From 0f46ec6f153936362f40e81b6a36ce0e28fba695 Mon Sep 17 00:00:00 2001
From: xguefer <xavor@hotmail.es>
Date: Mon, 11 Aug 2025 01:17:35 +0200
Subject: [PATCH] =?UTF-8?q?a=C3=B1adido=20dashboard=20y=20corregido=20meta?=
 =?UTF-8?q?llb?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cert-manager/clusterissuer-prod.yaml    |  2 +-
 cert-manager/clusterissuer-staging.yaml |  2 +-
 dashboard/ingress/ingress.yaml          | 26 ++++++++++
 dashboard/kustomization.yaml            | 11 ++++
 dashboard/namespace.yaml                |  4 ++
 dashboard/rbac/clusterrolebinding.yaml  | 12 +++++
 dashboard/rbac/serviceaccount.yaml      |  5 ++
 dashboard/readme.md                     | 68 +++++++++++++++++++++++++
 dashboard/services/service.yaml         | 16 ++++++
 ingress-nginx/services/service.yaml     |  6 +--
 metallb/ipaddresspool.yaml              |  4 +-
 metallb/test-lb.yaml                    | 38 --------------
 test/testpod.yaml                       | 36 +++++++++++++
 13 files changed, 185 insertions(+), 45 deletions(-)
 create mode 100644 dashboard/ingress/ingress.yaml
 create mode 100644 dashboard/kustomization.yaml
 create mode 100644 dashboard/namespace.yaml
 create mode 100644 dashboard/rbac/clusterrolebinding.yaml
 create mode 100644 dashboard/rbac/serviceaccount.yaml
 create mode 100644 dashboard/readme.md
 create mode 100644 dashboard/services/service.yaml
 delete mode 100644 metallb/test-lb.yaml
 create mode 100644 test/testpod.yaml

diff --git a/cert-manager/clusterissuer-prod.yaml b/cert-manager/clusterissuer-prod.yaml
index 4449b55..2eee43d 100644
--- a/cert-manager/clusterissuer-prod.yaml
+++ b/cert-manager/clusterissuer-prod.yaml
@@ -11,4 +11,4 @@ spec:
     solvers:
       - http01:
           ingress:
-            ingressClassName: traefik
+            ingressClassName: nginx
diff --git a/cert-manager/clusterissuer-staging.yaml b/cert-manager/clusterissuer-staging.yaml
index aa3272f..afe82df 100644
--- a/cert-manager/clusterissuer-staging.yaml
+++ b/cert-manager/clusterissuer-staging.yaml
@@ -11,4 +11,4 @@ spec:
     solvers:
       - http01:
           ingress:
-            ingressClassName: traefik
+            ingressClassName: nginx
diff --git a/dashboard/ingress/ingress.yaml b/dashboard/ingress/ingress.yaml
new file mode 100644
index 0000000..9254628
--- /dev/null
+++ b/dashboard/ingress/ingress.yaml
@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kubernetes-dashboard
+  namespace: kubernetes-dashboard
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"   # el pod escucha TLS en 8443
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"  # redirige http -> https
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - k8s.c2et.net
+      secretName: dashboard-tls
+  rules:
+    - host: k8s.c2et.net
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: kubernetes-dashboard
+                port:
+                  number: 443
diff --git a/dashboard/kustomization.yaml b/dashboard/kustomization.yaml
new file mode 100644
index 0000000..753b059
--- /dev/null
+++ b/dashboard/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: kubernetes-dashboard
+
+resources:
+  - namespace.yaml
+  - rbac/serviceaccount.yaml
+  - rbac/clusterrolebinding.yaml
+  - services/service.yaml
+  - ingress/ingress.yaml
diff --git a/dashboard/namespace.yaml b/dashboard/namespace.yaml
new file mode 100644
index 0000000..7f5196a
--- /dev/null
+++ b/dashboard/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kubernetes-dashboard
diff --git a/dashboard/rbac/clusterrolebinding.yaml b/dashboard/rbac/clusterrolebinding.yaml
new file mode 100644
index 0000000..d88c871
--- /dev/null
+++ b/dashboard/rbac/clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: admin-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: admin-user
+    namespace: kubernetes-dashboard
diff --git a/dashboard/rbac/serviceaccount.yaml b/dashboard/rbac/serviceaccount.yaml
new file mode 100644
index 0000000..54cabb7
--- /dev/null
+++ b/dashboard/rbac/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+  namespace: kubernetes-dashboard
diff --git a/dashboard/readme.md b/dashboard/readme.md
new file mode 100644
index 0000000..b26ea9e
--- /dev/null
+++ b/dashboard/readme.md
@@ -0,0 +1,68 @@
+# 🎛️ Manifiestos para Kubernetes Dashboard
+
+Este repositorio contiene los manifiestos necesarios para desplegar **Kubernetes Dashboard**, la interfaz gráfica oficial de Kubernetes. Kubernetes Dashboard permite:
+
+* Visualizar y manejar recursos de Kubernetes (pods, deployments, servicios, etc.)
+* Monitorizar el estado y métricas de los clústeres
+* Proporcionar acceso basado en roles al clúster
+
+Se instala en el namespace `kubernetes-dashboard`, con cuentas de servicio y permisos RBAC adecuados, y se expone internamente o mediante un servicio de tipo NodePort.
+
+> Kubernetes Dashboard facilita la administración de clústeres al ofrecer una vista amigable y centralizada de los recursos, ideal para usuarios que prefieren entornos gráficos.
+
+---
+
+## Despliegue paso a paso
+
+1. **Ir al directorio del proyecto**
+
+   ```bash
+   cd ~/k3s/k8s-dashboard
+   ```
+
+2. **Crear el namespace**
+
+   ```bash
+   kubectl apply -f namespace.yaml
+   ```
+
+3. **Configurar RBAC (Role-Based Access Control)**
+
+   * Crear la cuenta de servicio en el namespace:
+
+     ```bash
+     kubectl apply -f rbac/serviceaccount.yaml
+     ```
+   * Asignar permisos de cluster-admin (ajustar a roles más restrictivos en producción):
+
+     ```bash
+     kubectl apply -f rbac/clusterrolebinding.yaml
+     ```
+
+4. **Desplegar el Dashboard oficial**
+
+   ```bash
+   kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
+   ```
+
+5. **Exponer el servicio**
+
+   ```bash
+   kubectl apply -f services/service.yaml
+   ```
+
+---
+
+## Autenticación
+
+Para obtener el token de acceso:
+
+```bash
+kubectl -n kubernetes-dashboard create token admin-user
+```
+
+Copia el token y pégalo en la interfaz web cuando se te solicite.
+
+---
+
+Con estos manifiestos, Kubernetes Dashboard quedará desplegado y accesible, ofreciendo una gestión gráfica completa del clúster.
diff --git a/dashboard/services/service.yaml b/dashboard/services/service.yaml
new file mode 100644
index 0000000..3223913
--- /dev/null
+++ b/dashboard/services/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kubernetes-dashboard
+  namespace: kubernetes-dashboard
+  labels:
+    k8s-app: kubernetes-dashboard
+spec:
+  type: ClusterIP
+  selector:
+    k8s-app: kubernetes-dashboard
+  ports:
+    - name: https
+      port: 443
+      targetPort: 8443
+      protocol: TCP
diff --git a/ingress-nginx/services/service.yaml b/ingress-nginx/services/service.yaml
index a17d210..62b2614 100644
--- a/ingress-nginx/services/service.yaml
+++ b/ingress-nginx/services/service.yaml
@@ -4,15 +4,15 @@ metadata:
   name: ingress-nginx-controller
   namespace: ingress-nginx
 spec:
-  type: NodePort
+  type: LoadBalancer
+  loadBalancerIP: 192.168.0.100
   selector:
     app.kubernetes.io/name: ingress-nginx
   ports:
     - name: http
       port: 80
       targetPort: 80
-      nodePort: 30080
     - name: https
       port: 443
       targetPort: 443
-      nodePort: 30443
+
diff --git a/metallb/ipaddresspool.yaml b/metallb/ipaddresspool.yaml
index f326eee..8f73475 100644
--- a/metallb/ipaddresspool.yaml
+++ b/metallb/ipaddresspool.yaml
@@ -5,5 +5,5 @@ metadata:
   namespace: metallb-system
 spec:
   addresses:
-    - 192.168.1.100 - 192.168.1.110
-    - 192.168.200.10 - 192.168.200.20
+    - 192.168.0.100-192.168.0.110
+    - 192.168.200.10-192.168.200.20
diff --git a/metallb/test-lb.yaml b/metallb/test-lb.yaml
deleted file mode 100644
index 3dd303b..0000000
--- a/metallb/test-lb.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: lb-test
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: test-lb
-  namespace: lb-test
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: test-lb
-  template:
-    metadata:
-      labels:
-        app: test-lb
-    spec:
-      containers:
-      - name: test-lb
-        image: nginx:alpine
-        ports:
-        - containerPort: 80
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: test-lb
-  namespace: lb-test
-spec:
-  type: LoadBalancer
-  selector:
-    app: test-lb
-  ports:
-  - port: 80
-    targetPort: 80
diff --git a/test/testpod.yaml b/test/testpod.yaml
new file mode 100644
index 0000000..c1dc334
--- /dev/null
+++ b/test/testpod.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: test-http
+#  annotations:
+#    metallb.universe.tf/address-pool: default
+spec:
+#  type: NodePort
+  type: LoadBalancer
+  loadBalancerIP: 192.168.200.10
+  selector:
+    app: test-http
+  ports:
+    - port: 80
+      targetPort: 80
+#      nodePort: 30080
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: test-http
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: test-http
+  template:
+    metadata:
+      labels:
+        app: test-http
+    spec:
+      containers:
+        - name: test-http
+          image: nginx:alpine
+          ports:
+            - containerPort: 80