diff options
| author |   Bartek Grzybowski <b.grzybowski@partner.samsung.com> | 2021-03-31 20:55:55 +0200 |
|---|---|---|
| committer | Bartek Grzybowski <b.grzybowski@partner.samsung.com> | 2021-04-01 09:50:46 +0000 |
| commit | 97edcba4d885069133c11fc2dc9bdcbe910b950b (patch) | |
| tree | 4771b56d4b37cded09a582391d7f94a4db409f0b | |
| parent | ee7a110e5c4aceffb547a261fde9b5df580741dd (diff) | |
Upgrade Kubernetes Dashboard to v2.0.5
Currently used 2.0.0-beta4 supported k8s 1.15 at max
Change-Id: I9565eaa78ebbca48377d65d87c77bc0893b29487
Issue-ID: OOM-2715
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
| -rw-r--r-- | ansible/roles/rke/templates/kubernetes-dashboard.yaml.j2 | 21 | ||||
| -rw-r--r-- | build/data_lists/k8s_docker_images.list | 4 |
2 files changed, 20 insertions, 5 deletions
diff --git a/ansible/roles/rke/templates/kubernetes-dashboard.yaml.j2 b/ansible/roles/rke/templates/kubernetes-dashboard.yaml.j2 index 7dd9692c..aca2dad8 100644 --- a/ansible/roles/rke/templates/kubernetes-dashboard.yaml.j2 +++ b/ansible/roles/rke/templates/kubernetes-dashboard.yaml.j2 @@ -162,7 +162,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard - namespace: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -194,7 +193,7 @@ spec: spec: containers: - name: kubernetes-dashboard - image: kubernetesui/dashboard:v2.0.0-beta4 + image: kubernetesui/dashboard:v2.0.5 imagePullPolicy: Always ports: - containerPort: 8443 @@ -219,6 +218,11 @@ spec: port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 volumes: - name: kubernetes-dashboard-certs secret: @@ -226,6 +230,8 @@ spec: - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard + nodeSelector: + "kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master @@ -266,10 +272,12 @@ spec: metadata: labels: k8s-app: dashboard-metrics-scraper + annotations: + seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' spec: containers: - name: dashboard-metrics-scraper - image: kubernetesui/metrics-scraper:v1.0.1 + image: kubernetesui/metrics-scraper:v1.0.6 ports: - containerPort: 8000 protocol: TCP @@ -283,7 +291,14 @@ spec: volumeMounts: - mountPath: /tmp name: tmp-volume + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 serviceAccountName: kubernetes-dashboard + nodeSelector: + "kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master diff --git a/build/data_lists/k8s_docker_images.list b/build/data_lists/k8s_docker_images.list index c7b1dbf2..ec6e8f8e 100644 --- a/build/data_lists/k8s_docker_images.list +++ b/build/data_lists/k8s_docker_images.list @@ -1,3 +1,3 @@ gcr.io/kubernetes-helm/tiller:v2.16.6 -kubernetesui/dashboard:v2.0.0-beta4 -kubernetesui/metrics-scraper:v1.0.1 +kubernetesui/dashboard:v2.0.5 +kubernetesui/metrics-scraper:v1.0.6 |