Settle on v1 setup method. Test run completed successfully from bootstrap to service setup.

- Refactor dnsmasq configuration and scripts for improved variable handling and clarity
- Updated dnsmasq configuration files to use direct variable references instead of data source functions for better readability.
- Modified setup scripts to ensure they are run from the correct environment and directory, checking for the WC_HOME variable.
- Changed paths in README and scripts to reflect the new directory structure.
- Enhanced error handling in setup scripts to provide clearer guidance on required configurations.
- Adjusted kernel and initramfs URLs in boot.ipxe to use the updated variable references.

setup/cluster/kubernetes-dashboard/install.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+set -e
+
+if [ -z "${WC_HOME}" ]; then
+    echo "Please source the wildcloud environment first. (e.g., \`source ./env.sh\`)"
+    exit 1
+fi
+
+CLUSTER_SETUP_DIR="${WC_HOME}/setup/cluster"
+KUBERNETES_DASHBOARD_DIR="${CLUSTER_SETUP_DIR}/kubernetes-dashboard"
+
+echo "Setting up Kubernetes Dashboard..."
+
+# Process templates with wild-compile-template-dir
+echo "Processing Dashboard templates..."
+wild-compile-template-dir --clean ${KUBERNETES_DASHBOARD_DIR}/kustomize.template ${KUBERNETES_DASHBOARD_DIR}/kustomize
+
+NAMESPACE="kubernetes-dashboard"
+
+# Apply the official dashboard installation 
+echo "Installing Kubernetes Dashboard core components..."
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
+
+# Wait for cert-manager certificates to be ready
+echo "Waiting for cert-manager certificates to be ready..."
+kubectl wait --for=condition=Ready certificate wildcard-internal-wild-cloud -n cert-manager --timeout=300s || echo "Warning: Internal wildcard certificate not ready yet"
+kubectl wait --for=condition=Ready certificate wildcard-wild-cloud -n cert-manager --timeout=300s || echo "Warning: Wildcard certificate not ready yet"
+
+# Copying cert-manager secrets to the dashboard namespace (if available)
+echo "Copying cert-manager secrets to dashboard namespace..."
+if kubectl get secret wildcard-internal-wild-cloud-tls -n cert-manager >/dev/null 2>&1; then
+    copy-secret cert-manager:wildcard-internal-wild-cloud-tls $NAMESPACE
+else
+    echo "Warning: wildcard-internal-wild-cloud-tls secret not yet available"
+fi
+
+if kubectl get secret wildcard-wild-cloud-tls -n cert-manager >/dev/null 2>&1; then
+    copy-secret cert-manager:wildcard-wild-cloud-tls $NAMESPACE
+else
+    echo "Warning: wildcard-wild-cloud-tls secret not yet available"
+fi
+
+# Apply dashboard customizations using kustomize
+echo "Applying dashboard customizations..."
+kubectl apply -k "${KUBERNETES_DASHBOARD_DIR}/kustomize"
+
+# Restart CoreDNS to pick up the changes
+kubectl delete pods -n kube-system -l k8s-app=kube-dns
+echo "Restarted CoreDNS to pick up DNS changes"
+
+# Wait for dashboard to be ready
+echo "Waiting for Kubernetes Dashboard to be ready..."
+kubectl rollout status deployment/kubernetes-dashboard -n $NAMESPACE --timeout=60s
+
+echo "Kubernetes Dashboard setup complete!"
+INTERNAL_DOMAIN=$(wild-config cloud.internalDomain) || exit 1
+echo "Access the dashboard at: https://dashboard.${INTERNAL_DOMAIN}"
+echo ""
+echo "To get the authentication token, run:"
+echo "wild-dashboard-token"

setup/cluster/kubernetes-dashboard/kustomize.template/dashboard-kube-system.yaml

@@ -1,6 +1,6 @@
 ---
 # Internal-only middleware
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: internal-only
@@ -16,7 +16,7 @@ spec:
 
 ---
 # HTTPS redirect middleware
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: dashboard-redirect-scheme
@@ -28,7 +28,7 @@ spec:
 
 ---
 # IngressRoute for Dashboard
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: kubernetes-dashboard-https
@@ -37,7 +37,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-    - match: Host(`dashboard.internal.${DOMAIN}`)
+    - match: Host(`dashboard.{{ .cloud.internalDomain }}`)
       kind: Rule
       middlewares:
         - name: internal-only
@@ -52,7 +52,7 @@ spec:
 ---
 # HTTP to HTTPS redirect.
 # FIXME: Is this needed?
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: kubernetes-dashboard-http
@@ -61,7 +61,7 @@ spec:
   entryPoints:
     - web
   routes:
-    - match: Host(`dashboard.internal.${DOMAIN}`)
+    - match: Host(`dashboard.{{ .cloud.internalDomain }}`)
       kind: Rule
       middlewares:
         - name: dashboard-redirect-scheme
@@ -74,11 +74,11 @@ spec:
 ---
 # ServersTransport for HTTPS backend with skip verify.
 # FIXME: Is this needed?
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: ServersTransport
 metadata:
   name: dashboard-transport
   namespace: kubernetes-dashboard
 spec:
   insecureSkipVerify: true
-  serverName: dashboard.internal.${DOMAIN}
+  serverName: dashboard.{{ .cloud.internalDomain }}

setup/cluster/kubernetes-dashboard/kustomize.template/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- dashboard-admin-rbac.yaml
+- dashboard-kube-system.yaml

setup/cluster/kubernetes-dashboard/kustomize/dashboard-admin-rbac.yaml

@@ -0,0 +1,32 @@
+---
+# Service Account and RBAC for Dashboard admin access
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: dashboard-admin
+  namespace: kubernetes-dashboard
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: dashboard-admin
+subjects:
+  - kind: ServiceAccount
+    name: dashboard-admin
+    namespace: kubernetes-dashboard
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
+
+---
+# Token for dashboard-admin
+apiVersion: v1
+kind: Secret
+metadata:
+  name: dashboard-admin-token
+  namespace: kubernetes-dashboard
+  annotations:
+    kubernetes.io/service-account.name: dashboard-admin
+type: kubernetes.io/service-account-token

setup/cluster/kubernetes-dashboard/kustomize/dashboard-kube-system.yaml

@@ -0,0 +1,84 @@
+---
+# Internal-only middleware
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: internal-only
+  namespace: kubernetes-dashboard
+spec:
+  ipWhiteList:
+    # Restrict to local private network ranges
+    sourceRange:
+      - 127.0.0.1/32 # localhost
+      - 10.0.0.0/8 # Private network
+      - 172.16.0.0/12 # Private network
+      - 192.168.0.0/16 # Private network
+
+---
+# HTTPS redirect middleware
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: dashboard-redirect-scheme
+  namespace: kubernetes-dashboard
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true
+
+---
+# IngressRoute for Dashboard
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: kubernetes-dashboard-https
+  namespace: kubernetes-dashboard
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`dashboard.internal.cloud2.payne.io`)
+      kind: Rule
+      middlewares:
+        - name: internal-only
+          namespace: kubernetes-dashboard
+      services:
+        - name: kubernetes-dashboard
+          port: 443
+          serversTransport: dashboard-transport
+  tls:
+    secretName: wildcard-internal-wild-cloud-tls
+
+---
+# HTTP to HTTPS redirect.
+# FIXME: Is this needed?
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: kubernetes-dashboard-http
+  namespace: kubernetes-dashboard
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`dashboard.internal.cloud2.payne.io`)
+      kind: Rule
+      middlewares:
+        - name: dashboard-redirect-scheme
+          namespace: kubernetes-dashboard
+      services:
+        - name: kubernetes-dashboard
+          port: 443
+          serversTransport: dashboard-transport
+
+---
+# ServersTransport for HTTPS backend with skip verify.
+# FIXME: Is this needed?
+apiVersion: traefik.io/v1alpha1
+kind: ServersTransport
+metadata:
+  name: dashboard-transport
+  namespace: kubernetes-dashboard
+spec:
+  insecureSkipVerify: true
+  serverName: dashboard.internal.cloud2.payne.io

setup/cluster/kubernetes-dashboard/kustomize/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- dashboard-admin-rbac.yaml
+- dashboard-kube-system.yaml