[kubernetes-dashboard] Add kubernetes-dashboard helm chart with resource limits

charts/kubernetes-dashboard/.gitignore

@@ -0,0 +1,13 @@
+# Ignore all files with sensitive production values
+production.yaml
+prod.yaml
+*-prod.yaml
+*-production.yaml
+prod-*.yaml
+production-*.yaml
+aws-*.yaml
+secrets/
+private/
+*.secret.yaml
+values-*.yaml
+!values.yaml

charts/kubernetes-dashboard/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: kubernetes-dashboard
+  repository: https://kubernetes.github.io/dashboard/
+  version: 7.3.2
+digest: sha256:a19101f122b411f792a9401f167e9b0ef6fa6f1543d2f851e4107e2dd0339a2b
+generated: "2026-01-26T17:51:21.6935149Z"

charts/kubernetes-dashboard/Chart.yaml

@@ -0,0 +1,28 @@
+apiVersion: v2
+appVersion: "7.3.2"
+description: A Helm chart for Kubernetes Dashboard. This chart is an overlay for the official kubernetes-dashboard chart with custom resource limits configured for RADAR-K8s environments.
+name: kubernetes-dashboard
+version: 1.0.0
+sources:
+- https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/kubernetes-dashboard
+- https://github.com/kubernetes/dashboard
+keywords:
+  - kubernetes
+  - dashboard
+  - monitoring
+  - radar-base
+  - ui
+annotations:
+  artifacthub.io/license: Apache-2.0
+deprecated: false
+type: application
+home: "https://github.com/kubernetes/dashboard"
+maintainers:
+  - email: mani.thumu@kcl.ac.uk
+    name: Mani Thumu
+  - email: yatharth.ranjan@kcl.ac.uk
+    name: Yatharth Ranjan
+dependencies:
+- name: kubernetes-dashboard
+  repository: https://kubernetes.github.io/dashboard/
+  version: 7.3.2

charts/kubernetes-dashboard/README.md

@@ -0,0 +1,78 @@
+
+
+# kubernetes-dashboard
+[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/kubernetes-dashboard)](https://artifacthub.io/packages/helm/radar-base/kubernetes-dashboard)
+
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.3.2](https://img.shields.io/badge/AppVersion-7.3.2-informational?style=flat-square)
+
+A Helm chart for Kubernetes Dashboard. This chart is an overlay for the official kubernetes-dashboard chart with custom resource limits configured for RADAR-K8s environments.
+
+**Homepage:** <https://github.com/kubernetes/dashboard>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Mani Thumu | <mani.thumu@kcl.ac.uk> |  |
+| Yatharth Ranjan | <yatharth.ranjan@kcl.ac.uk> |  |
+
+## Source Code
+
+* <https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/kubernetes-dashboard>
+* <https://github.com/kubernetes/dashboard>
+
+## Prerequisites
+* Kubernetes 1.28+
+* Kubectl 1.28+
+* Helm 3.1.0+
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://kubernetes.github.io/dashboard/ | kubernetes-dashboard | 7.3.2 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| kubernetes-dashboard.auth.containers.resources.requests.cpu | string | `"10m"` |  |
+| kubernetes-dashboard.auth.containers.resources.requests.memory | string | `"64Mi"` |  |
+| kubernetes-dashboard.auth.containers.resources.limits.cpu | string | `"100m"` |  |
+| kubernetes-dashboard.auth.containers.resources.limits.memory | string | `"256Mi"` |  |
+| kubernetes-dashboard.api.containers.resources.requests.cpu | string | `"10m"` |  |
+| kubernetes-dashboard.api.containers.resources.requests.memory | string | `"64Mi"` |  |
+| kubernetes-dashboard.api.containers.resources.limits.cpu | string | `"100m"` |  |
+| kubernetes-dashboard.api.containers.resources.limits.memory | string | `"256Mi"` |  |
+| kubernetes-dashboard.web.containers.resources.requests.cpu | string | `"10m"` |  |
+| kubernetes-dashboard.web.containers.resources.requests.memory | string | `"64Mi"` |  |
+| kubernetes-dashboard.web.containers.resources.limits.cpu | string | `"100m"` |  |
+| kubernetes-dashboard.web.containers.resources.limits.memory | string | `"256Mi"` |  |
+| kubernetes-dashboard.metricsScraper.enabled | bool | `true` |  |
+| kubernetes-dashboard.metricsScraper.containers.resources.requests.cpu | string | `"10m"` |  |
+| kubernetes-dashboard.metricsScraper.containers.resources.requests.memory | string | `"64Mi"` |  |
+| kubernetes-dashboard.metricsScraper.containers.resources.limits.cpu | string | `"100m"` |  |
+| kubernetes-dashboard.metricsScraper.containers.resources.limits.memory | string | `"256Mi"` |  |
+| kubernetes-dashboard.kong.enabled | bool | `true` |  |
+| kubernetes-dashboard.kong.env.dns_order | string | `"LAST,A,CNAME,AAAA,SRV"` |  |
+| kubernetes-dashboard.kong.env.plugins | string | `"off"` |  |
+| kubernetes-dashboard.kong.env.nginx_worker_processes | int | `1` |  |
+| kubernetes-dashboard.kong.ingressController.enabled | bool | `false` |  |
+| kubernetes-dashboard.kong.dblessConfig.configMap | string | `"kong-dbless-config"` |  |
+| kubernetes-dashboard.kong.proxy.type | string | `"ClusterIP"` |  |
+| kubernetes-dashboard.kong.proxy.http.enabled | bool | `false` |  |
+| kubernetes-dashboard.kong.deploymentAnnotations | object | `{}` |  |
+| kubernetes-dashboard.kong.resources.requests.cpu | string | `"100m"` |  |
+| kubernetes-dashboard.kong.resources.requests.memory | string | `"181Mi"` |  |
+| kubernetes-dashboard.kong.resources.limits.cpu | string | `"200m"` |  |
+| kubernetes-dashboard.kong.resources.limits.memory | string | `"256Mi"` |  |
+| kubernetes-dashboard.metrics-server.enabled | bool | `false` |  |
+| kubernetes-dashboard.cert-manager.enabled | bool | `false` |  |
+| kubernetes-dashboard.nginx.enabled | bool | `false` |  |
+| kubernetes-dashboard.app.security.securityContext.runAsNonRoot | bool | `true` |  |
+| kubernetes-dashboard.app.security.securityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
+| kubernetes-dashboard.app.security.containerSecurityContext.allowPrivilegeEscalation | bool | `false` |  |
+| kubernetes-dashboard.app.security.containerSecurityContext.readOnlyRootFilesystem | bool | `true` |  |
+| kubernetes-dashboard.app.security.containerSecurityContext.runAsUser | int | `1001` |  |
+| kubernetes-dashboard.app.security.containerSecurityContext.runAsGroup | int | `2001` |  |
+| kubernetes-dashboard.app.security.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` |  |

charts/kubernetes-dashboard/README.md.gotmpl

@@ -0,0 +1,18 @@
+{{ template "common.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.badgesSection" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "common.prerequisites" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}

charts/kubernetes-dashboard/values.yaml

@@ -0,0 +1,108 @@
+kubernetes-dashboard:
+  # Auth container configuration
+  # Current: 100m/200Mi requests, 250m/400Mi limits
+  # Actual usage: 1m CPU, 7Mi memory
+  auth:
+    containers:
+      resources:
+        requests:
+          cpu: 10m
+          memory: 64Mi
+        limits:
+          cpu: 100m
+          memory: 256Mi
+
+  # API container configuration
+  # Current: 100m/200Mi requests, 250m/400Mi limits
+  # Actual usage: 1m CPU, 10Mi memory
+  api:
+    containers:
+      resources:
+        requests:
+          cpu: 10m
+          memory: 64Mi
+        limits:
+          cpu: 100m
+          memory: 256Mi
+
+  # Web UI container configuration
+  # Current: 100m/200Mi requests, 250m/400Mi limits
+  # Actual usage: 1m CPU, 7Mi memory
+  web:
+    containers:
+      resources:
+        requests:
+          cpu: 10m
+          memory: 64Mi
+        limits:
+          cpu: 100m
+          memory: 256Mi
+
+  # Metrics Scraper configuration
+  # Current: 100m/200Mi requests, 250m/400Mi limits
+  # Actual usage: 1m CPU, 14Mi memory
+  metricsScraper:
+    enabled: true
+    containers:
+      resources:
+        requests:
+          cpu: 10m
+          memory: 64Mi
+        limits:
+          cpu: 100m
+          memory: 256Mi
+
+  # Kong gateway configuration
+  # Current: NO LIMITS SET (BestEffort QoS - CRITICAL ISSUE!)
+  # Actual usage: 2m CPU, 133Mi memory (highest memory consumer)
+  # This configuration adds resource limits for the first time
+  kong:
+    enabled: true
+    env:
+      dns_order: LAST,A,CNAME,AAAA,SRV
+      plugins: 'off'
+      nginx_worker_processes: 1
+    ingressController:
+      enabled: false
+    dblessConfig:
+      configMap: kong-dbless-config
+    proxy:
+      type: ClusterIP
+      http:
+        enabled: false
+    # Resource limits for Kong proxy container
+    # Note: Kong chart uses different structure - resources at deployment level
+    deploymentAnnotations: {}
+    # Resources applied to the Kong deployment
+    resources:
+      requests:
+        cpu: 100m
+        memory: 181Mi
+      limits:
+        cpu: 200m
+        memory: 256Mi
+
+  # Disable optional components (not installed in your cluster)
+  metrics-server:
+    enabled: false
+
+  cert-manager:
+    enabled: false
+
+  nginx:
+    enabled: false
+
+  # Security context (keeping current secure defaults)
+  app:
+    security:
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
+      containerSecurityContext:
+        allowPrivilegeEscalation: false
+        readOnlyRootFilesystem: true
+        runAsUser: 1001
+        runAsGroup: 2001
+        capabilities:
+          drop: ["ALL"]

devbox.json

@@ -4,7 +4,7 @@
     "kubectl@latest",
     "chart-testing@latest",
     "pre-commit@latest",
-    "trivy@latest",
+    "trivy@0.57.1",
     "checkov@3.2.336",
     "kubernetes-helm@latest",
     "actionlint@latest",

devbox.lock

@@ -632,51 +632,51 @@
         }
       }
     },
-    "trivy@latest": {
-      "last_modified": "2025-02-01T06:33:04Z",
-      "resolved": "github:NixOS/nixpkgs/047ebac174c408d6e5428b1865478893001276c5#trivy",
+    "trivy@0.57.1": {
+      "last_modified": "2024-12-03T12:40:06Z",
+      "resolved": "github:NixOS/nixpkgs/566e53c2ad750c84f6d31f9ccb9d00f823165550#trivy",
       "source": "devbox-search",
-      "version": "0.59.0",
+      "version": "0.57.1",
       "systems": {
         "aarch64-darwin": {
           "outputs": [
             {
               "name": "out",
-              "path": "/nix/store/nqygrh6vkw2a8cj83yxwc786mcg6km6w-trivy-0.59.0",
+              "path": "/nix/store/rv93ihqdpksprkpp4bsbfgrg1551i5qa-trivy-0.57.1",
               "default": true
             }
           ],
-          "store_path": "/nix/store/nqygrh6vkw2a8cj83yxwc786mcg6km6w-trivy-0.59.0"
+          "store_path": "/nix/store/rv93ihqdpksprkpp4bsbfgrg1551i5qa-trivy-0.57.1"
         },
         "aarch64-linux": {
           "outputs": [
             {
               "name": "out",
-              "path": "/nix/store/2pkijvw6405qq106s0y49j8956wmikyp-trivy-0.59.0",
+              "path": "/nix/store/fcbxz60idc7fzqyx4svnlm2dl1bihzsh-trivy-0.57.1",
               "default": true
             }
           ],
-          "store_path": "/nix/store/2pkijvw6405qq106s0y49j8956wmikyp-trivy-0.59.0"
+          "store_path": "/nix/store/fcbxz60idc7fzqyx4svnlm2dl1bihzsh-trivy-0.57.1"
         },
         "x86_64-darwin": {
           "outputs": [
             {
               "name": "out",
-              "path": "/nix/store/6cfkq5apf2nzq229gjr6y6vn40f5nv3b-trivy-0.59.0",
+              "path": "/nix/store/517pgmyj9r1bsggcd7wcf64gryw2i0na-trivy-0.57.1",
               "default": true
             }
           ],
-          "store_path": "/nix/store/6cfkq5apf2nzq229gjr6y6vn40f5nv3b-trivy-0.59.0"
+          "store_path": "/nix/store/517pgmyj9r1bsggcd7wcf64gryw2i0na-trivy-0.57.1"
         },
         "x86_64-linux": {
           "outputs": [
             {
               "name": "out",
-              "path": "/nix/store/r3dqya9whwij5wmvzr12hphvq4vvqsch-trivy-0.59.0",
+              "path": "/nix/store/5js971jz5jxfjrnlik7qh03bxclralzk-trivy-0.57.1",
               "default": true
             }
           ],
-          "store_path": "/nix/store/r3dqya9whwij5wmvzr12hphvq4vvqsch-trivy-0.59.0"
+          "store_path": "/nix/store/5js971jz5jxfjrnlik7qh03bxclralzk-trivy-0.57.1"
         }
       }
     },