Intentando cambiar a ceph, aun falla~

2025-06-13 09:17:54 -04:00
parent c2e732730a
commit 85ffc06ac2
30 changed files with 17571 additions and 35 deletions
--- a/manifest/03-dashboard/admin-user.yml
+++ b/manifest/03-dashboard/admin-user.yml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+  namespace: kubernetes-dashboard
--- a/manifest/03-dashboard/dashboard.yml
+++ b/manifest/03-dashboard/dashboard.yml
@@ -0,0 +1,10 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: kubernetes-dashboard
+  namespace: kube-system
+spec:
+  repo: https://kubernetes.github.io/dashboard/
+  chart: kubernetes-dashboard
+  targetNamespace: kubernetes-dashboard
+  createNamespace: true
--- a/manifest/03-dashboard/get-secret.sh
+++ b/manifest/03-dashboard/get-secret.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath="{.data.token}" | base64 -d
--- a/manifest/03-dashboard/ingress.yml
+++ b/manifest/03-dashboard/ingress.yml
@@ -0,0 +1,63 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  namespace: kubernetes-dashboard
+  name: allow-local-only
+spec:
+  ipAllowList:
+    sourceRange:
+      - 127.0.0.1/32
+      - 192.168.0.0/16
+      - 10.0.0.0/8
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: redirect-https
+  namespace: kubernetes-dashboard
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true
+---
+apiVersion: traefik.io/v1alpha1
+kind: ServersTransport
+metadata:
+  name: insecure-transport
+  namespace: kubernetes-dashboard
+spec:
+  insecureSkipVerify: true
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: dashboard-certificate
+  namespace: kubernetes-dashboard
+spec:
+  secretName: k8s-skrd-fun-tls
+  dnsNames:
+    - "k8s.skrd.fun"
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: dashboard-ingress
+  namespace: kubernetes-dashboard
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: "Host(`k8s.skrd.fun`)"
+      kind: Rule
+      middlewares:
+        - name: allow-local-only
+        - name: redirect-https
+      services:
+        - name: kubernetes-dashboard-kong-proxy
+          port: 443
+          serversTransport: insecure-transport
+  tls:
+    secretName: k8s-skrd-fun-tls
--- a/manifest/03-dashboard/role-binding.yml
+++ b/manifest/03-dashboard/role-binding.yml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: admin-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: admin-user
+  namespace: kubernetes-dashboard
--- a/manifest/03-dashboard/secret.yml
+++ b/manifest/03-dashboard/secret.yml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: admin-user
+  namespace: kubernetes-dashboard
+  annotations:
+    kubernetes.io/service-account.name: "admin-user"
+type: kubernetes.io/service-account-token