diff --git a/cluster/addons/dashboard/OWNERS b/cluster/addons/dashboard/OWNERS new file mode 100644 index 00000000000..222788b954c --- /dev/null +++ b/cluster/addons/dashboard/OWNERS @@ -0,0 +1,6 @@ +approvers: +- floreks +- maciaszczykm +reviewers: +- floreks +- maciaszczykm diff --git a/cluster/addons/dashboard/dashboard-controller.yaml b/cluster/addons/dashboard/dashboard-controller.yaml index c8869917c97..a5744cd319f 100644 --- a/cluster/addons/dashboard/dashboard-controller.yaml +++ b/cluster/addons/dashboard/dashboard-controller.yaml @@ -7,7 +7,7 @@ metadata: name: kubernetes-dashboard namespace: kube-system --- -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: kubernetes-dashboard @@ -30,7 +30,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: kubernetes-dashboard - image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.0 + image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3 resources: limits: cpu: 100m @@ -57,7 +57,8 @@ spec: timeoutSeconds: 30 volumes: - name: kubernetes-dashboard-certs - emptyDir: {} + secret: + secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard diff --git a/cluster/addons/dashboard/dashboard-rbac.yaml b/cluster/addons/dashboard/dashboard-rbac.yaml index 658ffd94861..3c222b21db1 100644 --- a/cluster/addons/dashboard/dashboard-rbac.yaml +++ b/cluster/addons/dashboard/dashboard-rbac.yaml @@ -7,10 +7,6 @@ metadata: name: kubernetes-dashboard-minimal namespace: kube-system rules: - # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret. -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] resources: ["secrets"] @@ -26,6 +22,10 @@ rules: resources: ["services"] resourceNames: ["heapster"] verbs: ["proxy"] +- apiGroups: [""] + resources: ["services/proxy"] + resourceNames: ["heapster", "http:heapster:", "https:heapster:"] + verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/cluster/addons/dashboard/dashboard-secret.yaml b/cluster/addons/dashboard/dashboard-secret.yaml index f26235bec3b..a79b6a7ce34 100644 --- a/cluster/addons/dashboard/dashboard-secret.yaml +++ b/cluster/addons/dashboard/dashboard-secret.yaml @@ -8,3 +8,14 @@ metadata: name: kubernetes-dashboard-certs namespace: kube-system type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + # Allows editing resource and makes sure it is created first. + addonmanager.kubernetes.io/mode: EnsureExists + name: kubernetes-dashboard-key-holder + namespace: kube-system +type: Opaque