--- apiVersion: v1 kind: Namespace metadata: name: kubernetes-dashboard --- apiVersion: v1 kind: ServiceAccount metadata: name: kubernetes-dashboard namespace: kubernetes-dashboard --- apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard --- apiVersion: apps/v1 kind: Deployment metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: replicas: 1 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: containers: - name: kubernetes-dashboard image: kubernetesui/dashboard:v2.7.0 ports: - containerPort: 8443 protocol: TCP volumeMounts: - mountPath: /certs name: kubernetes-dashboard-certs - mountPath: /tmp name: tmp-volume env: - name: CSRF_KEY_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace resources: limits: cpu: 1000m memory: 250Mi requests: cpu: 200m memory: 100Mi serviceAccountName: kubernetes-dashboard volumes: - name: kubernetes-dashboard-certs emptyDir: {} - name: tmp-volume emptyDir: {} --- apiVersion: v1 kind: Service metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: LoadBalancer ports: - port: 8443 targetPort: 8443 selector: k8s-app: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: dashboard-csrf-access namespace: kube-system rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "update", "create"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: dashboard-csrf-access namespace: kube-system subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kubernetes-dashboard roleRef: kind: Role name: dashboard-csrf-access apiGroup: rbac.authorization.k8s.io --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: kubernetes-dashboard-ingress namespace: kubernetes-dashboard annotations: cert-manager.io/cluster-issuer: letsencrypt-prod nginx.ingress.kubernetes.io/rewrite-target: / spec: ingressClassName: nginx rules: - host: dashboard.ingenkansemig.dk http: paths: - path: / pathType: Prefix backend: service: name: kubernetes-dashboard port: number: 443 tls: - hosts: - dashboard.ingenkansemig.dk secretName: dashboard-tls --- apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboard --- apiVersion: apps/v1 kind: Deployment metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: replicas: 1 selector: matchLabels: k8s-app: dashboard-metrics-scraper template: metadata: labels: k8s-app: dashboard-metrics-scraper spec: serviceAccountName: dashboard-metrics-scraper containers: - name: dashboard-metrics-scraper image: kubernetesui/metrics-scraper:v1.0.8 ports: - containerPort: 8000 protocol: TCP volumeMounts: - name: tmp-volume mountPath: /tmp volumes: - name: tmp-volume emptyDir: {} --- apiVersion: v1 kind: Service metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: ports: - protocol: TCP port: 8000 targetPort: 8000 selector: k8s-app: dashboard-metrics-scraper