From bdc227f918ad31f0d7b03d8b77c1b105aae7363b Mon Sep 17 00:00:00 2001
From: Sebastian Florek <sebastian@plural.sh>
Date: Tue, 4 Jun 2024 11:33:28 +0200
Subject: [PATCH 1/2] bump api/web, chart deps and extend ingress/networkpolicy
 config

---
 charts/kubernetes-dashboard/Chart.lock            | 10 +++++-----
 charts/kubernetes-dashboard/Chart.yaml            |  8 ++++----
 .../templates/networking/ingress.yaml             |  2 +-
 .../templates/security/networkpolicy.yaml         | 10 ++++++++--
 charts/kubernetes-dashboard/values.yaml           | 15 ++++++++++++---
 5 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/charts/kubernetes-dashboard/Chart.lock b/charts/kubernetes-dashboard/Chart.lock
index 1d2437b7d7d7..f1564097b0d6 100644
--- a/charts/kubernetes-dashboard/Chart.lock
+++ b/charts/kubernetes-dashboard/Chart.lock
@@ -1,15 +1,15 @@
 dependencies:
 - name: ingress-nginx
   repository: https://kubernetes.github.io/ingress-nginx
-  version: 4.10.0
+  version: 4.10.1
 - name: cert-manager
   repository: https://charts.jetstack.io
-  version: v1.14.3
+  version: v1.14.5
 - name: metrics-server
   repository: https://kubernetes-sigs.github.io/metrics-server/
-  version: 3.12.0
+  version: 3.12.1
 - name: kong
   repository: https://charts.konghq.com
   version: 2.38.0
-digest: sha256:94e8aff5185ff5f76481ed0cc71bb3fbb272fa2ab06068079fcceb002bd47ef2
-generated: "2024-03-02T00:46:32.54460399+01:00"
+digest: sha256:ef535931f6d08b3b4b242cba567d0c02a072cf7cf68431f58a0d8d283b3b72b5
+generated: "2024-06-04T11:32:45.155515532+02:00"
diff --git a/charts/kubernetes-dashboard/Chart.yaml b/charts/kubernetes-dashboard/Chart.yaml
index 651f102c906c..db7006699447 100644
--- a/charts/kubernetes-dashboard/Chart.yaml
+++ b/charts/kubernetes-dashboard/Chart.yaml
@@ -14,7 +14,7 @@
 
 apiVersion: v2
 name: kubernetes-dashboard
-version: 7.4.0
+version: 7.5.0
 description: General-purpose web UI for Kubernetes clusters
 keywords:
   - kubernetes
@@ -32,15 +32,15 @@ kubeVersion: ">=1.21.0-0"
 dependencies:
   - name: ingress-nginx
     alias: nginx
-    version: 4.10.0
+    version: 4.10.1
     repository: https://kubernetes.github.io/ingress-nginx
     condition: nginx.enabled
   - name: cert-manager
-    version: v1.14.3
+    version: v1.14.5
     repository: https://charts.jetstack.io
     condition: cert-manager.enabled
   - name: metrics-server
-    version: 3.12.0
+    version: 3.12.1
     repository: https://kubernetes-sigs.github.io/metrics-server/
     condition: metrics-server.enabled
   - name: kong
diff --git a/charts/kubernetes-dashboard/templates/networking/ingress.yaml b/charts/kubernetes-dashboard/templates/networking/ingress.yaml
index d86bf438f2b6..883a8d323f96 100644
--- a/charts/kubernetes-dashboard/templates/networking/ingress.yaml
+++ b/charts/kubernetes-dashboard/templates/networking/ingress.yaml
@@ -46,7 +46,7 @@ spec:
   {{- if not .Values.app.ingress.useDefaultIngressClass }}
   ingressClassName: {{ .Values.app.ingress.ingressClassName }}
   {{- end }}
-  {{- if .Values.app.ingress.hosts }}
+  {{- if and .Values.app.ingress.hosts .Values.app.ingress.tls.enabled }}
   tls:
     - hosts:
       {{- toYaml .Values.app.ingress.hosts | nindent 6 }}
diff --git a/charts/kubernetes-dashboard/templates/security/networkpolicy.yaml b/charts/kubernetes-dashboard/templates/security/networkpolicy.yaml
index a34714dd3c08..efaf5512c9a2 100755
--- a/charts/kubernetes-dashboard/templates/security/networkpolicy.yaml
+++ b/charts/kubernetes-dashboard/templates/security/networkpolicy.yaml
@@ -29,8 +29,13 @@ metadata:
 spec:
   podSelector:
     matchLabels:
-    {{ include "kubernetes-dashboard.matchLabels" . | nindent 6 }}
-  {{ if .Values.app.security.networkPolicy.ingressDenyAll }}
+    {{- include "kubernetes-dashboard.matchLabels" . | nindent 6 -}}
+  {{- if .Values.app.security.networkPolicy.spec }}
+    {{- with .Values.app.security.networkPolicy.spec }}
+    {{- toYaml . | nindent 2 }}
+    {{- end }}
+  {{ else }}
+    {{- if .Values.app.security.networkPolicy.ingressDenyAll }}
   ingress: [ ]
     {{ else }}
   ingress:
@@ -39,5 +44,6 @@ spec:
         protocol: TCP
       - port: {{ $.Values.api.role }}
         protocol: TCP
+    {{ end }}
   {{ end }}
 {{ end }}
diff --git a/charts/kubernetes-dashboard/values.yaml b/charts/kubernetes-dashboard/values.yaml
index 9cb1ddea0ca8..728e0ee8e4dc 100644
--- a/charts/kubernetes-dashboard/values.yaml
+++ b/charts/kubernetes-dashboard/values.yaml
@@ -56,6 +56,14 @@ app:
     networkPolicy:
       enabled: false
       ingressDenyAll: false
+      # Raw network policy spec that overrides predefined spec
+      # Example:
+      # spec:
+      #   egress:
+      #     - ports:
+      #         - port: 123
+      spec: {}
+
   # Common labels & annotations shared across all deployed resources
   labels: {}
   annotations: {}
@@ -89,7 +97,7 @@ app:
       # Keep 'localhost' host only if you want to access Dashboard using 'kubectl port-forward ...' on:
       # https://localhost:8443
       - localhost
-    # - kubernetes.dashboard.domain.com
+      - kubernetes.dashboard.domain.com
     ingressClassName: internal-nginx
     # Use only if your ingress controllers support default ingress classes.
     # If set to true ingressClassName will be ignored and not added to the Ingress resources.
@@ -113,6 +121,7 @@ app:
       # - disabled - disables cert-manager annotations
       scope: default
     tls:
+      enabled: true
       # If provided it will override autogenerated secret name
       secretName: ""
     labels: {}
@@ -164,7 +173,7 @@ api:
   role: api
   image:
     repository: docker.io/kubernetesui/dashboard-api
-    tag: 1.6.0
+    tag: 1.7.0
   scaling:
     replicas: 1
     revisionHistoryLimit: 10
@@ -219,7 +228,7 @@ web:
   role: web
   image:
     repository: docker.io/kubernetesui/dashboard-web
-    tag: 1.3.0
+    tag: 1.4.0
   scaling:
     replicas: 1
     revisionHistoryLimit: 10

From 032150bd67de6aa056abba833312c1e606d1f033 Mon Sep 17 00:00:00 2001
From: Sebastian Florek <sebastian@plural.sh>
Date: Tue, 4 Jun 2024 11:42:12 +0200
Subject: [PATCH 2/2] revert values.yaml hosts change

---
 charts/kubernetes-dashboard/values.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/charts/kubernetes-dashboard/values.yaml b/charts/kubernetes-dashboard/values.yaml
index 728e0ee8e4dc..1db716381796 100644
--- a/charts/kubernetes-dashboard/values.yaml
+++ b/charts/kubernetes-dashboard/values.yaml
@@ -97,7 +97,7 @@ app:
       # Keep 'localhost' host only if you want to access Dashboard using 'kubectl port-forward ...' on:
       # https://localhost:8443
       - localhost
-      - kubernetes.dashboard.domain.com
+    # - kubernetes.dashboard.domain.com
     ingressClassName: internal-nginx
     # Use only if your ingress controllers support default ingress classes.
     # If set to true ingressClassName will be ignored and not added to the Ingress resources.
@@ -330,7 +330,6 @@ metricsScraper:
   #     defaultMode: 420
   #     secretName: dashboard-kubeconfig
   volumes:
-    # Create on-disk volume to store exec logs (required)
     - name: tmp-volume
       emptyDir: {}
   nodeSelector: {}