From 6bd89789c0771574b88903d787641f33a761ee8b Mon Sep 17 00:00:00 2001 From: Thomas Stromberg Date: Wed, 18 Sep 2019 17:23:42 -0700 Subject: [PATCH 1/6] Upgrade dashboard to 2.0.0b4 --- cmd/minikube/cmd/dashboard.go | 2 +- .../addons/dashboard/dashboard-dp.yaml.tmpl | 52 ------------------- .../addons/dashboard/dashboard-svc.yaml.tmpl | 31 ----------- pkg/minikube/assets/addons.go | 10 +--- pkg/minikube/constants/constants.go | 2 +- 5 files changed, 4 insertions(+), 93 deletions(-) delete mode 100644 deploy/addons/dashboard/dashboard-dp.yaml.tmpl delete mode 100644 deploy/addons/dashboard/dashboard-svc.yaml.tmpl diff --git a/cmd/minikube/cmd/dashboard.go b/cmd/minikube/cmd/dashboard.go index 1d1b3fe06c2c..4908e319f106 100644 --- a/cmd/minikube/cmd/dashboard.go +++ b/cmd/minikube/cmd/dashboard.go @@ -108,7 +108,7 @@ var dashboardCmd = &cobra.Command{ } } - ns := "kube-system" + ns := "kubernetes-dashboard" svc := "kubernetes-dashboard" out.ErrT(out.Verifying, "Verifying dashboard health ...") checkSVC := func() error { return service.CheckService(ns, svc) } diff --git a/deploy/addons/dashboard/dashboard-dp.yaml.tmpl b/deploy/addons/dashboard/dashboard-dp.yaml.tmpl deleted file mode 100644 index 6572f032d7db..000000000000 --- a/deploy/addons/dashboard/dashboard-dp.yaml.tmpl +++ /dev/null @@ -1,52 +0,0 @@ -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kubernetes-dashboard - namespace: kube-system - labels: - version: v1.10.1 - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/minikube-addons: dashboard -spec: - replicas: 1 - selector: - matchLabels: - app: kubernetes-dashboard - version: v1.10.1 - addonmanager.kubernetes.io/mode: Reconcile - template: - metadata: - labels: - app: kubernetes-dashboard - version: v1.10.1 - addonmanager.kubernetes.io/mode: Reconcile - spec: - containers: - - name: kubernetes-dashboard - image: {{default "k8s.gcr.io" .ImageRepository}}/kubernetes-dashboard-{{.Arch}}:v1.10.1 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 9090 - protocol: TCP - args: - - --disable-settings-authorizer - livenessProbe: - httpGet: - path: / - port: 9090 - initialDelaySeconds: 30 - timeoutSeconds: 30 diff --git a/deploy/addons/dashboard/dashboard-svc.yaml.tmpl b/deploy/addons/dashboard/dashboard-svc.yaml.tmpl deleted file mode 100644 index 04ccc0b932bc..000000000000 --- a/deploy/addons/dashboard/dashboard-svc.yaml.tmpl +++ /dev/null @@ -1,31 +0,0 @@ - -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: Service -apiVersion: v1 -metadata: - name: kubernetes-dashboard - namespace: kube-system - labels: - app: kubernetes-dashboard - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/minikube-addons: dashboard - kubernetes.io/minikube-addons-endpoint: dashboard -spec: - ports: - - port: 80 - targetPort: 9090 - selector: - app: kubernetes-dashboard diff --git a/pkg/minikube/assets/addons.go b/pkg/minikube/assets/addons.go index 47cd7eb5122b..9f45a531720f 100644 --- a/pkg/minikube/assets/addons.go +++ b/pkg/minikube/assets/addons.go @@ -77,15 +77,9 @@ var Addons = map[string]*Addon{ }, true, "addon-manager"), "dashboard": NewAddon([]*BinAsset{ MustBinAsset( - "deploy/addons/dashboard/dashboard-dp.yaml.tmpl", + "deploy/addons/dashboard/dashboard.yaml", constants.GuestAddonsDir, - "dashboard-dp.yaml", - "0640", - true), - MustBinAsset( - "deploy/addons/dashboard/dashboard-svc.yaml.tmpl", - constants.GuestAddonsDir, - "dashboard-svc.yaml", + "dashboard.yaml", "0640", false), }, false, "dashboard"), diff --git a/pkg/minikube/constants/constants.go b/pkg/minikube/constants/constants.go index 001cc6f92dcb..b85a92324c6d 100644 --- a/pkg/minikube/constants/constants.go +++ b/pkg/minikube/constants/constants.go @@ -347,7 +347,7 @@ func GetKubeadmCachedImages(imageRepository string, kubernetesVersionStr string) } images = append(images, []string{ - imageRepository + "kubernetes-dashboard" + ArchTag(true) + "v1.10.1", + "kubernetesui/dashboard:v2.0.0-beta4", imageRepository + "kube-addon-manager" + ArchTag(false) + "v9.0", minikubeRepository + "storage-provisioner" + ArchTag(false) + "v1.8.1", }...) From 0c484a5f92cee32102f1ed7fcdaf39fca5432b69 Mon Sep 17 00:00:00 2001 From: Thomas Stromberg Date: Wed, 18 Sep 2019 17:25:21 -0700 Subject: [PATCH 2/6] Add missing YAML file --- deploy/addons/dashboard/dashboard-alt.yaml | 295 +++++++++++++++++++++ deploy/addons/dashboard/dashboard.yaml | 295 +++++++++++++++++++++ 2 files changed, 590 insertions(+) create mode 100644 deploy/addons/dashboard/dashboard-alt.yaml create mode 100644 deploy/addons/dashboard/dashboard.yaml diff --git a/deploy/addons/dashboard/dashboard-alt.yaml b/deploy/addons/dashboard/dashboard-alt.yaml new file mode 100644 index 000000000000..f5d78f551157 --- /dev/null +++ b/deploy/addons/dashboard/dashboard-alt.yaml @@ -0,0 +1,295 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: kubernetes-dashboard + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +spec: + ports: + - port: 80 + targetPort: 9090 + selector: + k8s-app: kubernetes-dashboard + +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-certs + namespace: kubernetes-dashboard +type: Opaque + +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-csrf + namespace: kubernetes-dashboard +type: Opaque +data: + csrf: "" + +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-key-holder + namespace: kubernetes-dashboard +type: Opaque + +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-settings + namespace: kubernetes-dashboard + +--- + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +rules: + # Allow Dashboard to get, update and delete Dashboard exclusive secrets. + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] + verbs: ["get", "update", "delete"] + # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["kubernetes-dashboard-settings"] + verbs: ["get", "update"] + # Allow Dashboard to get metrics. + - apiGroups: [""] + resources: ["services"] + resourceNames: ["heapster", "dashboard-metrics-scraper"] + verbs: ["proxy"] + - apiGroups: [""] + resources: ["services/proxy"] + resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] + verbs: ["get"] + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard +rules: + # Allow Metrics Scraper to get metrics from the Metrics server + - apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list", "watch"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubernetes-dashboard +subjects: + - kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubernetes-dashboard + namespace: kubernetes-dashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubernetes-dashboard +subjects: + - kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +kind: Deployment +apiVersion: apps/v1beta2 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + k8s-app: kubernetes-dashboard + template: + metadata: + labels: + k8s-app: kubernetes-dashboard + spec: + containers: + - name: kubernetes-dashboard + image: kubernetesui/dashboard:v2.0.0-beta4 + ports: + - containerPort: 9090 + protocol: TCP + args: + - --namespace=kubernetes-dashboard + # Uncomment the following line to manually specify Kubernetes API server Host + # If not specified, Dashboard will attempt to auto discover the API server and connect + # to it. Uncomment only if the default does not work. + # - --apiserver-host=http://my-address:port + volumeMounts: + # Create on-disk volume to store exec logs + - mountPath: /tmp + name: tmp-volume + livenessProbe: + httpGet: + path: / + port: 9090 + initialDelaySeconds: 30 + timeoutSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 + volumes: + - name: tmp-volume + emptyDir: {} + serviceAccountName: kubernetes-dashboard + nodeSelector: + "beta.kubernetes.io/os": linux + # Comment the following tolerations if Dashboard must not be deployed on master + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + +--- + +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: dashboard-metrics-scraper + name: dashboard-metrics-scraper + namespace: kubernetes-dashboard +spec: + ports: + - port: 8000 + targetPort: 8000 + selector: + k8s-app: dashboard-metrics-scraper + +--- + +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + k8s-app: dashboard-metrics-scraper + name: dashboard-metrics-scraper + namespace: kubernetes-dashboard +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + k8s-app: dashboard-metrics-scraper + template: + metadata: + labels: + k8s-app: dashboard-metrics-scraper + annotations: + seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' + spec: + containers: + - name: dashboard-metrics-scraper + image: kubernetesui/metrics-scraper:v1.0.1 + ports: + - containerPort: 8000 + protocol: TCP + livenessProbe: + httpGet: + scheme: HTTP + path: / + port: 8000 + initialDelaySeconds: 30 + timeoutSeconds: 30 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 + serviceAccountName: kubernetes-dashboard + nodeSelector: + "beta.kubernetes.io/os": linux + # Comment the following tolerations if Dashboard must not be deployed on master + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + volumes: + - name: tmp-volume + emptyDir: {} diff --git a/deploy/addons/dashboard/dashboard.yaml b/deploy/addons/dashboard/dashboard.yaml new file mode 100644 index 000000000000..471037f74658 --- /dev/null +++ b/deploy/addons/dashboard/dashboard.yaml @@ -0,0 +1,295 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: kubernetes-dashboard + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +spec: + ports: + - port: 80 + targetPort: 9090 + selector: + k8s-app: kubernetes-dashboard + +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-certs + namespace: kubernetes-dashboard +type: Opaque + +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-csrf + namespace: kubernetes-dashboard +type: Opaque +data: + csrf: "" + +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-key-holder + namespace: kubernetes-dashboard +type: Opaque + +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-settings + namespace: kubernetes-dashboard + +--- + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +rules: + # Allow Dashboard to get, update and delete Dashboard exclusive secrets. + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] + verbs: ["get", "update", "delete"] + # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["kubernetes-dashboard-settings"] + verbs: ["get", "update"] + # Allow Dashboard to get metrics. + - apiGroups: [""] + resources: ["services"] + resourceNames: ["heapster", "dashboard-metrics-scraper"] + verbs: ["proxy"] + - apiGroups: [""] + resources: ["services/proxy"] + resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] + verbs: ["get"] + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard +rules: + # Allow Metrics Scraper to get metrics from the Metrics server + - apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list", "watch"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubernetes-dashboard +subjects: + - kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubernetes-dashboard + namespace: kubernetes-dashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubernetes-dashboard +subjects: + - kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + k8s-app: kubernetes-dashboard + template: + metadata: + labels: + k8s-app: kubernetes-dashboard + spec: + containers: + - name: kubernetes-dashboard + image: kubernetesui/dashboard:v2.0.0-beta4 + ports: + - containerPort: 9090 + protocol: TCP + args: + - --namespace=kubernetes-dashboard + # Uncomment the following line to manually specify Kubernetes API server Host + # If not specified, Dashboard will attempt to auto discover the API server and connect + # to it. Uncomment only if the default does not work. + # - --apiserver-host=http://my-address:port + volumeMounts: + # Create on-disk volume to store exec logs + - mountPath: /tmp + name: tmp-volume + livenessProbe: + httpGet: + path: / + port: 9090 + initialDelaySeconds: 30 + timeoutSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 + volumes: + - name: tmp-volume + emptyDir: {} + serviceAccountName: kubernetes-dashboard + nodeSelector: + "beta.kubernetes.io/os": linux + # Comment the following tolerations if Dashboard must not be deployed on master + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + +--- + +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: dashboard-metrics-scraper + name: dashboard-metrics-scraper + namespace: kubernetes-dashboard +spec: + ports: + - port: 8000 + targetPort: 8000 + selector: + k8s-app: dashboard-metrics-scraper + +--- + +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + k8s-app: dashboard-metrics-scraper + name: dashboard-metrics-scraper + namespace: kubernetes-dashboard +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + k8s-app: dashboard-metrics-scraper + template: + metadata: + labels: + k8s-app: dashboard-metrics-scraper + annotations: + seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' + spec: + containers: + - name: dashboard-metrics-scraper + image: kubernetesui/metrics-scraper:v1.0.1 + ports: + - containerPort: 8000 + protocol: TCP + livenessProbe: + httpGet: + scheme: HTTP + path: / + port: 8000 + initialDelaySeconds: 30 + timeoutSeconds: 30 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 + serviceAccountName: kubernetes-dashboard + nodeSelector: + "beta.kubernetes.io/os": linux + # Comment the following tolerations if Dashboard must not be deployed on master + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + volumes: + - name: tmp-volume + emptyDir: {} From ee5377558e6d54e7697d2cc2dba1147113baf133 Mon Sep 17 00:00:00 2001 From: Thomas Stromberg Date: Wed, 18 Sep 2019 17:25:40 -0700 Subject: [PATCH 3/6] Remove extra YAML file --- deploy/addons/dashboard/dashboard-alt.yaml | 295 --------------------- 1 file changed, 295 deletions(-) delete mode 100644 deploy/addons/dashboard/dashboard-alt.yaml diff --git a/deploy/addons/dashboard/dashboard-alt.yaml b/deploy/addons/dashboard/dashboard-alt.yaml deleted file mode 100644 index f5d78f551157..000000000000 --- a/deploy/addons/dashboard/dashboard-alt.yaml +++ /dev/null @@ -1,295 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Namespace -metadata: - name: kubernetes-dashboard - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard - ---- - -kind: Service -apiVersion: v1 -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard -spec: - ports: - - port: 80 - targetPort: 9090 - selector: - k8s-app: kubernetes-dashboard - ---- - -apiVersion: v1 -kind: Secret -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard-certs - namespace: kubernetes-dashboard -type: Opaque - ---- - -apiVersion: v1 -kind: Secret -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard-csrf - namespace: kubernetes-dashboard -type: Opaque -data: - csrf: "" - ---- - -apiVersion: v1 -kind: Secret -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard-key-holder - namespace: kubernetes-dashboard -type: Opaque - ---- - -kind: ConfigMap -apiVersion: v1 -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard-settings - namespace: kubernetes-dashboard - ---- - -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard -rules: - # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - - apiGroups: [""] - resources: ["secrets"] - resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] - verbs: ["get", "update", "delete"] - # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["kubernetes-dashboard-settings"] - verbs: ["get", "update"] - # Allow Dashboard to get metrics. - - apiGroups: [""] - resources: ["services"] - resourceNames: ["heapster", "dashboard-metrics-scraper"] - verbs: ["proxy"] - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] - verbs: ["get"] - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard -rules: - # Allow Metrics Scraper to get metrics from the Metrics server - - apiGroups: ["metrics.k8s.io"] - resources: ["pods", "nodes"] - verbs: ["get", "list", "watch"] - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubernetes-dashboard -subjects: - - kind: ServiceAccount - name: kubernetes-dashboard - namespace: kubernetes-dashboard - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubernetes-dashboard - namespace: kubernetes-dashboard -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubernetes-dashboard -subjects: - - kind: ServiceAccount - name: kubernetes-dashboard - namespace: kubernetes-dashboard - ---- - -kind: Deployment -apiVersion: apps/v1beta2 -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard -spec: - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - k8s-app: kubernetes-dashboard - template: - metadata: - labels: - k8s-app: kubernetes-dashboard - spec: - containers: - - name: kubernetes-dashboard - image: kubernetesui/dashboard:v2.0.0-beta4 - ports: - - containerPort: 9090 - protocol: TCP - args: - - --namespace=kubernetes-dashboard - # Uncomment the following line to manually specify Kubernetes API server Host - # If not specified, Dashboard will attempt to auto discover the API server and connect - # to it. Uncomment only if the default does not work. - # - --apiserver-host=http://my-address:port - volumeMounts: - # Create on-disk volume to store exec logs - - mountPath: /tmp - name: tmp-volume - livenessProbe: - httpGet: - path: / - port: 9090 - initialDelaySeconds: 30 - timeoutSeconds: 30 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsUser: 1001 - runAsGroup: 2001 - volumes: - - name: tmp-volume - emptyDir: {} - serviceAccountName: kubernetes-dashboard - nodeSelector: - "beta.kubernetes.io/os": linux - # Comment the following tolerations if Dashboard must not be deployed on master - tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - ---- - -kind: Service -apiVersion: v1 -metadata: - labels: - k8s-app: dashboard-metrics-scraper - name: dashboard-metrics-scraper - namespace: kubernetes-dashboard -spec: - ports: - - port: 8000 - targetPort: 8000 - selector: - k8s-app: dashboard-metrics-scraper - ---- - -kind: Deployment -apiVersion: apps/v1 -metadata: - labels: - k8s-app: dashboard-metrics-scraper - name: dashboard-metrics-scraper - namespace: kubernetes-dashboard -spec: - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - k8s-app: dashboard-metrics-scraper - template: - metadata: - labels: - k8s-app: dashboard-metrics-scraper - annotations: - seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' - spec: - containers: - - name: dashboard-metrics-scraper - image: kubernetesui/metrics-scraper:v1.0.1 - ports: - - containerPort: 8000 - protocol: TCP - livenessProbe: - httpGet: - scheme: HTTP - path: / - port: 8000 - initialDelaySeconds: 30 - timeoutSeconds: 30 - volumeMounts: - - mountPath: /tmp - name: tmp-volume - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsUser: 1001 - runAsGroup: 2001 - serviceAccountName: kubernetes-dashboard - nodeSelector: - "beta.kubernetes.io/os": linux - # Comment the following tolerations if Dashboard must not be deployed on master - tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - volumes: - - name: tmp-volume - emptyDir: {} From cf1444c4d52c7f875b8618692865205d3992dd40 Mon Sep 17 00:00:00 2001 From: Thomas Stromberg Date: Wed, 18 Sep 2019 18:01:46 -0700 Subject: [PATCH 4/6] Grant cluster-admin rights to dashboard --- deploy/addons/dashboard/dashboard.yaml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/deploy/addons/dashboard/dashboard.yaml b/deploy/addons/dashboard/dashboard.yaml index 471037f74658..75fb111ad4f5 100644 --- a/deploy/addons/dashboard/dashboard.yaml +++ b/deploy/addons/dashboard/dashboard.yaml @@ -156,15 +156,16 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard - namespace: kubernetes-dashboard + labels: + k8s-app: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: kubernetes-dashboard + name: cluster-admin subjects: - - kind: ServiceAccount - name: kubernetes-dashboard - namespace: kubernetes-dashboard +- kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard --- @@ -194,6 +195,8 @@ spec: protocol: TCP args: - --namespace=kubernetes-dashboard + - --enable-skip-login + - --disable-settings-authorizer # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. From 060028e2b6e058549103c1bb47177ecd8a0a8a92 Mon Sep 17 00:00:00 2001 From: Thomas Stromberg Date: Wed, 18 Sep 2019 21:41:05 -0700 Subject: [PATCH 5/6] Split and add reconcile tags --- .../dashboard/dashboard-clusterrole.yaml | 27 ++ .../dashboard-clusterrolebinding.yaml | 30 ++ .../addons/dashboard/dashboard-configmap.yaml | 24 ++ .../{dashboard.yaml => dashboard-dp.yaml} | 258 +++--------------- deploy/addons/dashboard/dashboard-ns.yaml | 21 ++ deploy/addons/dashboard/dashboard-role.yaml | 43 +++ .../dashboard/dashboard-rolebinding.yaml | 31 +++ deploy/addons/dashboard/dashboard-sa.yaml | 23 ++ deploy/addons/dashboard/dashboard-secret.yaml | 52 ++++ deploy/addons/dashboard/dashboard-svc.yaml | 48 ++++ 10 files changed, 343 insertions(+), 214 deletions(-) create mode 100644 deploy/addons/dashboard/dashboard-clusterrole.yaml create mode 100644 deploy/addons/dashboard/dashboard-clusterrolebinding.yaml create mode 100644 deploy/addons/dashboard/dashboard-configmap.yaml rename deploy/addons/dashboard/{dashboard.yaml => dashboard-dp.yaml} (52%) create mode 100644 deploy/addons/dashboard/dashboard-ns.yaml create mode 100644 deploy/addons/dashboard/dashboard-role.yaml create mode 100644 deploy/addons/dashboard/dashboard-rolebinding.yaml create mode 100644 deploy/addons/dashboard/dashboard-sa.yaml create mode 100644 deploy/addons/dashboard/dashboard-secret.yaml create mode 100644 deploy/addons/dashboard/dashboard-svc.yaml diff --git a/deploy/addons/dashboard/dashboard-clusterrole.yaml b/deploy/addons/dashboard/dashboard-clusterrole.yaml new file mode 100644 index 000000000000..2c527b0651d2 --- /dev/null +++ b/deploy/addons/dashboard/dashboard-clusterrole.yaml @@ -0,0 +1,27 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + kubernetes.io/minikube-addons: dashboard + addonmanager.kubernetes.io/mode: Reconcile + name: kubernetes-dashboard +rules: + # Allow Metrics Scraper to get metrics from the Metrics server + - apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list", "watch"] diff --git a/deploy/addons/dashboard/dashboard-clusterrolebinding.yaml b/deploy/addons/dashboard/dashboard-clusterrolebinding.yaml new file mode 100644 index 000000000000..007eba8f73af --- /dev/null +++ b/deploy/addons/dashboard/dashboard-clusterrolebinding.yaml @@ -0,0 +1,30 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubernetes-dashboard + labels: + k8s-app: kubernetes-dashboard + kubernetes.io/minikube-addons: dashboard + addonmanager.kubernetes.io/mode: Reconcile +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard diff --git a/deploy/addons/dashboard/dashboard-configmap.yaml b/deploy/addons/dashboard/dashboard-configmap.yaml new file mode 100644 index 000000000000..cbf80a903558 --- /dev/null +++ b/deploy/addons/dashboard/dashboard-configmap.yaml @@ -0,0 +1,24 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +kind: ConfigMap +apiVersion: v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + kubernetes.io/minikube-addons: dashboard + addonmanager.kubernetes.io/mode: Reconcile + name: kubernetes-dashboard-settings + namespace: kubernetes-dashboard \ No newline at end of file diff --git a/deploy/addons/dashboard/dashboard.yaml b/deploy/addons/dashboard/dashboard-dp.yaml similarity index 52% rename from deploy/addons/dashboard/dashboard.yaml rename to deploy/addons/dashboard/dashboard-dp.yaml index 75fb111ad4f5..375ca05548ca 100644 --- a/deploy/addons/dashboard/dashboard.yaml +++ b/deploy/addons/dashboard/dashboard-dp.yaml @@ -12,213 +12,49 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Namespace -metadata: - name: kubernetes-dashboard - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard - ---- - -kind: Service -apiVersion: v1 -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard -spec: - ports: - - port: 80 - targetPort: 9090 - selector: - k8s-app: kubernetes-dashboard - ---- - -apiVersion: v1 -kind: Secret -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard-certs - namespace: kubernetes-dashboard -type: Opaque - ---- - -apiVersion: v1 -kind: Secret -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard-csrf - namespace: kubernetes-dashboard -type: Opaque -data: - csrf: "" - ---- - -apiVersion: v1 -kind: Secret -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard-key-holder - namespace: kubernetes-dashboard -type: Opaque - ---- - -kind: ConfigMap -apiVersion: v1 -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard-settings - namespace: kubernetes-dashboard - ---- - -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard -rules: - # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - - apiGroups: [""] - resources: ["secrets"] - resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] - verbs: ["get", "update", "delete"] - # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["kubernetes-dashboard-settings"] - verbs: ["get", "update"] - # Allow Dashboard to get metrics. - - apiGroups: [""] - resources: ["services"] - resourceNames: ["heapster", "dashboard-metrics-scraper"] - verbs: ["proxy"] - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] - verbs: ["get"] - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard -rules: - # Allow Metrics Scraper to get metrics from the Metrics server - - apiGroups: ["metrics.k8s.io"] - resources: ["pods", "nodes"] - verbs: ["get", "list", "watch"] - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubernetes-dashboard -subjects: - - kind: ServiceAccount - name: kubernetes-dashboard - namespace: kubernetes-dashboard - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubernetes-dashboard - labels: - k8s-app: kubernetes-dashboard -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: kubernetes-dashboard - namespace: kubernetes-dashboard - ---- - kind: Deployment apiVersion: apps/v1 metadata: labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard + k8s-app: dashboard-metrics-scraper + kubernetes.io/minikube-addons: dashboard + addonmanager.kubernetes.io/mode: Reconcile + name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: - k8s-app: kubernetes-dashboard + k8s-app: dashboard-metrics-scraper template: metadata: labels: - k8s-app: kubernetes-dashboard + k8s-app: dashboard-metrics-scraper + annotations: + seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' spec: containers: - - name: kubernetes-dashboard - image: kubernetesui/dashboard:v2.0.0-beta4 + - name: dashboard-metrics-scraper + image: kubernetesui/metrics-scraper:v1.0.1 ports: - - containerPort: 9090 + - containerPort: 8000 protocol: TCP - args: - - --namespace=kubernetes-dashboard - - --enable-skip-login - - --disable-settings-authorizer - # Uncomment the following line to manually specify Kubernetes API server Host - # If not specified, Dashboard will attempt to auto discover the API server and connect - # to it. Uncomment only if the default does not work. - # - --apiserver-host=http://my-address:port - volumeMounts: - # Create on-disk volume to store exec logs - - mountPath: /tmp - name: tmp-volume livenessProbe: httpGet: + scheme: HTTP path: / - port: 9090 + port: 8000 initialDelaySeconds: 30 timeoutSeconds: 30 + volumeMounts: + - mountPath: /tmp + name: tmp-volume securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 - volumes: - - name: tmp-volume - emptyDir: {} serviceAccountName: kubernetes-dashboard nodeSelector: "beta.kubernetes.io/os": linux @@ -226,66 +62,63 @@ spec: tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule - ---- - -kind: Service -apiVersion: v1 -metadata: - labels: - k8s-app: dashboard-metrics-scraper - name: dashboard-metrics-scraper - namespace: kubernetes-dashboard -spec: - ports: - - port: 8000 - targetPort: 8000 - selector: - k8s-app: dashboard-metrics-scraper - + volumes: + - name: tmp-volume + emptyDir: {} --- kind: Deployment apiVersion: apps/v1 metadata: labels: - k8s-app: dashboard-metrics-scraper - name: dashboard-metrics-scraper + k8s-app: kubernetes-dashboard + kubernetes.io/minikube-addons: dashboard + addonmanager.kubernetes.io/mode: Reconcile + name: kubernetes-dashboard namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: - k8s-app: dashboard-metrics-scraper + k8s-app: kubernetes-dashboard template: metadata: labels: - k8s-app: dashboard-metrics-scraper - annotations: - seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' + k8s-app: kubernetes-dashboard spec: containers: - - name: dashboard-metrics-scraper - image: kubernetesui/metrics-scraper:v1.0.1 + - name: kubernetes-dashboard + image: kubernetesui/dashboard:v2.0.0-beta4 ports: - - containerPort: 8000 + - containerPort: 9090 protocol: TCP + args: + - --namespace=kubernetes-dashboard + - --enable-skip-login + - --disable-settings-authorizer + # Uncomment the following line to manually specify Kubernetes API server Host + # If not specified, Dashboard will attempt to auto discover the API server and connect + # to it. Uncomment only if the default does not work. + # - --apiserver-host=http://my-address:port + volumeMounts: + # Create on-disk volume to store exec logs + - mountPath: /tmp + name: tmp-volume livenessProbe: httpGet: - scheme: HTTP path: / - port: 8000 + port: 9090 initialDelaySeconds: 30 timeoutSeconds: 30 - volumeMounts: - - mountPath: /tmp - name: tmp-volume securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 + volumes: + - name: tmp-volume + emptyDir: {} serviceAccountName: kubernetes-dashboard nodeSelector: "beta.kubernetes.io/os": linux @@ -293,6 +126,3 @@ spec: tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule - volumes: - - name: tmp-volume - emptyDir: {} diff --git a/deploy/addons/dashboard/dashboard-ns.yaml b/deploy/addons/dashboard/dashboard-ns.yaml new file mode 100644 index 000000000000..70b258fdbab1 --- /dev/null +++ b/deploy/addons/dashboard/dashboard-ns.yaml @@ -0,0 +1,21 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: kubernetes-dashboard + labels: + kubernetes.io/minikube-addons: dashboard + addonmanager.kubernetes.io/mode: Reconcile \ No newline at end of file diff --git a/deploy/addons/dashboard/dashboard-role.yaml b/deploy/addons/dashboard/dashboard-role.yaml new file mode 100644 index 000000000000..73a8e0efeb01 --- /dev/null +++ b/deploy/addons/dashboard/dashboard-role.yaml @@ -0,0 +1,43 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + kubernetes.io/minikube-addons: dashboard + addonmanager.kubernetes.io/mode: Reconcile + name: kubernetes-dashboard + namespace: kubernetes-dashboard +rules: + # Allow Dashboard to get, update and delete Dashboard exclusive secrets. + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] + verbs: ["get", "update", "delete"] + # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["kubernetes-dashboard-settings"] + verbs: ["get", "update"] + # Allow Dashboard to get metrics. + - apiGroups: [""] + resources: ["services"] + resourceNames: ["heapster", "dashboard-metrics-scraper"] + verbs: ["proxy"] + - apiGroups: [""] + resources: ["services/proxy"] + resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] + verbs: ["get"] diff --git a/deploy/addons/dashboard/dashboard-rolebinding.yaml b/deploy/addons/dashboard/dashboard-rolebinding.yaml new file mode 100644 index 000000000000..7c0dfc2066a2 --- /dev/null +++ b/deploy/addons/dashboard/dashboard-rolebinding.yaml @@ -0,0 +1,31 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + k8s-app: kubernetes-dashboard + kubernetes.io/minikube-addons: dashboard + addonmanager.kubernetes.io/mode: Reconcile + name: kubernetes-dashboard + namespace: kubernetes-dashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubernetes-dashboard +subjects: + - kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard \ No newline at end of file diff --git a/deploy/addons/dashboard/dashboard-sa.yaml b/deploy/addons/dashboard/dashboard-sa.yaml new file mode 100644 index 000000000000..40cb4e0dfac6 --- /dev/null +++ b/deploy/addons/dashboard/dashboard-sa.yaml @@ -0,0 +1,23 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + k8s-app: kubernetes-dashboard + kubernetes.io/minikube-addons: dashboard + addonmanager.kubernetes.io/mode: Reconcile + name: kubernetes-dashboard + namespace: kubernetes-dashboard diff --git a/deploy/addons/dashboard/dashboard-secret.yaml b/deploy/addons/dashboard/dashboard-secret.yaml new file mode 100644 index 000000000000..3e2b877dd813 --- /dev/null +++ b/deploy/addons/dashboard/dashboard-secret.yaml @@ -0,0 +1,52 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + kubernetes.io/minikube-addons: dashboard + addonmanager.kubernetes.io/mode: Reconcile + name: kubernetes-dashboard-certs + namespace: kubernetes-dashboard +type: Opaque + +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + kubernetes.io/minikube-addons: dashboard + addonmanager.kubernetes.io/mode: Reconcile + name: kubernetes-dashboard-csrf + namespace: kubernetes-dashboard +type: Opaque +data: + csrf: "" + +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + kubernetes.io/minikube-addons: dashboard + addonmanager.kubernetes.io/mode: Reconcile + name: kubernetes-dashboard-key-holder + namespace: kubernetes-dashboard +type: Opaque diff --git a/deploy/addons/dashboard/dashboard-svc.yaml b/deploy/addons/dashboard/dashboard-svc.yaml new file mode 100644 index 000000000000..d34a0f6fe156 --- /dev/null +++ b/deploy/addons/dashboard/dashboard-svc.yaml @@ -0,0 +1,48 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + kubernetes.io/minikube-addons: dashboard + addonmanager.kubernetes.io/mode: Reconcile + name: kubernetes-dashboard + namespace: kubernetes-dashboard +spec: + ports: + - port: 80 + targetPort: 9090 + selector: + k8s-app: kubernetes-dashboard + +--- + +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: dashboard-metrics-scraper + kubernetes.io/minikube-addons: dashboard + addonmanager.kubernetes.io/mode: Reconcile + name: dashboard-metrics-scraper + namespace: kubernetes-dashboard +spec: + ports: + - port: 8000 + targetPort: 8000 + selector: + k8s-app: dashboard-metrics-scraper From b3c3ca55a558ae3bc724fe0f36f38a8b5c20ce67 Mon Sep 17 00:00:00 2001 From: Thomas Stromberg Date: Wed, 18 Sep 2019 21:42:18 -0700 Subject: [PATCH 6/6] Add new dashboard assets --- pkg/minikube/assets/addons.go | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/pkg/minikube/assets/addons.go b/pkg/minikube/assets/addons.go index 9f45a531720f..c954d8317aee 100644 --- a/pkg/minikube/assets/addons.go +++ b/pkg/minikube/assets/addons.go @@ -66,6 +66,7 @@ func (a *Addon) IsEnabled() (bool, error) { } // Addons is the list of addons +// TODO: Make dynamically loadable: move this data to a .yaml file within each addon directory var Addons = map[string]*Addon{ "addon-manager": NewAddon([]*BinAsset{ MustBinAsset( @@ -76,12 +77,16 @@ var Addons = map[string]*Addon{ true), }, true, "addon-manager"), "dashboard": NewAddon([]*BinAsset{ - MustBinAsset( - "deploy/addons/dashboard/dashboard.yaml", - constants.GuestAddonsDir, - "dashboard.yaml", - "0640", - false), + MustBinAsset("deploy/addons/dashboard/dashboard-clusterrole.yaml", constants.GuestAddonsDir, "dashboard-clusterrole.yaml", "0640", false), + MustBinAsset("deploy/addons/dashboard/dashboard-clusterrolebinding.yaml", constants.GuestAddonsDir, "dashboard-clusterrolebinding.yaml", "0640", false), + MustBinAsset("deploy/addons/dashboard/dashboard-configmap.yaml", constants.GuestAddonsDir, "dashboard-configmap.yaml", "0640", false), + MustBinAsset("deploy/addons/dashboard/dashboard-dp.yaml", constants.GuestAddonsDir, "dashboard-dp.yaml", "0640", false), + MustBinAsset("deploy/addons/dashboard/dashboard-ns.yaml", constants.GuestAddonsDir, "dashboard-ns.yaml", "0640", false), + MustBinAsset("deploy/addons/dashboard/dashboard-role.yaml", constants.GuestAddonsDir, "dashboard-role.yaml", "0640", false), + MustBinAsset("deploy/addons/dashboard/dashboard-rolebinding.yaml", constants.GuestAddonsDir, "dashboard-rolebinding.yaml", "0640", false), + MustBinAsset("deploy/addons/dashboard/dashboard-sa.yaml", constants.GuestAddonsDir, "dashboard-sa.yaml", "0640", false), + MustBinAsset("deploy/addons/dashboard/dashboard-secret.yaml", constants.GuestAddonsDir, "dashboard-secret.yaml", "0640", false), + MustBinAsset("deploy/addons/dashboard/dashboard-svc.yaml", constants.GuestAddonsDir, "dashboard-svc.yaml", "0640", false), }, false, "dashboard"), "default-storageclass": NewAddon([]*BinAsset{ MustBinAsset(