addons: Remove Kubernetes Dashboard manifests and docs
* Stop maintaining Kubernetes Dashboard manifests. Dashboard takes an unusual approch to security and is often a security weak point. * Recommendation: Use `kubectl` and avoid using the dashboard. If you must use the dashboard, explore hardening and consider using an authenticating proxy rather than the dashboard's auth features
This commit is contained in:
parent
2c10d24113
commit
03d23bfde7
|
@ -24,6 +24,7 @@ Notable changes between versions.
|
|||
* Update nginx-ingress from 0.9.0 to 0.10.2
|
||||
* Update CLUO from v0.5.0 to v0.6.0
|
||||
* Switch manifests to use `apps/v1` Deployments and Daemonsets
|
||||
* Remove Kubernetes Dashboard manifests ([#121](https://github.com/poseidon/typhoon/pull/121))
|
||||
|
||||
#### Digital Ocean
|
||||
|
||||
|
|
|
@ -1,32 +0,0 @@
|
|||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: kubernetes-dashboard
|
||||
namespace: kube-system
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
name: kubernetes-dashboard
|
||||
phase: prod
|
||||
spec:
|
||||
containers:
|
||||
- name: kubernetes-dashboard
|
||||
image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.6.1
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 9090
|
||||
resources:
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 300Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 100Mi
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 9090
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 30
|
|
@ -1,15 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: kubernetes-dashboard
|
||||
namespace: kube-system
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
name: kubernetes-dashboard
|
||||
phase: prod
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 80
|
||||
targetPort: 9090
|
|
@ -1,27 +0,0 @@
|
|||
# Kubernetes Dashboard
|
||||
|
||||
!!! warning
|
||||
The Kubernetes Dashboard takes [unusual approaches](https://github.com/kubernetes/dashboard/wiki/Access-control#authorization-header) to security and is often a point of security escalations. We recommend you do don't deploy it and get familiar with `kubectl`, if possible.
|
||||
|
||||
The Kubernetes [Dashboard](https://github.com/kubernetes/dashboard) provides a web UI to manage a Kubernetes cluster for those who prefer an alternative to `kubectl`.
|
||||
|
||||
## Create
|
||||
|
||||
Create the dashboard deployment and service.
|
||||
|
||||
```
|
||||
kubectl apply -f addons/dashboard -R
|
||||
```
|
||||
|
||||
## Access
|
||||
|
||||
Use `kubectl` to authenticate to the apiserver and create a local port forward to the remote port on the dashboard pod.
|
||||
|
||||
```sh
|
||||
kubectl get pods -n kube-system
|
||||
kubectl port-forward POD [LOCAL_PORT:]REMOTE_PORT
|
||||
kubectl port-forward kubernetes-dashboard-id 9090 -n kube-system
|
||||
```
|
||||
|
||||
!!! tip
|
||||
If you'd like to expose the Dashboard via Ingress and add authentication, use a suitable OAuth2 proxy sidecar and pick your favorite OAuth2 provider.
|
|
@ -7,5 +7,4 @@ Every Typhoon cluster is verified to work well with several post-install addons.
|
|||
* [Heapster](heapster.md)
|
||||
* [Prometheus](prometheus.md)
|
||||
* [Grafana](grafana.md)
|
||||
* Kubernetes [Dashboard](dashboard.md)
|
||||
|
||||
|
|
|
@ -51,7 +51,6 @@ pages:
|
|||
- 'Nginx Ingress': 'addons/ingress.md'
|
||||
- 'Prometheus': 'addons/prometheus.md'
|
||||
- 'Grafana': 'addons/grafana.md'
|
||||
- 'Dashboard': 'addons/dashboard.md'
|
||||
- 'Topics':
|
||||
- 'Maintenance': 'topics/maintenance.md'
|
||||
- 'Hardware': 'topics/hardware.md'
|
||||
|
|
Loading…
Reference in New Issue