From 3a018168ecfab0dea144d0a83a4d4f35e3754cbc Mon Sep 17 00:00:00 2001 From: Adrien Reslinger Date: Sun, 28 Aug 2022 02:36:47 +0200 Subject: [PATCH] Switch to helm deployment --- bin/update.sh | 9 --- .../NetworkPolicies/allow-from-namespace.yaml | 2 +- .../dashboard-metrics-scraper-Deployment.yaml | 53 --------------- files/dashboard-metrics-scraper-Service.yaml | 15 ---- files/kubernetes-dashboard-ClusterRole.yaml | 13 ---- ...bernetes-dashboard-ClusterRoleBinding.yaml | 14 ---- files/kubernetes-dashboard-Deployment.yaml | 68 ------------------- files/kubernetes-dashboard-Namespace.yaml | 19 ------ files/kubernetes-dashboard-Role.yaml | 29 -------- files/kubernetes-dashboard-RoleBinding.yaml | 17 ----- files/kubernetes-dashboard-Service.yaml | 15 ---- .../kubernetes-dashboard-ServiceAccount.yaml | 9 --- files/kubernetes-dashboard-certs-Secret.yaml | 10 --- files/kubernetes-dashboard-csrf-Secret.yaml | 12 ---- ...ubernetes-dashboard-key-holder-Secret.yaml | 10 --- ...bernetes-dashboard-settings-ConfigMap.yaml | 9 --- tasks/main.yml | 25 +++++-- vars/dashboard-files.yaml | 16 ----- 18 files changed, 22 insertions(+), 323 deletions(-) delete mode 100755 bin/update.sh delete mode 100644 files/dashboard-metrics-scraper-Deployment.yaml delete mode 100644 files/dashboard-metrics-scraper-Service.yaml delete mode 100644 files/kubernetes-dashboard-ClusterRole.yaml delete mode 100644 files/kubernetes-dashboard-ClusterRoleBinding.yaml delete mode 100644 files/kubernetes-dashboard-Deployment.yaml delete mode 100644 files/kubernetes-dashboard-Namespace.yaml delete mode 100644 files/kubernetes-dashboard-Role.yaml delete mode 100644 files/kubernetes-dashboard-RoleBinding.yaml delete mode 100644 files/kubernetes-dashboard-Service.yaml delete mode 100644 files/kubernetes-dashboard-ServiceAccount.yaml delete mode 100644 files/kubernetes-dashboard-certs-Secret.yaml delete mode 100644 files/kubernetes-dashboard-csrf-Secret.yaml delete mode 100644 files/kubernetes-dashboard-key-holder-Secret.yaml delete mode 100644 files/kubernetes-dashboard-settings-ConfigMap.yaml delete mode 100644 vars/dashboard-files.yaml diff --git a/bin/update.sh b/bin/update.sh deleted file mode 100755 index 65b8404..0000000 --- a/bin/update.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash - -wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.1/aio/deploy/recommended.yaml -kubernetes-split-yaml recommended.yaml > generated.log -mv generated/*.yaml files/ -echo -e "---\ndashboard_files_list:" > vars/dashboard-files.yaml -cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "\2"|' >> vars/dashboard-files.yaml -rm -fr generated generated.log recommended.yaml - diff --git a/files/NetworkPolicies/allow-from-namespace.yaml b/files/NetworkPolicies/allow-from-namespace.yaml index 2cc8cdc..2152c61 100644 --- a/files/NetworkPolicies/allow-from-namespace.yaml +++ b/files/NetworkPolicies/allow-from-namespace.yaml @@ -11,7 +11,7 @@ spec: - from: - namespaceSelector: matchLabels: - namespace: tools + namespace: traefik podSelector: matchLabels: app: traefik diff --git a/files/dashboard-metrics-scraper-Deployment.yaml b/files/dashboard-metrics-scraper-Deployment.yaml deleted file mode 100644 index 115296b..0000000 --- a/files/dashboard-metrics-scraper-Deployment.yaml +++ /dev/null @@ -1,53 +0,0 @@ - -kind: Deployment -apiVersion: apps/v1 -metadata: - labels: - k8s-app: dashboard-metrics-scraper - name: dashboard-metrics-scraper - namespace: kubernetes-dashboard -spec: - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - k8s-app: dashboard-metrics-scraper - template: - metadata: - labels: - k8s-app: dashboard-metrics-scraper - spec: - securityContext: - seccompProfile: - type: RuntimeDefault - containers: - - name: dashboard-metrics-scraper - image: kubernetesui/metrics-scraper:v1.0.8 - ports: - - containerPort: 8000 - protocol: TCP - livenessProbe: - httpGet: - scheme: HTTP - path: / - port: 8000 - initialDelaySeconds: 30 - timeoutSeconds: 30 - volumeMounts: - - mountPath: /tmp - name: tmp-volume - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsUser: 1001 - runAsGroup: 2001 - serviceAccountName: kubernetes-dashboard - nodeSelector: - "kubernetes.io/os": linux - # Comment the following tolerations if Dashboard must not be deployed on master - tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - volumes: - - name: tmp-volume - emptyDir: {} diff --git a/files/dashboard-metrics-scraper-Service.yaml b/files/dashboard-metrics-scraper-Service.yaml deleted file mode 100644 index bec1f75..0000000 --- a/files/dashboard-metrics-scraper-Service.yaml +++ /dev/null @@ -1,15 +0,0 @@ - -kind: Service -apiVersion: v1 -metadata: - labels: - k8s-app: dashboard-metrics-scraper - name: dashboard-metrics-scraper - namespace: kubernetes-dashboard -spec: - ports: - - port: 8000 - targetPort: 8000 - selector: - k8s-app: dashboard-metrics-scraper - diff --git a/files/kubernetes-dashboard-ClusterRole.yaml b/files/kubernetes-dashboard-ClusterRole.yaml deleted file mode 100644 index 4bcfb66..0000000 --- a/files/kubernetes-dashboard-ClusterRole.yaml +++ /dev/null @@ -1,13 +0,0 @@ - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard -rules: - # Allow Metrics Scraper to get metrics from the Metrics server - - apiGroups: ["metrics.k8s.io"] - resources: ["pods", "nodes"] - verbs: ["get", "list", "watch"] - diff --git a/files/kubernetes-dashboard-ClusterRoleBinding.yaml b/files/kubernetes-dashboard-ClusterRoleBinding.yaml deleted file mode 100644 index f188ebc..0000000 --- a/files/kubernetes-dashboard-ClusterRoleBinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubernetes-dashboard -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubernetes-dashboard -subjects: - - kind: ServiceAccount - name: kubernetes-dashboard - namespace: kubernetes-dashboard - diff --git a/files/kubernetes-dashboard-Deployment.yaml b/files/kubernetes-dashboard-Deployment.yaml deleted file mode 100644 index 148ab47..0000000 --- a/files/kubernetes-dashboard-Deployment.yaml +++ /dev/null @@ -1,68 +0,0 @@ - -kind: Deployment -apiVersion: apps/v1 -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard -spec: - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - k8s-app: kubernetes-dashboard - template: - metadata: - labels: - k8s-app: kubernetes-dashboard - spec: - securityContext: - seccompProfile: - type: RuntimeDefault - containers: - - name: kubernetes-dashboard - image: kubernetesui/dashboard:v2.6.1 - imagePullPolicy: Always - ports: - - containerPort: 8443 - protocol: TCP - args: - - --auto-generate-certificates - - --namespace=kubernetes-dashboard - # Uncomment the following line to manually specify Kubernetes API server Host - # If not specified, Dashboard will attempt to auto discover the API server and connect - # to it. Uncomment only if the default does not work. - # - --apiserver-host=http://my-address:port - volumeMounts: - - name: kubernetes-dashboard-certs - mountPath: /certs - # Create on-disk volume to store exec logs - - mountPath: /tmp - name: tmp-volume - livenessProbe: - httpGet: - scheme: HTTPS - path: / - port: 8443 - initialDelaySeconds: 30 - timeoutSeconds: 30 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsUser: 1001 - runAsGroup: 2001 - volumes: - - name: kubernetes-dashboard-certs - secret: - secretName: kubernetes-dashboard-certs - - name: tmp-volume - emptyDir: {} - serviceAccountName: kubernetes-dashboard - nodeSelector: - "kubernetes.io/os": linux - # Comment the following tolerations if Dashboard must not be deployed on master - tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - diff --git a/files/kubernetes-dashboard-Namespace.yaml b/files/kubernetes-dashboard-Namespace.yaml deleted file mode 100644 index ebe2fe9..0000000 --- a/files/kubernetes-dashboard-Namespace.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Namespace -metadata: - name: kubernetes-dashboard - diff --git a/files/kubernetes-dashboard-Role.yaml b/files/kubernetes-dashboard-Role.yaml deleted file mode 100644 index 7f69676..0000000 --- a/files/kubernetes-dashboard-Role.yaml +++ /dev/null @@ -1,29 +0,0 @@ - -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard -rules: - # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - - apiGroups: [""] - resources: ["secrets"] - resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] - verbs: ["get", "update", "delete"] - # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["kubernetes-dashboard-settings"] - verbs: ["get", "update"] - # Allow Dashboard to get metrics. - - apiGroups: [""] - resources: ["services"] - resourceNames: ["heapster", "dashboard-metrics-scraper"] - verbs: ["proxy"] - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] - verbs: ["get"] - diff --git a/files/kubernetes-dashboard-RoleBinding.yaml b/files/kubernetes-dashboard-RoleBinding.yaml deleted file mode 100644 index 4d20c86..0000000 --- a/files/kubernetes-dashboard-RoleBinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubernetes-dashboard -subjects: - - kind: ServiceAccount - name: kubernetes-dashboard - namespace: kubernetes-dashboard - diff --git a/files/kubernetes-dashboard-Service.yaml b/files/kubernetes-dashboard-Service.yaml deleted file mode 100644 index 5f33846..0000000 --- a/files/kubernetes-dashboard-Service.yaml +++ /dev/null @@ -1,15 +0,0 @@ - -kind: Service -apiVersion: v1 -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard -spec: - ports: - - port: 443 - targetPort: 8443 - selector: - k8s-app: kubernetes-dashboard - diff --git a/files/kubernetes-dashboard-ServiceAccount.yaml b/files/kubernetes-dashboard-ServiceAccount.yaml deleted file mode 100644 index 57c8d87..0000000 --- a/files/kubernetes-dashboard-ServiceAccount.yaml +++ /dev/null @@ -1,9 +0,0 @@ - -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard - diff --git a/files/kubernetes-dashboard-certs-Secret.yaml b/files/kubernetes-dashboard-certs-Secret.yaml deleted file mode 100644 index 794fb41..0000000 --- a/files/kubernetes-dashboard-certs-Secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ - -apiVersion: v1 -kind: Secret -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard-certs - namespace: kubernetes-dashboard -type: Opaque - diff --git a/files/kubernetes-dashboard-csrf-Secret.yaml b/files/kubernetes-dashboard-csrf-Secret.yaml deleted file mode 100644 index 1b5f1fe..0000000 --- a/files/kubernetes-dashboard-csrf-Secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ - -apiVersion: v1 -kind: Secret -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard-csrf - namespace: kubernetes-dashboard -type: Opaque -data: - csrf: "" - diff --git a/files/kubernetes-dashboard-key-holder-Secret.yaml b/files/kubernetes-dashboard-key-holder-Secret.yaml deleted file mode 100644 index 5248a73..0000000 --- a/files/kubernetes-dashboard-key-holder-Secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ - -apiVersion: v1 -kind: Secret -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard-key-holder - namespace: kubernetes-dashboard -type: Opaque - diff --git a/files/kubernetes-dashboard-settings-ConfigMap.yaml b/files/kubernetes-dashboard-settings-ConfigMap.yaml deleted file mode 100644 index f33807a..0000000 --- a/files/kubernetes-dashboard-settings-ConfigMap.yaml +++ /dev/null @@ -1,9 +0,0 @@ - -kind: ConfigMap -apiVersion: v1 -metadata: - labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard-settings - namespace: kubernetes-dashboard - diff --git a/tasks/main.yml b/tasks/main.yml index 56d216c..d65749f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,8 +1,5 @@ - name: Dashboard setup block: - - name: Include file list - ansible.builtin.include_vars: "dashboard-files.yaml" - - name: namespace kubernetes.core.k8s: state: present @@ -26,7 +23,7 @@ - NetworkPolicies/allow-from-namespace.yaml - traefik/dashboard-traefik-auth-sa.yaml - traefik/dashboard-traefik-auth-crb.yaml - - "{{ dashboard_files_list }}" + - name: get the dashboard-token secret name ansible.builtin.command: kubectl --context {{ my_context }} get sa kubernetes-dashboard-traefik -n kubernetes-dashboard -o jsonpath='{.secrets[0].name}' changed_when: false @@ -56,6 +53,26 @@ - traefik_version is defined - traefik_version | regex_search('(^2.)') + - name: Defined Dashboard repository + kubernetes.core.helm_repository: + name: kubernetes-dashboard + repo_url: "https://kubernetes.github.io/dashboard/" + + - name: Deploy latest version of Dashboard + kubernetes.core.helm: + context: "{{ my_context }}" + name: kubernetes-dashboard + chart_ref: kubernetes-dashboard/kubernetes-dashboard + chart_version: "5.10.0" + release_namespace: "kubernetes-dashboard" + values: + protocolHttp: true + metricsScraper: + enabled: true + serviceAccount: + create: false + name: kubernetes-dashboard-traefik + - name: ingress dashboard install kubernetes.core.k8s: state: present diff --git a/vars/dashboard-files.yaml b/vars/dashboard-files.yaml deleted file mode 100644 index 8cb41f7..0000000 --- a/vars/dashboard-files.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -dashboard_files_list: - - "kubernetes-dashboard-Namespace.yaml" - - "kubernetes-dashboard-ServiceAccount.yaml" - - "kubernetes-dashboard-Service.yaml" - - "kubernetes-dashboard-certs-Secret.yaml" - - "kubernetes-dashboard-csrf-Secret.yaml" - - "kubernetes-dashboard-key-holder-Secret.yaml" - - "kubernetes-dashboard-settings-ConfigMap.yaml" - - "kubernetes-dashboard-Role.yaml" - - "kubernetes-dashboard-ClusterRole.yaml" - - "kubernetes-dashboard-RoleBinding.yaml" - - "kubernetes-dashboard-ClusterRoleBinding.yaml" - - "kubernetes-dashboard-Deployment.yaml" - - "dashboard-metrics-scraper-Service.yaml" - - "dashboard-metrics-scraper-Deployment.yaml"