From 2af918132ec0b3dfdb5fe3a0e2142b0c2f9d60dd Mon Sep 17 00:00:00 2001
From: Mohamed Zaian <mohamedzaian@gmail.com>
Date: Tue, 25 Oct 2022 03:32:36 +0200
Subject: [PATCH] Update kubernetes dashboard to 2.7.0 (k8s 1.25 support)
 (#9425)

---
 roles/download/defaults/main.yml                 |  2 +-
 .../ansible/templates/dashboard.yml.j2           | 16 ++++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 978a9fca9..34558f474 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -1044,7 +1044,7 @@ gcp_pd_csi_resizer_image_tag: "v0.4.0-gke.0"
 gcp_pd_csi_registrar_image_tag: "v1.2.0-gke.0"
 
 dashboard_image_repo: "{{ docker_image_repo }}/kubernetesui/dashboard-{{ image_arch }}"
-dashboard_image_tag: "v2.6.1"
+dashboard_image_tag: "v2.7.0"
 dashboard_metrics_scraper_repo: "{{ docker_image_repo }}/kubernetesui/metrics-scraper"
 dashboard_metrics_scraper_tag: "v1.0.8"
 
diff --git a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
index d75b2cd08..b0c341926 100644
--- a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
@@ -163,6 +163,9 @@ spec:
       labels:
         k8s-app: kubernetes-dashboard
     spec:
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
       priorityClassName: system-cluster-critical
       containers:
         - name: kubernetes-dashboard
@@ -208,6 +211,11 @@ spec:
               port: 8443
             initialDelaySeconds: 30
             timeoutSeconds: 30
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsUser: 1001
+            runAsGroup: 2001
       volumes:
         - name: kubernetes-dashboard-certs
           secret:
@@ -293,6 +301,9 @@ spec:
       labels:
         k8s-app: kubernetes-metrics-scraper
     spec:
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
       priorityClassName: system-cluster-critical
       containers:
         - name: kubernetes-metrics-scraper
@@ -307,6 +318,11 @@ spec:
               port: 8000
             initialDelaySeconds: 30
             timeoutSeconds: 30
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsUser: 1001
+            runAsGroup: 2001
           volumeMounts:
           - mountPath: /tmp
             name: tmp-volume
-- 
GitLab