From 54983012711f8f5a133a61061fa6aa4417c14670 Mon Sep 17 00:00:00 2001 From: Paul Payne Date: Mon, 5 May 2025 09:45:08 -0700 Subject: [PATCH] Refactor Kubernetes Dashboard setup script to streamline admin service account creation and remove unnecessary cleanup steps --- infrastructure_setup/setup-dashboard.sh | 68 ++++--------------------- 1 file changed, 10 insertions(+), 58 deletions(-) diff --git a/infrastructure_setup/setup-dashboard.sh b/infrastructure_setup/setup-dashboard.sh index caf8511..581fcf0 100755 --- a/infrastructure_setup/setup-dashboard.sh +++ b/infrastructure_setup/setup-dashboard.sh @@ -13,79 +13,31 @@ fi echo "Setting up Kubernetes Dashboard..." +NAMESPACE="kubernetes-dashboard" + # Apply the official dashboard installation echo "Installing Kubernetes Dashboard core components..." kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml +# Copying cert-manager secrets to the dashboard namespace +copy-secret cert-manager:wildcard-internal-sovereign-cloud-tls $NAMESPACE +copy-secret cert-manager:wildcard-sovereign-cloud-tls $NAMESPACE + # Create admin service account and token -cat << EOF | kubectl apply -f - ---- -# Service Account and RBAC -apiVersion: v1 -kind: ServiceAccount -metadata: - name: dashboard-admin - namespace: kubernetes-dashboard - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: dashboard-admin -subjects: - - kind: ServiceAccount - name: dashboard-admin - namespace: kubernetes-dashboard -roleRef: - kind: ClusterRole - name: cluster-admin - apiGroup: rbac.authorization.k8s.io - ---- -# Token for dashboard-admin -apiVersion: v1 -kind: Secret -metadata: - name: dashboard-admin-token - namespace: kubernetes-dashboard - annotations: - kubernetes.io/service-account.name: dashboard-admin -type: kubernetes.io/service-account-token -EOF - -# Clean up any existing IngressRoute resources that might conflict -echo "Cleaning up any existing dashboard resources to prevent conflicts..." -# Clean up all IngressRoutes related to dashboard in both namespaces -kubectl delete ingressroute -n kubernetes-dashboard --all --ignore-not-found -kubectl delete ingressroute -n kube-system kubernetes-dashboard --ignore-not-found -kubectl delete ingressroute -n kube-system kubernetes-dashboard-alt --ignore-not-found -kubectl delete ingressroute -n kube-system kubernetes-dashboard-http --ignore-not-found -kubectl delete ingressroute -n kube-system kubernetes-dashboard-alt-http --ignore-not-found - -# Clean up middleware in both namespaces -kubectl delete middleware -n kubernetes-dashboard --all --ignore-not-found -kubectl delete middleware -n kube-system dashboard-internal-only --ignore-not-found -kubectl delete middleware -n kube-system dashboard-redirect-scheme --ignore-not-found - -# Clean up ServersTransport in both namespaces -kubectl delete serverstransport -n kubernetes-dashboard dashboard-transport --ignore-not-found -kubectl delete serverstransport -n kube-system dashboard-transport --ignore-not-found +echo "Creating dashboard admin service account and token..." +cat "${SCRIPT_DIR}/kubernetes-dashboard/dashboard-admin-rbac.yaml" | kubectl apply -f - # Apply the dashboard configuration -echo "Applying dashboard configuration in kube-system namespace..." -# Use just the kube-system version since it works better with Traefik +echo "Applying dashboard configuration..." cat "${SCRIPT_DIR}/kubernetes-dashboard/dashboard-kube-system.yaml" | envsubst | kubectl apply -f - -# No need to manually update the CoreDNS ConfigMap anymore -# The setup-coredns.sh script now handles variable substitution correctly - # Restart CoreDNS to pick up the changes kubectl delete pods -n kube-system -l k8s-app=kube-dns echo "Restarted CoreDNS to pick up DNS changes" # Wait for dashboard to be ready echo "Waiting for Kubernetes Dashboard to be ready..." -kubectl rollout status deployment/kubernetes-dashboard -n kubernetes-dashboard --timeout=60s +kubectl rollout status deployment/kubernetes-dashboard -n $NAMESPACE --timeout=60s echo "Kubernetes Dashboard setup complete!" echo "Access the dashboard at: https://dashboard.internal.${DOMAIN}"