diff --git a/cluster/kubernetes_dashboard/dashboard-adminuser.yaml b/cluster/kubernetes_dashboard/dashboard-adminuser.yaml new file mode 100644 index 0000000..5358337 --- /dev/null +++ b/cluster/kubernetes_dashboard/dashboard-adminuser.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: admin-user + namespace: kubernetes-dashboard + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: admin-user +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: admin-user + namespace: kubernetes-dashboard + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: admin-user + namespace: kubernetes-dashboard + annotations: + kubernetes.io/service-account.name: "admin-user" +type: kubernetes.io/service-account-token + +--- \ No newline at end of file diff --git a/cluster/kubernetes_dashboard/dashboard-ingress-route.yaml b/cluster/kubernetes_dashboard/dashboard-ingress-route.yaml index ccc4271..dc4c9b7 100644 --- a/cluster/kubernetes_dashboard/dashboard-ingress-route.yaml +++ b/cluster/kubernetes_dashboard/dashboard-ingress-route.yaml @@ -28,16 +28,16 @@ spec: name: selfsigned kind: ClusterIssuer ---- +# --- -apiVersion: traefik.io/v1alpha1 -kind: ServersTransport -metadata: - name: insecure-transport - namespace: kubernetes-dashboard -spec: - serverName: kubernetes-dashboard-kong-proxy - insecureSkipVerify: true +# apiVersion: traefik.io/v1alpha1 +# kind: ServersTransport +# metadata: +# name: insecure-transport +# namespace: kubernetes-dashboard +# spec: +# serverName: kubernetes-dashboard-kong-proxy +# insecureSkipVerify: true --- # Declaring the user list # apiVersion: traefik.io/v1alpha1 @@ -90,3 +90,38 @@ spec: # Use the secret generated by cert-manager tls: secretName: kboard.taefik.local + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: ServersTransport +metadata: + name: insecure-transport + namespace: default +spec: + insecureSkipVerify: true +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: "traefik" + cert-manager.io/cluster-issuer: "letsencrypt-prod" + traefik.ingress.kubernetes.io/service.serverstransport: "kube-system@insecure-transport" + name: dashboard + namespace: kubernetes-dashboard +spec: + rules: + - host: dashboard.example.com + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: kubernetes-dashboard + port: + number: 443 + tls: + - hosts: + - dashboard.example.com + secretName: dashboard-ingress-cert diff --git a/cluster/kubernetes_dashboard/ingress-route.yaml b/cluster/kubernetes_dashboard/ingress-route.yaml new file mode 100644 index 0000000..1d45ce8 --- /dev/null +++ b/cluster/kubernetes_dashboard/ingress-route.yaml @@ -0,0 +1,31 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: kubdashboard-ingressroute + namespace: kubernetes-dashboard +spec: + entryPoints: [web] + routes: + - kind: Rule + match: PathPrefix(`/kubernetes-dashboard`) + services: + - kind: Service + name: kubernetes-dashboard-kong-proxy + namespace: kubernetes-dashboard + port: kong-proxy + middlewares: + - name: stripkubdashboard + namespace: kubernetes-dashboard + +--- + +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: stripkubdashboard + namespace: kubernetes-dashboard +spec: + stripPrefix: + prefixes: + - "/kubernetes-dashboard" + forceSlash: true \ No newline at end of file diff --git a/cluster/kubernetes_dashboard/insecure-kubernetes-dashboard.yml b/cluster/kubernetes_dashboard/insecure-kubernetes-dashboard.yml new file mode 100644 index 0000000..edd4227 --- /dev/null +++ b/cluster/kubernetes_dashboard/insecure-kubernetes-dashboard.yml @@ -0,0 +1,313 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: kubernetes-dashboard + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +spec: + ports: + - name: https + port: 443 + targetPort: 8443 + - name: http + port: 80 + targetPort: 9090 + selector: + k8s-app: kubernetes-dashboard + +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-certs + namespace: kubernetes-dashboard +type: Opaque + +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-csrf + namespace: kubernetes-dashboard +type: Opaque +data: + csrf: "" + +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-key-holder + namespace: kubernetes-dashboard +type: Opaque + +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-settings + namespace: kubernetes-dashboard + +--- + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +rules: + # Allow Dashboard to get, update and delete Dashboard exclusive secrets. + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] + verbs: ["get", "update", "delete"] + # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["kubernetes-dashboard-settings"] + verbs: ["get", "update"] + # Allow Dashboard to get metrics. + - apiGroups: [""] + resources: ["services"] + resourceNames: ["heapster", "dashboard-metrics-scraper"] + verbs: ["proxy"] + - apiGroups: [""] + resources: ["services/proxy"] + resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] + verbs: ["get"] + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard +rules: + # Allow Metrics Scraper to get metrics from the Metrics server + - apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list", "watch"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubernetes-dashboard +subjects: + - kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubernetes-dashboard + namespace: kubernetes-dashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubernetes-dashboard +subjects: + - kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + k8s-app: kubernetes-dashboard + template: + metadata: + labels: + k8s-app: kubernetes-dashboard + spec: + containers: + - name: kubernetes-dashboard + image: kubernetesui/dashboard:v2.2.0 + imagePullPolicy: Always + ports: + - containerPort: 8443 + protocol: TCP + - containerPort: 9090 + protocol: TCP + args: + #- --auto-generate-certificates + - --namespace=kubernetes-dashboard + - --enable-skip-login + - --disable-settings-authorizer + - --enable-insecure-login + - --insecure-bind-address=0.0.0.0 + # Uncomment the following line to manually specify Kubernetes API server Host + # If not specified, Dashboard will attempt to auto discover the API server and connect + # to it. Uncomment only if the default does not work. + # - --apiserver-host=http://my-address:port + volumeMounts: + - name: kubernetes-dashboard-certs + mountPath: /certs + # Create on-disk volume to store exec logs + - mountPath: /tmp + name: tmp-volume + livenessProbe: + httpGet: + scheme: HTTP + path: / + port: 9090 + initialDelaySeconds: 30 + timeoutSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 + volumes: + - name: kubernetes-dashboard-certs + secret: + secretName: kubernetes-dashboard-certs + - name: tmp-volume + emptyDir: {} + serviceAccountName: kubernetes-dashboard + nodeSelector: + "kubernetes.io/os": linux + # Comment the following tolerations if Dashboard must not be deployed on master + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + +--- + +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: dashboard-metrics-scraper + name: dashboard-metrics-scraper + namespace: kubernetes-dashboard +spec: + ports: + - port: 8000 + targetPort: 8000 + selector: + k8s-app: dashboard-metrics-scraper + +--- + +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + k8s-app: dashboard-metrics-scraper + name: dashboard-metrics-scraper + namespace: kubernetes-dashboard +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + k8s-app: dashboard-metrics-scraper + template: + metadata: + labels: + k8s-app: dashboard-metrics-scraper + annotations: + seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' + spec: + containers: + - name: dashboard-metrics-scraper + image: kubernetesui/metrics-scraper:v1.0.6 + ports: + - containerPort: 8000 + protocol: TCP + livenessProbe: + httpGet: + scheme: HTTP + path: / + port: 8000 + initialDelaySeconds: 30 + timeoutSeconds: 30 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 + serviceAccountName: kubernetes-dashboard + nodeSelector: + "kubernetes.io/os": linux + # Comment the following tolerations if Dashboard must not be deployed on master + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + volumes: + - name: tmp-volume + emptyDir: {} \ No newline at end of file diff --git a/cluster/kubernetes_dashboard/readme.md b/cluster/kubernetes_dashboard/readme.md index 3af08c1..353cfb5 100644 --- a/cluster/kubernetes_dashboard/readme.md +++ b/cluster/kubernetes_dashboard/readme.md @@ -1,12 +1,21 @@ # kubenetes dashboard # https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/ - +# https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md # kubectl proxy ``` -kubectl -n kubernetes-dashboard apply -f dashboard-ingress-route.yaml +helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard -f values.yaml +kubectl -n kubernetes-dashboard apply -f ingress-route.yaml +# Create a service account for the dashboard +kubectl apply -f dashboard-adminuser.yaml +kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d +kubectl -n kubernetes-dashboard create token admin-user +# kubectl -n kubernetes-dashboard apply -f dashboard-ingress-route.yaml kubectl -n kubernetes-dashboard get ingressroutes - -k delete -f dashboard-ingress-route.yaml +k delete -f ingress-route.yaml +# k delete -f dashboard-ingress-route.yaml +kubectl -n kubernetes-dashboard delete serviceaccount admin-user +kubectl -n kubernetes-dashboard delete clusterrolebinding admin-user +helm delete kubernetes-dashboard --namespace kubernetes-dashboard ``` diff --git a/cluster/kubernetes_dashboard/values.yaml b/cluster/kubernetes_dashboard/values.yaml new file mode 100644 index 0000000..7be7119 --- /dev/null +++ b/cluster/kubernetes_dashboard/values.yaml @@ -0,0 +1,420 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# General configuration shared across resources +app: + # Mode determines if chart should deploy a full Dashboard with all containers or just the API. + # - dashboard - deploys all the containers + # - api - deploys just the API + mode: 'dashboard' + image: + pullPolicy: IfNotPresent + pullSecrets: [] + scheduling: + # Node labels for pod assignment + # Ref: https://kubernetes.io/docs/user-guide/node-selection/ + nodeSelector: {} + security: + # Allow overriding csrfKey used by API/Auth containers. + # It has to be base64 encoded random 256 bytes string. + # If empty, it will be autogenerated. + csrfKey: ~ + # SecurityContext to be added to pods + # To disable set the following configuration to null: + # securityContext: null + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + # ContainerSecurityContext to be added to containers + # To disable set the following configuration to null: + # containerSecurityContext: null + containerSecurityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 + capabilities: + drop: ["ALL"] + # Pod Disruption Budget configuration + # Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + podDisruptionBudget: + enabled: false + minAvailable: 0 + maxUnavailable: 0 + networkPolicy: + enabled: false + ingressDenyAll: false + # Raw network policy spec that overrides predefined spec + # Example: + # spec: + # egress: + # - ports: + # - port: 123 + spec: {} + + # Common labels & annotations shared across all deployed resources + labels: {} + annotations: {} + # Common priority class used for all deployed resources + priorityClassName: null + settings: + ## Global dashboard settings + global: + # # Cluster name that appears in the browser window title if it is set + # clusterName: "" + # # Max number of items that can be displayed on each list page + # itemsPerPage: 10 + # # Number of seconds between every auto-refresh of logs + # logsAutoRefreshTimeInterval: 5 + # # Number of seconds between every auto-refresh of every resource. Set 0 to disable + # resourceAutoRefreshTimeInterval: 5 + # # Hide all access denied warnings in the notification panel + # disableAccessDeniedNotifications: false + ## Pinned resources that will be displayed in dashboard's menu + pinnedResources: [] + # - kind: customresourcedefinition + # # Fully qualified name of a CRD + # name: prometheus.monitoring.coreos.com + # # Display name + # displayName: Prometheus + # # Is this CRD namespaced? + # namespaced: true + ingress: + enabled: false + hosts: + # Keep 'localhost' host only if you want to access Dashboard using 'kubectl port-forward ...' on: + # https://localhost:8443 + - localhost + # - kubernetes.dashboard.domain.com + ingressClassName: internal-nginx + # Use only if your ingress controllers support default ingress classes. + # If set to true ingressClassName will be ignored and not added to the Ingress resources. + # It should fall back to using IngressClass marked as the default. + useDefaultIngressClass: false + # This will append our Ingress with annotations required by our default configuration. + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # nginx.ingress.kubernetes.io/ssl-redirect: "true" + useDefaultAnnotations: true + pathType: ImplementationSpecific + # If path is not the default (/), rewrite-target annotation will be added to the Ingress. + # It allows serving Kubernetes Dashboard on a sub-path. Make sure that the configured path + # does not conflict with gateway route configuration. + path: / + issuer: + name: selfsigned + # Scope determines what kind of issuer annotation will be used on ingress resource + # - default - adds 'cert-manager.io/issuer' + # - cluster - adds 'cert-manager.io/cluster-issuer' + # - disabled - disables cert-manager annotations + scope: default + tls: + enabled: true + # If provided it will override autogenerated secret name + secretName: "" + labels: {} + annotations: {} + # Use the following toleration if Dashboard can be deployed on a tainted control-plane nodes + # - key: node-role.kubernetes.io/control-plane + # effect: NoSchedule + tolerations: [] + affinity: {} + +auth: + role: auth + image: + repository: docker.io/kubernetesui/dashboard-auth + tag: 1.1.3 + scaling: + replicas: 1 + revisionHistoryLimit: 10 + containers: + ports: + - name: auth + containerPort: 8000 + protocol: TCP + args: [] + env: [] + volumeMounts: + - mountPath: /tmp + name: tmp-volume + # TODO: Validate configuration + resources: + requests: + cpu: 100m + memory: 200Mi + limits: + cpu: 250m + memory: 400Mi + automountServiceAccountToken: true + volumes: + # Create on-disk volume to store exec logs (required) + - name: tmp-volume + emptyDir: {} + nodeSelector: {} + # Labels & annotations shared between API related resources + labels: {} + annotations: {} + +# API deployment configuration +api: + role: api + image: + repository: docker.io/kubernetesui/dashboard-api + tag: 1.8.1 + scaling: + replicas: 1 + revisionHistoryLimit: 10 + containers: + ports: + - name: api + containerPort: 8000 + protocol: TCP + # Additional container arguments + # Full list of arguments: https://github.com/kubernetes/dashboard/blob/master/docs/common/arguments.md + # args: + # - --system-banner="Welcome to the Kubernetes Dashboard" + args: [] + # Additional container environment variables + # env: + # - name: SOME_VAR + # value: 'some value' + env: [] + # Additional volume mounts + # - mountPath: /kubeconfig + # name: dashboard-kubeconfig + # readOnly: true + volumeMounts: + # Create volume mount to store exec logs (required) + - mountPath: /tmp + name: tmp-volume + # TODO: Validate configuration + resources: + requests: + cpu: 100m + memory: 200Mi + limits: + cpu: 250m + memory: 400Mi + automountServiceAccountToken: true + # Additional volumes + # - name: dashboard-kubeconfig + # secret: + # defaultMode: 420 + # secretName: dashboard-kubeconfig + volumes: + # Create on-disk volume to store exec logs (required) + - name: tmp-volume + emptyDir: {} + nodeSelector: {} + # Labels & annotations shared between API related resources + labels: {} + annotations: {} + +# WEB UI deployment configuration +web: + role: web + image: + repository: docker.io/kubernetesui/dashboard-web + tag: 1.4.0 + scaling: + replicas: 1 + revisionHistoryLimit: 10 + containers: + ports: + - name: web + containerPort: 8000 + protocol: TCP + # Additional container arguments + # Full list of arguments: https://github.com/kubernetes/dashboard/blob/master/docs/common/arguments.md + # args: + # - --system-banner="Welcome to the Kubernetes Dashboard" + args: [] + # Additional container environment variables + # env: + # - name: SOME_VAR + # value: 'some value' + env: [] + # Additional volume mounts + # - mountPath: /kubeconfig + # name: dashboard-kubeconfig + # readOnly: true + volumeMounts: + # Create volume mount to store logs (required) + - mountPath: /tmp + name: tmp-volume + # TODO: Validate configuration + resources: + requests: + cpu: 100m + memory: 200Mi + limits: + cpu: 250m + memory: 400Mi + automountServiceAccountToken: true + # Additional volumes + # - name: dashboard-kubeconfig + # secret: + # defaultMode: 420 + # secretName: dashboard-kubeconfig + volumes: + # Create on-disk volume to store exec logs (required) + - name: tmp-volume + emptyDir: {} + nodeSelector: {} + # Labels & annotations shared between WEB UI related resources + labels: {} + annotations: {} + +### Metrics Scraper +### Container to scrape, store, and retrieve a window of time from the Metrics Server. +### refs: https://github.com/kubernetes/dashboard/tree/master/modules/metrics-scraper +metricsScraper: + enabled: true + role: metrics-scraper + image: + repository: docker.io/kubernetesui/dashboard-metrics-scraper + tag: 1.1.1 + scaling: + replicas: 1 + revisionHistoryLimit: 10 + containers: + ports: + - containerPort: 8000 + protocol: TCP + args: [] + # Additional container environment variables + # env: + # - name: SOME_VAR + # value: 'some value' + env: [] + # Additional volume mounts + # - mountPath: /kubeconfig + # name: dashboard-kubeconfig + # readOnly: true + volumeMounts: + # Create volume mount to store logs (required) + - mountPath: /tmp + name: tmp-volume + # TODO: Validate configuration + resources: + requests: + cpu: 100m + memory: 200Mi + limits: + cpu: 250m + memory: 400Mi + livenessProbe: + httpGet: + scheme: HTTP + path: / + port: 8000 + initialDelaySeconds: 30 + timeoutSeconds: 30 + automountServiceAccountToken: true + # Additional volumes + # - name: dashboard-kubeconfig + # secret: + # defaultMode: 420 + # secretName: dashboard-kubeconfig + volumes: + - name: tmp-volume + emptyDir: {} + nodeSelector: {} + # Labels & annotations shared between WEB UI related resources + labels: {} + annotations: {} + +## Optional Metrics Server sub-chart configuration +## Enable this if you don't already have metrics-server enabled on your cluster and +## want to use it with dashboard metrics-scraper +## refs: +## - https://github.com/kubernetes-sigs/metrics-server +## - https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server +metrics-server: + enabled: false + args: + - --kubelet-preferred-address-types=InternalIP + - --kubelet-insecure-tls + +## Required Kong sub-chart with DBless configuration to act as a gateway +## for our all containers. +kong: + enabled: true + ## Configuration reference: https://docs.konghq.com/gateway/3.6.x/reference/configuration + env: + dns_order: LAST,A,CNAME,AAAA,SRV + plugins: 'off' + nginx_worker_processes: 1 + ingressController: + enabled: false + dblessConfig: + configMap: kong-dbless-config + proxy: + type: ClusterIP + http: + enabled: true + +## Optional Cert Manager sub-chart configuration +## Enable this if you don't already have cert-manager enabled on your cluster. +cert-manager: + enabled: false + installCRDs: true + +## Optional Nginx Ingress sub-chart configuration +## Enable this if you don't already have nginx-ingress enabled on your cluster. +nginx: + enabled: false + controller: + electionID: ingress-controller-leader + ingressClassResource: + name: internal-nginx + default: false + controllerValue: k8s.io/internal-ingress-nginx + service: + type: ClusterIP + +## Extra configurations: +## - manifests +## - predefined roles +## - prometheus +## - etc... +extras: + # Extra Kubernetes manifests to be deployed + # manifests: + # - apiVersion: v1 + # kind: ConfigMap + # metadata: + # name: additional-configmap + # data: + # mykey: myvalue + manifests: [] + serviceMonitor: + # Whether to create a Prometheus Operator service monitor. + enabled: false + # Here labels can be added to the serviceMonitor + labels: {} + # Here annotations can be added to the serviceMonitor + annotations: {} + # metrics.serviceMonitor.metricRelabelings Specify Metric Relabelings to add to the scrape endpoint + # ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + metricRelabelings: [] + # metrics.serviceMonitor.relabelings [array] Prometheus relabeling rules + relabelings: [] + # ServiceMonitor connection scheme. Defaults to HTTPS. + scheme: https + # ServiceMonitor connection tlsConfig. Defaults to {insecureSkipVerify:true}. + tlsConfig: + insecureSkipVerify: true \ No newline at end of file