Skip to content

Kubernetes Dashboard major version upgrade from 1.x to 2.x

The migration from Kubernetes Dashboard Helm chart version 1.x to 2.x represents a major version change involving breaking changes and manual intervention.^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]

Breaking Changes and Deprecations

Several configuration parameters used in version 1.x have been removed or renamed in version 2.0.0^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]:

  • clusterAdminRole: This parameter has been completely removed due to security concerns.^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]
  • enableSkipLogin and enableInsecureLogin: These parameters are removed.^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]
  • dashboardContainerSecurityContext: Renamed to containerSecurityContext.^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]
  • Labels: The chart updates labels to new recommended standards; most of these are immutable, which necessitates the uninstall/reinstall procedure.^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]

New Features and Behavioral Changes

Version 2.x introduces changes to security defaults and networking options^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]:

  • RBAC Management: The upgrade moves to explicit secret creation, and the default [[ServiceAccount]] no longer has permission to create secrets.^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]
  • Default Security Contexts: Values for podAnnotations and securityContext are now enabled by default.^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]
  • HTTP Protocol: A new protocolHttp parameter allows switching the backend to plain HTTP.^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]
  • Ingress Annotations: If protocolHttp is not set (defaulting to HTTPS), the chart automatically adds annotations to the Ingress to support HTTPS backends for [[nginx-ingress]] and GKE.^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]

Upgrade Procedure

To transition from v1.x.x to v2.x.x, a reinstall is required due to the immutable label changes^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].

  1. Update Configuration:

    • Remove the clusterAdminRole parameter^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].
    • Replace enableSkipLogin and enableInsecureLogin with extraEnv configurations if needed^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].
    • Rename dashboardContainerSecurityContext to containerSecurityContext^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].
    • Review podAnnotations and securityContext to ensure they are supported in your environment^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].

  2. Uninstall and Reinstall: Execute a uninstall followed by an install with your updated configuration^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].

# Uninstall the existing release
[Helm](<./helm.md>) delete my-release

# Install the new version
[Helm](<./helm.md>) install kubernetes-dashboard/kubernetes-dashboard --name my-release -f values.yaml

Sources

^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]