diff --git a/certificate.yaml b/certificate.yaml new file mode 100644 index 0000000..cfb3585 --- /dev/null +++ b/certificate.yaml @@ -0,0 +1,13 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: kubernetes-dashboard + namespace: kubernetes-dashboard +spec: + secretName: certificate-test-dashboard + dnsNames: + - test-cluser-dashboard.localhost + issuerRef: + name: clusterissuer-le + kind: ClusterIssuer + diff --git a/dashboard.admin-user-role.yaml b/dashboard.admin-user-role.yaml new file mode 100644 index 0000000..d2f7e37 --- /dev/null +++ b/dashboard.admin-user-role.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: admin-user +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: admin-user + namespace: kubernetes-dashboard diff --git a/dashboard.admin-user.yaml b/dashboard.admin-user.yaml new file mode 100644 index 0000000..8372765 --- /dev/null +++ b/dashboard.admin-user.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: admin-user + namespace: kubernetes-dashboard diff --git a/ingress.yaml b/ingress.yaml new file mode 100644 index 0000000..432f604 --- /dev/null +++ b/ingress.yaml @@ -0,0 +1,28 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kubernetes-dashboard + namespace: kubernetes-dashboard + labels: + k3s-app: kubernetes-dashboard + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "https" + nginx.ingress.kubernetes.io/rewrite-target: / + cert-manager.io/issuer: clusterissuer-le +spec: + ingressClassName: nginx + tls: + - hosts: + - test-cluster-dashboard.localhost + secretName: certificate-test-dashboard + rules: + - host: test-cluster-dashboard.localhost + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: kubernetes-dashboard + port: + number: 443 diff --git a/letsencrypt.yaml b/letsencrypt.yaml new file mode 100644 index 0000000..69f02e5 --- /dev/null +++ b/letsencrypt.yaml @@ -0,0 +1,15 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: cluserissuer-le + namespace: kubernetes-dashboard +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: tanguy.herbron@outlook.com + privateKeySecretRef: + name: letsencrypt-test + solvers: + - http01: + ingress: + class: traefik