--- # Source: kubernetes-dashboard/charts/kong/templates/service-account.yaml apiVersion: v1 kind: ServiceAccount metadata: name: kubernetes-dashboard-kong namespace: kube-system labels: app.kubernetes.io/name: kong helm.sh/chart: kong-2.46.0 app.kubernetes.io/instance: "kubernetes-dashboard" app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/version: "3.8" --- # Source: kubernetes-dashboard/templates/rbac/api/serviceaccount.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ServiceAccount metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard namespace: kube-system name: kubernetes-dashboard-api --- # Source: kubernetes-dashboard/templates/rbac/metrics-scraper/serviceaccount.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ServiceAccount metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard namespace: kube-system name: kubernetes-dashboard-metrics-scraper --- # Source: kubernetes-dashboard/templates/rbac/web/serviceaccount.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ServiceAccount metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard namespace: kube-system name: kubernetes-dashboard-web --- # Source: kubernetes-dashboard/templates/secrets/csrf.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: Secret metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard namespace: kube-system name: kubernetes-dashboard-csrf data: private.key: "QlB1S0ZHTEIvcW53emNUYmxpNU16dnhVc0ZVWTh0NDQrSGRyUEpUN2dKMnZmM2I2eGwzWTdxRlBBK0p0RlNVSUFSazV1ZGxiSUE0REMzRmdGbjI0ZENLaSthMTBnZjZEZTA3R3Y2K1o5T2RtRmtDdDQ5aUc3QzdRekNTTGQvS05kaDFvRzYvakVLRUt1Y3o4ZGhqZkJHRE9aQVRaK0RnQlluVGV3VExDUldTWFU1OXpkK09ORU16U3NGS3RVM2ZvbFpFdGVkTEI3bndLWWhGeGJZaGZxa2s1Q2xpb1MrNGlybDkvQ1lodCtXeTROK3JURnVQbkhKeU5UNzl5VXUxOHdFUktZeGdjS3hHUGpLTWhtc1ZwZlkxK1o5dzRrWkNIU2pSQUxDYUdlU3JWYWRYaytwbkJOUkNPZEV2Wmo3VEk2Q0FKamJvOC90ak9KbURSVmU3U1FnPT0=" --- # Source: kubernetes-dashboard/templates/config/gateway.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ConfigMap metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard namespace: kube-system name: kong-dbless-config data: kong.yml: | _format_version: "3.0" services: - name: auth host: kubernetes-dashboard-auth port: 8000 protocol: http routes: - name: authLogin paths: - /api/v1/login strip_path: false - name: authCsrf paths: - /api/v1/csrftoken/login strip_path: false - name: authMe paths: - /api/v1/me strip_path: false - name: api host: kubernetes-dashboard-api port: 8000 protocol: http routes: - name: api paths: - /api strip_path: false - name: metrics paths: - /metrics strip_path: false - name: web host: kubernetes-dashboard-web port: 8000 protocol: http routes: - name: root paths: - / strip_path: false --- # Source: kubernetes-dashboard/templates/config/settings.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ConfigMap metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard namespace: kube-system name: kubernetes-dashboard-web-settings data: --- # Source: kubernetes-dashboard/templates/rbac/metrics-scraper/clusterrole.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard name: kubernetes-dashboard-metrics-scraper rules: # Allow Metrics Scraper to get metrics from the Metrics server - apiGroups: [ "metrics.k8s.io" ] resources: [ "pods", "nodes" ] verbs: [ "get", "list", "watch" ] --- # Source: kubernetes-dashboard/templates/rbac/metrics-scraper/clusterrolebinding.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard name: kubernetes-dashboard-metrics-scraper roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubernetes-dashboard-metrics-scraper subjects: - kind: ServiceAccount name: kubernetes-dashboard-metrics-scraper namespace: kube-system --- # Source: kubernetes-dashboard/templates/rbac/api/role.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard namespace: kube-system name: kubernetes-dashboard-api rules: # Allow Dashboard API to get metrics from metrics-scraper. - apiGroups: [ "" ] resources: [ "services/proxy" ] resourceNames: [ "kubernetes-dashboard-metrics-scraper", "http:kubernetes-dashboard-metrics-scraper" ] verbs: [ "get" ] --- # Source: kubernetes-dashboard/templates/rbac/web/role.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard namespace: kube-system name: kubernetes-dashboard-web rules: # Allow Dashboard Web to get and update 'kubernetes-dashboard-settings' config map. - apiGroups: [ "" ] resources: [ "configmaps" ] resourceNames: [ "kubernetes-dashboard-web-settings" ] verbs: [ "get", "update" ] --- # Source: kubernetes-dashboard/templates/rbac/api/rolebinding.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard namespace: kube-system name: kubernetes-dashboard-api roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard-api subjects: - kind: ServiceAccount name: kubernetes-dashboard-api --- # Source: kubernetes-dashboard/templates/rbac/web/rolebinding.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard namespace: kube-system name: kubernetes-dashboard-web roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard-web subjects: - kind: ServiceAccount name: kubernetes-dashboard-web --- # Source: kubernetes-dashboard/charts/kong/templates/service-kong-proxy.yaml apiVersion: v1 kind: Service metadata: name: kubernetes-dashboard-kong-proxy namespace: kube-system labels: app.kubernetes.io/name: kong helm.sh/chart: kong-2.46.0 app.kubernetes.io/instance: "kubernetes-dashboard" app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/version: "3.8" enable-metrics: "true" spec: type: ClusterIP ports: - name: kong-proxy-tls port: 443 targetPort: 8443 protocol: TCP selector: app.kubernetes.io/name: kong app.kubernetes.io/component: app app.kubernetes.io/instance: "kubernetes-dashboard" --- # Source: kubernetes-dashboard/templates/services/api.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. kind: Service apiVersion: v1 metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-api app.kubernetes.io/version: 1.13.0 app.kubernetes.io/component: api namespace: kube-system name: kubernetes-dashboard-api spec: type: ClusterIP ports: - name: api port: 8000 protocol: TCP selector: app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-api --- # Source: kubernetes-dashboard/templates/services/auth.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. kind: Service apiVersion: v1 metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-auth app.kubernetes.io/version: 1.3.0 app.kubernetes.io/component: auth namespace: kube-system name: kubernetes-dashboard-auth spec: type: ClusterIP ports: - name: auth port: 8000 protocol: TCP selector: app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-auth --- # Source: kubernetes-dashboard/templates/services/metrics-scraper.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. kind: Service apiVersion: v1 metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper app.kubernetes.io/version: 1.2.2 app.kubernetes.io/component: metrics-scraper namespace: kube-system name: kubernetes-dashboard-metrics-scraper spec: type: ClusterIP ports: # Name is intentionally not used here as it breaks the connection between API <-> Scraper # Named ports have an issue when trying to connect through in-cluster service proxy. - port: 8000 protocol: TCP selector: app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper --- # Source: kubernetes-dashboard/templates/services/web.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. kind: Service apiVersion: v1 metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-web app.kubernetes.io/version: 1.7.0 app.kubernetes.io/component: web namespace: kube-system name: kubernetes-dashboard-web spec: type: ClusterIP ports: - name: web port: 8000 protocol: TCP selector: app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-web --- # Source: kubernetes-dashboard/charts/kong/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: kubernetes-dashboard-kong namespace: kube-system labels: app.kubernetes.io/name: kong helm.sh/chart: kong-2.46.0 app.kubernetes.io/instance: "kubernetes-dashboard" app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/version: "3.8" app.kubernetes.io/component: app spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/name: kong app.kubernetes.io/component: app app.kubernetes.io/instance: "kubernetes-dashboard" template: metadata: annotations: kuma.io/service-account-token-volume: kubernetes-dashboard-kong-token kuma.io/gateway: "enabled" traffic.sidecar.istio.io/includeInboundPorts: "" labels: app.kubernetes.io/name: kong helm.sh/chart: kong-2.46.0 app.kubernetes.io/instance: "kubernetes-dashboard" app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/version: "3.8" app.kubernetes.io/component: app app: kubernetes-dashboard-kong version: "3.8" spec: serviceAccountName: kubernetes-dashboard-kong automountServiceAccountToken: false initContainers: - name: clear-stale-pid image: kong:3.8 imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault resources: {} command: - "rm" - "-vrf" - "$KONG_PREFIX/pids" env: - name: KONG_ADMIN_ACCESS_LOG value: "/dev/stdout" - name: KONG_ADMIN_ERROR_LOG value: "/dev/stderr" - name: KONG_ADMIN_GUI_ACCESS_LOG value: "/dev/stdout" - name: KONG_ADMIN_GUI_ERROR_LOG value: "/dev/stderr" - name: KONG_ADMIN_LISTEN value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl" - name: KONG_CLUSTER_LISTEN value: "off" - name: KONG_DATABASE value: "off" - name: KONG_DECLARATIVE_CONFIG value: "/kong_dbless/kong.yml" - name: KONG_DNS_ORDER value: "LAST,A,CNAME,AAAA,SRV" - name: KONG_LUA_PACKAGE_PATH value: "/opt/?.lua;/opt/?/init.lua;;" - name: KONG_NGINX_WORKER_PROCESSES value: "1" - name: KONG_PLUGINS value: "off" - name: KONG_PORTAL_API_ACCESS_LOG value: "/dev/stdout" - name: KONG_PORTAL_API_ERROR_LOG value: "/dev/stderr" - name: KONG_PORT_MAPS value: "443:8443" - name: KONG_PREFIX value: "/kong_prefix/" - name: KONG_PROXY_ACCESS_LOG value: "/dev/stdout" - name: KONG_PROXY_ERROR_LOG value: "/dev/stderr" - name: KONG_PROXY_LISTEN value: "0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl" - name: KONG_PROXY_STREAM_ACCESS_LOG value: "/dev/stdout basic" - name: KONG_PROXY_STREAM_ERROR_LOG value: "/dev/stderr" - name: KONG_ROUTER_FLAVOR value: "traditional" - name: KONG_STATUS_ACCESS_LOG value: "off" - name: KONG_STATUS_ERROR_LOG value: "/dev/stderr" - name: KONG_STATUS_LISTEN value: "0.0.0.0:8100, [::]:8100" - name: KONG_STREAM_LISTEN value: "off" volumeMounts: - name: kubernetes-dashboard-kong-prefix-dir mountPath: /kong_prefix/ - name: kubernetes-dashboard-kong-tmp mountPath: /tmp - name: kong-custom-dbless-config-volume mountPath: /kong_dbless/ containers: - name: "proxy" image: kong:3.8 imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault env: - name: KONG_ADMIN_ACCESS_LOG value: "/dev/stdout" - name: KONG_ADMIN_ERROR_LOG value: "/dev/stderr" - name: KONG_ADMIN_GUI_ACCESS_LOG value: "/dev/stdout" - name: KONG_ADMIN_GUI_ERROR_LOG value: "/dev/stderr" - name: KONG_ADMIN_LISTEN value: "127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl" - name: KONG_CLUSTER_LISTEN value: "off" - name: KONG_DATABASE value: "off" - name: KONG_DECLARATIVE_CONFIG value: "/kong_dbless/kong.yml" - name: KONG_DNS_ORDER value: "LAST,A,CNAME,AAAA,SRV" - name: KONG_LUA_PACKAGE_PATH value: "/opt/?.lua;/opt/?/init.lua;;" - name: KONG_NGINX_WORKER_PROCESSES value: "1" - name: KONG_PLUGINS value: "off" - name: KONG_PORTAL_API_ACCESS_LOG value: "/dev/stdout" - name: KONG_PORTAL_API_ERROR_LOG value: "/dev/stderr" - name: KONG_PORT_MAPS value: "443:8443" - name: KONG_PREFIX value: "/kong_prefix/" - name: KONG_PROXY_ACCESS_LOG value: "/dev/stdout" - name: KONG_PROXY_ERROR_LOG value: "/dev/stderr" - name: KONG_PROXY_LISTEN value: "0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl" - name: KONG_PROXY_STREAM_ACCESS_LOG value: "/dev/stdout basic" - name: KONG_PROXY_STREAM_ERROR_LOG value: "/dev/stderr" - name: KONG_ROUTER_FLAVOR value: "traditional" - name: KONG_STATUS_ACCESS_LOG value: "off" - name: KONG_STATUS_ERROR_LOG value: "/dev/stderr" - name: KONG_STATUS_LISTEN value: "0.0.0.0:8100, [::]:8100" - name: KONG_STREAM_LISTEN value: "off" - name: KONG_NGINX_DAEMON value: "off" lifecycle: preStop: exec: command: - kong - quit - --wait=15 ports: - name: proxy-tls containerPort: 8443 protocol: TCP - name: status containerPort: 8100 protocol: TCP volumeMounts: - name: kubernetes-dashboard-kong-prefix-dir mountPath: /kong_prefix/ - name: kubernetes-dashboard-kong-tmp mountPath: /tmp - name: kong-custom-dbless-config-volume mountPath: /kong_dbless/ readinessProbe: failureThreshold: 3 httpGet: path: /status/ready port: status scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 livenessProbe: failureThreshold: 3 httpGet: path: /status port: status scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: {} securityContext: {} terminationGracePeriodSeconds: 30 volumes: - name: kubernetes-dashboard-kong-prefix-dir emptyDir: sizeLimit: 256Mi - name: kubernetes-dashboard-kong-tmp emptyDir: sizeLimit: 1Gi - name: kubernetes-dashboard-kong-token projected: sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace - name: kong-custom-dbless-config-volume configMap: name: kong-dbless-config --- # Source: kubernetes-dashboard/templates/deployments/api.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. kind: Deployment apiVersion: apps/v1 metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-api app.kubernetes.io/version: 1.13.0 app.kubernetes.io/component: api namespace: kube-system name: kubernetes-dashboard-api spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-api template: metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-api app.kubernetes.io/version: 1.13.0 app.kubernetes.io/component: api annotations: checksum/config: 13efa95070d54d0c131cd2913fa3156f0b16e97ff2c0b3cc6287930ef2b4fd4e spec: containers: - name: kubernetes-dashboard-api image: "docker.io/kubernetesui/dashboard-api:1.13.0" imagePullPolicy: IfNotPresent args: - --namespace=kube-system - --metrics-scraper-service-name=kubernetes-dashboard-metrics-scraper env: - name: CSRF_KEY valueFrom: secretKeyRef: name: kubernetes-dashboard-csrf key: private.key - name: GOMAXPROCS valueFrom: resourceFieldRef: resource: limits.cpu divisor: "1" - name: GOMEMLIMIT valueFrom: resourceFieldRef: resource: limits.memory divisor: "1" ports: - containerPort: 8000 name: api protocol: TCP volumeMounts: - mountPath: /tmp name: tmp-volume securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 2001 runAsUser: 1001 resources: limits: cpu: 250m memory: 400Mi requests: cpu: 100m memory: 200Mi automountServiceAccountToken: true securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault volumes: - emptyDir: {} name: tmp-volume serviceAccountName: kubernetes-dashboard-api --- # Source: kubernetes-dashboard/templates/deployments/auth.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. kind: Deployment apiVersion: apps/v1 metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-auth app.kubernetes.io/version: 1.13.0 app.kubernetes.io/component: auth namespace: kube-system name: kubernetes-dashboard-auth spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-auth template: metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-auth app.kubernetes.io/version: 1.3.0 app.kubernetes.io/component: auth annotations: checksum/config: 2565e7fbe96533bcb4fda0b38425014e3847adaa9844b4d6bb64cf8007269886 spec: containers: - name: kubernetes-dashboard-auth image: "docker.io/kubernetesui/dashboard-auth:1.3.0" imagePullPolicy: IfNotPresent args: env: - name: CSRF_KEY valueFrom: secretKeyRef: name: kubernetes-dashboard-csrf key: private.key - name: GOMAXPROCS valueFrom: resourceFieldRef: resource: limits.cpu divisor: "1" - name: GOMEMLIMIT valueFrom: resourceFieldRef: resource: limits.memory divisor: "1" ports: - containerPort: 8000 name: auth protocol: TCP volumeMounts: - mountPath: /tmp name: tmp-volume securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 2001 runAsUser: 1001 resources: limits: cpu: 250m memory: 400Mi requests: cpu: 100m memory: 200Mi automountServiceAccountToken: true securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault volumes: - emptyDir: {} name: tmp-volume --- # Source: kubernetes-dashboard/templates/deployments/metrics-scraper.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. kind: Deployment apiVersion: apps/v1 metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper app.kubernetes.io/version: 1.2.2 app.kubernetes.io/component: metrics-scraper namespace: kube-system name: kubernetes-dashboard-metrics-scraper spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper template: metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper app.kubernetes.io/version: 1.2.2 app.kubernetes.io/component: metrics-scraper spec: containers: - name: kubernetes-dashboard-metrics-scraper image: "docker.io/kubernetesui/dashboard-metrics-scraper:1.2.2" imagePullPolicy: IfNotPresent env: - name: GOMAXPROCS valueFrom: resourceFieldRef: resource: limits.cpu divisor: "1" - name: GOMEMLIMIT valueFrom: resourceFieldRef: resource: limits.memory divisor: "1" ports: - containerPort: 8000 protocol: TCP volumeMounts: - mountPath: /tmp name: tmp-volume securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 2001 runAsUser: 1001 resources: limits: cpu: 250m memory: 400Mi requests: cpu: 100m memory: 200Mi livenessProbe: httpGet: path: / port: 8000 scheme: HTTP initialDelaySeconds: 30 timeoutSeconds: 30 automountServiceAccountToken: true securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault volumes: - emptyDir: {} name: tmp-volume serviceAccountName: kubernetes-dashboard-metrics-scraper --- # Source: kubernetes-dashboard/templates/deployments/web.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. kind: Deployment apiVersion: apps/v1 metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-web app.kubernetes.io/version: 1.7.0 app.kubernetes.io/component: web namespace: kube-system name: kubernetes-dashboard-web spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-web template: metadata: labels: helm.sh/chart: kubernetes-dashboard-7.13.0 app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard-web app.kubernetes.io/version: 1.7.0 app.kubernetes.io/component: web spec: containers: - name: kubernetes-dashboard-web image: "docker.io/kubernetesui/dashboard-web:1.7.0" imagePullPolicy: IfNotPresent args: - --namespace=kube-system - --settings-config-map-name=kubernetes-dashboard-web-settings env: - name: GOMAXPROCS valueFrom: resourceFieldRef: resource: limits.cpu divisor: "1" - name: GOMEMLIMIT valueFrom: resourceFieldRef: resource: limits.memory divisor: "1" ports: - containerPort: 8000 name: web protocol: TCP volumeMounts: - mountPath: /tmp name: tmp-volume securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 2001 runAsUser: 1001 resources: limits: cpu: 250m memory: 400Mi requests: cpu: 100m memory: 200Mi automountServiceAccountToken: true securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault volumes: - emptyDir: {} name: tmp-volume serviceAccountName: kubernetes-dashboard-web --- apiVersion: v1 kind: ConfigMap metadata: labels: app.kubernetes.io/instance: kubernetes-dashboard app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: kubernetes-dashboard helm.sh/chart: kubernetes-dashboard-7.13.0 name: kong-dbless-config namespace: kube-system data: kong.yml: | _format_version: "3.0" services: - name: auth host: kubernetes-dashboard-auth port: 8000 protocol: http routes: - name: authLogin paths: - /api/v1/login strip_path: false - name: authCsrf paths: - /api/v1/csrftoken/login strip_path: false - name: authMe paths: - /api/v1/me strip_path: false - name: api host: kubernetes-dashboard-api port: 8000 protocol: http routes: - name: api paths: - /api strip_path: false - name: metrics paths: - /metrics strip_path: false - name: web host: kubernetes-dashboard-web port: 8000 protocol: http routes: - name: root paths: - / strip_path: false