summaryrefslogtreecommitdiffstats
path: root/ansible
diff options
context:
space:
mode:
authorBartek Grzybowski <b.grzybowski@partner.samsung.com>2021-03-31 20:55:55 +0200
committerBartek Grzybowski <b.grzybowski@partner.samsung.com>2021-03-31 21:04:55 +0200
commite98955561efaa67554901efcece03fa692942d8f (patch)
tree8942c66a72d660f2d5aefe436082a7f0ba4e3b1a /ansible
parent005c340c51b81f7343d488203e8d0e2a8ef37739 (diff)
Upgrade Kubernetes Dashboard to v2.0.5
Currently used 2.0.0-beta4 supported k8s 1.15 at max Change-Id: I9565eaa78ebbca48377d65d87c77bc0893b29487 Issue-ID: OOM-2715 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Diffstat (limited to 'ansible')
-rw-r--r--ansible/roles/rke/templates/kubernetes-dashboard.yaml.j221
1 files changed, 18 insertions, 3 deletions
diff --git a/ansible/roles/rke/templates/kubernetes-dashboard.yaml.j2 b/ansible/roles/rke/templates/kubernetes-dashboard.yaml.j2
index 7dd9692c..aca2dad8 100644
--- a/ansible/roles/rke/templates/kubernetes-dashboard.yaml.j2
+++ b/ansible/roles/rke/templates/kubernetes-dashboard.yaml.j2
@@ -162,7 +162,6 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
- namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@@ -194,7 +193,7 @@ spec:
spec:
containers:
- name: kubernetes-dashboard
- image: kubernetesui/dashboard:v2.0.0-beta4
+ image: kubernetesui/dashboard:v2.0.5
imagePullPolicy: Always
ports:
- containerPort: 8443
@@ -219,6 +218,11 @@ spec:
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsUser: 1001
+ runAsGroup: 2001
volumes:
- name: kubernetes-dashboard-certs
secret:
@@ -226,6 +230,8 @@ spec:
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
+ nodeSelector:
+ "kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
@@ -266,10 +272,12 @@ spec:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
+ annotations:
+ seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
spec:
containers:
- name: dashboard-metrics-scraper
- image: kubernetesui/metrics-scraper:v1.0.1
+ image: kubernetesui/metrics-scraper:v1.0.6
ports:
- containerPort: 8000
protocol: TCP
@@ -283,7 +291,14 @@ spec:
volumeMounts:
- mountPath: /tmp
name: tmp-volume
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsUser: 1001
+ runAsGroup: 2001
serviceAccountName: kubernetes-dashboard
+ nodeSelector:
+ "kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master