forked from reddec/ingress-dashboard
-
Notifications
You must be signed in to change notification settings - Fork 1
/
ingress-dashboard.yaml
130 lines (130 loc) · 2.39 KB
/
ingress-dashboard.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
---
apiVersion: v1
kind: Namespace
metadata:
name: ingress-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ingress-dashboard
namespace: ingress-dashboard
automountServiceAccountToken: true
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ingress-dashboard
rules:
- apiGroups:
- ''
resources:
- namespaces
verbs:
- get
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ingress-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-dashboard
subjects:
- kind: ServiceAccount
name: ingress-dashboard
namespace: ingress-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ingress-dashboard
namespace: ingress-dashboard
rules:
- apiGroups:
- ''
resources:
- namespaces
verbs:
- get
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ingress-dashboard
namespace: ingress-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-dashboard
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-dashboard
---
apiVersion: v1
kind: Service
metadata:
name: dashboard
namespace: ingress-dashboard
spec:
type: ClusterIP
ports:
- name: http
port: 8080
targetPort: http
selector:
app: dashboard
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: dashboard
name: dashboard
namespace: ingress-dashboard
spec:
selector:
matchLabels:
app: dashboard
template:
metadata:
labels:
app: dashboard
spec:
containers:
- name: dashboard
image: IMAGE_TO_REPLACE
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
runAsUser: 101
env:
- name: AUTH
value: "none"
ports:
- name: http
containerPort: 8080
protocol: TCP
serviceAccountName: ingress-dashboard