Bypassing authentication for the local Kubernetes Cluster Dashboard & HTTPS in Kubernetes Dashboard
Getting the Kubernetes dashboard installed and configured correctly using the recommended settings YAML (https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml) can be challenging. This default installation requires you to manage an admin user and copy that user’s bearer token into the portal to log-in. The easy workaround for local development would be to disable authentication when accessing from the local machine and allow HTTP access. Below are the steps to achieve this.
For local development, you may want to disable authentication or HTTPS. Below are the steps to disable authentication and HTTPS in the Kubernetes dashboard.
- We need to modify the deployment of the Kubernetes dashboard to remove the argument
--auto-generate-certificatesand add the following extra arguments:
--enable-skip-login
--disable-settings-authorizer
--enable-insecure-login
--insecure-bind-address=0.0.0.02. After this change, the Kubernetes dashboard server now starts on the port 9090 for HTTP. Then we need to modify livenessProbe to use HTTP as the scheme and 9090 as the port. Port 9090 also needs to be added as containerPort.
3 we need to modify the service of the Kubernetes dashboard to open port 80 and use 9090 as the target port.
You can save the below file as insecure-kubernetes-dashboard.yml or download from here
kubectl apply -f insecure-kubernetes-dashboard.ymlthe output of the above command should be as below
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper createdAfter this, you can port forward the Kubernetes-dashboard service as below
kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard 9090:80Forwarding from 127.0.0.1:9090 -> 9090
Forwarding from [::1]:9090 -> 9090
After you have done this, access the Kubernetes dashboard from http://localhost:9090/, you can click Skip on the login page to skip authentication and go to the dashboard directly.
