# Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # General configuration shared across resources app: # Mode determines if chart should deploy a full Dashboard with all containers or just the API. # - dashboard - deploys all the containers # - api - deploys just the API mode: 'dashboard' image: pullPolicy: IfNotPresent pullSecrets: [] scheduling: # Node labels for pod assignment # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ nodeSelector: {} security: # Allow overriding csrfKey used by API/Auth containers. # It has to be base64 encoded random 256 bytes string. # If empty, it will be autogenerated. csrfKey: ~ # SecurityContext to be added to pods # To disable set the following configuration to null: # securityContext: null securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault # ContainerSecurityContext to be added to containers # To disable set the following configuration to null: # containerSecurityContext: null containerSecurityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 capabilities: drop: ["ALL"] # Pod Disruption Budget configuration # Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ podDisruptionBudget: enabled: false minAvailable: 0 maxUnavailable: 0 networkPolicy: enabled: false ingressDenyAll: false # Raw network policy spec that overrides predefined spec # Example: # spec: # egress: # - ports: # - port: 123 spec: {} # Common labels & annotations shared across all deployed resources labels: {} annotations: {} # Common priority class used for all deployed resources priorityClassName: null settings: ## Global dashboard settings global: # # Cluster name that appears in the browser window title if it is set clusterName: "Freeleaps Kubernetes Cluster" # # Max number of items that can be displayed on each list page # itemsPerPage: 10 # # Max number of labels that are displayed by default on most views. # labelsLimit: 3 # # Number of seconds between every auto-refresh of logs # logsAutoRefreshTimeInterval: 5 # # Number of seconds between every auto-refresh of every resource. Set 0 to disable # resourceAutoRefreshTimeInterval: 10 # # Hide all access denied warnings in the notification panel # disableAccessDeniedNotifications: false # # Hide all namespaces option in namespace selection dropdown to avoid accidental selection in large clusters thus preventing OOM errors # hideAllNamespaces: false # # Namespace that should be selected by default after logging in. defaultNamespace: freeleaps-infra-system # # List of namespaces that should be presented to user without namespace list privileges. # namespaceFallbackList: # - default ## Pinned resources that will be displayed in dashboard's menu pinnedResources: - kind: customresourcedefinition name: certificates.cert-manager.io displayName: Certificates namespaced: true - kind: customresourcedefinition name: clusterissuers.cert-manager.io displayName: ClusterIssuers namespaced: false # - kind: customresourcedefinition # # Fully qualified name of a CRD # name: prometheus.monitoring.coreos.com # # Display name # displayName: Prometheus # # Is this CRD namespaced? # namespaced: true ingress: enabled: false auth: role: auth image: repository: docker.io/kubernetesui/dashboard-auth tag: 1.2.4 scaling: replicas: 1 revisionHistoryLimit: 10 service: type: ClusterIP extraSpec: ~ containers: ports: - name: auth containerPort: 8000 protocol: TCP args: [] env: [] volumeMounts: - mountPath: /tmp name: tmp-volume # TODO: Validate configuration resources: requests: cpu: 50m memory: 200Mi limits: cpu: 250m memory: 400Mi automountServiceAccountToken: true volumes: # Create on-disk volume to store exec logs (required) - name: tmp-volume emptyDir: {} nodeSelector: {} # Labels & annotations for Auth related resources labels: {} annotations: {} serviceLabels: {} serviceAnnotations: {} # API deployment configuration api: role: api image: repository: docker.io/kubernetesui/dashboard-api tag: 1.11.1 scaling: replicas: 1 revisionHistoryLimit: 10 service: type: ClusterIP extraSpec: ~ containers: ports: - name: api containerPort: 8000 protocol: TCP # Additional container arguments # Full list of arguments: https://github.com/kubernetes/dashboard/blob/master/docs/common/arguments.md # args: # - --system-banner="Welcome to the Kubernetes Dashboard" args: [] # Additional container environment variables # env: # - name: SOME_VAR # value: 'some value' env: [] # Additional volume mounts # - mountPath: /kubeconfig # name: dashboard-kubeconfig # readOnly: true volumeMounts: # Create volume mount to store exec logs (required) - mountPath: /tmp name: tmp-volume # TODO: Validate configuration resources: requests: cpu: 50m memory: 128Mi limits: cpu: 250m memory: 400Mi automountServiceAccountToken: true # Additional volumes # - name: dashboard-kubeconfig # secret: # defaultMode: 420 # secretName: dashboard-kubeconfig volumes: # Create on-disk volume to store exec logs (required) - name: tmp-volume emptyDir: {} nodeSelector: {} # Labels & annotations for API related resources labels: {} annotations: {} serviceLabels: {} serviceAnnotations: {} # WEB UI deployment configuration web: role: web image: repository: docker.io/kubernetesui/dashboard-web tag: 1.6.2 scaling: replicas: 1 revisionHistoryLimit: 10 service: type: ClusterIP extraSpec: ~ containers: ports: - name: web containerPort: 8000 protocol: TCP # Additional container arguments # Full list of arguments: https://github.com/kubernetes/dashboard/blob/master/docs/common/arguments.md # args: # - --system-banner="Welcome to the Kubernetes Dashboard" args: [] # Additional container environment variables # env: # - name: SOME_VAR # value: 'some value' env: [] # Additional volume mounts # - mountPath: /kubeconfig # name: dashboard-kubeconfig # readOnly: true volumeMounts: # Create volume mount to store logs (required) - mountPath: /tmp name: tmp-volume # TODO: Validate configuration resources: requests: cpu: 50m memory: 128Mi limits: cpu: 250m memory: 400Mi automountServiceAccountToken: true # Additional volumes # - name: dashboard-kubeconfig # secret: # defaultMode: 420 # secretName: dashboard-kubeconfig volumes: # Create on-disk volume to store exec logs (required) - name: tmp-volume emptyDir: {} nodeSelector: {} # Labels & annotations for WEB UI related resources labels: {} annotations: {} serviceLabels: {} serviceAnnotations: {} ### Metrics Scraper ### Container to scrape, store, and retrieve a window of time from the Metrics Server. ### refs: https://github.com/kubernetes/dashboard/tree/master/modules/metrics-scraper metricsScraper: enabled: false ## Optional Metrics Server sub-chart configuration ## Enable this if you don't already have metrics-server enabled on your cluster and ## want to use it with dashboard metrics-scraper ## refs: ## - https://github.com/kubernetes-sigs/metrics-server ## - https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server metrics-server: enabled: false ## Required Kong sub-chart with DBless configuration to act as a gateway ## for our all containers. kong: enabled: true ## Configuration reference: https://docs.konghq.com/gateway/3.6.x/reference/configuration env: dns_order: LAST,A,CNAME,AAAA,SRV plugins: 'off' nginx_worker_processes: 1 ingressController: enabled: false manager: enabled: false dblessConfig: configMap: kong-dbless-config proxy: type: ClusterIP http: enabled: false ## Optional Cert Manager sub-chart configuration ## Enable this if you don't already have cert-manager enabled on your cluster. cert-manager: enabled: false installCRDs: false ## Optional Nginx Ingress sub-chart configuration ## Enable this if you don't already have nginx-ingress enabled on your cluster. nginx: enabled: false ## Extra configurations: ## - manifests ## - predefined roles ## - prometheus ## - etc... extras: # Extra Kubernetes manifests to be deployed # manifests: # - apiVersion: v1 # kind: ConfigMap # metadata: # name: additional-configmap # data: # mykey: myvalue manifests: [] serviceMonitor: # Whether to create a Prometheus Operator service monitor. enabled: false # Here labels can be added to the serviceMonitor labels: {} # Here annotations can be added to the serviceMonitor annotations: {} # metrics.serviceMonitor.metricRelabelings Specify Metric Relabelings to add to the scrape endpoint # ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig metricRelabelings: [] # metrics.serviceMonitor.relabelings [array] Prometheus relabeling rules relabelings: [] # ServiceMonitor connection scheme. Defaults to HTTPS. scheme: https # ServiceMonitor connection tlsConfig. Defaults to {insecureSkipVerify:true}. tlsConfig: insecureSkipVerify: true