Skip to content

C
charts
Commit b35018ef by Guangbo Chen
Options

Bump k8s dashboard chart to v1.8.0

parent b83dfe9a
Showing with 311 additions and 18 deletions
charts/kubernetes-dashboard/v1.8.0/Chart.yaml
apiVersion: v1
name: kubernetes-dashboard name: kubernetes-dashboard
version: 1.2.0 version: 1.8.0
appVersion: 1.10.1 appVersion: 1.10.1
description: General-purpose web UI for Kubernetes clusters description: General-purpose web UI for Kubernetes clusters
keywords: keywords:
...@@ -13,4 +14,4 @@ maintainers: ...@@ -13,4 +14,4 @@ maintainers:
email: Kevin.Fox@pnnl.gov email: Kevin.Fox@pnnl.gov
- name: desaintmartin - name: desaintmartin
email: cdesaintmartin@wiremind.fr email: cdesaintmartin@wiremind.fr
icon: https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.svg icon: file://../logo.svg
charts/kubernetes-dashboard/v1.8.0/README.md
...@@ -16,9 +16,11 @@ The following table lists the configurable parameters of the kubernetes-dashboar ...@@ -16,9 +16,11 @@ The following table lists the configurable parameters of the kubernetes-dashboar
| `image.repository` | Repository for container image | `k8s.gcr.io/kubernetes-dashboard-amd64` | | `image.repository` | Repository for container image | `k8s.gcr.io/kubernetes-dashboard-amd64` |
| `image.tag` | Image tag | `v1.10.1` | | `image.tag` | Image tag | `v1.10.1` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Image pull secrets | `[]` |
| `annotations` | Annotations for deployment | `{}` | | `annotations` | Annotations for deployment | `{}` |
| `replicaCount` | Number of replicas | `1` | | `replicaCount` | Number of replicas | `1` |
| `extraArgs` | Additional container arguments | `[]` | | `extraArgs` | Additional container arguments | `[]` |
| `extraEnv` | Additional container environment variables | `[]` |
| `podAnnotations` | Annotations to be added to pods | {} | | `podAnnotations` | Annotations to be added to pods | {} |
| `nodeSelector` | node labels for pod assignment | `{}` | | `nodeSelector` | node labels for pod assignment | `{}` |
| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` | | `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` |
...@@ -27,6 +29,8 @@ The following table lists the configurable parameters of the kubernetes-dashboar ...@@ -27,6 +29,8 @@ The following table lists the configurable parameters of the kubernetes-dashboar
| `enableInsecureLogin` | Serve application over HTTP without TLS | `false` | | `enableInsecureLogin` | Serve application over HTTP without TLS | `false` |
| `service.externalPort` | Dashboard external port | 443 | | `service.externalPort` | Dashboard external port | 443 |
| `service.internalPort` | Dashboard internal port | 443 | | `service.internalPort` | Dashboard internal port | 443 |
| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | nil |
| `ingress.labels` | Add custom labels | `[]` |
| `ingress.annotations` | Specify ingress class | `kubernetes.io/ingress.class: nginx` | | `ingress.annotations` | Specify ingress class | `kubernetes.io/ingress.class: nginx` |
| `ingress.enabled` | Enable ingress controller resource | `false` | | `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.paths` | Paths to match against incoming requests. Both `/` and `/*` are required to work on gce ingress. | `[/]` | | `ingress.paths` | Paths to match against incoming requests. Both `/` and `/*` are required to work on gce ingress. | `[/]` |
...@@ -35,10 +39,16 @@ The following table lists the configurable parameters of the kubernetes-dashboar ...@@ -35,10 +39,16 @@ The following table lists the configurable parameters of the kubernetes-dashboar
| `resources` | Pod resource requests & limits | `limits: {cpu: 100m, memory: 100Mi}, requests: {cpu: 100m, memory: 100Mi}` | | `resources` | Pod resource requests & limits | `limits: {cpu: 100m, memory: 100Mi}, requests: {cpu: 100m, memory: 100Mi}` |
| `rbac.create` | Create & use RBAC resources | `true` | | `rbac.create` | Create & use RBAC resources | `true` |
| `rbac.clusterAdminRole` | "cluster-admin" ClusterRole will be used for dashboard ServiceAccount ([NOT RECOMMENDED](#access-control)) | `false` | | `rbac.clusterAdminRole` | "cluster-admin" ClusterRole will be used for dashboard ServiceAccount ([NOT RECOMMENDED](#access-control)) | `false` |
| `rbac.clusterReadOnlyRole` | If clusterAdminRole disabled, an additional role will be created with read only permissions to all resources listed inside. | `false` |
| `serviceAccount.create` | Whether a new service account name that the agent will use should be created. | `true` | | `serviceAccount.create` | Whether a new service account name that the agent will use should be created. | `true` |
| `serviceAccount.name` | Service account to be used. If not set and serviceAccount.create is `true` a name is generated using the fullname template. | | | `serviceAccount.name` | Service account to be used. If not set and serviceAccount.create is `true` a name is generated using the fullname template. | |
| `livenessProbe.initialDelaySeconds` | Number of seconds to wait before sending first probe | 30 | | `livenessProbe.initialDelaySeconds` | Number of seconds to wait before sending first probe | 30 |
| `livenessProbe.timeoutSeconds` | Number of seconds to wait for probe response | 30 | | `livenessProbe.timeoutSeconds` | Number of seconds to wait for probe response | 30 |
| `podDisruptionBudget.enabled` | Create a PodDisruptionBudget | `false` |
| `podDisruptionBudget.minAvailable` | Minimum available instances; ignored if there is no PodDisruptionBudget | |
| `podDisruptionBudget.maxUnavailable`| Maximum unavailable instances; ignored if there is no PodDisruptionBudget | |
| `securityContext` | Security context | `{}` |
| `networkPolicy` | Whether to create a network policy that allows access to the service | `false` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
...@@ -68,10 +78,10 @@ For this to reach the dashboard, the name of the service must be 'kubernetes-das ...@@ -68,10 +78,10 @@ For this to reach the dashboard, the name of the service must be 'kubernetes-das
fullnameOverride: 'kubernetes-dashboard' fullnameOverride: 'kubernetes-dashboard'
``` ```
### Ugrade from 0.x.x to 1.x.x ### Upgrade from 0.x.x to 1.x.x
Upgrade from 0.x.x version to 1.x.x version is seamless if you use default `ingress.path` value. If you have non-default `ingress.path` values with version 0.x.x, you need to add your custom path in `ingress.paths` list value as shown as examples in `values.yaml`. Upgrade from 0.x.x version to 1.x.x version is seamless if you use default `ingress.path` value. If you have non-default `ingress.path` values with version 0.x.x, you need to add your custom path in `ingress.paths` list value as shown as examples in `values.yaml`.
Notes: Notes:
- The proxy url changed please refer to the [usage section](#using-the-dashboard-with-kubectl-proxy') - The proxy url changed please refer to the [usage section](#using-the-dashboard-with-kubectl-proxy)
charts/kubernetes-dashboard/v1.8.0/questions.yml
rancher_version: v2.0.7 labels:
io.cattle.role: cluster # options are cluster/project
categories: categories:
- dashboard - dashboard
rancher_min_version: v2.0.7
namespace: kube-system namespace: kube-system
questions: questions:
- variable: defaultImage - variable: defaultImage
...@@ -12,7 +14,7 @@ questions: ...@@ -12,7 +14,7 @@ questions:
group: "Container Images" group: "Container Images"
subquestions: subquestions:
- variable: image.repository - variable: image.repository
default: "rancher/kubernetes-dashboard-amd64" default: "ranchercharts/kubernetes-dashboard-amd64"
description: "Docker image repository" description: "Docker image repository"
type: string type: string
label: Image Repository label: Image Repository
...@@ -22,7 +24,8 @@ questions: ...@@ -22,7 +24,8 @@ questions:
type: string type: string
label: Image Tag label: Image Tag
- variable: enableSkipLogin - variable: enableSkipLogin
default: false requred: true
default: true
description: "Enable possibility to skip login" description: "Enable possibility to skip login"
type: boolean type: boolean
label: "Enable Possibility To Skip Login" label: "Enable Possibility To Skip Login"
...@@ -32,3 +35,11 @@ questions: ...@@ -32,3 +35,11 @@ questions:
description: "IMPORTANT: Granting admin privileges to Dashboard's Service Account might be a security risk, makeing sure that you know what you are doing before proceeding." description: "IMPORTANT: Granting admin privileges to Dashboard's Service Account might be a security risk, makeing sure that you know what you are doing before proceeding."
type: boolean type: boolean
label: "Enable Dashboard Cluster Admin Role (NOT RECOMMENDED)" label: "Enable Dashboard Cluster Admin Role (NOT RECOMMENDED)"
show_subquestion_if: true
subquestions:
- variable: rbac.clusterReadOnlyRole
required: true
default: true
description: "Same as for clusterAdminRole, it is NOT RECOMMENDED to use this version in production. Instead you should review the role and remove all potentially sensitive parts such as access to persistentvolumes, pods/log etc"
type: boolean
label: "Set ReadOnly Mode of Cluster Admin Role"
charts/kubernetes-dashboard/v1.8.0/templates/NOTES.txt
...@@ -15,7 +15,7 @@ From outside the cluster, the server URL(s) are: ...@@ -15,7 +15,7 @@ From outside the cluster, the server URL(s) are:
{{- else if contains "NodePort" .Values.service.type }} {{- else if contains "NodePort" .Values.service.type }}
Get the Kubernetes Dashboard URL by running: Get the Kubernetes Dashboard URL by running:
export NODE_PORT=$(kubectl get -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "kubernetes-dashboard.fullname" . }}) export NODE_PORT=$(kubectl get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "kubernetes-dashboard.fullname" . }})
export NODE_IP=$(kubectl get nodes -o jsonpath="{.items[0].status.addresses[0].address}") export NODE_IP=$(kubectl get nodes -o jsonpath="{.items[0].status.addresses[0].address}")
{{- if .Values.enableInsecureLogin }} {{- if .Values.enableInsecureLogin }}
echo http://$NODE_IP:$NODE_PORT/ echo http://$NODE_IP:$NODE_PORT/
...@@ -26,10 +26,10 @@ Get the Kubernetes Dashboard URL by running: ...@@ -26,10 +26,10 @@ Get the Kubernetes Dashboard URL by running:
{{- else if contains "LoadBalancer" .Values.service.type }} {{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available. NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc -w {{ template "kubernetes-dashboard.fullname" . }}' Watch the status with: 'kubectl get svc -n {{ .Release.Namespace }} -w {{ template "kubernetes-dashboard.fullname" . }}'
Get the Kubernetes Dashboard URL by running: Get the Kubernetes Dashboard URL by running:
export SERVICE_IP=$(kubectl get svc {{ template "kubernetes-dashboard.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') export SERVICE_IP=$(kubectl get svc -n {{ .Release.Namespace }} {{ template "kubernetes-dashboard.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
{{- if .Values.enableInsecureLogin }} {{- if .Values.enableInsecureLogin }}
echo http://$SERVICE_IP/ echo http://$SERVICE_IP/
{{- else }} {{- else }}
......
charts/kubernetes-dashboard/v1.8.0/templates/clusterrole-readonly.yaml 0 → 100644
{{- if and .Values.rbac.create .Values.rbac.clusterReadOnlyRole (not .Values.rbac.clusterAdminRole) }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: {{ template "kubernetes-dashboard.name" . }}
chart: {{ template "kubernetes-dashboard.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: "{{ template "kubernetes-dashboard.fullname" . }}-readonly"
namespace: {{ .Release.Namespace }}
rules:
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- kubernetes-dashboard-key-holder
- {{ template "kubernetes-dashboard.fullname" . }}
verbs:
- get
- update
- delete
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- kubernetes-dashboard-settings
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- persistentvolumeclaims
- pods
- replicationcontrollers
- replicationcontrollers/scale
- serviceaccounts
- services
- nodes
- persistentvolumeclaims
- persistentvolumes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- bindings
- events
- limitranges
- namespaces/status
- pods/log
- pods/status
- replicationcontrollers/status
- resourcequotas
- resourcequotas/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- deployments/scale
- replicasets
- replicasets/scale
- statefulsets
verbs:
- get
- list
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- daemonsets
- deployments
- deployments/scale
- ingresses
- networkpolicies
- replicasets
- replicasets/scale
- replicationcontrollers/scale
verbs:
- get
- list
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
- volumeattachments
verbs:
- get
- list
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
verbs:
- get
- list
- watch
{{- end -}}
charts/kubernetes-dashboard/v1.8.0/templates/deployment.yaml
apiVersion: extensions/v1beta1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: {{ template "kubernetes-dashboard.fullname" . }} name: {{ template "kubernetes-dashboard.fullname" . }}
...@@ -22,6 +22,11 @@ spec: ...@@ -22,6 +22,11 @@ spec:
maxSurge: 0 maxSurge: 0
maxUnavailable: 1 maxUnavailable: 1
type: RollingUpdate type: RollingUpdate
selector:
matchLabels:
app: {{ template "kubernetes-dashboard.name" . }}
release: {{ .Release.Name }}
kubernetes.io/cluster-service: "true"
template: template:
metadata: metadata:
{{- if .Values.podAnnotations }} {{- if .Values.podAnnotations }}
...@@ -33,6 +38,10 @@ spec: ...@@ -33,6 +38,10 @@ spec:
release: {{ .Release.Name }} release: {{ .Release.Name }}
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
spec: spec:
{{- if .Values.securityContext }}
securityContext:
{{ toYaml .Values.securityContext | indent 8 }}
{{- end }}
serviceAccountName: {{ template "kubernetes-dashboard.serviceAccountName" . }} serviceAccountName: {{ template "kubernetes-dashboard.serviceAccountName" . }}
containers: containers:
- name: {{ .Chart.Name }} - name: {{ .Chart.Name }}
...@@ -50,6 +59,10 @@ spec: ...@@ -50,6 +59,10 @@ spec:
{{- if .Values.extraArgs }} {{- if .Values.extraArgs }}
{{ toYaml .Values.extraArgs | indent 10 }} {{ toYaml .Values.extraArgs | indent 10 }}
{{- end }} {{- end }}
{{- if .Values.extraEnv }}
env:
{{ toYaml .Values.extraEnv | indent 10 }}
{{- end }}
ports: ports:
{{- if .Values.enableInsecureLogin }} {{- if .Values.enableInsecureLogin }}
- name: http - name: http
...@@ -81,6 +94,12 @@ spec: ...@@ -81,6 +94,12 @@ spec:
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
resources: resources:
{{ toYaml .Values.resources | indent 10 }} {{ toYaml .Values.resources | indent 10 }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- if .Values.nodeSelector }} {{- if .Values.nodeSelector }}
nodeSelector: nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }} {{ toYaml .Values.nodeSelector | indent 8 }}
......
charts/kubernetes-dashboard/v1.8.0/templates/ingress.yaml
...@@ -11,6 +11,9 @@ metadata: ...@@ -11,6 +11,9 @@ metadata:
chart: {{ template "kubernetes-dashboard.chart" . }} chart: {{ template "kubernetes-dashboard.chart" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
{{- range $key, $value := .Values.ingress.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- if .Values.ingress.annotations }} {{- if .Values.ingress.annotations }}
annotations: annotations:
{{ toYaml .Values.ingress.annotations | indent 4 }} {{ toYaml .Values.ingress.annotations | indent 4 }}
......
charts/kubernetes-dashboard/v1.8.0/templates/networkpolicy.yaml 0 → 100644
{{- if .Values.networkPolicy -}}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ template "kubernetes-dashboard.fullname" . }}
labels:
app: {{ template "kubernetes-dashboard.name" . }}
chart: {{ template "kubernetes-dashboard.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
podSelector:
matchLabels:
app: {{ template "kubernetes-dashboard.name" . }}
release: {{ .Release.Name }}
ingress:
- ports:
- port: 9090
protocol: TCP
{{- end -}}
charts/kubernetes-dashboard/v1.8.0/templates/pdb.yaml 0 → 100644
{{- if .Values.podDisruptionBudget.enabled -}}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app: {{ template "kubernetes-dashboard.name" . }}
chart: {{ template "kubernetes-dashboard.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "kubernetes-dashboard.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- if .Values.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
{{- end }}
{{- if .Values.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
{{- end }}
selector:
matchLabels:
app: {{ template "kubernetes-dashboard.name" . }}
{{- end -}}
\ No newline at end of file
charts/kubernetes-dashboard/v1.8.0/templates/rolebinding.yaml
{{- if .Values.rbac.create }} {{- if .Values.rbac.create }}
{{- if .Values.rbac.clusterAdminRole }} {{- if or .Values.rbac.clusterAdminRole .Values.rbac.clusterReadOnlyRole }}
# Cluster role binding for clusterAdminRole == true # Cluster role binding for clusterAdminRole == true or clusterReadOnlyRole=true
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
...@@ -14,13 +14,17 @@ metadata: ...@@ -14,13 +14,17 @@ metadata:
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: cluster-admin name: {{ if .Values.rbac.clusterAdminRole -}}
cluster-admin
{{- else if .Values.rbac.clusterReadOnlyRole -}}
{{ template "kubernetes-dashboard.fullname" . }}-readonly
{{- end }}
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ template "kubernetes-dashboard.serviceAccountName" . }} name: {{ template "kubernetes-dashboard.serviceAccountName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
{{- else -}} {{- else -}}
# Role binding for clusterAdminRole == false # Role binding for clusterAdminRole == false and clusterReadOnlyRole=false
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
......
charts/kubernetes-dashboard/v1.8.0/templates/svc.yaml
...@@ -29,6 +29,10 @@ spec: ...@@ -29,6 +29,10 @@ spec:
{{- if hasKey .Values.service "nodePort" }} {{- if hasKey .Values.service "nodePort" }}
nodePort: {{ .Values.service.nodePort }} nodePort: {{ .Values.service.nodePort }}
{{- end }} {{- end }}
{{- if .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
selector: selector:
app: {{ template "kubernetes-dashboard.name" . }} app: {{ template "kubernetes-dashboard.name" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
charts/kubernetes-dashboard/v1.8.0/values.yaml
...@@ -5,9 +5,10 @@ ...@@ -5,9 +5,10 @@
image: image:
# repository: k8s.gcr.io/kubernetes-dashboard-amd64 # repository: k8s.gcr.io/kubernetes-dashboard-amd64
repository: rancher/kubernetes-dashboard-amd64 repository: ranchercharts/kubernetes-dashboard-amd64
tag: v1.10.1 tag: v1.10.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
pullSecrets: []
replicaCount: 1 replicaCount: 1
...@@ -16,7 +17,6 @@ annotations: {} ...@@ -16,7 +17,6 @@ annotations: {}
## Here labels can be added to the kubernetes dashboard deployment ## Here labels can be added to the kubernetes dashboard deployment
## ##
labels: {} labels: {}
# kubernetes.io/cluster-service: "true"
# kubernetes.io/name: "Kubernetes Dashboard" # kubernetes.io/name: "Kubernetes Dashboard"
...@@ -33,6 +33,12 @@ enableInsecureLogin: false ...@@ -33,6 +33,12 @@ enableInsecureLogin: false
# - --enable-insecure-login # - --enable-insecure-login
# - --system-banner="Welcome to Kubernetes" # - --system-banner="Welcome to Kubernetes"
## Additional container environment variables
##
extraEnv: []
# - name: SOME_VAR
# value: 'some value'
# Annotations to be added to kubernetes dashboard pods # Annotations to be added to kubernetes dashboard pods
podAnnotations: {} podAnnotations: {}
...@@ -62,6 +68,10 @@ service: ...@@ -62,6 +68,10 @@ service:
## ##
# nameOverride: # nameOverride:
# LoadBalancerSourcesRange is a list of allowed CIDR values, which are combined with ServicePort to
# set allowed inbound rules on the security group assigned to the master load balancer
# loadBalancerSourceRanges: []
## Kubernetes Dashboard Service annotations ## Kubernetes Dashboard Service annotations
## ##
## For GCE ingress, the following annotation is required: ## For GCE ingress, the following annotation is required:
...@@ -90,6 +100,9 @@ ingress: ...@@ -90,6 +100,9 @@ ingress:
## Kubernetes Dashboard Ingress annotations ## Kubernetes Dashboard Ingress annotations
## ##
## Add custom labels
# labels:
# key: value
# annotations: # annotations:
# kubernetes.io/ingress.class: nginx # kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: 'true' # kubernetes.io/tls-acme: 'true'
...@@ -129,6 +142,20 @@ rbac: ...@@ -129,6 +142,20 @@ rbac:
# ServiceAccount (NOT RECOMMENDED). # ServiceAccount (NOT RECOMMENDED).
clusterAdminRole: false clusterAdminRole: false
# Start in ReadOnly mode.
# Only dashboard-related Secrets and ConfigMaps will still be available for writing.
#
# Turn OFF clusterAdminRole to use clusterReadOnlyRole.
#
# The basic idea of the clusterReadOnlyRole comparing to the clusterAdminRole
# is not to hide all the secrets and sensitive data but more
# to avoid accidental changes in the cluster outside the standard CI/CD.
#
# Same as for clusterAdminRole, it is NOT RECOMMENDED to use this version in production.
# Instead you should review the role and remove all potentially sensitive parts such as
# access to persistentvolumes, pods/log etc.
clusterReadOnlyRole: false
serviceAccount: serviceAccount:
# Specifies whether a service account should be created # Specifies whether a service account should be created
create: true create: true
...@@ -141,3 +168,13 @@ livenessProbe: ...@@ -141,3 +168,13 @@ livenessProbe:
initialDelaySeconds: 30 initialDelaySeconds: 30
# Number of seconds to wait for probe response # Number of seconds to wait for probe response
timeoutSeconds: 30 timeoutSeconds: 30
podDisruptionBudget:
# https://kubernetes.io/docs/tasks/run-application/configure-pdb/
enabled: false
minAvailable:
maxUnavailable:
securityContext: {}
networkPolicy: false
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment