Skip to content

C
charts
Commit afae5525 by Guangbo Chen Committed by Guangbo
Options

bump k8s dashboard to v1.10.1

parent 3ccba0b4
Showing with 133 additions and 23 deletions
charts/kubernetes-dashboard/latest/.helmignore
...@@ -19,3 +19,4 @@ ...@@ -19,3 +19,4 @@
.project .project
.idea/ .idea/
*.tmproj *.tmproj
OWNERS
charts/kubernetes-dashboard/latest/Chart.yaml
name: kubernetes-dashboard name: kubernetes-dashboard
version: 0.8.0 version: 1.2.0
appVersion: 1.10.0 appVersion: 1.10.1
description: General-purpose web UI for Kubernetes clusters description: General-purpose web UI for Kubernetes clusters
keywords: keywords:
- kubernetes - kubernetes
...@@ -11,4 +11,6 @@ sources: ...@@ -11,4 +11,6 @@ sources:
maintainers: maintainers:
- name: kfox1111 - name: kfox1111
email: Kevin.Fox@pnnl.gov email: Kevin.Fox@pnnl.gov
- name: desaintmartin
email: cdesaintmartin@wiremind.fr
icon: https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.svg icon: https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.svg
charts/kubernetes-dashboard/latest/OWNERS 0 → 100644
approvers:
- kfox1111
- desaintmartin
reviewers:
- kfox1111
- desaintmartin
charts/kubernetes-dashboard/latest/README.md
...@@ -14,18 +14,22 @@ The following table lists the configurable parameters of the kubernetes-dashboar ...@@ -14,18 +14,22 @@ The following table lists the configurable parameters of the kubernetes-dashboar
| Parameter | Description | Default | | Parameter | Description | Default |
|-------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------| |-------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------|
| `image.repository` | Repository for container image | `k8s.gcr.io/kubernetes-dashboard-amd64` | | `image.repository` | Repository for container image | `k8s.gcr.io/kubernetes-dashboard-amd64` |
| `image.tag` | Image tag | `v1.10.0` | | `image.tag` | Image tag | `v1.10.1` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `annotations` | Annotations for deployment | `{}` |
| `replicaCount` | Number of replicas | `1` | | `replicaCount` | Number of replicas | `1` |
| `extraArgs` | Additional container arguments | `[]` | | `extraArgs` | Additional container arguments | `[]` |
| `podAnnotations` | Annotations to be added to pods | {} |
| `nodeSelector` | node labels for pod assignment | `{}` | | `nodeSelector` | node labels for pod assignment | `{}` |
| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` | | `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` |
| `affinity` | Affinity for pod assignment | `[]` | | `affinity` | Affinity for pod assignment | `[]` |
| `enableSkipLogin` | Enable possibility to skip login | `false` |
| `enableInsecureLogin` | Serve application over HTTP without TLS | `false` |
| `service.externalPort` | Dashboard external port | 443 | | `service.externalPort` | Dashboard external port | 443 |
| `service.internalPort` | Dashboard internal port | 443 | | `service.internalPort` | Dashboard internal port | 443 |
| `ingress.annotations` | Specify ingress class | `kubernetes.io/ingress.class: nginx` | | `ingress.annotations` | Specify ingress class | `kubernetes.io/ingress.class: nginx` |
| `ingress.enabled` | Enable ingress controller resource | `false` | | `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.path` | Path to match against incoming requests. Must begin with a '/' | `/` | | `ingress.paths` | Paths to match against incoming requests. Both `/` and `/*` are required to work on gce ingress. | `[/]` |
| `ingress.hosts` | Dashboard Hostnames | `nil` | | `ingress.hosts` | Dashboard Hostnames | `nil` |
| `ingress.tls` | Ingress TLS configuration | `[]` | | `ingress.tls` | Ingress TLS configuration | `[]` |
| `resources` | Pod resource requests & limits | `limits: {cpu: 100m, memory: 100Mi}, requests: {cpu: 100m, memory: 100Mi}` | | `resources` | Pod resource requests & limits | `limits: {cpu: 100m, memory: 100Mi}, requests: {cpu: 100m, memory: 100Mi}` |
...@@ -39,21 +43,35 @@ The following table lists the configurable parameters of the kubernetes-dashboar ...@@ -39,21 +43,35 @@ The following table lists the configurable parameters of the kubernetes-dashboar
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console ```console
$ helm install stable/kubernetes-dashboard --name my-release \ helm install stable/kubernetes-dashboard --name my-release \
--set=service.externalPort=8080,resources.limits.cpu=200m --set=service.externalPort=8080,resources.limits.cpu=200m
``` ```
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console ```console
$ helm install stable/kubernetes-dashboard --name my-release -f values.yaml helm install stable/kubernetes-dashboard --name my-release -f values.yaml
``` ```
> **Tip**: You can use the default [values.yaml](values.yaml) > **Tip**: You can use the default [values.yaml](values.yaml)
## Using the dashboard with 'kubectl proxy' ## Using the dashboard with 'kubectl proxy'
When running 'kubectl proxy', the address `localhost:8001/ui` automatically expands to `http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/`. For this to reach the dashboard, the name of the service must be 'kubernetes-dashboard', not any other value as set by Helm. You can manually specify this using the value 'fullnameOverride': When running 'kubectl proxy', the address `localhost:8001/ui` automatically expands to:
- `http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:https/proxy/` or
- `http://localhost:8001/api/v1/namespaces/kube-system/services/http:kubernetes-dashboard:http/proxy/` if `enableInsecureLogin=true`
For this to reach the dashboard, the name of the service must be 'kubernetes-dashboard', not any other value as set by Helm. You can manually specify this using the value 'fullnameOverride':
``` ```
fullnameOverride: 'kubernetes-dashboard' fullnameOverride: 'kubernetes-dashboard'
``` ```
### Ugrade from 0.x.x to 1.x.x
Upgrade from 0.x.x version to 1.x.x version is seamless if you use default `ingress.path` value. If you have non-default `ingress.path` values with version 0.x.x, you need to add your custom path in `ingress.paths` list value as shown as examples in `values.yaml`.
Notes:
- The proxy url changed please refer to the [usage section](#using-the-dashboard-with-kubectl-proxy')
charts/kubernetes-dashboard/latest/questions.yml
...@@ -12,18 +12,23 @@ questions: ...@@ -12,18 +12,23 @@ questions:
group: "Container Images" group: "Container Images"
subquestions: subquestions:
- variable: image.repository - variable: image.repository
default: "k8s.gcr.io/kubernetes-dashboard-amd64" default: "rancher/kubernetes-dashboard-amd64"
description: "Docker image repository" description: "Docker image repository"
type: string type: string
label: Image Repository label: Image Repository
- variable: image.tag - variable: image.tag
default: "v1.10.0" default: "v1.10.1"
description: "Docker image tag" description: "Docker image tag"
type: string type: string
label: Image Tag label: Image Tag
- variable: enableSkipLogin
default: false
description: "Enable possibility to skip login"
type: boolean
label: "Enable Possibility To Skip Login"
- variable: rbac.clusterAdminRole - variable: rbac.clusterAdminRole
required: true required: true
default: false default: false
description: "IMPORTANT: Granting admin privileges to Dashboard's Service Account might be a security risk, makeing sure that you know what you are doing before proceeding." description: "IMPORTANT: Granting admin privileges to Dashboard's Service Account might be a security risk, makeing sure that you know what you are doing before proceeding."
type: boolean type: boolean
label: "IMPORTANT: Enable Dashboard Cluster Admin Role" label: "Enable Dashboard Cluster Admin Role (NOT RECOMMENDED)"
charts/kubernetes-dashboard/latest/templates/NOTES.txt
...@@ -5,15 +5,23 @@ ...@@ -5,15 +5,23 @@
{{- if .Values.ingress.enabled }} {{- if .Values.ingress.enabled }}
From outside the cluster, the server URL(s) are: From outside the cluster, the server URL(s) are:
{{- range .Values.ingress.hosts }} {{- range .Values.ingress.hosts }}
{{- if $.Values.enableInsecureLogin }}
http://{{ . }}
{{- else }}
https://{{ . }} https://{{ . }}
{{- end }} {{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }} {{- else if contains "NodePort" .Values.service.type }}
Get the Kubernetes Dashboard URL by running: Get the Kubernetes Dashboard URL by running:
export NODE_PORT=$(kubectl get -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "kubernetes-dashboard.fullname" . }}) export NODE_PORT=$(kubectl get -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "kubernetes-dashboard.fullname" . }})
export NODE_IP=$(kubectl get nodes -o jsonpath="{.items[0].status.addresses[0].address}") export NODE_IP=$(kubectl get nodes -o jsonpath="{.items[0].status.addresses[0].address}")
{{- if .Values.enableInsecureLogin }}
echo http://$NODE_IP:$NODE_PORT/
{{- else }}
echo https://$NODE_IP:$NODE_PORT/ echo https://$NODE_IP:$NODE_PORT/
{{- end }}
{{- else if contains "LoadBalancer" .Values.service.type }} {{- else if contains "LoadBalancer" .Values.service.type }}
...@@ -22,11 +30,20 @@ Get the Kubernetes Dashboard URL by running: ...@@ -22,11 +30,20 @@ Get the Kubernetes Dashboard URL by running:
Get the Kubernetes Dashboard URL by running: Get the Kubernetes Dashboard URL by running:
export SERVICE_IP=$(kubectl get svc {{ template "kubernetes-dashboard.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') export SERVICE_IP=$(kubectl get svc {{ template "kubernetes-dashboard.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
{{- if .Values.enableInsecureLogin }}
echo http://$SERVICE_IP/
{{- else }}
echo https://$SERVICE_IP/ echo https://$SERVICE_IP/
{{- end }}
{{- else if contains "ClusterIP" .Values.service.type }} {{- else if contains "ClusterIP" .Values.service.type }}
Get the Kubernetes Dashboard URL by running: Get the Kubernetes Dashboard URL by running:
export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "app={{ template "kubernetes-dashboard.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "app={{ template "kubernetes-dashboard.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
{{- if .Values.enableInsecureLogin }}
echo http://127.0.0.1:9090/
kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 9090:9090
{{- else }}
echo https://127.0.0.1:8443/ echo https://127.0.0.1:8443/
kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 8443:8443 kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 8443:8443
{{- end }} {{- end }}
{{- end }}
charts/kubernetes-dashboard/latest/templates/deployment.yaml
...@@ -2,6 +2,10 @@ apiVersion: extensions/v1beta1 ...@@ -2,6 +2,10 @@ apiVersion: extensions/v1beta1
kind: Deployment kind: Deployment
metadata: metadata:
name: {{ template "kubernetes-dashboard.fullname" . }} name: {{ template "kubernetes-dashboard.fullname" . }}
{{- if .Values.annotations }}
annotations:
{{ toYaml .Values.annotations | indent 4 }}
{{- end }}
labels: labels:
app: {{ template "kubernetes-dashboard.name" . }} app: {{ template "kubernetes-dashboard.name" . }}
chart: {{ template "kubernetes-dashboard.chart" . }} chart: {{ template "kubernetes-dashboard.chart" . }}
...@@ -20,6 +24,10 @@ spec: ...@@ -20,6 +24,10 @@ spec:
type: RollingUpdate type: RollingUpdate
template: template:
metadata: metadata:
{{- if .Values.podAnnotations }}
annotations:
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
labels: labels:
app: {{ template "kubernetes-dashboard.name" . }} app: {{ template "kubernetes-dashboard.name" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
...@@ -31,14 +39,27 @@ spec: ...@@ -31,14 +39,27 @@ spec:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
args: args:
{{- if .Values.enableSkipLogin }}
- --enable-skip-login
{{- end }}
{{- if .Values.enableInsecureLogin }}
- --enable-insecure-login
{{- else }}
- --auto-generate-certificates - --auto-generate-certificates
{{- end }}
{{- if .Values.extraArgs }} {{- if .Values.extraArgs }}
{{ toYaml .Values.extraArgs | indent 10 }} {{ toYaml .Values.extraArgs | indent 10 }}
{{- end }} {{- end }}
ports: ports:
{{- if .Values.enableInsecureLogin }}
- name: http
containerPort: 9090
protocol: TCP
{{- else }}
- name: https - name: https
containerPort: 8443 containerPort: 8443
protocol: TCP protocol: TCP
{{- end }}
volumeMounts: volumeMounts:
- name: kubernetes-dashboard-certs - name: kubernetes-dashboard-certs
mountPath: /certs mountPath: /certs
...@@ -47,9 +68,15 @@ spec: ...@@ -47,9 +68,15 @@ spec:
name: tmp-volume name: tmp-volume
livenessProbe: livenessProbe:
httpGet: httpGet:
{{- if .Values.enableInsecureLogin }}
scheme: HTTP
path: /
port: 9090
{{- else }}
scheme: HTTPS scheme: HTTPS
path: / path: /
port: 8443 port: 8443
{{- end }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
resources: resources:
......
charts/kubernetes-dashboard/latest/templates/ingress.yaml
{{- if .Values.ingress.enabled -}} {{- if .Values.ingress.enabled -}}
{{- $serviceName := include "kubernetes-dashboard.fullname" . -}} {{- $serviceName := include "kubernetes-dashboard.fullname" . -}}
{{- $servicePort := .Values.service.externalPort -}} {{- $servicePort := .Values.service.externalPort -}}
{{- $path := .Values.ingress.path -}} {{- $paths := .Values.ingress.paths -}}
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
...@@ -22,19 +22,23 @@ spec: ...@@ -22,19 +22,23 @@ spec:
- host: {{ $host }} - host: {{ $host }}
http: http:
paths: paths:
- path: {{ $path }} {{- range $p := $paths }}
- path: {{ $p }}
backend: backend:
serviceName: {{ $serviceName }} serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }} servicePort: {{ $servicePort }}
{{- end -}} {{- end -}}
{{- end -}}
{{- else }} {{- else }}
- http: - http:
paths: paths:
- path: {{ $path }} {{- range $p := $paths }}
- path: {{ $p }}
backend: backend:
serviceName: {{ $serviceName }} serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }} servicePort: {{ $servicePort }}
{{- end -}} {{- end -}}
{{- end -}}
{{- if .Values.ingress.tls }} {{- if .Values.ingress.tls }}
tls: tls:
{{ toYaml .Values.ingress.tls | indent 4 }} {{ toYaml .Values.ingress.tls | indent 4 }}
......
charts/kubernetes-dashboard/latest/templates/svc.yaml
...@@ -18,10 +18,15 @@ metadata: ...@@ -18,10 +18,15 @@ metadata:
spec: spec:
type: {{ .Values.service.type }} type: {{ .Values.service.type }}
ports: ports:
- name: https - port: {{ .Values.service.externalPort }}
port: {{ .Values.service.externalPort }} {{- if .Values.enableInsecureLogin }}
targetPort: https targetPort: 9090
{{- if .Values.service.nodePort }} name: "http"
{{- else }}
targetPort: 8443
name: "https"
{{- end }}
{{- if hasKey .Values.service "nodePort" }}
nodePort: {{ .Values.service.nodePort }} nodePort: {{ .Values.service.nodePort }}
{{- end }} {{- end }}
selector: selector:
......
charts/kubernetes-dashboard/latest/values.yaml
...@@ -4,24 +4,38 @@ ...@@ -4,24 +4,38 @@
# name: value # name: value
image: image:
repository: k8s.gcr.io/kubernetes-dashboard-amd64 # repository: k8s.gcr.io/kubernetes-dashboard-amd64
tag: v1.10.0 repository: rancher/kubernetes-dashboard-amd64
tag: v1.10.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
replicaCount: 1 replicaCount: 1
## Here annotations can be added to the kubernetes dashboard deployment
annotations: {}
## Here labels can be added to the kubernetes dashboard deployment ## Here labels can be added to the kubernetes dashboard deployment
## ##
labels: {} labels: {}
# kubernetes.io/cluster-service: "true" # kubernetes.io/cluster-service: "true"
# kubernetes.io/name: "Kubernetes Dashboard" # kubernetes.io/name: "Kubernetes Dashboard"
## Enable possibility to skip login
enableSkipLogin: false
## Serve application over HTTP without TLS
enableInsecureLogin: false
## Additional container arguments ## Additional container arguments
## ##
# extraArgs: # extraArgs:
# - --enable-skip-login
# - --enable-insecure-login # - --enable-insecure-login
# - --system-banner="Welcome to Kubernetes" # - --system-banner="Welcome to Kubernetes"
# Annotations to be added to kubernetes dashboard pods
podAnnotations: {}
## Node labels for pod assignment ## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
## ##
...@@ -50,8 +64,11 @@ service: ...@@ -50,8 +64,11 @@ service:
## Kubernetes Dashboard Service annotations ## Kubernetes Dashboard Service annotations
## ##
## For GCE ingress, the following annotation is required:
## service.alpha.kubernetes.io/app-protocols: '{"https":"HTTPS"}' if enableInsecureLogin=false
## or
## service.alpha.kubernetes.io/app-protocols: '{"http":"HTTP"}' if enableInsecureLogin=true
annotations: {} annotations: {}
# foo.io/bar: "true"
## Here labels can be added to the Kubernetes Dashboard service ## Here labels can be added to the Kubernetes Dashboard service
## ##
...@@ -75,12 +92,20 @@ ingress: ...@@ -75,12 +92,20 @@ ingress:
## ##
# annotations: # annotations:
# kubernetes.io/ingress.class: nginx # kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/secure-backends: "true"
# kubernetes.io/tls-acme: 'true' # kubernetes.io/tls-acme: 'true'
## If you plan to use TLS backend with enableInsecureLogin set to false
## (default), you need to uncomment the below.
## If you use ingress-nginx < 0.21.0
# nginx.ingress.kubernetes.io/secure-backends: "true"
## if you use ingress-nginx >= 0.21.0
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
## Kubernetes Dashboard Ingress path ## Kubernetes Dashboard Ingress paths
## ##
path: / paths:
- /
# - /*
## Kubernetes Dashboard Ingress hostnames ## Kubernetes Dashboard Ingress hostnames
## Must be provided if Ingress is enabled ## Must be provided if Ingress is enabled
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment