Skip to content

E
eks-kubernetes-dashboard
Commit 0efbc2d2 authored by Danny's avatar Danny
Browse files
Options

init commit for dashboard

parents
Hide whitespace changes
Inline Side-by-side
Showing with 188 additions and 0 deletions
eks-kube-dashboard-clusterrole.tf 0 → 100644
View file @ 0efbc2d2
resource "kubernetes_role" "kubernetes_dashboard_role" {
metadata {
name = "kubernetes-dashboard-minimal"
namespace = "kube-system"
}
rule {
api_group = [""]
resources = ["secrets"]
verbs = ["create"]
}
rule {
api_group = [""]
resources = ["configmaps"]
verbs = ["create"]
}
rule {
api_group = [""]
resources = ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
verbs = ["get", "update", "delete"]
}
rule {
api_group = [""]
resources = ["configmaps"]
resource_names = ["kubernetes-dashboard-settings"]
verbs = ["get", "update"]
}
rule {
api_group = [""]
resources = ["services"]
resourceNames = ["heapster"]
verbs = ["proxy"]
}
rule {
api_group = [""]
resources = ["services/proxy"]
resourceNames = ["heapster", "http:heapster:", "http:heaptser:"]
verbs = ["get"]
}
}
resource "kubernetes_role_binding" "kubernetes_dashboard_role_bind" {
metadata {
name = "kubernetes-dashboard-minmal"
namespace = "kube-system"
}
role_ref {
api_group = ["rbac.authorization.k8s.io"]
kind = "Role"
name = "kubernetes-dashboard-minimal"
}
subjects {
kind = "ServiceAccount"
name = "kubernetes-dashboard"
}
}
eks-kube-dashboard-secret.tf 0 → 100644
View file @ 0efbc2d2
resource "kubernetes_secret" {
metadata {
labels {
app = "kubernetes-dashboard"
}
name = "kubernetes-dashboard-certs"
namespace = "kube-system"
}
type = "Opaque"
}
eks-kube-dashboard-service.tf 0 → 100644
View file @ 0efbc2d2
resource "kubernetes_service" "kubernetes_dashboard_service" {
metadata {
labels {
app = "kubernetes-dashboard"
namespace = "kube-system"
}
}
spec {
port {
port = 443
target_port = 8443
}
selector {
app = "kubernetes-dashboard"
}
}
}
eks-kube-dashboard-serviceaccount.tf 0 → 100644
View file @ 0efbc2d2
resource "kubernetes_service_account" "kubernetes_dashboard_serviceaccount" {
metadata {
app = "kubernetes-dashboard"
namespace = "kube-system"
}
}
eks-kube-dashboard.tf 0 → 100644
View file @ 0efbc2d2
resource "kubernetes_deployment" "kubernetes_dashboard_deployment" {
metadata {
name = "kubernetes-dashboard"
namespace = "kube-system"
}
spec {
replicas = 1
revision_history_limit = 10
selector {
match_labels {
name = "kubernetes-dashboard"
}
}
template {
metadata {
name = "kubernetes-dashboard"
labels {
name = "kubernetes-dashboard"
}
}
spec {
service_account_name = "kube-dash-svc-acc"
termination_grace_period_seconds = 60
volume {
name = "${kubernetes_service_account.kube_dash_service_account.default_secret_name}"
secret {
secret_name = "${kubernetes_service_account.kube_dash_service_account.default_secret_name}"
}
}
volume {
name = "kubernetes-dashboard-certs"
secret {
secret_name = "kubernetes-dashboard-certs"
}
}
volume {
name = "tmp-volume"
empty_dir = ""
}
container {
image = "k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1"
name = "kubernetes-dashboard-container"
args = ["--auto-generate-certificates"]
volume_mount {
mount_path = "/var/run/secrets/kubernetes.io/serviceaccount"
name = "${kubernetes_service_account.aws_alb_service_account.default_secret_name}"
read_only = true
}
volume_mount {
mount_path = "/certs"
name = "kubernetes-dashboard-certs"
read_only = true
}
volume_mount {
mount_path = "/tmp"
name = "tmp-volume"
read_only = true
}
liveness_probe {
http_get {
scheme = "HTTPS"
path = "/"
port = 8443
}
initial_delay_seconds = 30
timeout_seconds = 30
}
}
}
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment