# Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # General configuration shared across resources app: # Mode determines if chart should deploy a full Dashboard with all containers or just the API. # - dashboard - deploys all the containers # - api - deploys just the API mode: 'dashboard' image: pullPolicy: IfNotPresent pullSecrets: [] scheduling: # Node labels for pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ nodeSelector: {} security: # Allow overriding csrfKey used by API/Auth containers. # It has to be base64 encoded random 256 bytes string. # If empty, it will be autogenerated. csrfKey: ~ # SecurityContext to be added to pods # To disable set the following configuration to null: # securityContext: null securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault # ContainerSecurityContext to be added to containers # To disable set the following configuration to null: # containerSecurityContext: null containerSecurityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 capabilities: drop: ["ALL"] # Pod Disruption Budget configuration # Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ podDisruptionBudget: enabled: false minAvailable: 0 maxUnavailable: 0 networkPolicy: enabled: false ingressDenyAll: false # Raw network policy spec that overrides predefined spec # Example: # spec: # egress: # - ports: # - port: 123 spec: {} # Common labels & annotations shared across all deployed resources labels: {} annotations: {} # Common priority class used for all deployed resources priorityClassName: null settings: ## Global dashboard settings global: # # Cluster name that appears in the browser window title if it is set # clusterName: "" # # Max number of items that can be displayed on each list page # itemsPerPage: 10 # # Max number of labels that are displayed by default on most views. # labelsLimit: 3 # # Number of seconds between every auto-refresh of logs # logsAutoRefreshTimeInterval: 5 # # Number of seconds between every auto-refresh of every resource. Set 0 to disable # resourceAutoRefreshTimeInterval: 10 # # Hide all access denied warnings in the notification panel # disableAccessDeniedNotifications: false # # Hide all namespaces option in namespace selection dropdown to avoid accidental selection in large clusters thus preventing OOM errors # hideAllNamespaces: false # # Namespace that should be selected by default after logging in. # defaultNamespace: default # # List of namespaces that should be presented to user without namespace list privileges. # namespaceFallbackList: # - default ## Pinned resources that will be displayed in dashboard's menu pinnedResources: [] # - kind: customresourcedefinition # # Fully qualified name of a CRD # name: prometheus.monitoring.coreos.com # # Display name # displayName: Prometheus # # Is this CRD namespaced? # namespaced: true ingress: enabled: false hosts: # Keep 'localhost' host only if you want to access Dashboard using 'kubectl port-forward ...' on: # https://localhost:8443 # - localhost - dashboard # - kubernetes.dashboard.domain.com ingressClassName: internal-nginx # Use only if your ingress controllers support default ingress classes. # If set to true ingressClassName will be ignored and not added to the Ingress resources. # It should fall back to using IngressClass marked as the default. useDefaultIngressClass: false # This will append our Ingress with annotations required by our default configuration. # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # nginx.ingress.kubernetes.io/ssl-passthrough: "true" # nginx.ingress.kubernetes.io/ssl-redirect: "true" useDefaultAnnotations: true pathType: ImplementationSpecific # If path is not the default (/), rewrite-target annotation will be added to the Ingress. # It allows serving Kubernetes Dashboard on a sub-path. Make sure that the configured path # does not conflict with gateway route configuration. path: / issuer: name: selfsigned # Scope determines what kind of issuer annotation will be used on ingress resource # - default - adds 'cert-manager.io/issuer' # - cluster - adds 'cert-manager.io/cluster-issuer' # - disabled - disables cert-manager annotations scope: default tls: enabled: true # If provided it will override autogenerated secret name secretName: "" labels: {} annotations: {} # Use the following toleration if Dashboard can be deployed on a tainted control-plane nodes # - key: node-role.kubernetes.io/control-plane # effect: NoSchedule tolerations: [] affinity: {} auth: role: auth image: repository: docker.io/kubernetesui/dashboard-auth tag: 1.2.4 scaling: replicas: 1 revisionHistoryLimit: 10 service: type: ClusterIP extraSpec: ~ containers: ports: - name: auth containerPort: 8000 protocol: TCP args: [] env: [] volumeMounts: - mountPath: /tmp name: tmp-volume # TODO: Validate configuration resources: requests: cpu: 100m memory: 200Mi limits: cpu: 250m memory: 400Mi automountServiceAccountToken: true volumes: # Create on-disk volume to store exec logs (required) - name: tmp-volume emptyDir: {} nodeSelector: {} # Labels & annotations for Auth related resources labels: {} annotations: {} serviceLabels: {} serviceAnnotations: {} # API deployment configuration api: role: api image: repository: docker.io/kubernetesui/dashboard-api tag: 1.12.0 scaling: replicas: 1 revisionHistoryLimit: 10 service: type: ClusterIP extraSpec: ~ containers: ports: - name: api containerPort: 8000 protocol: TCP # Additional container arguments # Full list of arguments: https://github.com/kubernetes/dashboard/blob/master/docs/common/arguments.md # args: # - --system-banner="Welcome to the Kubernetes Dashboard" args: [] # Additional container environment variables # env: # - name: SOME_VAR # value: 'some value' env: [] # Additional volume mounts # - mountPath: /kubeconfig # name: dashboard-kubeconfig # readOnly: true volumeMounts: # Create volume mount to store exec logs (required) - mountPath: /tmp name: tmp-volume # TODO: Validate configuration resources: requests: cpu: 100m memory: 200Mi limits: cpu: 250m memory: 400Mi automountServiceAccountToken: true # Additional volumes # - name: dashboard-kubeconfig # secret: # defaultMode: 420 # secretName: dashboard-kubeconfig volumes: # Create on-disk volume to store exec logs (required) - name: tmp-volume emptyDir: {} nodeSelector: {} # Labels & annotations for API related resources labels: {} annotations: {} serviceLabels: {} serviceAnnotations: {} # WEB UI deployment configuration web: role: web image: repository: docker.io/kubernetesui/dashboard-web tag: 1.6.2 scaling: replicas: 1 revisionHistoryLimit: 10 service: type: ClusterIP extraSpec: ~ containers: ports: - name: web containerPort: 8000 protocol: TCP # Additional container arguments # Full list of arguments: https://github.com/kubernetes/dashboard/blob/master/docs/common/arguments.md # args: # - --system-banner="Welcome to the Kubernetes Dashboard" args: [] # Additional container environment variables # env: # - name: SOME_VAR # value: 'some value' env: [] # Additional volume mounts # - mountPath: /kubeconfig # name: dashboard-kubeconfig # readOnly: true volumeMounts: # Create volume mount to store logs (required) - mountPath: /tmp name: tmp-volume # TODO: Validate configuration resources: requests: cpu: 100m memory: 200Mi limits: cpu: 250m memory: 400Mi automountServiceAccountToken: true # Additional volumes # - name: dashboard-kubeconfig # secret: # defaultMode: 420 # secretName: dashboard-kubeconfig volumes: # Create on-disk volume to store exec logs (required) - name: tmp-volume emptyDir: {} nodeSelector: {} # Labels & annotations for WEB UI related resources labels: {} annotations: {} serviceLabels: {} serviceAnnotations: {} ### Metrics Scraper ### Container to scrape, store, and retrieve a window of time from the Metrics Server. ### refs: https://github.com/kubernetes/dashboard/tree/master/modules/metrics-scraper metricsScraper: enabled: true role: metrics-scraper image: repository: docker.io/kubernetesui/dashboard-metrics-scraper tag: 1.2.2 scaling: replicas: 1 revisionHistoryLimit: 10 service: type: ClusterIP extraSpec: ~ containers: ports: - containerPort: 8000 protocol: TCP args: [] # Additional container environment variables # env: # - name: SOME_VAR # value: 'some value' env: [] # Additional volume mounts # - mountPath: /kubeconfig # name: dashboard-kubeconfig # readOnly: true volumeMounts: # Create volume mount to store logs (required) - mountPath: /tmp name: tmp-volume # TODO: Validate configuration resources: requests: cpu: 100m memory: 200Mi limits: cpu: 250m memory: 400Mi livenessProbe: httpGet: scheme: HTTP path: / port: 8000 initialDelaySeconds: 30 timeoutSeconds: 30 automountServiceAccountToken: true # Additional volumes # - name: dashboard-kubeconfig # secret: # defaultMode: 420 # secretName: dashboard-kubeconfig volumes: - name: tmp-volume emptyDir: {} nodeSelector: {} # Labels & annotations for Metrics Scraper related resources labels: {} annotations: {} serviceLabels: {} serviceAnnotations: {} ## Optional Metrics Server sub-chart configuration ## Enable this if you don't already have metrics-server enabled on your cluster and ## want to use it with dashboard metrics-scraper ## refs: ## - https://github.com/kubernetes-sigs/metrics-server ## - https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server metrics-server: enabled: false args: - --kubelet-preferred-address-types=InternalIP - --kubelet-insecure-tls ## Required Kong sub-chart with DBless configuration to act as a gateway ## for our all containers. kong: enabled: true ## Configuration reference: https://docs.konghq.com/gateway/3.6.x/reference/configuration env: dns_order: LAST,A,CNAME,AAAA,SRV plugins: 'off' nginx_worker_processes: 1 ingressController: enabled: false manager: enabled: false dblessConfig: configMap: kong-dbless-config proxy: type: ClusterIP http: enabled: false ## Optional Cert Manager sub-chart configuration ## Enable this if you don't already have cert-manager enabled on your cluster. cert-manager: enabled: false installCRDs: true ## Optional Nginx Ingress sub-chart configuration ## Enable this if you don't already have nginx-ingress enabled on your cluster. nginx: enabled: false controller: electionID: ingress-controller-leader ingressClassResource: name: internal-nginx default: false controllerValue: k8s.io/internal-ingress-nginx service: type: ClusterIP ## Extra configurations: ## - manifests ## - predefined roles ## - prometheus ## - etc... extras: # Extra Kubernetes manifests to be deployed # manifests: # - apiVersion: v1 # kind: ConfigMap # metadata: # name: additional-configmap # data: # mykey: myvalue manifests: [] serviceMonitor: # Whether to create a Prometheus Operator service monitor. enabled: false # Here labels can be added to the serviceMonitor labels: {} # Here annotations can be added to the serviceMonitor annotations: {} # metrics.serviceMonitor.metricRelabelings Specify Metric Relabelings to add to the scrape endpoint # ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig metricRelabelings: [] # metrics.serviceMonitor.relabelings [array] Prometheus relabeling rules relabelings: [] # ServiceMonitor connection scheme. Defaults to HTTPS. scheme: https # ServiceMonitor connection tlsConfig. Defaults to {insecureSkipVerify:true}. tlsConfig: insecureSkipVerify: true