paths:
+ - /api/v1/me
+ strip_path: false
+ - name: api
+ host: kubernetes-dashboard-api
+ port: 8000
+ protocol: http
+ routes:
+ - name: api
+ paths:
+ - /api
+ strip_path: false
+ - name: metrics
+ paths:
+ - /metrics
+ strip_path: false
+ - name: web
+ host: kubernetes-dashboard-web
+ port: 8000
+ protocol: http
+ routes:
+ - name: root
+ paths:
+ - /
+ strip_path: false
+# Source: kubernetes-dashboard/templates/config/settings.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -92,14 +188,12 @@
 kind: ConfigMap
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-settings
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web-settings
 data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/clusterrole.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -117,18 +211,17 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
- name: "kubernetes-dashboard-metrics"
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 rules:
 # Allow Metrics Scraper to get metrics from the Metrics server
 - apiGroups: ["metrics.k8s.io"]
 resources: ["pods", "nodes"]
 verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/clusterrolebinding.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -146,21 +239,20 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
- name: "kubernetes-dashboard-metrics"
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: ClusterRole
- name: kubernetes-dashboard-metrics
+ name: kubernetes-dashboard-metrics-scraper
 subjects:
 - kind: ServiceAccount
- name: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
+# Source: kubernetes-dashboard/templates/rbac/api/role.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -175,36 +267,50 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
-apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
- name: kubernetes-dashboard
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
+ # Allow Dashboard API to get metrics from metrics-scraper.
 - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
+ resources: ["services/proxy"]
+ resourceNames: ["kubernetes-dashboard-metrics-scraper", "http:kubernetes-dashboard-metrics-scraper"]
+ verbs: ["get"]
+# Source: kubernetes-dashboard/templates/rbac/web/role.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+rules:
+ # Allow Dashboard Web to get and update 'kubernetes-dashboard-settings' config map.
 - apiGroups: [""]
 resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
+ resourceNames: ["kubernetes-dashboard-web-settings"]
 verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
+# Source: kubernetes-dashboard/templates/rbac/api/rolebinding.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -222,21 +328,98 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
- name: kubernetes-dashboard
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: Role
- name: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 subjects:
 - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
+ name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/rbac/web/rolebinding.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: kubernetes-dashboard-web
+subjects:
+ - kind: ServiceAccount
+ name: kubernetes-dashboard-web
+---
+# Source: kubernetes-dashboard/charts/kong/templates/service-kong-manager.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: kubernetes-dashboard-kong-manager
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+spec:
+ type: NodePort
+ ports:
+ - name: kong-manager
+ port: 8002
+ targetPort: 8002
+ protocol: TCP
+ - name: kong-manager-tls
+ port: 8445
+ targetPort: 8445
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+---
+# Source: kubernetes-dashboard/charts/kong/templates/service-kong-proxy.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: kubernetes-dashboard-kong-proxy
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ enable-metrics: "true"
+spec:
+ type: ClusterIP
+ ports:
+ - name: kong-proxy-tls
+ port: 443
+ targetPort: 8443
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+# Source: kubernetes-dashboard/templates/services/api.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -251,28 +434,58 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
+kind: Service
 apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
+ name: kubernetes-dashboard-api
+spec:
+ ports:
+ - name: api
+ port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/services/auth.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
 kind: Service
+apiVersion: v1
 metadata:
- name: kubernetes-dashboard
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ name: kubernetes-dashboard-auth
 spec:
- type: ClusterIP
 ports:
- - port: 443
- targetPort: https
- name: https
+ - name: auth
+ port: 8000
 selector:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+# Source: kubernetes-dashboard/templates/services/metrics-scraper.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -287,109 +500,644 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ name: kubernetes-dashboard-metrics-scraper
+spec:
+ ports:
+ - port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/services/web.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ name: kubernetes-dashboard-web
+spec:
+ ports:
+ - name: web
+ port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+---
+# Source: kubernetes-dashboard/charts/kong/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
- name: kubernetes-dashboard
- annotations:
+ name: kubernetes-dashboard-kong
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/component: app
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ template:
+ metadata:
+ annotations:
+ kuma.io/service-account-token-volume: kubernetes-dashboard-kong-token
+ kuma.io/gateway: "enabled"
+ traffic.sidecar.istio.io/includeInboundPorts: ""
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/component: app
+ app: kubernetes-dashboard-kong
+ version: "3.6"
+ spec:
+ serviceAccountName: kubernetes-dashboard-kong
+ automountServiceAccountToken: false
+ initContainers:
+ - name: clear-stale-pid
+ image: kong:3.6
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+ seccompProfile:
+ type: RuntimeDefault
+ resources: {}
+ command:
+ - "rm"
+ - "-vrf"
+ - "$KONG_PREFIX/pids"
+ env:
+ - name: KONG_ADMIN_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_GUI_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_GUI_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_LISTEN
+ value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl"
+ - name: KONG_CLUSTER_LISTEN
+ value: "off"
+ - name: KONG_DATABASE
+ value: "off"
+ - name: KONG_DECLARATIVE_CONFIG
+ value: "/kong_dbless/kong.yml"
+ - name: KONG_DNS_ORDER
+ value: "LAST,A,SRV,CNAME"
+ - name: KONG_LUA_PACKAGE_PATH
+ value: "/opt/?.lua;/opt/?/init.lua;;"
+ - name: KONG_NGINX_WORKER_PROCESSES
+ value: "2"
+ - name: KONG_PORTAL_API_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PORTAL_API_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PORT_MAPS
+ value: "443:8443"
+ - name: KONG_PREFIX
+ value: "/kong_prefix/"
+ - name: KONG_PROXY_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PROXY_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PROXY_LISTEN
+ value: "0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl"
+ - name: KONG_PROXY_STREAM_ACCESS_LOG
+ value: "/dev/stdout basic"
+ - name: KONG_PROXY_STREAM_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ROUTER_FLAVOR
+ value: "traditional"
+ - name: KONG_STATUS_ACCESS_LOG
+ value: "off"
+ - name: KONG_STATUS_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_STATUS_LISTEN
+ value: "0.0.0.0:8100, [::]:8100"
+ - name: KONG_STREAM_LISTEN
+ value: "off"
+ volumeMounts:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ mountPath: /kong_prefix/
+ - name: kubernetes-dashboard-kong-tmp
+ mountPath: /tmp
+ - name: kong-custom-dbless-config-volume
+ mountPath: /kong_dbless/
+ containers:
+ - name: "proxy"
+ image: kong:3.6
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+ seccompProfile:
+ type: RuntimeDefault
+ env:
+ - name: KONG_ADMIN_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_GUI_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_GUI_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_LISTEN
+ value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl"
+ - name: KONG_CLUSTER_LISTEN
+ value: "off"
+ - name: KONG_DATABASE
+ value: "off"
+ - name: KONG_DECLARATIVE_CONFIG
+ value: "/kong_dbless/kong.yml"
+ - name: KONG_DNS_ORDER
+ value: "LAST,A,SRV,CNAME"
+ - name: KONG_LUA_PACKAGE_PATH
+ value: "/opt/?.lua;/opt/?/init.lua;;"
+ - name: KONG_NGINX_WORKER_PROCESSES
+ value: "2"
+ - name: KONG_PORTAL_API_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PORTAL_API_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PORT_MAPS
+ value: "443:8443"
+ - name: KONG_PREFIX
+ value: "/kong_prefix/"
+ - name: KONG_PROXY_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PROXY_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PROXY_LISTEN
+ value: "0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl"
+ - name: KONG_PROXY_STREAM_ACCESS_LOG
+ value: "/dev/stdout basic"
+ - name: KONG_PROXY_STREAM_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ROUTER_FLAVOR
+ value: "traditional"
+ - name: KONG_STATUS_ACCESS_LOG
+ value: "off"
+ - name: KONG_STATUS_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_STATUS_LISTEN
+ value: "0.0.0.0:8100, [::]:8100"
+ - name: KONG_STREAM_LISTEN
+ value: "off"
+ - name: KONG_NGINX_DAEMON
+ value: "off"
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - kong
+ - quit
+ - --wait=15
+ ports:
+ - name: proxy-tls
+ containerPort: 8443
+ protocol: TCP
+ - name: status
+ containerPort: 8100
+ protocol: TCP
+ volumeMounts:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ mountPath: /kong_prefix/
+ - name: kubernetes-dashboard-kong-tmp
+ mountPath: /tmp
+ - name: kong-custom-dbless-config-volume
+ mountPath: /kong_dbless/
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /status/ready
+ port: status
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /status
+ port: status
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ resources: {}
+ securityContext: {}
+ terminationGracePeriodSeconds: 30
+ volumes:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ emptyDir:
+ sizeLimit: 256Mi
+ - name: kubernetes-dashboard-kong-tmp
+ emptyDir:
+ sizeLimit: 1Gi
+ - name: kubernetes-dashboard-kong-token
+ projected:
+ sources:
+ - serviceAccountToken:
+ expirationSeconds: 3607
+ path: token
+ - configMap:
+ items:
+ - key: ca.crt
+ path: ca.crt
+ name: kube-root-ca.crt
+ - downwardAPI:
+ items:
+ - fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ path: namespace
+ - name: kong-custom-dbless-config-volume
+ configMap:
+ name: kong-dbless-config
+# Source: kubernetes-dashboard/templates/deployments/api.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
+ annotations:
+ name: kubernetes-dashboard-api
 spec:
- replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
+ replicas: 3
+ revisionHistoryLimit: 10
 selector:
 matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
 template:
 metadata:
- annotations:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
+ annotations:
+ rollme: "oEEQa"
 spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
 containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
+ - name: kubernetes-dashboard-api
+ image: "docker.io/kubernetesui/dashboard-api:1.3.0"
 imagePullPolicy: IfNotPresent
 args:
 - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
+ - --metrics-scraper-service-name=kubernetes-dashboard-metrics-scraper
+ env:
+ - name: CSRF_KEY
+ valueFrom:
+ secretKeyRef:
+ name: kubernetes-dashboard-csrf
+ key: private.key
 ports:
- - name: https
- containerPort: 8443
+ - containerPort: 8000
+ name: api
 protocol: TCP
 volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
 - mountPath: /tmp
 name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 2001
+ runAsUser: 1001
 resources:
 limits:
- cpu: 2
- memory: 200Mi
+ cpu: 250m
+ memory: 400Mi
 requests:
 cpu: 100m
 memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/deployments/auth.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ annotations:
+ name: kubernetes-dashboard-auth
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ annotations:
+ rollme: "RvuWH"
+ spec:
+ containers:
+ - name: kubernetes-dashboard-auth
+ image: "docker.io/kubernetesui/dashboard-auth:1.1.1"
+ imagePullPolicy: IfNotPresent
+ args:
+ env:
+ - name: CSRF_KEY
+ valueFrom:
+ secretKeyRef:
+ name: kubernetes-dashboard-csrf
+ key: private.key
+ ports:
+ - containerPort: 8000
+ name: auth
+ protocol: TCP
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmp-volume
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
 readOnlyRootFilesystem: true
 runAsGroup: 2001
 runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+# Source: kubernetes-dashboard/templates/deployments/metrics-scraper.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ annotations:
+ name: kubernetes-dashboard-metrics-scraper
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ annotations:
+ spec:
+ containers:
+ - name: kubernetes-dashboard-metrics-scraper
+ image: "docker.io/kubernetesui/dashboard-metrics-scraper:1.1.1"
 imagePullPolicy: IfNotPresent
 ports:
 - containerPort: 8000
 protocol: TCP
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmp-volume
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 2001
+ runAsUser: 1001
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
 livenessProbe:
 httpGet:
- scheme: HTTP
 path: /
 port: 8000
+ scheme: HTTP
 initialDelaySeconds: 30
 timeoutSeconds: 30
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/deployments/web.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ annotations:
+ name: kubernetes-dashboard-web
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ annotations:
+ spec:
+ containers:
+ - name: kubernetes-dashboard-web
+ image: "docker.io/kubernetesui/dashboard-web:1.2.2"
+ imagePullPolicy: IfNotPresent
+ args:
+ - --namespace=default
+ - --settings-config-map-name=kubernetes-dashboard-web-settings
+ ports:
+ - containerPort: 8000
+ name: web
+ protocol: TCP
 volumeMounts:
 - mountPath: /tmp
 name: tmp-volume
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
 readOnlyRootFilesystem: true
 runAsGroup: 2001
 runAsUser: 1001
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
 volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-web
 ---
 
 ---

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.1.3

@@ -1,5 +1,15 @@
 ---
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
+# Source: kubernetes-dashboard/charts/kong/templates/service-account.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: kubernetes-dashboard-kong
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+# Source: kubernetes-dashboard/templates/rbac/api/serviceaccount.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,17 +23,16 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/serviceaccount.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -38,42 +47,129 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
-# kubernetes-dashboard-certs
 apiVersion: v1
-kind: Secret
+kind: ServiceAccount
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/rbac/web/serviceaccount.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+# Source: kubernetes-dashboard/templates/secrets/csrf.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 ---
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
 apiVersion: v1
 kind: Secret
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
 name: kubernetes-dashboard-csrf
-type: Opaque
+data:
+ private.key: "eW4zeHY4V3pnOCtCYTQ5MTVqd1Q4bU5lNGMwc1NMbWZQd1ZZRFhtRW1NSmhIcDBqbUVFRlJVeGJ6TGFsWGJyQWc5MS9DS2RabEFJUXdQbFZxU2hGYWY5T2Z0WVB4dkszQTc0R2prbTdBU0VmdXdiSFpROHgyWVdQYnRYdlpSdk9tc0lKcXBwUFNjWmhtYmlmTEo0VnpRRlpYNkdpRXg2MU5ESmFIL0UxZnlLQVJoZVRjQlRpUlZ6SUMzRlo2MlBiRjZQaHE3RlEvNFp6ODNQcDBPQkkrcnFIUitlQm1MU0xDaFpjMEtKSy9pYzUvV2MrSzV5VE15VzQ2VWY3RmVFSHVtSlJiUzg2d2tWRTFjYjFhRnRhNHFPVTJua2lBblJ1RWJtVUJ5SUIxaVhUR1hENWFKWWc2bXN1bFlSV3pIMlk3cmtOTmlNMHh0UnhJc1c5Y2t5ZkdRPT0="
+# Source: kubernetes-dashboard/templates/config/gateway.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 ---
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
 apiVersion: v1
-kind: Secret
+kind: ConfigMap
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kong-dbless-config
+data:
+ kong.yml: |
+ _format_version: "3.0"
+ services:
+ - name: auth
+ host: kubernetes-dashboard-auth
+ port: 8000
+ protocol: http
+ routes:
+ - name: authLogin
+ paths:
+ - /api/v1/login
+ strip_path: false
+ - name: authCsrf
+ paths:
+ - /api/v1/csrftoken/login
+ strip_path: false
+ - name: authMe
+ paths:
+ - /api/v1/me
+ strip_path: false
+ - name: api
+ host: kubernetes-dashboard-api
+ port: 8000
+ protocol: http
+ routes:
+ - name: api
+ paths:
+ - /api
+ strip_path: false
+ - name: metrics
+ paths:
+ - /metrics
+ strip_path: false
+ - name: web
+ host: kubernetes-dashboard-web
+ port: 8000
+ protocol: http
+ routes:
+ - name: root
+ paths:
+ - /
+ strip_path: false
+# Source: kubernetes-dashboard/templates/config/settings.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -92,14 +188,12 @@
 kind: ConfigMap
 metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-settings
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web-settings
 data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/clusterrole.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -117,18 +211,17 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
- name: "kubernetes-dashboard-metrics"
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 rules:
 # Allow Metrics Scraper to get metrics from the Metrics server
 - apiGroups: ["metrics.k8s.io"]
 resources: ["pods", "nodes"]
 verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
+# Source: kubernetes-dashboard/templates/rbac/metrics-scraper/clusterrolebinding.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -146,21 +239,20 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
- name: "kubernetes-dashboard-metrics"
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: ClusterRole
- name: kubernetes-dashboard-metrics
+ name: kubernetes-dashboard-metrics-scraper
 subjects:
 - kind: ServiceAccount
- name: kubernetes-dashboard
+ name: kubernetes-dashboard-metrics-scraper
 namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
+# Source: kubernetes-dashboard/templates/rbac/api/role.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -175,36 +267,50 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
-apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
- name: kubernetes-dashboard
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
+ # Allow Dashboard API to get metrics from metrics-scraper.
 - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
+ resources: ["services/proxy"]
+ resourceNames: ["kubernetes-dashboard-metrics-scraper", "http:kubernetes-dashboard-metrics-scraper"]
+ verbs: ["get"]
+# Source: kubernetes-dashboard/templates/rbac/web/role.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+rules:
+ # Allow Dashboard Web to get and update 'kubernetes-dashboard-settings' config map.
 - apiGroups: [""]
 resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
+ resourceNames: ["kubernetes-dashboard-web-settings"]
 verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
+# Source: kubernetes-dashboard/templates/rbac/api/rolebinding.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -222,21 +328,19 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
- name: kubernetes-dashboard
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: Role
- name: kubernetes-dashboard
+ name: kubernetes-dashboard-api
 subjects:
 - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
+ name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/rbac/web/rolebinding.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -251,28 +355,169 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ name: kubernetes-dashboard-web
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: kubernetes-dashboard-web
+subjects:
+ - kind: ServiceAccount
+ name: kubernetes-dashboard-web
+---
+# Source: kubernetes-dashboard/charts/kong/templates/service-kong-manager.yaml
 apiVersion: v1
 kind: Service
 metadata:
- name: kubernetes-dashboard
+ name: kubernetes-dashboard-kong-manager
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+spec:
+ type: NodePort
+ ports:
+ - name: kong-manager
+ port: 8002
+ targetPort: 8002
+ protocol: TCP
+ - name: kong-manager-tls
+ port: 8445
+ targetPort: 8445
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+---
+# Source: kubernetes-dashboard/charts/kong/templates/service-kong-proxy.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: kubernetes-dashboard-kong-proxy
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ enable-metrics: "true"
+spec:
+ type: ClusterIP
+ ports:
+ - name: kong-proxy-tls
+ port: 443
+ targetPort: 8443
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+# Source: kubernetes-dashboard/templates/services/api.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Service
+apiVersion: v1
+metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
+ name: kubernetes-dashboard-api
+spec:
+ ports:
+ - name: api
+ port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/services/auth.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ name: kubernetes-dashboard-auth
+spec:
+ ports:
+ - name: auth
+ port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+# Source: kubernetes-dashboard/templates/services/metrics-scraper.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ name: kubernetes-dashboard-metrics-scraper
 spec:
- type: ClusterIP
 ports:
- - port: 443
- targetPort: https
- name: https
+ - port: 8000
 selector:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/services/web.yaml
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -287,109 +532,612 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ name: kubernetes-dashboard-web
+spec:
+ ports:
+ - name: web
+ port: 8000
+ selector:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+---
+# Source: kubernetes-dashboard/charts/kong/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
- name: kubernetes-dashboard
- annotations:
+ name: kubernetes-dashboard-kong
+ namespace: default
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/component: app
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ template:
+ metadata:
+ annotations:
+ kuma.io/service-account-token-volume: kubernetes-dashboard-kong-token
+ kuma.io/gateway: "enabled"
+ traffic.sidecar.istio.io/includeInboundPorts: ""
+ labels:
+ app.kubernetes.io/name: kong
+ app.kubernetes.io/instance: "kubernetes-dashboard"
+ app.kubernetes.io/managed-by: "Helm"
+ app.kubernetes.io/component: app
+ app: kubernetes-dashboard-kong
+ version: "3.6"
+ spec:
+ serviceAccountName: kubernetes-dashboard-kong
+ automountServiceAccountToken: false
+ initContainers:
+ - name: clear-stale-pid
+ image: kong:3.6
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+ seccompProfile:
+ type: RuntimeDefault
+ resources: {}
+ command:
+ - "rm"
+ - "-vrf"
+ - "$KONG_PREFIX/pids"
+ env:
+ - name: KONG_ADMIN_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_GUI_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_GUI_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_LISTEN
+ value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl"
+ - name: KONG_CLUSTER_LISTEN
+ value: "off"
+ - name: KONG_DATABASE
+ value: "off"
+ - name: KONG_DECLARATIVE_CONFIG
+ value: "/kong_dbless/kong.yml"
+ - name: KONG_DNS_ORDER
+ value: "A,CNAME,LAST,SRV"
+ - name: KONG_LUA_PACKAGE_PATH
+ value: "/opt/?.lua;/opt/?/init.lua;;"
+ - name: KONG_NGINX_WORKER_PROCESSES
+ value: "2"
+ - name: KONG_PORTAL_API_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PORTAL_API_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PORT_MAPS
+ value: "443:8443"
+ - name: KONG_PREFIX
+ value: "/kong_prefix/"
+ - name: KONG_PROXY_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PROXY_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PROXY_LISTEN
+ value: "0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl"
+ - name: KONG_PROXY_STREAM_ACCESS_LOG
+ value: "/dev/stdout basic"
+ - name: KONG_PROXY_STREAM_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ROUTER_FLAVOR
+ value: "traditional"
+ - name: KONG_STATUS_ACCESS_LOG
+ value: "off"
+ - name: KONG_STATUS_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_STATUS_LISTEN
+ value: "0.0.0.0:8100, [::]:8100"
+ - name: KONG_STREAM_LISTEN
+ value: "off"
+ volumeMounts:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ mountPath: /kong_prefix/
+ - name: kubernetes-dashboard-kong-tmp
+ mountPath: /tmp
+ - name: kong-custom-dbless-config-volume
+ mountPath: /kong_dbless/
+ containers:
+ - name: "proxy"
+ image: kong:3.6
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+ seccompProfile:
+ type: RuntimeDefault
+ env:
+ - name: KONG_ADMIN_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_GUI_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_ADMIN_GUI_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ADMIN_LISTEN
+ value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl"
+ - name: KONG_CLUSTER_LISTEN
+ value: "off"
+ - name: KONG_DATABASE
+ value: "off"
+ - name: KONG_DECLARATIVE_CONFIG
+ value: "/kong_dbless/kong.yml"
+ - name: KONG_DNS_ORDER
+ value: "A,CNAME,LAST,SRV"
+ - name: KONG_LUA_PACKAGE_PATH
+ value: "/opt/?.lua;/opt/?/init.lua;;"
+ - name: KONG_NGINX_WORKER_PROCESSES
+ value: "2"
+ - name: KONG_PORTAL_API_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PORTAL_API_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PORT_MAPS
+ value: "443:8443"
+ - name: KONG_PREFIX
+ value: "/kong_prefix/"
+ - name: KONG_PROXY_ACCESS_LOG
+ value: "/dev/stdout"
+ - name: KONG_PROXY_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_PROXY_LISTEN
+ value: "0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl"
+ - name: KONG_PROXY_STREAM_ACCESS_LOG
+ value: "/dev/stdout basic"
+ - name: KONG_PROXY_STREAM_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_ROUTER_FLAVOR
+ value: "traditional"
+ - name: KONG_STATUS_ACCESS_LOG
+ value: "off"
+ - name: KONG_STATUS_ERROR_LOG
+ value: "/dev/stderr"
+ - name: KONG_STATUS_LISTEN
+ value: "0.0.0.0:8100, [::]:8100"
+ - name: KONG_STREAM_LISTEN
+ value: "off"
+ - name: KONG_NGINX_DAEMON
+ value: "off"
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - kong
+ - quit
+ - --wait=15
+ ports:
+ - name: proxy-tls
+ containerPort: 8443
+ protocol: TCP
+ - name: status
+ containerPort: 8100
+ protocol: TCP
+ volumeMounts:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ mountPath: /kong_prefix/
+ - name: kubernetes-dashboard-kong-tmp
+ mountPath: /tmp
+ - name: kong-custom-dbless-config-volume
+ mountPath: /kong_dbless/
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /status/ready
+ port: status
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /status
+ port: status
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ resources: {}
+ securityContext: {}
+ terminationGracePeriodSeconds: 30
+ volumes:
+ - name: kubernetes-dashboard-kong-prefix-dir
+ emptyDir:
+ sizeLimit: 256Mi
+ - name: kubernetes-dashboard-kong-tmp
+ emptyDir:
+ sizeLimit: 1Gi
+ - name: kubernetes-dashboard-kong-token
+ projected:
+ sources:
+ - serviceAccountToken:
+ expirationSeconds: 3607
+ path: token
+ - configMap:
+ items:
+ - key: ca.crt
+ path: ca.crt
+ name: kube-root-ca.crt
+ - downwardAPI:
+ items:
+ - fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ path: namespace
+ - name: kong-custom-dbless-config-volume
+ configMap:
+ name: kong-dbless-config
+# Source: kubernetes-dashboard/templates/deployments/api.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
+ annotations:
+ name: kubernetes-dashboard-api
 spec:
 replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
+ revisionHistoryLimit: 10
 selector:
 matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
 template:
 metadata:
- annotations:
 labels:
- app.kubernetes.io/name: kubernetes-dashboard
 app.kubernetes.io/instance: kubernetes-dashboard
 app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-api
+ app.kubernetes.io/component: api
+ annotations:
+ rollme: "sLRgy"
 spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
 containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
+ - name: kubernetes-dashboard-api
+ image: "docker.io/kubernetesui/dashboard-api:1.4.0"
 imagePullPolicy: IfNotPresent
 args:
 - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
+ - --metrics-scraper-service-name=kubernetes-dashboard-metrics-scraper
+ env:
+ - name: CSRF_KEY
+ valueFrom:
+ secretKeyRef:
+ name: kubernetes-dashboard-csrf
+ key: private.key
 ports:
- - name: https
- containerPort: 8443
+ - containerPort: 8000
+ name: api
 protocol: TCP
 volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
 - mountPath: /tmp
 name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 2001
+ runAsUser: 1001
 resources:
 limits:
- cpu: 2
- memory: 200Mi
+ cpu: 250m
+ memory: 400Mi
 requests:
 cpu: 100m
 memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-api
+# Source: kubernetes-dashboard/templates/deployments/auth.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ annotations:
+ name: kubernetes-dashboard-auth
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-auth
+ app.kubernetes.io/component: auth
+ annotations:
+ rollme: "X6spM"
+ spec:
+ containers:
+ - name: kubernetes-dashboard-auth
+ image: "docker.io/kubernetesui/dashboard-auth:1.1.2"
+ imagePullPolicy: IfNotPresent
+ args:
+ env:
+ - name: CSRF_KEY
+ valueFrom:
+ secretKeyRef:
+ name: kubernetes-dashboard-csrf
+ key: private.key
+ ports:
+ - containerPort: 8000
+ name: auth
+ protocol: TCP
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmp-volume
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
 readOnlyRootFilesystem: true
 runAsGroup: 2001
 runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+# Source: kubernetes-dashboard/templates/deployments/metrics-scraper.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ annotations:
+ name: kubernetes-dashboard-metrics-scraper
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper
+ app.kubernetes.io/component: metrics-scraper
+ annotations:
+ spec:
+ containers:
+ - name: kubernetes-dashboard-metrics-scraper
+ image: "docker.io/kubernetesui/dashboard-metrics-scraper:1.1.1"
 imagePullPolicy: IfNotPresent
 ports:
 - containerPort: 8000
 protocol: TCP
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmp-volume
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 2001
+ runAsUser: 1001
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
 livenessProbe:
 httpGet:
- scheme: HTTP
 path: /
 port: 8000
+ scheme: HTTP
 initialDelaySeconds: 30
 timeoutSeconds: 30
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumes:
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-metrics-scraper
+# Source: kubernetes-dashboard/templates/deployments/web.yaml
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ annotations:
+ name: kubernetes-dashboard-web
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: kubernetes-dashboard
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: kubernetes-dashboard
+ app.kubernetes.io/name: kubernetes-dashboard-web
+ app.kubernetes.io/component: web
+ annotations:
+ spec:
+ containers:
+ - name: kubernetes-dashboard-web
+ image: "docker.io/kubernetesui/dashboard-web:1.2.3"
+ imagePullPolicy: IfNotPresent
+ args:
+ - --namespace=default
+ - --settings-config-map-name=kubernetes-dashboard-web-settings
+ ports:
+ - containerPort: 8000
+ name: web
+ protocol: TCP
 volumeMounts:
 - mountPath: /tmp
 name: tmp-volume
 securityContext:
 allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
 readOnlyRootFilesystem: true
 runAsGroup: 2001
 runAsUser: 1001
+ resources:
+ limits:
+ cpu: 250m
+ memory: 400Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
 volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
+ - emptyDir: {}
+ name: tmp-volume
+ serviceAccountName: kubernetes-dashboard-web
 ---
 
 ---

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.2.0

@@ -1,401 +1 @@
----
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
 
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-# kubernetes-dashboard-certs
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-csrf
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-settings
-data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Metrics Scraper to get metrics from the Metrics server
- - apiGroups: ["metrics.k8s.io"]
- resources: ["pods", "nodes"]
- verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kubernetes-dashboard-metrics
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- - apiGroups: [""]
- resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
- verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: kubernetes-dashboard
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: Service
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
-spec:
- type: ClusterIP
- ports:
- - port: 443
- targetPort: https
- name: https
- selector:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: kubernetes-dashboard
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
-spec:
- replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
- template:
- metadata:
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
- containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
- imagePullPolicy: IfNotPresent
- args:
- - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
- ports:
- - name: https
- containerPort: 8443
- protocol: TCP
- volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
- - mountPath: /tmp
- name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
- resources:
- limits:
- cpu: 2
- memory: 200Mi
- requests:
- cpu: 100m
- memory: 200Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 8000
- protocol: TCP
- livenessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: 8000
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - mountPath: /tmp
- name: tmp-volume
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
----
-
----
-
----
-
----
-
----

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.3.0

@@ -1,401 +1 @@
----
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
 
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-# kubernetes-dashboard-certs
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-csrf
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-settings
-data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Metrics Scraper to get metrics from the Metrics server
- - apiGroups: ["metrics.k8s.io"]
- resources: ["pods", "nodes"]
- verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kubernetes-dashboard-metrics
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- - apiGroups: [""]
- resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
- verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: kubernetes-dashboard
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: Service
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
-spec:
- type: ClusterIP
- ports:
- - port: 443
- targetPort: https
- name: https
- selector:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: kubernetes-dashboard
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
-spec:
- replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
- template:
- metadata:
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
- containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
- imagePullPolicy: IfNotPresent
- args:
- - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
- ports:
- - name: https
- containerPort: 8443
- protocol: TCP
- volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
- - mountPath: /tmp
- name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
- resources:
- limits:
- cpu: 2
- memory: 200Mi
- requests:
- cpu: 100m
- memory: 200Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 8000
- protocol: TCP
- livenessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: 8000
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - mountPath: /tmp
- name: tmp-volume
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
----
-
----
-
----
-
----
-
----

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.5.0

@@ -1,401 +1 @@
----
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
 
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-# kubernetes-dashboard-certs
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-csrf
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-settings
-data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Metrics Scraper to get metrics from the Metrics server
- - apiGroups: ["metrics.k8s.io"]
- resources: ["pods", "nodes"]
- verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kubernetes-dashboard-metrics
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- - apiGroups: [""]
- resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
- verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: kubernetes-dashboard
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: Service
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
-spec:
- type: ClusterIP
- ports:
- - port: 443
- targetPort: https
- name: https
- selector:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: kubernetes-dashboard
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
-spec:
- replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
- template:
- metadata:
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
- containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
- imagePullPolicy: IfNotPresent
- args:
- - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
- ports:
- - name: https
- containerPort: 8443
- protocol: TCP
- volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
- - mountPath: /tmp
- name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
- resources:
- limits:
- cpu: 2
- memory: 200Mi
- requests:
- cpu: 100m
- memory: 200Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 8000
- protocol: TCP
- livenessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: 8000
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - mountPath: /tmp
- name: tmp-volume
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
----
-
----
-
----
-
----
-
----

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.6.0

@@ -1,401 +1 @@
----
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
 
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-# kubernetes-dashboard-certs
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-csrf
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-settings
-data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Metrics Scraper to get metrics from the Metrics server
- - apiGroups: ["metrics.k8s.io"]
- resources: ["pods", "nodes"]
- verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kubernetes-dashboard-metrics
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- - apiGroups: [""]
- resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
- verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: kubernetes-dashboard
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: Service
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
-spec:
- type: ClusterIP
- ports:
- - port: 443
- targetPort: https
- name: https
- selector:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: kubernetes-dashboard
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
-spec:
- replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
- template:
- metadata:
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
- containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
- imagePullPolicy: IfNotPresent
- args:
- - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
- ports:
- - name: https
- containerPort: 8443
- protocol: TCP
- volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
- - mountPath: /tmp
- name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
- resources:
- limits:
- cpu: 2
- memory: 200Mi
- requests:
- cpu: 100m
- memory: 200Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 8000
- protocol: TCP
- livenessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: 8000
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - mountPath: /tmp
- name: tmp-volume
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
----
-
----
-
----
-
----
-
----

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.6.1

@@ -1,401 +1 @@
----
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
 
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-# kubernetes-dashboard-certs
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-csrf
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-settings
-data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Metrics Scraper to get metrics from the Metrics server
- - apiGroups: ["metrics.k8s.io"]
- resources: ["pods", "nodes"]
- verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kubernetes-dashboard-metrics
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- - apiGroups: [""]
- resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
- verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: kubernetes-dashboard
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: Service
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
-spec:
- type: ClusterIP
- ports:
- - port: 443
- targetPort: https
- name: https
- selector:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: kubernetes-dashboard
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
-spec:
- replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
- template:
- metadata:
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
- containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
- imagePullPolicy: IfNotPresent
- args:
- - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
- ports:
- - name: https
- containerPort: 8443
- protocol: TCP
- volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
- - mountPath: /tmp
- name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
- resources:
- limits:
- cpu: 2
- memory: 200Mi
- requests:
- cpu: 100m
- memory: 200Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 8000
- protocol: TCP
- livenessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: 8000
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - mountPath: /tmp
- name: tmp-volume
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
----
-
----
-
----
-
----
-
----

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.7.0

@@ -1,401 +1 @@
----
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
 
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-# kubernetes-dashboard-certs
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-csrf
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-settings
-data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Metrics Scraper to get metrics from the Metrics server
- - apiGroups: ["metrics.k8s.io"]
- resources: ["pods", "nodes"]
- verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kubernetes-dashboard-metrics
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- - apiGroups: [""]
- resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
- verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: kubernetes-dashboard
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: Service
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
-spec:
- type: ClusterIP
- ports:
- - port: 443
- targetPort: https
- name: https
- selector:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: kubernetes-dashboard
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
-spec:
- replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
- template:
- metadata:
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
- containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
- imagePullPolicy: IfNotPresent
- args:
- - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
- ports:
- - name: https
- containerPort: 8443
- protocol: TCP
- volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
- - mountPath: /tmp
- name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
- resources:
- limits:
- cpu: 2
- memory: 200Mi
- requests:
- cpu: 100m
- memory: 200Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 8000
- protocol: TCP
- livenessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: 8000
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - mountPath: /tmp
- name: tmp-volume
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
----
-
----
-
----
-
----
-
----

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.8.0

@@ -1,401 +1 @@
----
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
 
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-# kubernetes-dashboard-certs
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-csrf
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-settings
-data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Metrics Scraper to get metrics from the Metrics server
- - apiGroups: ["metrics.k8s.io"]
- resources: ["pods", "nodes"]
- verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kubernetes-dashboard-metrics
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- - apiGroups: [""]
- resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
- verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: kubernetes-dashboard
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: Service
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
-spec:
- type: ClusterIP
- ports:
- - port: 443
- targetPort: https
- name: https
- selector:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: kubernetes-dashboard
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
-spec:
- replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
- template:
- metadata:
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
- containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
- imagePullPolicy: IfNotPresent
- args:
- - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
- ports:
- - name: https
- containerPort: 8443
- protocol: TCP
- volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
- - mountPath: /tmp
- name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
- resources:
- limits:
- cpu: 2
- memory: 200Mi
- requests:
- cpu: 100m
- memory: 200Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 8000
- protocol: TCP
- livenessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: 8000
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - mountPath: /tmp
- name: tmp-volume
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
----
-
----
-
----
-
----
-
----

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.9.0

@@ -1,401 +1 @@
----
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
 
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-# kubernetes-dashboard-certs
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-csrf
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-settings
-data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Metrics Scraper to get metrics from the Metrics server
- - apiGroups: ["metrics.k8s.io"]
- resources: ["pods", "nodes"]
- verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kubernetes-dashboard-metrics
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- - apiGroups: [""]
- resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
- verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: kubernetes-dashboard
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: Service
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
-spec:
- type: ClusterIP
- ports:
- - port: 443
- targetPort: https
- name: https
- selector:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: kubernetes-dashboard
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
-spec:
- replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
- template:
- metadata:
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
- containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
- imagePullPolicy: IfNotPresent
- args:
- - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
- ports:
- - name: https
- containerPort: 8443
- protocol: TCP
- volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
- - mountPath: /tmp
- name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
- resources:
- limits:
- cpu: 2
- memory: 200Mi
- requests:
- cpu: 100m
- memory: 200Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 8000
- protocol: TCP
- livenessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: 8000
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - mountPath: /tmp
- name: tmp-volume
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
----
-
----
-
----
-
----
-
----

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.10.0

@@ -1,401 +1 @@
----
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
 
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-# kubernetes-dashboard-certs
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-csrf
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-settings
-data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Metrics Scraper to get metrics from the Metrics server
- - apiGroups: ["metrics.k8s.io"]
- resources: ["pods", "nodes"]
- verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kubernetes-dashboard-metrics
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- - apiGroups: [""]
- resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
- verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: kubernetes-dashboard
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: Service
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
-spec:
- type: ClusterIP
- ports:
- - port: 443
- targetPort: https
- name: https
- selector:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: kubernetes-dashboard
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
-spec:
- replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
- template:
- metadata:
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
- containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
- imagePullPolicy: IfNotPresent
- args:
- - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
- ports:
- - name: https
- containerPort: 8443
- protocol: TCP
- volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
- - mountPath: /tmp
- name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
- resources:
- limits:
- cpu: 2
- memory: 200Mi
- requests:
- cpu: 100m
- memory: 200Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 8000
- protocol: TCP
- livenessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: 8000
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - mountPath: /tmp
- name: tmp-volume
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
----
-
----
-
----
-
----
-
----

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.10.1

@@ -1,401 +1 @@
----
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
 
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-# kubernetes-dashboard-certs
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-csrf
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-settings
-data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Metrics Scraper to get metrics from the Metrics server
- - apiGroups: ["metrics.k8s.io"]
- resources: ["pods", "nodes"]
- verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kubernetes-dashboard-metrics
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- - apiGroups: [""]
- resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
- verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: kubernetes-dashboard
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: Service
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
-spec:
- type: ClusterIP
- ports:
- - port: 443
- targetPort: https
- name: https
- selector:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: kubernetes-dashboard
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
-spec:
- replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
- template:
- metadata:
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
- containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
- imagePullPolicy: IfNotPresent
- args:
- - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
- ports:
- - name: https
- containerPort: 8443
- protocol: TCP
- volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
- - mountPath: /tmp
- name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
- resources:
- limits:
- cpu: 2
- memory: 200Mi
- requests:
- cpu: 100m
- memory: 200Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 8000
- protocol: TCP
- livenessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: 8000
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - mountPath: /tmp
- name: tmp-volume
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
----
-
----
-
----
-
----
-
----

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.10.3

@@ -1,401 +1 @@
----
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
 
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-# kubernetes-dashboard-certs
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-csrf
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-settings
-data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Metrics Scraper to get metrics from the Metrics server
- - apiGroups: ["metrics.k8s.io"]
- resources: ["pods", "nodes"]
- verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kubernetes-dashboard-metrics
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- - apiGroups: [""]
- resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
- verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: kubernetes-dashboard
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: Service
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
-spec:
- type: ClusterIP
- ports:
- - port: 443
- targetPort: https
- name: https
- selector:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: kubernetes-dashboard
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
-spec:
- replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
- template:
- metadata:
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
- containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
- imagePullPolicy: IfNotPresent
- args:
- - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
- ports:
- - name: https
- containerPort: 8443
- protocol: TCP
- volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
- - mountPath: /tmp
- name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
- resources:
- limits:
- cpu: 2
- memory: 200Mi
- requests:
- cpu: 100m
- memory: 200Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 8000
- protocol: TCP
- livenessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: 8000
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - mountPath: /tmp
- name: tmp-volume
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
----
-
----
-
----
-
----
-
----

[forensics-bot]

Path: cluster/apps/default/dashboard/helm-release.yaml
Version: 5.8.0 -> 7.10.4

@@ -1,401 +1 @@
----
-# Source: kubernetes-dashboard/templates/serviceaccount.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
 
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/secret.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-# kubernetes-dashboard-certs
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-certs
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-csrf
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-csrf
-type: Opaque
----
-# Source: kubernetes-dashboard/templates/secret.yaml
-# kubernetes-dashboard-key-holder
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- name: kubernetes-dashboard-key-holder
-type: Opaque
-# Source: kubernetes-dashboard/templates/configmap.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
- name: kubernetes-dashboard-settings
-data:
- _global: "{\"clusterName\":\"${SECRET_DOMAIN}\",\"disableAccessDeniedNotifications\":false,\"itemsPerPage\":100,\"logsAutoRefreshTimeInterval\":5,\"resourceAutoRefreshTimeInterval\":5}"
-# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Metrics Scraper to get metrics from the Metrics server
- - apiGroups: ["metrics.k8s.io"]
- resources: ["pods", "nodes"]
- verbs: ["get", "list", "watch"]
-# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: "kubernetes-dashboard-metrics"
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kubernetes-dashboard-metrics
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/role.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- - apiGroups: [""]
- resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
- verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-# Source: kubernetes-dashboard/templates/rolebinding.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- annotations:
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: kubernetes-dashboard
-subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: default
-# Source: kubernetes-dashboard/templates/service.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: v1
-kind: Service
-metadata:
- name: kubernetes-dashboard
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- kubernetes.io/cluster-service: "true"
- annotations:
-spec:
- type: ClusterIP
- ports:
- - port: 443
- targetPort: https
- name: https
- selector:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
-# Source: kubernetes-dashboard/templates/deployment.yaml
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: kubernetes-dashboard
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
-spec:
- replicas: 1
- strategy:
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/component: kubernetes-dashboard
- template:
- metadata:
- annotations:
- labels:
- app.kubernetes.io/name: kubernetes-dashboard
- app.kubernetes.io/instance: kubernetes-dashboard
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: kubernetes-dashboard
- spec:
- securityContext:
- seccompProfile:
- type: RuntimeDefault
- serviceAccountName: kubernetes-dashboard
- containers:
- - name: kubernetes-dashboard
- image: "kubernetesui/dashboard:v2.6.1"
- imagePullPolicy: IfNotPresent
- args:
- - --namespace=default
- - --auto-generate-certificates
- - --sidecar-host=http://127.0.0.1:8000
- ports:
- - name: https
- containerPort: 8443
- protocol: TCP
- volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
- - mountPath: /tmp
- name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
- resources:
- limits:
- cpu: 2
- memory: 200Mi
- requests:
- cpu: 100m
- memory: 200Mi
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- - name: dashboard-metrics-scraper
- image: "kubernetesui/metrics-scraper:v1.0.8"
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 8000
- protocol: TCP
- livenessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: 8000
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - mountPath: /tmp
- name: tmp-volume
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 2001
- runAsUser: 1001
- volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
----
-
----
-
----
-
----
-
----
-
----
-
----