From 5606c5f516cbb6c3a05cb580d0f68d0276f947ff Mon Sep 17 00:00:00 2001 From: Muse Mulatu Date: Mon, 28 Oct 2024 22:38:08 -0600 Subject: [PATCH 1/3] refactor: use multiple source for kubernetes-dashboard argo application - store override in a separate values.yaml file - upgrade to version 7.9.0 --- .../kubernetes-dashboard/application.yaml | 23 ++++++++-------- .../{ => dependencies}/clusterolebinding.yaml | 16 +++++------ .../dependencies/service-account.yaml | 8 ++++++ .../kubernetes-dashboard/ingress.yaml | 27 ------------------- .../service-account-token.yaml | 13 --------- .../kubernetes-dashboard/values.yaml | 14 ++++++++++ 6 files changed, 41 insertions(+), 60 deletions(-) rename kubernetes-dashboard/components/kubernetes-dashboard/{ => dependencies}/clusterolebinding.yaml (57%) create mode 100644 kubernetes-dashboard/components/kubernetes-dashboard/dependencies/service-account.yaml delete mode 100644 kubernetes-dashboard/components/kubernetes-dashboard/ingress.yaml delete mode 100644 kubernetes-dashboard/components/kubernetes-dashboard/service-account-token.yaml create mode 100644 kubernetes-dashboard/components/kubernetes-dashboard/values.yaml diff --git a/kubernetes-dashboard/components/kubernetes-dashboard/application.yaml b/kubernetes-dashboard/components/kubernetes-dashboard/application.yaml index bbf828f..85512f4 100644 --- a/kubernetes-dashboard/components/kubernetes-dashboard/application.yaml +++ b/kubernetes-dashboard/components/kubernetes-dashboard/application.yaml @@ -11,20 +11,19 @@ metadata: - resources-finalizer.argocd.argoproj.io spec: project: - source: + sources: repoURL: 'https://kubernetes.github.io/dashboard' - targetRevision: 6.0.0 + targetRevision: 7.9.0 chart: kubernetes-dashboard - helm: - values: | - app: - ingress: - hosts: - # keep only the 'localhost' host if you only want to access Dashboard using 'kubectl port-forward ...' on: - # https://localhost:8443 - # please note that the ingress itself is managed in ingress.yaml - - localhost - - kubernetes-dashboard. + helm: + valueFiles: + - $values/registry/clusters//components/kubernetes-dashboard/values.yaml + - repoURL: + targetRevision: HEAD + ref: values + - repoURL: + path: registry/clusters//components/kubernetes-dashboard/dependencies/ + targetRevision: HEAD destination: name: namespace: kubernetes-dashboard diff --git a/kubernetes-dashboard/components/kubernetes-dashboard/clusterolebinding.yaml b/kubernetes-dashboard/components/kubernetes-dashboard/dependencies/clusterolebinding.yaml similarity index 57% rename from kubernetes-dashboard/components/kubernetes-dashboard/clusterolebinding.yaml rename to kubernetes-dashboard/components/kubernetes-dashboard/dependencies/clusterolebinding.yaml index a6f9f88..40edeba 100644 --- a/kubernetes-dashboard/components/kubernetes-dashboard/clusterolebinding.yaml +++ b/kubernetes-dashboard/components/kubernetes-dashboard/dependencies/clusterolebinding.yaml @@ -1,15 +1,15 @@ --- -kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: - name: k8s-dashboard-clusterrole + name: dashboard-user annotations: argocd.argoproj.io/sync-wave: "0" -subjects: - - kind: ServiceAccount - name: -kubernetes-dashboard - namespace: kubernetes-dashboard roleRef: - kind: ClusterRole - name: admin apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: dashboard-user + namespace: kubernetes-dashboard diff --git a/kubernetes-dashboard/components/kubernetes-dashboard/dependencies/service-account.yaml b/kubernetes-dashboard/components/kubernetes-dashboard/dependencies/service-account.yaml new file mode 100644 index 0000000..4829c43 --- /dev/null +++ b/kubernetes-dashboard/components/kubernetes-dashboard/dependencies/service-account.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dashboard-user + +# to get your bearer token for auth, connect to your cluster, then run command: +# kubectl -n kubernetes-dashboard create token dashboard-user diff --git a/kubernetes-dashboard/components/kubernetes-dashboard/ingress.yaml b/kubernetes-dashboard/components/kubernetes-dashboard/ingress.yaml deleted file mode 100644 index d5970f6..0000000 --- a/kubernetes-dashboard/components/kubernetes-dashboard/ingress.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - cert-manager.io/cluster-issuer: letsencrypt-prod - argocd.argoproj.io/sync-wave: '2' - name: kubernetes-dashboard - namespace: kubernetes-dashboard -spec: - ingressClassName: nginx - rules: - - host: kubernetes-dashboard. - http: - paths: - - backend: - service: - name: -kubernetes-dashboard - port: - number: 443 - path: / - pathType: Prefix - tls: - - hosts: - - kubernetes-dashboard. - secretName: kubernetes-dashboard-tls diff --git a/kubernetes-dashboard/components/kubernetes-dashboard/service-account-token.yaml b/kubernetes-dashboard/components/kubernetes-dashboard/service-account-token.yaml deleted file mode 100644 index ca40a24..0000000 --- a/kubernetes-dashboard/components/kubernetes-dashboard/service-account-token.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: dashboard-user - namespace: kubernetes-dashboard - annotations: - kubernetes.io/service-account.name: -kubernetes-dashboard - argocd.argoproj.io/sync-wave: "1" -type: kubernetes.io/service-account-token - -# to get your bearer token for auth, connect to your cluster, then run command: -# kubectl get secret dashboard-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d diff --git a/kubernetes-dashboard/components/kubernetes-dashboard/values.yaml b/kubernetes-dashboard/components/kubernetes-dashboard/values.yaml new file mode 100644 index 0000000..a127bf6 --- /dev/null +++ b/kubernetes-dashboard/components/kubernetes-dashboard/values.yaml @@ -0,0 +1,14 @@ +app: + ingress: + enabled: true + hosts: + - kubernetes-dashboard.. + ingressClassName: nginx + tls: + enabled: true + secretName: "kubernetes-dashboard-tls" + issuer: + scope: cluster + name: "letsencrypt-prod" + annotations: + argocd.argoproj.io/sync-wave: "2" \ No newline at end of file From 9b00665228cfb21ff2907fb6249a09ac0a156565 Mon Sep 17 00:00:00 2001 From: Muse Mulatu Date: Mon, 28 Oct 2024 22:56:09 -0600 Subject: [PATCH 2/3] misc: add description --- .../components/kubernetes-dashboard/values.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kubernetes-dashboard/components/kubernetes-dashboard/values.yaml b/kubernetes-dashboard/components/kubernetes-dashboard/values.yaml index a127bf6..3ba3dec 100644 --- a/kubernetes-dashboard/components/kubernetes-dashboard/values.yaml +++ b/kubernetes-dashboard/components/kubernetes-dashboard/values.yaml @@ -7,8 +7,14 @@ app: tls: enabled: true secretName: "kubernetes-dashboard-tls" + # Adds following annotation cert-manager.io/cluster-issuer: letsencrypt-prod issuer: scope: cluster name: "letsencrypt-prod" + # This will append our Ingress with annotations required by our default configuration. + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # nginx.ingress.kubernetes.io/ssl-redirect: "true" + useDefaultAnnotations: true annotations: argocd.argoproj.io/sync-wave: "2" \ No newline at end of file From fd7cbdb28256b60baddb804f835707a3dc3ff59e Mon Sep 17 00:00:00 2001 From: Muse Mulatu Date: Mon, 28 Oct 2024 23:09:18 -0600 Subject: [PATCH 3/3] fix: yaml linting --- .../components/kubernetes-dashboard/application.yaml | 6 +++--- .../dependencies/clusterolebinding.yaml | 6 +++--- .../components/kubernetes-dashboard/values.yaml | 5 +++-- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/kubernetes-dashboard/components/kubernetes-dashboard/application.yaml b/kubernetes-dashboard/components/kubernetes-dashboard/application.yaml index 85512f4..bf25ebc 100644 --- a/kubernetes-dashboard/components/kubernetes-dashboard/application.yaml +++ b/kubernetes-dashboard/components/kubernetes-dashboard/application.yaml @@ -12,9 +12,9 @@ metadata: spec: project: sources: - repoURL: 'https://kubernetes.github.io/dashboard' - targetRevision: 7.9.0 - chart: kubernetes-dashboard + - repoURL: "https://kubernetes.github.io/dashboard" + targetRevision: 7.9.0 + chart: kubernetes-dashboard helm: valueFiles: - $values/registry/clusters//components/kubernetes-dashboard/values.yaml diff --git a/kubernetes-dashboard/components/kubernetes-dashboard/dependencies/clusterolebinding.yaml b/kubernetes-dashboard/components/kubernetes-dashboard/dependencies/clusterolebinding.yaml index 40edeba..daec4c3 100644 --- a/kubernetes-dashboard/components/kubernetes-dashboard/dependencies/clusterolebinding.yaml +++ b/kubernetes-dashboard/components/kubernetes-dashboard/dependencies/clusterolebinding.yaml @@ -10,6 +10,6 @@ roleRef: kind: ClusterRole name: cluster-admin subjects: -- kind: ServiceAccount - name: dashboard-user - namespace: kubernetes-dashboard + - kind: ServiceAccount + name: dashboard-user + namespace: kubernetes-dashboard diff --git a/kubernetes-dashboard/components/kubernetes-dashboard/values.yaml b/kubernetes-dashboard/components/kubernetes-dashboard/values.yaml index 3ba3dec..411f575 100644 --- a/kubernetes-dashboard/components/kubernetes-dashboard/values.yaml +++ b/kubernetes-dashboard/components/kubernetes-dashboard/values.yaml @@ -1,4 +1,5 @@ -app: +--- +app: ingress: enabled: true hosts: @@ -17,4 +18,4 @@ app: # nginx.ingress.kubernetes.io/ssl-redirect: "true" useDefaultAnnotations: true annotations: - argocd.argoproj.io/sync-wave: "2" \ No newline at end of file + argocd.argoproj.io/sync-wave: "2"