diff options
| author | Alberto Berti <alberto@metapensiero.it> | 2018-05-23 16:33:14 +0200 |
|---|---|---|
| committer | Johan Thomsen <jth@dbc.dk> | 2018-05-25 11:10:02 +0200 |
| commit | 29fd05f3f5beabfd65550c43bda1f797bcb3b9dc (patch) | |
| tree | 04757f42ae3f1730c06288bd44c5e222a75a3330 /nixos/modules/services/cluster/kubernetes/dashboard.nix | |
| parent | 55fa98dd76658309d0f9045f4a901637e5e7bf5d (diff) | |
| download | nixlib-29fd05f3f5beabfd65550c43bda1f797bcb3b9dc.tar nixlib-29fd05f3f5beabfd65550c43bda1f797bcb3b9dc.tar.gz nixlib-29fd05f3f5beabfd65550c43bda1f797bcb3b9dc.tar.bz2 nixlib-29fd05f3f5beabfd65550c43bda1f797bcb3b9dc.tar.lz nixlib-29fd05f3f5beabfd65550c43bda1f797bcb3b9dc.tar.xz nixlib-29fd05f3f5beabfd65550c43bda1f797bcb3b9dc.tar.zst nixlib-29fd05f3f5beabfd65550c43bda1f797bcb3b9dc.zip | |
Kuberetes Dashboard addon 1.8.2 -> 1.8.3
As shipped with k8s 1.10.3. Also: - updated the definition jsons as they are distributed in k8s. - updated the image uris as they are renamed in k8s - added imageDigest param as per 736848723e5aefa5d24396c58dc6de603399efde
Diffstat (limited to 'nixos/modules/services/cluster/kubernetes/dashboard.nix')
| -rw-r--r-- | nixos/modules/services/cluster/kubernetes/dashboard.nix | 90 |
1 files changed, 76 insertions, 14 deletions
diff --git a/nixos/modules/services/cluster/kubernetes/dashboard.nix b/nixos/modules/services/cluster/kubernetes/dashboard.nix index 3aa1dcceae31..8c1f35ec651b 100644 --- a/nixos/modules/services/cluster/kubernetes/dashboard.nix +++ b/nixos/modules/services/cluster/kubernetes/dashboard.nix @@ -5,14 +5,14 @@ with lib; let cfg = config.services.kubernetes.addons.dashboard; - name = "gcr.io/google_containers/kubernetes-dashboard-amd64"; - version = "v1.8.2"; + name = "k8s.gcr.io/kubernetes-dashboard-amd64"; + version = "v1.8.3"; image = pkgs.dockerTools.pullImage { imageName = name; + imageDigest = "sha256:dc4026c1b595435ef5527ca598e1e9c4343076926d7d62b365c44831395adbd0"; finalImageTag = version; - sha256 = "11h0fz3wxp0f10fsyqaxjm7l2qg7xws50dv5iwlck5gb1fjmajad"; - imageDigest = "sha256:e7984d10351601080bbc146635d51f0cfbea31ca6f0df323cf7a58cf2f6a68df"; + sha256 = "18ajcg0q1vignfjk2sm4xj4wzphfz8wah69ps8dklqfvv0164mc8"; }; in { options.services.kubernetes.addons.dashboard = { @@ -31,7 +31,7 @@ in { services.kubernetes.addonManager.addons = { kubernetes-dashboard-deployment = { kind = "Deployment"; - apiVersion = "apps/v1beta1"; + apiVersion = "apps/v1"; metadata = { labels = { k8s-addon = "kubernetes-dashboard.addons.k8s.io"; @@ -57,40 +57,61 @@ in { }; annotations = { "scheduler.alpha.kubernetes.io/critical-pod" = ""; - #"scheduler.alpha.kubernetes.io/tolerations" = ''[{"key":"CriticalAddonsOnly", "operator":"Exists"}]''; }; }; spec = { + priorityClassName = "system-cluster-critical"; containers = [{ name = "kubernetes-dashboard"; image = "${name}:${version}"; ports = [{ - containerPort = 9090; + containerPort = 8443; protocol = "TCP"; }]; resources = { limits = { cpu = "100m"; - memory = "250Mi"; + memory = "300Mi"; }; requests = { cpu = "100m"; - memory = "50Mi"; + memory = "100Mi"; }; }; + args = ["--auto-generate-certificates"]; + volumeMounts = [{ + name = "tmp-volume"; + mountPath = "/tmp"; + } { + name = "kubernetes-dashboard-certs"; + mountPath = "/certs"; + }]; livenessProbe = { httpGet = { + scheme = "HTTPS"; path = "/"; - port = 9090; + port = 8443; }; initialDelaySeconds = 30; timeoutSeconds = 30; }; }]; + volumes = [{ + name = "kubernetes-dashboard-certs"; + secret = { + secretName = "kubernetes-dashboard-certs"; + }; + } { + name = "tmp-volume"; + emptyDir = {}; + }]; serviceAccountName = "kubernetes-dashboard"; tolerations = [{ key = "node-role.kubernetes.io/master"; effect = "NoSchedule"; + } { + key = "CriticalAddonsOnly"; + operator = "Exists"; }]; }; }; @@ -113,8 +134,8 @@ in { }; spec = { ports = [{ - port = 80; - targetPort = 9090; + port = 443; + targetPort = 8443; }]; selector.k8s-app = "kubernetes-dashboard"; }; @@ -127,15 +148,56 @@ in { labels = { k8s-app = "kubernetes-dashboard"; k8s-addon = "kubernetes-dashboard.addons.k8s.io"; - "addonmanager.kubernetes.io/mode" = "Reconcile"; + "addonmanager.kubernetes.io/mode" = "Reconcile"; }; name = "kubernetes-dashboard"; namespace = "kube-system"; }; }; + kubernetes-dashboard-sec-certs = { + apiVersion = "v1"; + kind = "Secret"; + metadata = { + labels = { + k8s-app = "kubernetes-dashboard"; + # Allows editing resource and makes sure it is created first. + "addonmanager.kubernetes.io/mode" = "EnsureExists"; + }; + name = "kubernetes-dashboard-certs"; + namespace = "kube-system"; + }; + type = "Opaque"; + }; + kubernetes-dashboard-sec-kholder = { + apiVersion = "v1"; + kind = "Secret"; + metadata = { + labels = { + k8s-app = "kubernetes-dashboard"; + # Allows editing resource and makes sure it is created first. + "addonmanager.kubernetes.io/mode" = "EnsureExists"; + }; + name = "kubernetes-dashboard-key-holder"; + namespace = "kube-system"; + }; + type = "Opaque"; + }; + kubernetes-dashboard-cm = { + apiVersion = "v1"; + kind = "ConfigMap"; + metadata = { + labels = { + k8s-app = "kubernetes-dashboard"; + # Allows editing resource and makes sure it is created first. + "addonmanager.kubernetes.io/mode" = "EnsureExists"; + }; + name = "kubernetes-dashboard-settings"; + namespace = "kube-system"; + }; + }; } // (optionalAttrs cfg.enableRBAC { kubernetes-dashboard-crb = { - apiVersion = "rbac.authorization.k8s.io/v1beta1"; + apiVersion = "rbac.authorization.k8s.io/v1"; kind = "ClusterRoleBinding"; metadata = { name = "kubernetes-dashboard"; |