feat: Update helm deployment (#7969)

* Update helm ingress configuration

* Use ingress class annotation instead of spec

* Update docs and remove outdated files

* Update helm NOTES.txt

* Update metrics scraper svc name

* Update helm notes

* Use ingress-nginx helm dep from K8S org

* Update helm notes

* Fix ingress config and log viewer log line wrap

* Update README

* Fix lint

* Update README

.licenserc.yaml

@@ -70,6 +70,6 @@ header:
     - "LICENSE"
     - "OWNERS_ALIASES"
     - "SECURITY_CONTACTS"
-    - "charts/helm-chart/kubernetes-dashboard/templates/networking/post-install-ingress.yaml"
+    - "charts/helm-chart/kubernetes-dashboard/templates/networking/post-install-ingress-issuer.yaml"
   comment: on-failure
   license-location-threshold: 80

README.md

@@ -26,16 +26,6 @@ You can install Dashboard using Helm as described [here](https://artifacthub.io/
 
 ### Manifest
 
-[//]: # (Kubernetes Dashboard requires both [cert-manager](https://cert-manager.io/docs/installation/) and)
-
-[//]: # ([nginx-ingress-controller](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/#3-deploy-the-ingress-controller))
-
-[//]: # ([metrics-server]() to be installed in your cluster in order to run. Additionally, if you want metrics and graphs to be available, you need to install)
-
-[//]: # ([metrics-server](https://github.com/kubernetes-sigs/metrics-server#installation).)
-
-[//]: # (Please, make sure that they are up and running before installing Kubernetes Dashboard.)
-
 You can install Dashboard using `kubectl` as described in the installation instructions that can be found in the [latest release](https://github.com/kubernetes/dashboard/releases/latest).
 
 ## Access
@@ -54,7 +44,7 @@ To find out how to create sample user and log in follow [Creating sample user](d
 Dashboard documentation can be found on [docs](docs/README.md) directory which contains:
 
 * [Common](docs/common/README.md): Entry-level overview.
-* [User Guide](docs/user/README.md): [Installation](docs/user/installation.md), [Accessing Dashboard](docs/user/accessing-dashboard/README.md) and more for users.
+* [User Guide](docs/user/README.md): [Accessing Dashboard](docs/user/accessing-dashboard/README.md) and more for users.
 * [Developer Guide](docs/developer/README.md): [Getting Started](docs/developer/getting-started.md), [Dependency Management](docs/developer/dependency-management.md) and more for anyone interested in contributing.
 
 ## Community, discussion, contribution, and support

charts/helm-chart/kubernetes-dashboard/Chart.lock

@@ -1,12 +1,12 @@
 dependencies:
-- name: nginx-ingress
-  repository: https://helm.nginx.com/stable
-  version: 0.17.1
+- name: ingress-nginx
+  repository: https://kubernetes.github.io/ingress-nginx
+  version: 4.7.1
 - name: cert-manager
   repository: https://charts.jetstack.io
   version: v1.11.2
 - name: metrics-server
   repository: https://kubernetes-sigs.github.io/metrics-server/
   version: 3.8.4
-digest: sha256:269ca8270ef146707ec7f04c7c76468484a3c31262737406f6965b2ca399b27a
-generated: "2023-05-19T16:43:45.5691521+02:00"
+digest: sha256:805f6405d0cb3ceb4c6068e5235c4c18845bc30bafa900b69bc4c66bfeefc4fd
+generated: "2023-07-07T11:44:54.033948186+02:00"

charts/helm-chart/kubernetes-dashboard/Chart.yaml

@@ -31,10 +31,10 @@ maintainers:
 icon: https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.svg
 kubeVersion: ">=1.21.0-0"
 dependencies:
-  - name: nginx-ingress
+  - name: ingress-nginx
     alias: nginx
-    version: 0.17.1
-    repository: https://helm.nginx.com/stable
+    version: 4.7.1
+    repository: https://kubernetes.github.io/ingress-nginx
     condition: nginx-ingress.enabled
   - name: cert-manager
     version: v1.11.2

charts/helm-chart/kubernetes-dashboard/README.md

@@ -1,17 +1,26 @@
-# kubernetes-dashboard
+# Kubernetes Dashboard
 
-[Kubernetes Dashboard](https://github.com/kubernetes/dashboard) is a general purpose, web-based UI for Kubernetes
-clusters.
-It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster
-itself.
+[![Go Report Card](https://goreportcard.com/badge/github.com/kubernetes/dashboard)](https://goreportcard.com/report/github.com/kubernetes/dashboard)
+[![Coverage Status](https://codecov.io/github/kubernetes/dashboard/coverage.svg?branch=master)](https://codecov.io/github/kubernetes/dashboard?branch=master)
+[![GitHub release](https://img.shields.io/github/release/kubernetes/dashboard.svg)](https://github.com/kubernetes/dashboard/releases/latest)
+[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/kubernetes/dashboard/blob/master/LICENSE)
+
+# ! Breaking change !
+Starting from the release `v7` for the Helm chart and `v3` for the Kubernetes Dashboard, underlying architecture has changed, and it requires a clean installation. Please remove previous installation first.
+
+Kubernetes Dashboard now requires `cert-manager` and `nginx-ingress-controller` to work properly. They will be automatically installed with the Helm chart. In case you already have them installed, simply set `--set=nginx.enabled=false` and `--set=cert-manager.enabled=false` when installing the chart to disable installation of those dependencies.
+
+## Introduction
+
+[Kubernetes Dashboard](https://github.com/kubernetes/dashboard) is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself.
 
 ## TL;DR
 
 ```console
 # Add kubernetes-dashboard repository
 helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
 # Deploy a Helm Release named "kubernetes-dashboard" using the kubernetes-dashboard chart
-helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard
+helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
 ```
 
 ## Introduction
@@ -26,7 +35,7 @@ the [Release](https://helm.sh/docs/intro/using_helm/#three-big-concepts) name `k
 
 ```console
 helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
-helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --wait --namespace kubernetes-dashboard --create-namespace
+helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
 ```
 
 The command deploys kubernetes-dashboard on the Kubernetes cluster in the `kubernetes-dashboard` namespace with default
@@ -64,11 +73,11 @@ Please refer
 to [values.yaml](https://github.com/kubernetes/dashboard/blob/master/charts/helm-chart/kubernetes-dashboard/values.yaml)
 for valid values and their defaults.
 
-Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install/upgrade`. For example,
 
 ```console
 helm install kubernetes-dashboard/kubernetes-dashboard --name kubernetes-dashboard \
-  --set=service.externalPort=8080,resources.limits.cpu=200m
+  --set=api.containers.resources.limits.cpu=200m
 ```
 
 Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
@@ -98,6 +107,10 @@ kubectl label --overwrite ns kubernetes-dashboard pod-security.kubernetes.io/enf
 A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
 incompatible breaking change needing manual actions.
 
+### Upgrade from 6.x.x to 7.x.x
+
+We recommend doing a clean installation. Kubernetes Dashboard `v3` introduced a big architecture changes and now requires `cert-manager`, and `nginx-ingress-controller` to work properly. In case those are already installed in your cluster, simply set `--set=nginx.enabled=false` and `--set=cert-manager.enabled=false` when upgrading.
+
 ### Upgrade from 5.x.x to 6.x.x
 
 - Switch `PodDisruptionBudget` from `policy/v1beta1` to `policy/v1`. Requires kubernetes >= 1.21.0

charts/helm-chart/kubernetes-dashboard/templates/NOTES.txt

@@ -1,49 +1,43 @@
-*********************************************************************************
-*** PLEASE BE PATIENT: kubernetes-dashboard may take a few minutes to install ***
-*********************************************************************************
-
-{{/* Describe how to access depending on config */}}
-{{/* 1. Local K8S i.e. Docker (selfsigned + localhost domain) - direct access */}}
-{{/* 2. Local K8S other than Docker (selfsigned + localhost domain) - via kubectl port-forward */}}
-{{/* 2. External K8S (selfsigned/custom + custom domain) - access directly via domain */}}
-
-{{/*{{- if .Values.nginx.enabled }}*/}}
-{{/*  From outside the cluster, the server URL(s) are:*/}}
-{{/*  https://{{ .Values.app.ingress.host }}*/}}
-{{/*{{- end }}*/}}
-
-{{/*{{- else if contains "NodePort" .Values.service.type }}*/}}
-
-{{/*Get the Kubernetes Dashboard URL by running:*/}}
-{{/*  export NODE_PORT=$(kubectl get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "kubernetes-dashboard.fullname" . }})*/}}
-{{/*  export NODE_IP=$(kubectl get nodes -o jsonpath="{.items[0].status.addresses[0].address}")*/}}
-{{/*{{- if .Values.protocolHttp }}*/}}
-{{/*  echo http://$NODE_IP:$NODE_PORT/*/}}
-{{/*{{- else }}*/}}
-{{/*  echo https://$NODE_IP:$NODE_PORT/*/}}
-{{/*{{- end }}*/}}
-
-{{/*{{- else if contains "LoadBalancer" .Values.service.type }}*/}}
-
-{{/*  NOTE: It may take a few minutes for the LoadBalancer IP to be available.*/}}
-{{/*        Watch the status with: 'kubectl get svc -n {{ .Release.Namespace }} -w {{ template "kubernetes-dashboard.fullname" . }}'*/}}
-
-{{/*Get the Kubernetes Dashboard URL by running:*/}}
-{{/*  export SERVICE_IP=$(kubectl get svc -n {{ .Release.Namespace }} {{ template "kubernetes-dashboard.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')*/}}
-{{/*{{- if .Values.protocolHttp }}*/}}
-{{/*  echo http://$SERVICE_IP/*/}}
-{{/*{{- else }}*/}}
-{{/*  echo https://$SERVICE_IP/*/}}
-{{/*{{- end }}*/}}
-{{/*{{- else if contains "ClusterIP"  .Values.service.type }}*/}}
-
-{{/*Get the Kubernetes Dashboard URL by running:*/}}
-{{/*  export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "kubernetes-dashboard.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")*/}}
-{{/*{{- if .Values.protocolHttp }}*/}}
-{{/*  echo http://127.0.0.1:9090/*/}}
-{{/*  kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 9090:9090*/}}
-{{/*{{- else }}*/}}
-{{/*  echo https://127.0.0.1:8443/*/}}
-{{/*  kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 8443:8443*/}}
-{{/*{{- end }}*/}}
-{{/*{{- end }}*/}}
+*************************************************************************************************
+*** PLEASE BE PATIENT: Kubernetes Dashboard may need a few minutes to get up and become ready ***
+*************************************************************************************************
+
+Congratulations! You have just installed Kubernetes Dashboard in your cluster.
+{{ if and (has "localhost" .Values.app.ingress.hosts) (eq .Values.app.ingress.ingressClassName "nginx") (.Values.nginx.enabled) }}
+To access Dashboard run:
+  kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-nginx-controller 8443:443
+
+NOTE: In case port-forward command does not work, make sure that nginx service name is correct.
+      Check the services in Kubernetes Dashboard namespace using:
+        kubectl -n {{ .Release.Namespace }} get svc
+
+Dashboard will be available at:
+  https://localhost:8443
+{{- end }}
+
+{{- if and (has "localhost" .Values.app.ingress.hosts) (eq .Values.app.ingress.ingressClassName "nginx") (not .Values.nginx.enabled) }}
+It looks like you already have nginx installed in your cluster. First find the namespace where it is installed and then find its main service name. By default, it should be located in namespace called nginx or nginx-ingress and service name should be nginx-controller.
+
+To access Dashboard run (replace placeholders with actual names):
+  kubectl -n <nginx-namespace> port-forward svc/<nginx-service> 8443:443
+
+Dashboard will be available at:
+  https://localhost:8443
+{{- end }}
+
+{{- if or (not (has "localhost" .Values.app.ingress.hosts)) (gt (len .Values.app.ingress.hosts) 1) }}
+
+Looks like you are deploying Kubernetes Dashboard on a custom domain(s).
+Please make sure that the ingress configuration is valid.
+Dashboard should be accessible on your configured domain(s) soon:
+{{- range .Values.app.ingress.hosts }}
+{{- if not (eq . "localhost") }}
+  - https://{{ . }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+NOTE: It may take a few minutes for the Ingress IP/Domain to be available.
+      It does not apply to local dev Kubernetes installations such as kind, etc.
+      You can watch the status using:
+        kubectl -n {{ .Release.Namespace }} get ing {{ template "kubernetes-dashboard.fullname" . }} -w

charts/helm-chart/kubernetes-dashboard/templates/networking/ingress.yaml

@@ -17,31 +17,62 @@ apiVersion: networking.k8s.io/v1
 metadata:
   labels:
     {{- include "kubernetes-dashboard.labels" . | nindent 4 }}
+    {{- with .Values.app.ingress.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   annotations:
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
     cert-manager.io/issuer: {{ .Values.app.ingress.issuer }}
+    kubernetes.io/ingress.class: {{ .Values.app.ingress.ingressClassName }}
+    {{- if eq .Values.app.ingress.ingressClassName "nginx" }}
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    {{- end }}
+    {{- with .Values.app.ingress.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   name: {{ template "kubernetes-dashboard.name" . }}
 spec:
-  ingressClassName: {{ .Values.app.ingress.ingressClassName }}
+  {{- if .Values.app.ingress.hosts }}
   tls:
     - hosts:
-        - {{ .Values.app.ingress.host }}
+      {{- toYaml .Values.app.ingress.hosts | nindent 6 }}
       secretName: {{ .Values.app.ingress.secretName }}
+  {{- end }}
   rules:
-    - host: {{ .Values.app.ingress.host }}
+    {{- if .Values.app.ingress.hosts }}
+    {{- range $host := .Values.app.ingress.hosts }}
+    - host: {{ $host }}
       http:
+        paths:
+          - path: {{ $.Values.app.ingress.paths.web }}
+            pathType: {{ $.Values.app.ingress.pathType }}
+            backend:
+              service:
+                name: {{ template "kubernetes-dashboard.name" $ }}-{{ $.Values.web.role }}
+                port:
+                  name: {{ $.Values.web.role }}
+          - path: {{ $.Values.app.ingress.paths.api }}
+            pathType: {{ $.Values.app.ingress.pathType }}
+            backend:
+              service:
+                name: {{ template "kubernetes-dashboard.name" $ }}-{{ $.Values.api.role }}
+                port:
+                  name: {{ $.Values.api.role }}
+    {{- end }}
+    {{- else }}
+    - http:
         paths:
           - path: {{ .Values.app.ingress.paths.web }}
-            pathType: Prefix
+            pathType: {{ .Values.app.ingress.pathType }}
             backend:
               service:
                 name: {{ template "kubernetes-dashboard.name" . }}-{{ .Values.web.role }}
                 port:
                   name: {{ .Values.web.role }}
           - path: {{ .Values.app.ingress.paths.api }}
-            pathType: Prefix
+            pathType: {{ .Values.app.ingress.pathType }}
             backend:
               service:
                 name: {{ template "kubernetes-dashboard.name" . }}-{{ .Values.api.role }}
                 port:
                   name: {{ .Values.api.role }}
+    {{- end }}

charts/helm-chart/kubernetes-dashboard/templates/networking/post-install-ingress-issuer.yaml

@@ -1,17 +1,3 @@
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 {{- if eq .Values.app.ingress.issuer "selfsigned" -}}
 apiVersion: cert-manager.io/v1
 kind: Issuer

charts/helm-chart/kubernetes-dashboard/templates/services/metrics-scraper.yaml

@@ -20,9 +20,9 @@ metadata:
     app.kubernetes.io/name: {{ template "kubernetes-dashboard.name" . }}-{{ .Values.metricsScraper.role }}
     app.kubernetes.io/version: {{ .Values.metricsScraper.image.tag }}
     app.kubernetes.io/component: {{ .Values.metricsScraper.role }}
-    # TODO: dashboard-metrics-scraper name is currently hardcoded into the API.
+    # TODO: kubernetes-dashboard-metrics-scraper name is currently hardcoded into the API.
     # Use same name pattern as for other deployments when this will be configurable via the API.
-  name: dashboard-{{ .Values.metricsScraper.role }}
+  name: kubernetes-dashboard-{{ .Values.metricsScraper.role }}
 spec:
   ports:
     {{- with (index .Values.metricsScraper.containers.ports 0) }}

charts/helm-chart/kubernetes-dashboard/values.yaml

@@ -76,10 +76,17 @@ app:
     #  #  Is this CRD namespaced?
     #  namespaced: true
   ingress:
-    host: localhost
+    hosts:
+    # Keep 'localhost' host only if you want to access Dashboard using 'kubectl port-forward ...' on:
+    # https://localhost:8443
+    - localhost
+    # - kubernetes.dashboard.domain.com
     ingressClassName: nginx
+    pathType: ImplementationSpecific
     secretName: kubernetes-dashboard-certs
     issuer: selfsigned
+    labels: {}
+    annotations: {}
     paths:
       web: /
       api: /api

docs/README.md

@@ -8,8 +8,6 @@
 
 ## [User Guide](user/README.md)
 
-* [Installation](user/installation.md)
-* [Certificate management](user/certificate-management.md)
 * [Accessing Dashboard](user/accessing-dashboard/README.md)
 * [Access control](user/access-control/README.md)
   * [Creating sample user](user/access-control/creating-sample-user.md)

docs/user/README.md

@@ -1,7 +1,5 @@
 # User guide
 
-* [Installation](installation.md)
-* [Certificate management](certificate-management.md)
 * [Accessing Dashboard](accessing-dashboard/README.md)
 * [Access control](access-control/README.md)
   * [Creating sample user](access-control/creating-sample-user.md)

docs/user/accessing-dashboard/README.md

@@ -5,7 +5,7 @@ In case of any error while trying to access Dashboard, please first read our [FA
 In most cases errors are caused by cluster configuration issues.
 
 ## Introduction
-This document only describes the basic ways of accessing Kubernetes Dashboard [Quick Setup](../installation.md#quick-setup) or [Official Release](../installation.md#official-release) deployments.
+This document only describes the basic ways of accessing Kubernetes Dashboard.
 If you have modified the default configuration in any way, it might not work.
 
 ## `kubectl port-forward`