162 lines
5.0 KiB
Nix
162 lines
5.0 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.services.kubernetes.addons.dashboard;
|
|
|
|
name = "gcr.io/google_containers/kubernetes-dashboard-amd64";
|
|
version = "v1.8.2";
|
|
|
|
image = pkgs.dockerTools.pullImage {
|
|
imageName = name;
|
|
finalImageTag = version;
|
|
sha256 = "11h0fz3wxp0f10fsyqaxjm7l2qg7xws50dv5iwlck5gb1fjmajad";
|
|
imageDigest = "sha256:e7984d10351601080bbc146635d51f0cfbea31ca6f0df323cf7a58cf2f6a68df";
|
|
};
|
|
in {
|
|
options.services.kubernetes.addons.dashboard = {
|
|
enable = mkEnableOption "kubernetes dashboard addon";
|
|
|
|
enableRBAC = mkOption {
|
|
description = "Whether to enable role based access control is enabled for kubernetes dashboard";
|
|
type = types.bool;
|
|
default = elem "RBAC" config.services.kubernetes.apiserver.authorizationMode;
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services.kubernetes.kubelet.seedDockerImages = [image];
|
|
|
|
services.kubernetes.addonManager.addons = {
|
|
kubernetes-dashboard-deployment = {
|
|
kind = "Deployment";
|
|
apiVersion = "apps/v1beta1";
|
|
metadata = {
|
|
labels = {
|
|
k8s-addon = "kubernetes-dashboard.addons.k8s.io";
|
|
k8s-app = "kubernetes-dashboard";
|
|
version = version;
|
|
"kubernetes.io/cluster-service" = "true";
|
|
"addonmanager.kubernetes.io/mode" = "Reconcile";
|
|
};
|
|
name = "kubernetes-dashboard";
|
|
namespace = "kube-system";
|
|
};
|
|
spec = {
|
|
replicas = 1;
|
|
revisionHistoryLimit = 10;
|
|
selector.matchLabels."k8s-app" = "kubernetes-dashboard";
|
|
template = {
|
|
metadata = {
|
|
labels = {
|
|
k8s-addon = "kubernetes-dashboard.addons.k8s.io";
|
|
k8s-app = "kubernetes-dashboard";
|
|
version = version;
|
|
"kubernetes.io/cluster-service" = "true";
|
|
};
|
|
annotations = {
|
|
"scheduler.alpha.kubernetes.io/critical-pod" = "";
|
|
#"scheduler.alpha.kubernetes.io/tolerations" = ''[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'';
|
|
};
|
|
};
|
|
spec = {
|
|
containers = [{
|
|
name = "kubernetes-dashboard";
|
|
image = "${name}:${version}";
|
|
ports = [{
|
|
containerPort = 9090;
|
|
protocol = "TCP";
|
|
}];
|
|
resources = {
|
|
limits = {
|
|
cpu = "100m";
|
|
memory = "50Mi";
|
|
};
|
|
requests = {
|
|
cpu = "100m";
|
|
memory = "50Mi";
|
|
};
|
|
};
|
|
livenessProbe = {
|
|
httpGet = {
|
|
path = "/";
|
|
port = 9090;
|
|
};
|
|
initialDelaySeconds = 30;
|
|
timeoutSeconds = 30;
|
|
};
|
|
}];
|
|
serviceAccountName = "kubernetes-dashboard";
|
|
tolerations = [{
|
|
key = "node-role.kubernetes.io/master";
|
|
effect = "NoSchedule";
|
|
}];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
kubernetes-dashboard-svc = {
|
|
apiVersion = "v1";
|
|
kind = "Service";
|
|
metadata = {
|
|
labels = {
|
|
k8s-addon = "kubernetes-dashboard.addons.k8s.io";
|
|
k8s-app = "kubernetes-dashboard";
|
|
"kubernetes.io/cluster-service" = "true";
|
|
"kubernetes.io/name" = "KubeDashboard";
|
|
"addonmanager.kubernetes.io/mode" = "Reconcile";
|
|
};
|
|
name = "kubernetes-dashboard";
|
|
namespace = "kube-system";
|
|
};
|
|
spec = {
|
|
ports = [{
|
|
port = 80;
|
|
targetPort = 9090;
|
|
}];
|
|
selector.k8s-app = "kubernetes-dashboard";
|
|
};
|
|
};
|
|
|
|
kubernetes-dashboard-sa = {
|
|
apiVersion = "v1";
|
|
kind = "ServiceAccount";
|
|
metadata = {
|
|
labels = {
|
|
k8s-app = "kubernetes-dashboard";
|
|
k8s-addon = "kubernetes-dashboard.addons.k8s.io";
|
|
"addonmanager.kubernetes.io/mode" = "Reconcile";
|
|
};
|
|
name = "kubernetes-dashboard";
|
|
namespace = "kube-system";
|
|
};
|
|
};
|
|
} // (optionalAttrs cfg.enableRBAC {
|
|
kubernetes-dashboard-crb = {
|
|
apiVersion = "rbac.authorization.k8s.io/v1beta1";
|
|
kind = "ClusterRoleBinding";
|
|
metadata = {
|
|
name = "kubernetes-dashboard";
|
|
labels = {
|
|
k8s-app = "kubernetes-dashboard";
|
|
k8s-addon = "kubernetes-dashboard.addons.k8s.io";
|
|
"addonmanager.kubernetes.io/mode" = "Reconcile";
|
|
};
|
|
};
|
|
roleRef = {
|
|
apiGroup = "rbac.authorization.k8s.io";
|
|
kind = "ClusterRole";
|
|
name = "cluster-admin";
|
|
};
|
|
subjects = [{
|
|
kind = "ServiceAccount";
|
|
name = "kubernetes-dashboard";
|
|
namespace = "kube-system";
|
|
}];
|
|
};
|
|
});
|
|
};
|
|
}
|