Switch to helm deployment

bin/update.sh

@@ -1,9 +0,0 @@
-#!/usr/bin/env bash
-
-wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.1/aio/deploy/recommended.yaml
-kubernetes-split-yaml recommended.yaml > generated.log
-mv generated/*.yaml files/
-echo -e "---\ndashboard_files_list:" > vars/dashboard-files.yaml
-cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)|  - "\2"|' >> vars/dashboard-files.yaml
-rm -fr generated generated.log recommended.yaml
-

files/NetworkPolicies/allow-from-namespace.yaml

@@ -11,7 +11,7 @@ spec:
     - from:
       - namespaceSelector:
           matchLabels:
-            namespace: tools
+            namespace: traefik
         podSelector:
           matchLabels:
             app: traefik

files/dashboard-metrics-scraper-Deployment.yaml

@@ -1,53 +0,0 @@
-
-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  labels:
-    k8s-app: dashboard-metrics-scraper
-  name: dashboard-metrics-scraper
-  namespace: kubernetes-dashboard
-spec:
-  replicas: 1
-  revisionHistoryLimit: 10
-  selector:
-    matchLabels:
-      k8s-app: dashboard-metrics-scraper
-  template:
-    metadata:
-      labels:
-        k8s-app: dashboard-metrics-scraper
-    spec:
-      securityContext:
-        seccompProfile:
-          type: RuntimeDefault
-      containers:
-        - name: dashboard-metrics-scraper
-          image: kubernetesui/metrics-scraper:v1.0.8
-          ports:
-            - containerPort: 8000
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              scheme: HTTP
-              path: /
-              port: 8000
-            initialDelaySeconds: 30
-            timeoutSeconds: 30
-          volumeMounts:
-          - mountPath: /tmp
-            name: tmp-volume
-          securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            runAsUser: 1001
-            runAsGroup: 2001
-      serviceAccountName: kubernetes-dashboard
-      nodeSelector:
-        "kubernetes.io/os": linux
-      # Comment the following tolerations if Dashboard must not be deployed on master
-      tolerations:
-        - key: node-role.kubernetes.io/master
-          effect: NoSchedule
-      volumes:
-        - name: tmp-volume
-          emptyDir: {}

files/dashboard-metrics-scraper-Service.yaml

@@ -1,15 +0,0 @@
-
-kind: Service
-apiVersion: v1
-metadata:
-  labels:
-    k8s-app: dashboard-metrics-scraper
-  name: dashboard-metrics-scraper
-  namespace: kubernetes-dashboard
-spec:
-  ports:
-    - port: 8000
-      targetPort: 8000
-  selector:
-    k8s-app: dashboard-metrics-scraper
-

files/kubernetes-dashboard-ClusterRole.yaml

@@ -1,13 +0,0 @@
-
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard
-rules:
-  # Allow Metrics Scraper to get metrics from the Metrics server
-  - apiGroups: ["metrics.k8s.io"]
-    resources: ["pods", "nodes"]
-    verbs: ["get", "list", "watch"]
-

files/kubernetes-dashboard-ClusterRoleBinding.yaml

@@ -1,14 +0,0 @@
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: kubernetes-dashboard
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kubernetes-dashboard
-subjects:
-  - kind: ServiceAccount
-    name: kubernetes-dashboard
-    namespace: kubernetes-dashboard
-

files/kubernetes-dashboard-Deployment.yaml

@@ -1,68 +0,0 @@
-
-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
-spec:
-  replicas: 1
-  revisionHistoryLimit: 10
-  selector:
-    matchLabels:
-      k8s-app: kubernetes-dashboard
-  template:
-    metadata:
-      labels:
-        k8s-app: kubernetes-dashboard
-    spec:
-      securityContext:
-        seccompProfile:
-          type: RuntimeDefault
-      containers:
-        - name: kubernetes-dashboard
-          image: kubernetesui/dashboard:v2.6.1
-          imagePullPolicy: Always
-          ports:
-            - containerPort: 8443
-              protocol: TCP
-          args:
-            - --auto-generate-certificates
-            - --namespace=kubernetes-dashboard
-            # Uncomment the following line to manually specify Kubernetes API server Host
-            # If not specified, Dashboard will attempt to auto discover the API server and connect
-            # to it. Uncomment only if the default does not work.
-            # - --apiserver-host=http://my-address:port
-          volumeMounts:
-            - name: kubernetes-dashboard-certs
-              mountPath: /certs
-              # Create on-disk volume to store exec logs
-            - mountPath: /tmp
-              name: tmp-volume
-          livenessProbe:
-            httpGet:
-              scheme: HTTPS
-              path: /
-              port: 8443
-            initialDelaySeconds: 30
-            timeoutSeconds: 30
-          securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            runAsUser: 1001
-            runAsGroup: 2001
-      volumes:
-        - name: kubernetes-dashboard-certs
-          secret:
-            secretName: kubernetes-dashboard-certs
-        - name: tmp-volume
-          emptyDir: {}
-      serviceAccountName: kubernetes-dashboard
-      nodeSelector:
-        "kubernetes.io/os": linux
-      # Comment the following tolerations if Dashboard must not be deployed on master
-      tolerations:
-        - key: node-role.kubernetes.io/master
-          effect: NoSchedule
-

files/kubernetes-dashboard-Namespace.yaml

@@ -1,19 +0,0 @@
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: kubernetes-dashboard
-

files/kubernetes-dashboard-Role.yaml

@@ -1,29 +0,0 @@
-
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
-rules:
-  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
-  - apiGroups: [""]
-    resources: ["secrets"]
-    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
-    verbs: ["get", "update", "delete"]
-    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    resourceNames: ["kubernetes-dashboard-settings"]
-    verbs: ["get", "update"]
-    # Allow Dashboard to get metrics.
-  - apiGroups: [""]
-    resources: ["services"]
-    resourceNames: ["heapster", "dashboard-metrics-scraper"]
-    verbs: ["proxy"]
-  - apiGroups: [""]
-    resources: ["services/proxy"]
-    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
-    verbs: ["get"]
-

files/kubernetes-dashboard-RoleBinding.yaml

@@ -1,17 +0,0 @@
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: kubernetes-dashboard
-subjects:
-  - kind: ServiceAccount
-    name: kubernetes-dashboard
-    namespace: kubernetes-dashboard
-

files/kubernetes-dashboard-Service.yaml

@@ -1,15 +0,0 @@
-
-kind: Service
-apiVersion: v1
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
-spec:
-  ports:
-    - port: 443
-      targetPort: 8443
-  selector:
-    k8s-app: kubernetes-dashboard
-

files/kubernetes-dashboard-ServiceAccount.yaml

@@ -1,9 +0,0 @@
-
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
-

files/kubernetes-dashboard-certs-Secret.yaml

@@ -1,10 +0,0 @@
-
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard-certs
-  namespace: kubernetes-dashboard
-type: Opaque
-

files/kubernetes-dashboard-csrf-Secret.yaml

@@ -1,12 +0,0 @@
-
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard-csrf
-  namespace: kubernetes-dashboard
-type: Opaque
-data:
-  csrf: ""
-

files/kubernetes-dashboard-key-holder-Secret.yaml

@@ -1,10 +0,0 @@
-
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard-key-holder
-  namespace: kubernetes-dashboard
-type: Opaque
-

files/kubernetes-dashboard-settings-ConfigMap.yaml

@@ -1,9 +0,0 @@
-
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard-settings
-  namespace: kubernetes-dashboard
-

tasks/main.yml

@@ -1,8 +1,5 @@
 - name: Dashboard setup
   block:
-    - name: Include file list
-      ansible.builtin.include_vars: "dashboard-files.yaml"
-
     - name: namespace
       kubernetes.core.k8s:
         state: present
@@ -26,7 +23,7 @@
         - NetworkPolicies/allow-from-namespace.yaml
         - traefik/dashboard-traefik-auth-sa.yaml
         - traefik/dashboard-traefik-auth-crb.yaml
-        - "{{ dashboard_files_list }}"
+
     - name: get the dashboard-token secret name
       ansible.builtin.command: kubectl --context {{ my_context }} get sa kubernetes-dashboard-traefik -n kubernetes-dashboard -o jsonpath='{.secrets[0].name}'
       changed_when: false
@@ -56,6 +53,26 @@
         - traefik_version is defined
         - traefik_version | regex_search('(^2.)')
 
+    - name: Defined Dashboard repository
+      kubernetes.core.helm_repository:
+        name: kubernetes-dashboard
+        repo_url: "https://kubernetes.github.io/dashboard/"
+
+    - name: Deploy latest version of Dashboard
+      kubernetes.core.helm:
+        context: "{{ my_context }}"
+        name: kubernetes-dashboard
+        chart_ref: kubernetes-dashboard/kubernetes-dashboard
+        chart_version: "5.10.0"
+        release_namespace: "kubernetes-dashboard"
+        values:
+          protocolHttp: true
+          metricsScraper:
+            enabled: true
+          serviceAccount:
+            create: false
+            name: kubernetes-dashboard-traefik
+
     - name: ingress dashboard install
       kubernetes.core.k8s:
         state: present

vars/dashboard-files.yaml

@@ -1,16 +0,0 @@
----
-dashboard_files_list:
-  - "kubernetes-dashboard-Namespace.yaml"
-  - "kubernetes-dashboard-ServiceAccount.yaml"
-  - "kubernetes-dashboard-Service.yaml"
-  - "kubernetes-dashboard-certs-Secret.yaml"
-  - "kubernetes-dashboard-csrf-Secret.yaml"
-  - "kubernetes-dashboard-key-holder-Secret.yaml"
-  - "kubernetes-dashboard-settings-ConfigMap.yaml"
-  - "kubernetes-dashboard-Role.yaml"
-  - "kubernetes-dashboard-ClusterRole.yaml"
-  - "kubernetes-dashboard-RoleBinding.yaml"
-  - "kubernetes-dashboard-ClusterRoleBinding.yaml"
-  - "kubernetes-dashboard-Deployment.yaml"
-  - "dashboard-metrics-scraper-Service.yaml"
-  - "dashboard-metrics-scraper-Deployment.yaml"