joejulian/kubernetes-dashboard.yaml

## kubernetes-dashboard.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
      - name: kubernetes-dashboard
        image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.6.3
        ports:
          - name: insecureport
            containerPort: 9090
            protocol: TCP
        args:
          # Uncomment the following line to manually specify Kubernetes API server Host
          # If not specified, Dashboard will attempt to auto discover the API server and connect
          # to it. Uncomment only if the default does not work.
          # - --apiserver-host=http://my-address:port
        livenessProbe:
          httpGet:
            path: /
            port: insecureport
          initialDelaySeconds: 30
          timeoutSeconds: 30
      - name: kubernetes-dashboard-oauth-proxy
        # image: quay.io/coreos/oauth2_proxy:latest
        image: quay.io/joejulian/oauth2_proxy:0864e444608f5de665b8502e3be6432b62be80cf
        imagePullPolicy: Always
        args:
          - -cookie-domain=.julianfamily.org
          - -upstream=http://localhost:9090/
          - -provider=gitlab
          - -cookie-name=kube_oauth2_proxy
          - -cookie-secret=LwOhpxJAwb14BuXWe9szWQ==
          - -cookie-secure=true
          - -cookie-expire=168h0m
          - -cookie-refresh=60m
          - -email-domain=julianfamily.org
          - -email-domain=joejulian.name
          - -request-logging=true
          - -http-address=0.0.0.0:4180
        env:
          - name: OAUTH2_PROXY_CLIENT_ID
            value: b0e67a621590903469e1ab7f391d68e0599508ce24d309eb7c19b52b40935629
          - name: OAUTH2_PROXY_CLIENT_SECRET
            value: 6609e9edafcf3394d8be25e84e7b1cdbbc98a4b56222d337aaae7c712cc4ff6a
        ports:
          - containerPort: 4180
            protocol: TCP
      serviceAccountName: kubernetes-dashboard
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
---
apiVersion: v1
kind: Service
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  labels:
    k8s-addon: kubernetes-dashboard.addons.k8s.io
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
spec:
  selector:
    k8s-app: kubernetes-dashboard
  ports:
  - port: 4180
    targetPort: 4180
  type: LoadBalacer
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	labels:
	k8s-app: kubernetes-dashboard
	name: kubernetes-dashboard
	namespace: kube-system
	---
	apiVersion: rbac.authorization.k8s.io/v1beta1
	kind: ClusterRoleBinding
	metadata:
	name: kubernetes-dashboard
	labels:
	k8s-app: kubernetes-dashboard
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: cluster-admin
	subjects:
	- kind: ServiceAccount
	name: kubernetes-dashboard
	namespace: kube-system
	---
	kind: Deployment
	apiVersion: extensions/v1beta1
	metadata:
	labels:
	k8s-app: kubernetes-dashboard
	name: kubernetes-dashboard
	namespace: kube-system
	spec:
	replicas: 1
	revisionHistoryLimit: 10
	selector:
	matchLabels:
	k8s-app: kubernetes-dashboard
	template:
	metadata:
	labels:
	k8s-app: kubernetes-dashboard
	spec:
	containers:
	- name: kubernetes-dashboard
	image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.6.3
	ports:
	- name: insecureport
	containerPort: 9090
	protocol: TCP
	args:
	# Uncomment the following line to manually specify Kubernetes API server Host
	# If not specified, Dashboard will attempt to auto discover the API server and connect
	# to it. Uncomment only if the default does not work.
	# - --apiserver-host=http://my-address:port
	livenessProbe:
	httpGet:
	path: /
	port: insecureport
	initialDelaySeconds: 30
	timeoutSeconds: 30
	- name: kubernetes-dashboard-oauth-proxy
	# image: quay.io/coreos/oauth2_proxy:latest
	image: quay.io/joejulian/oauth2_proxy:0864e444608f5de665b8502e3be6432b62be80cf
	imagePullPolicy: Always
	args:
	- -cookie-domain=.julianfamily.org
	- -upstream=http://localhost:9090/
	- -provider=gitlab
	- -cookie-name=kube_oauth2_proxy
	- -cookie-secret=LwOhpxJAwb14BuXWe9szWQ==
	- -cookie-secure=true
	- -cookie-expire=168h0m
	- -cookie-refresh=60m
	- -email-domain=julianfamily.org
	- -email-domain=joejulian.name
	- -request-logging=true
	- -http-address=0.0.0.0:4180
	env:
	- name: OAUTH2_PROXY_CLIENT_ID
	value: b0e67a621590903469e1ab7f391d68e0599508ce24d309eb7c19b52b40935629
	- name: OAUTH2_PROXY_CLIENT_SECRET
	value: 6609e9edafcf3394d8be25e84e7b1cdbbc98a4b56222d337aaae7c712cc4ff6a
	ports:
	- containerPort: 4180
	protocol: TCP
	serviceAccountName: kubernetes-dashboard
	# Comment the following tolerations if Dashboard must not be deployed on master
	tolerations:
	- key: node-role.kubernetes.io/master
	effect: NoSchedule
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: kubernetes-dashboard
	namespace: kube-system
	labels:
	k8s-addon: kubernetes-dashboard.addons.k8s.io
	k8s-app: kubernetes-dashboard
	kubernetes.io/cluster-service: "true"
	spec:
	selector:
	k8s-app: kubernetes-dashboard
	ports:
	- port: 4180
	targetPort: 4180
	type: LoadBalacer