Skip to content

C
charts
Commit afae5525 by Guangbo Chen Committed by Guangbo
Options

bump k8s dashboard to v1.10.1

parent 3ccba0b4
Showing with 133 additions and 23 deletions
charts/kubernetes-dashboard/latest/.helmignore
......@@ -19,3 +19,4 @@
.project
.idea/
*.tmproj
OWNERS
charts/kubernetes-dashboard/latest/Chart.yaml
name: kubernetes-dashboard
version: 0.8.0
appVersion: 1.10.0
version: 1.2.0
appVersion: 1.10.1
description: General-purpose web UI for Kubernetes clusters
keywords:
- kubernetes
......@@ -11,4 +11,6 @@ sources:
maintainers:
- name: kfox1111
email: Kevin.Fox@pnnl.gov
- name: desaintmartin
email: cdesaintmartin@wiremind.fr
icon: https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.svg
charts/kubernetes-dashboard/latest/OWNERS 0 → 100644
approvers:
- kfox1111
- desaintmartin
reviewers:
- kfox1111
- desaintmartin
charts/kubernetes-dashboard/latest/README.md
......@@ -14,18 +14,22 @@ The following table lists the configurable parameters of the kubernetes-dashboar
| Parameter | Description | Default |
|-------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------|
| `image.repository` | Repository for container image | `k8s.gcr.io/kubernetes-dashboard-amd64` |
| `image.tag` | Image tag | `v1.10.0` |
| `image.tag` | Image tag | `v1.10.1` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `annotations` | Annotations for deployment | `{}` |
| `replicaCount` | Number of replicas | `1` |
| `extraArgs` | Additional container arguments | `[]` |
| `podAnnotations` | Annotations to be added to pods | {} |
| `nodeSelector` | node labels for pod assignment | `{}` |
| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` |
| `affinity` | Affinity for pod assignment | `[]` |
| `enableSkipLogin` | Enable possibility to skip login | `false` |
| `enableInsecureLogin` | Serve application over HTTP without TLS | `false` |
| `service.externalPort` | Dashboard external port | 443 |
| `service.internalPort` | Dashboard internal port | 443 |
| `ingress.annotations` | Specify ingress class | `kubernetes.io/ingress.class: nginx` |
| `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.path` | Path to match against incoming requests. Must begin with a '/' | `/` |
| `ingress.paths` | Paths to match against incoming requests. Both `/` and `/*` are required to work on gce ingress. | `[/]` |
| `ingress.hosts` | Dashboard Hostnames | `nil` |
| `ingress.tls` | Ingress TLS configuration | `[]` |
| `resources` | Pod resource requests & limits | `limits: {cpu: 100m, memory: 100Mi}, requests: {cpu: 100m, memory: 100Mi}` |
......@@ -39,21 +43,35 @@ The following table lists the configurable parameters of the kubernetes-dashboar
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
$ helm install stable/kubernetes-dashboard --name my-release \
helm install stable/kubernetes-dashboard --name my-release \
--set=service.externalPort=8080,resources.limits.cpu=200m
```
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
$ helm install stable/kubernetes-dashboard --name my-release -f values.yaml
helm install stable/kubernetes-dashboard --name my-release -f values.yaml
```
> **Tip**: You can use the default [values.yaml](values.yaml)
## Using the dashboard with 'kubectl proxy'
When running 'kubectl proxy', the address `localhost:8001/ui` automatically expands to `http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/`. For this to reach the dashboard, the name of the service must be 'kubernetes-dashboard', not any other value as set by Helm. You can manually specify this using the value 'fullnameOverride':
When running 'kubectl proxy', the address `localhost:8001/ui` automatically expands to:
- `http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:https/proxy/` or
- `http://localhost:8001/api/v1/namespaces/kube-system/services/http:kubernetes-dashboard:http/proxy/` if `enableInsecureLogin=true`
For this to reach the dashboard, the name of the service must be 'kubernetes-dashboard', not any other value as set by Helm. You can manually specify this using the value 'fullnameOverride':
```
fullnameOverride: 'kubernetes-dashboard'
```
### Ugrade from 0.x.x to 1.x.x
Upgrade from 0.x.x version to 1.x.x version is seamless if you use default `ingress.path` value. If you have non-default `ingress.path` values with version 0.x.x, you need to add your custom path in `ingress.paths` list value as shown as examples in `values.yaml`.
Notes:
- The proxy url changed please refer to the [usage section](#using-the-dashboard-with-kubectl-proxy')
charts/kubernetes-dashboard/latest/questions.yml
......@@ -12,18 +12,23 @@ questions:
group: "Container Images"
subquestions:
- variable: image.repository
default: "k8s.gcr.io/kubernetes-dashboard-amd64"
default: "rancher/kubernetes-dashboard-amd64"
description: "Docker image repository"
type: string
label: Image Repository
- variable: image.tag
default: "v1.10.0"
default: "v1.10.1"
description: "Docker image tag"
type: string
label: Image Tag
- variable: enableSkipLogin
default: false
description: "Enable possibility to skip login"
type: boolean
label: "Enable Possibility To Skip Login"
- variable: rbac.clusterAdminRole
required: true
default: false
description: "IMPORTANT: Granting admin privileges to Dashboard's Service Account might be a security risk, makeing sure that you know what you are doing before proceeding."
type: boolean
label: "IMPORTANT: Enable Dashboard Cluster Admin Role"
label: "Enable Dashboard Cluster Admin Role (NOT RECOMMENDED)"
charts/kubernetes-dashboard/latest/templates/NOTES.txt
......@@ -5,15 +5,23 @@
{{- if .Values.ingress.enabled }}
From outside the cluster, the server URL(s) are:
{{- range .Values.ingress.hosts }}
{{- if $.Values.enableInsecureLogin }}
http://{{ . }}
{{- else }}
https://{{ . }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
Get the Kubernetes Dashboard URL by running:
export NODE_PORT=$(kubectl get -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "kubernetes-dashboard.fullname" . }})
export NODE_IP=$(kubectl get nodes -o jsonpath="{.items[0].status.addresses[0].address}")
{{- if .Values.enableInsecureLogin }}
echo http://$NODE_IP:$NODE_PORT/
{{- else }}
echo https://$NODE_IP:$NODE_PORT/
{{- end }}
{{- else if contains "LoadBalancer" .Values.service.type }}
......@@ -22,11 +30,20 @@ Get the Kubernetes Dashboard URL by running:
Get the Kubernetes Dashboard URL by running:
export SERVICE_IP=$(kubectl get svc {{ template "kubernetes-dashboard.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
{{- if .Values.enableInsecureLogin }}
echo http://$SERVICE_IP/
{{- else }}
echo https://$SERVICE_IP/
{{- end }}
{{- else if contains "ClusterIP" .Values.service.type }}
Get the Kubernetes Dashboard URL by running:
export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "app={{ template "kubernetes-dashboard.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
{{- if .Values.enableInsecureLogin }}
echo http://127.0.0.1:9090/
kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 9090:9090
{{- else }}
echo https://127.0.0.1:8443/
kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 8443:8443
{{- end }}
{{- end }}
charts/kubernetes-dashboard/latest/templates/deployment.yaml
......@@ -2,6 +2,10 @@ apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: {{ template "kubernetes-dashboard.fullname" . }}
{{- if .Values.annotations }}
annotations:
{{ toYaml .Values.annotations | indent 4 }}
{{- end }}
labels:
app: {{ template "kubernetes-dashboard.name" . }}
chart: {{ template "kubernetes-dashboard.chart" . }}
......@@ -20,6 +24,10 @@ spec:
type: RollingUpdate
template:
metadata:
{{- if .Values.podAnnotations }}
annotations:
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
labels:
app: {{ template "kubernetes-dashboard.name" . }}
release: {{ .Release.Name }}
......@@ -31,14 +39,27 @@ spec:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
{{- if .Values.enableSkipLogin }}
- --enable-skip-login
{{- end }}
{{- if .Values.enableInsecureLogin }}
- --enable-insecure-login
{{- else }}
- --auto-generate-certificates
{{- end }}
{{- if .Values.extraArgs }}
{{ toYaml .Values.extraArgs | indent 10 }}
{{- end }}
ports:
{{- if .Values.enableInsecureLogin }}
- name: http
containerPort: 9090
protocol: TCP
{{- else }}
- name: https
containerPort: 8443
protocol: TCP
{{- end }}
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
......@@ -47,9 +68,15 @@ spec:
name: tmp-volume
livenessProbe:
httpGet:
{{- if .Values.enableInsecureLogin }}
scheme: HTTP
path: /
port: 9090
{{- else }}
scheme: HTTPS
path: /
port: 8443
{{- end }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
resources:
......
charts/kubernetes-dashboard/latest/templates/ingress.yaml
{{- if .Values.ingress.enabled -}}
{{- $serviceName := include "kubernetes-dashboard.fullname" . -}}
{{- $servicePort := .Values.service.externalPort -}}
{{- $path := .Values.ingress.path -}}
{{- $paths := .Values.ingress.paths -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
......@@ -22,19 +22,23 @@ spec:
- host: {{ $host }}
http:
paths:
- path: {{ $path }}
{{- range $p := $paths }}
- path: {{ $p }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
- path: {{ $path }}
{{- range $p := $paths }}
- path: {{ $p }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end -}}
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
......
charts/kubernetes-dashboard/latest/templates/svc.yaml
......@@ -18,10 +18,15 @@ metadata:
spec:
type: {{ .Values.service.type }}
ports:
- name: https
port: {{ .Values.service.externalPort }}
targetPort: https
{{- if .Values.service.nodePort }}
- port: {{ .Values.service.externalPort }}
{{- if .Values.enableInsecureLogin }}
targetPort: 9090
name: "http"
{{- else }}
targetPort: 8443
name: "https"
{{- end }}
{{- if hasKey .Values.service "nodePort" }}
nodePort: {{ .Values.service.nodePort }}
{{- end }}
selector:
......
charts/kubernetes-dashboard/latest/values.yaml
......@@ -4,24 +4,38 @@
# name: value
image:
repository: k8s.gcr.io/kubernetes-dashboard-amd64
tag: v1.10.0
# repository: k8s.gcr.io/kubernetes-dashboard-amd64
repository: rancher/kubernetes-dashboard-amd64
tag: v1.10.1
pullPolicy: IfNotPresent
replicaCount: 1
## Here annotations can be added to the kubernetes dashboard deployment
annotations: {}
## Here labels can be added to the kubernetes dashboard deployment
##
labels: {}
# kubernetes.io/cluster-service: "true"
# kubernetes.io/name: "Kubernetes Dashboard"
## Enable possibility to skip login
enableSkipLogin: false
## Serve application over HTTP without TLS
enableInsecureLogin: false
## Additional container arguments
##
# extraArgs:
# - --enable-skip-login
# - --enable-insecure-login
# - --system-banner="Welcome to Kubernetes"
# Annotations to be added to kubernetes dashboard pods
podAnnotations: {}
## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
......@@ -50,8 +64,11 @@ service:
## Kubernetes Dashboard Service annotations
##
## For GCE ingress, the following annotation is required:
## service.alpha.kubernetes.io/app-protocols: '{"https":"HTTPS"}' if enableInsecureLogin=false
## or
## service.alpha.kubernetes.io/app-protocols: '{"http":"HTTP"}' if enableInsecureLogin=true
annotations: {}
# foo.io/bar: "true"
## Here labels can be added to the Kubernetes Dashboard service
##
......@@ -75,12 +92,20 @@ ingress:
##
# annotations:
# kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/secure-backends: "true"
# kubernetes.io/tls-acme: 'true'
## If you plan to use TLS backend with enableInsecureLogin set to false
## (default), you need to uncomment the below.
## If you use ingress-nginx < 0.21.0
# nginx.ingress.kubernetes.io/secure-backends: "true"
## if you use ingress-nginx >= 0.21.0
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
## Kubernetes Dashboard Ingress path
## Kubernetes Dashboard Ingress paths
##
path: /
paths:
- /
# - /*
## Kubernetes Dashboard Ingress hostnames
## Must be provided if Ingress is enabled
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment