diff --git a/kubernetes-dashboard/components/kubernetes-dashboard/application.yaml b/kubernetes-dashboard/components/kubernetes-dashboard/application.yaml index bbf828f..bf25ebc 100644 --- a/kubernetes-dashboard/components/kubernetes-dashboard/application.yaml +++ b/kubernetes-dashboard/components/kubernetes-dashboard/application.yaml @@ -11,20 +11,19 @@ metadata: - resources-finalizer.argocd.argoproj.io spec: project: - source: - repoURL: 'https://kubernetes.github.io/dashboard' - targetRevision: 6.0.0 - chart: kubernetes-dashboard - helm: - values: | - app: - ingress: - hosts: - # keep only the 'localhost' host if you only want to access Dashboard using 'kubectl port-forward ...' on: - # https://localhost:8443 - # please note that the ingress itself is managed in ingress.yaml - - localhost - - kubernetes-dashboard. + sources: + - repoURL: "https://kubernetes.github.io/dashboard" + targetRevision: 7.9.0 + chart: kubernetes-dashboard + helm: + valueFiles: + - $values/registry/clusters//components/kubernetes-dashboard/values.yaml + - repoURL: + targetRevision: HEAD + ref: values + - repoURL: + path: registry/clusters//components/kubernetes-dashboard/dependencies/ + targetRevision: HEAD destination: name: namespace: kubernetes-dashboard diff --git a/kubernetes-dashboard/components/kubernetes-dashboard/clusterolebinding.yaml b/kubernetes-dashboard/components/kubernetes-dashboard/dependencies/clusterolebinding.yaml similarity index 74% rename from kubernetes-dashboard/components/kubernetes-dashboard/clusterolebinding.yaml rename to kubernetes-dashboard/components/kubernetes-dashboard/dependencies/clusterolebinding.yaml index a6f9f88..daec4c3 100644 --- a/kubernetes-dashboard/components/kubernetes-dashboard/clusterolebinding.yaml +++ b/kubernetes-dashboard/components/kubernetes-dashboard/dependencies/clusterolebinding.yaml @@ -1,15 +1,15 @@ --- -kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: - name: k8s-dashboard-clusterrole + name: dashboard-user annotations: argocd.argoproj.io/sync-wave: "0" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin subjects: - kind: ServiceAccount - name: -kubernetes-dashboard + name: dashboard-user namespace: kubernetes-dashboard -roleRef: - kind: ClusterRole - name: admin - apiGroup: rbac.authorization.k8s.io diff --git a/kubernetes-dashboard/components/kubernetes-dashboard/dependencies/service-account.yaml b/kubernetes-dashboard/components/kubernetes-dashboard/dependencies/service-account.yaml new file mode 100644 index 0000000..4829c43 --- /dev/null +++ b/kubernetes-dashboard/components/kubernetes-dashboard/dependencies/service-account.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dashboard-user + +# to get your bearer token for auth, connect to your cluster, then run command: +# kubectl -n kubernetes-dashboard create token dashboard-user diff --git a/kubernetes-dashboard/components/kubernetes-dashboard/ingress.yaml b/kubernetes-dashboard/components/kubernetes-dashboard/ingress.yaml deleted file mode 100644 index d5970f6..0000000 --- a/kubernetes-dashboard/components/kubernetes-dashboard/ingress.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - cert-manager.io/cluster-issuer: letsencrypt-prod - argocd.argoproj.io/sync-wave: '2' - name: kubernetes-dashboard - namespace: kubernetes-dashboard -spec: - ingressClassName: nginx - rules: - - host: kubernetes-dashboard. - http: - paths: - - backend: - service: - name: -kubernetes-dashboard - port: - number: 443 - path: / - pathType: Prefix - tls: - - hosts: - - kubernetes-dashboard. - secretName: kubernetes-dashboard-tls diff --git a/kubernetes-dashboard/components/kubernetes-dashboard/service-account-token.yaml b/kubernetes-dashboard/components/kubernetes-dashboard/service-account-token.yaml deleted file mode 100644 index ca40a24..0000000 --- a/kubernetes-dashboard/components/kubernetes-dashboard/service-account-token.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: dashboard-user - namespace: kubernetes-dashboard - annotations: - kubernetes.io/service-account.name: -kubernetes-dashboard - argocd.argoproj.io/sync-wave: "1" -type: kubernetes.io/service-account-token - -# to get your bearer token for auth, connect to your cluster, then run command: -# kubectl get secret dashboard-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d diff --git a/kubernetes-dashboard/components/kubernetes-dashboard/values.yaml b/kubernetes-dashboard/components/kubernetes-dashboard/values.yaml new file mode 100644 index 0000000..411f575 --- /dev/null +++ b/kubernetes-dashboard/components/kubernetes-dashboard/values.yaml @@ -0,0 +1,21 @@ +--- +app: + ingress: + enabled: true + hosts: + - kubernetes-dashboard.. + ingressClassName: nginx + tls: + enabled: true + secretName: "kubernetes-dashboard-tls" + # Adds following annotation cert-manager.io/cluster-issuer: letsencrypt-prod + issuer: + scope: cluster + name: "letsencrypt-prod" + # This will append our Ingress with annotations required by our default configuration. + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # nginx.ingress.kubernetes.io/ssl-redirect: "true" + useDefaultAnnotations: true + annotations: + argocd.argoproj.io/sync-wave: "2"