|
|
@ -17,7 +17,8 @@ |
|
|
|
# |
|
|
|
# Example usage: kubectl create -f <this_file> |
|
|
|
|
|
|
|
# ------------------- Dashboard Secret ------------------- # |
|
|
|
--- |
|
|
|
# ------------------- Dashboard Secrets ------------------- # |
|
|
|
|
|
|
|
apiVersion: v1 |
|
|
|
kind: Secret |
|
|
@ -28,6 +29,38 @@ metadata: |
|
|
|
namespace: kube-system |
|
|
|
type: Opaque |
|
|
|
|
|
|
|
--- |
|
|
|
apiVersion: v1 |
|
|
|
kind: Secret |
|
|
|
metadata: |
|
|
|
labels: |
|
|
|
k8s-app: kubernetes-dashboard |
|
|
|
name: kubernetes-dashboard-csrf |
|
|
|
namespace: kube-system |
|
|
|
type: Opaque |
|
|
|
data: |
|
|
|
csrf: "" |
|
|
|
|
|
|
|
--- |
|
|
|
apiVersion: v1 |
|
|
|
kind: Secret |
|
|
|
metadata: |
|
|
|
labels: |
|
|
|
k8s-app: kubernetes-dashboard |
|
|
|
name: kubernetes-dashboard-key-holder |
|
|
|
namespace: kube-system |
|
|
|
type: Opaque |
|
|
|
|
|
|
|
--- |
|
|
|
# ------------------- Dashboard ConfigMap ------------------- # |
|
|
|
kind: ConfigMap |
|
|
|
apiVersion: v1 |
|
|
|
metadata: |
|
|
|
labels: |
|
|
|
k8s-app: kubernetes-dashboard |
|
|
|
name: kubernetes-dashboard-settings |
|
|
|
namespace: kube-system |
|
|
|
|
|
|
|
--- |
|
|
|
# ------------------- Dashboard Service Account ------------------- # |
|
|
|
|
|
|
@ -48,18 +81,10 @@ metadata: |
|
|
|
name: kubernetes-dashboard-minimal |
|
|
|
namespace: kube-system |
|
|
|
rules: |
|
|
|
# Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret. |
|
|
|
- apiGroups: [""] |
|
|
|
resources: ["secrets"] |
|
|
|
verbs: ["create"] |
|
|
|
# Allow Dashboard to create 'kubernetes-dashboard-settings' config map. |
|
|
|
- apiGroups: [""] |
|
|
|
resources: ["configmaps"] |
|
|
|
verbs: ["create"] |
|
|
|
# Allow Dashboard to get, update and delete Dashboard exclusive secrets. |
|
|
|
- apiGroups: [""] |
|
|
|
resources: ["secrets"] |
|
|
|
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"] |
|
|
|
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] |
|
|
|
verbs: ["get", "update", "delete"] |
|
|
|
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. |
|
|
|
- apiGroups: [""] |
|
|
|