Deploy ingress, lego and dashboard

2025-12-25 13:46:59 +01:00 · 2018-09-26 04:40:24 +02:00 · 2018-09-26 04:40:24 +02:00 · f468fd3e34
commit f468fd3e34
parent bf83e675f2
43 changed files with 1321 additions and 142 deletions
--- a/roles/kubernetes-dashboard/templates/dashboard-deployment.yml.j2
+++ b/roles/kubernetes-dashboard/templates/dashboard-deployment.yml.j2
@ -0,0 +1,47 @@
+kind: Deployment
+apiVersion: extensions/v1beta1
+metadata:
+  labels:
+    k8s-app: kubernetes-dashboard
+  name: kubernetes-dashboard
+  namespace: kube-system
+spec:
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      k8s-app: kubernetes-dashboard
+  template:
+    metadata:
+      labels:
+        k8s-app: kubernetes-dashboard
+    spec:
+      containers:
+      - name: kubernetes-dashboard
+        image: {{ dashboard_image }}:{{ dashboard_version }}
+        ports:
+        - containerPort: 9090
+          protocol: TCP
+        args:
+          # Uncomment the following line to manually specify Kubernetes API server Host
+          # If not specified, Dashboard will attempt to auto discover the API server and connect
+          # to it. Uncomment only if the default does not work.
+          # - --apiserver-host=http://my-address:port
+        volumeMounts:
+          # Create on-disk volume to store exec logs
+        - mountPath: /tmp
+          name: tmp-volume
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 9090
+          initialDelaySeconds: 30
+          timeoutSeconds: 30
+      volumes:
+      - name: tmp-volume
+        emptyDir: {}
+      serviceAccountName: kubernetes-dashboard
+      # Comment the following tolerations if Dashboard must not be deployed on master
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
--- a/roles/kubernetes-dashboard/templates/dashboard-ingress.yml.j2
+++ b/roles/kubernetes-dashboard/templates/dashboard-ingress.yml.j2
@ -0,0 +1,30 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: kube-system
+  name: kubernetes-dashboard
+  annotations:
+    # enable kube-lego for this ingress
+    kubernetes.io/tls-acme: "true"
+    {% if basic_auth_user | length > 0 %}
+ingress.kubernetes.io/auth-type: basic
+    # name of the secret that contains the user/password definitions
+    ingress.kubernetes.io/auth-secret: dashboard-basic-auth
+    # message to display with an appropiate context why the authentication is required
+    ingress.kubernetes.io/auth-realm: "Authentication is required to access the k8s dashboard "
+    {% endif %}
+
+spec:
+  # this enables tls for the specified domain names
+  tls:
+  - hosts:
+    - {{ dashboard_subdomain }}.{{ scaleway_reverse_ipaddr }}
+    secretName: dashboard-tls
+  rules:
+  - host: {{ dashboard_subdomain }}.{{ scaleway_reverse_ipaddr }}
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: kubernetes-dashboard
+          servicePort: 80