addons: Remove Kubernetes Dashboard manifests and docs
* Stop maintaining Kubernetes Dashboard manifests. Dashboard takes an unusual approch to security and is often a security weak point. * Recommendation: Use `kubectl` and avoid using the dashboard. If you must use the dashboard, explore hardening and consider using an authenticating proxy rather than the dashboard's auth features
This commit is contained in:
parent
2c10d24113
commit
03d23bfde7
|
@ -24,6 +24,7 @@ Notable changes between versions.
|
||||||
* Update nginx-ingress from 0.9.0 to 0.10.2
|
* Update nginx-ingress from 0.9.0 to 0.10.2
|
||||||
* Update CLUO from v0.5.0 to v0.6.0
|
* Update CLUO from v0.5.0 to v0.6.0
|
||||||
* Switch manifests to use `apps/v1` Deployments and Daemonsets
|
* Switch manifests to use `apps/v1` Deployments and Daemonsets
|
||||||
|
* Remove Kubernetes Dashboard manifests ([#121](https://github.com/poseidon/typhoon/pull/121))
|
||||||
|
|
||||||
#### Digital Ocean
|
#### Digital Ocean
|
||||||
|
|
||||||
|
|
|
@ -1,32 +0,0 @@
|
||||||
apiVersion: extensions/v1beta1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: kubernetes-dashboard
|
|
||||||
namespace: kube-system
|
|
||||||
spec:
|
|
||||||
replicas: 1
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
name: kubernetes-dashboard
|
|
||||||
phase: prod
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: kubernetes-dashboard
|
|
||||||
image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.6.1
|
|
||||||
ports:
|
|
||||||
- name: http
|
|
||||||
containerPort: 9090
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: 100m
|
|
||||||
memory: 300Mi
|
|
||||||
requests:
|
|
||||||
cpu: 100m
|
|
||||||
memory: 100Mi
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /
|
|
||||||
port: 9090
|
|
||||||
initialDelaySeconds: 30
|
|
||||||
timeoutSeconds: 30
|
|
|
@ -1,15 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: kubernetes-dashboard
|
|
||||||
namespace: kube-system
|
|
||||||
spec:
|
|
||||||
type: ClusterIP
|
|
||||||
selector:
|
|
||||||
name: kubernetes-dashboard
|
|
||||||
phase: prod
|
|
||||||
ports:
|
|
||||||
- name: http
|
|
||||||
protocol: TCP
|
|
||||||
port: 80
|
|
||||||
targetPort: 9090
|
|
|
@ -1,27 +0,0 @@
|
||||||
# Kubernetes Dashboard
|
|
||||||
|
|
||||||
!!! warning
|
|
||||||
The Kubernetes Dashboard takes [unusual approaches](https://github.com/kubernetes/dashboard/wiki/Access-control#authorization-header) to security and is often a point of security escalations. We recommend you do don't deploy it and get familiar with `kubectl`, if possible.
|
|
||||||
|
|
||||||
The Kubernetes [Dashboard](https://github.com/kubernetes/dashboard) provides a web UI to manage a Kubernetes cluster for those who prefer an alternative to `kubectl`.
|
|
||||||
|
|
||||||
## Create
|
|
||||||
|
|
||||||
Create the dashboard deployment and service.
|
|
||||||
|
|
||||||
```
|
|
||||||
kubectl apply -f addons/dashboard -R
|
|
||||||
```
|
|
||||||
|
|
||||||
## Access
|
|
||||||
|
|
||||||
Use `kubectl` to authenticate to the apiserver and create a local port forward to the remote port on the dashboard pod.
|
|
||||||
|
|
||||||
```sh
|
|
||||||
kubectl get pods -n kube-system
|
|
||||||
kubectl port-forward POD [LOCAL_PORT:]REMOTE_PORT
|
|
||||||
kubectl port-forward kubernetes-dashboard-id 9090 -n kube-system
|
|
||||||
```
|
|
||||||
|
|
||||||
!!! tip
|
|
||||||
If you'd like to expose the Dashboard via Ingress and add authentication, use a suitable OAuth2 proxy sidecar and pick your favorite OAuth2 provider.
|
|
|
@ -7,5 +7,4 @@ Every Typhoon cluster is verified to work well with several post-install addons.
|
||||||
* [Heapster](heapster.md)
|
* [Heapster](heapster.md)
|
||||||
* [Prometheus](prometheus.md)
|
* [Prometheus](prometheus.md)
|
||||||
* [Grafana](grafana.md)
|
* [Grafana](grafana.md)
|
||||||
* Kubernetes [Dashboard](dashboard.md)
|
|
||||||
|
|
||||||
|
|
|
@ -51,7 +51,6 @@ pages:
|
||||||
- 'Nginx Ingress': 'addons/ingress.md'
|
- 'Nginx Ingress': 'addons/ingress.md'
|
||||||
- 'Prometheus': 'addons/prometheus.md'
|
- 'Prometheus': 'addons/prometheus.md'
|
||||||
- 'Grafana': 'addons/grafana.md'
|
- 'Grafana': 'addons/grafana.md'
|
||||||
- 'Dashboard': 'addons/dashboard.md'
|
|
||||||
- 'Topics':
|
- 'Topics':
|
||||||
- 'Maintenance': 'topics/maintenance.md'
|
- 'Maintenance': 'topics/maintenance.md'
|
||||||
- 'Hardware': 'topics/hardware.md'
|
- 'Hardware': 'topics/hardware.md'
|
||||||
|
|
Loading…
Reference in New Issue