Bypassing authentication for the local Kubernetes Cluster Dashboard
Premier Developer Consultant Randy Patterson shares a tip to bypass authentication for the local Kubernetes Cluster Dashboard.
It’s no secret that you can run a local version of Kubernetes on Docker Desktop for Windows, however, getting the Dashboard installed and configured correctly can be challenging. The problem is that the default installation requires you to manage an admin user and copy that user’s bearer token into the portal to login. This process is fine for shared clusters but for a local cluster it just makes using the dashboard cumbersome. Fortunately, there is an easy workaround and this blog post will guide you through the process.
Once your local Kubernetes cluster is up and running, it’s time to configure and install the dashboard with the ability to skip the login process.
At the time of this writing the released version of the dashboard was 1.10.1, check the Github page for the latest version
First, open a PowerShell prompt and download the latest Kubernetes Dashboard YAML file.
Invoke-WebRequest -Uri https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml -OutFile kubernetes-dashboard.yaml
Next, open the downloaded file in your favorite text editor, I’ll use VS Code.
Locate the container -> args section under the Dashboard-Deployment section (around line 116) and add the following command line arguments:
Your modified args section should look like the following
spec: containers: - name: kubernetes-dashboard image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1 ports: - containerPort: 8443 protocol: TCP args: - --enable-skip-login - --disable-settings-authorizer - --auto-generate-certificates # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs
Save your changes and exit the text editor then install the dashboard from a PowerShell prompt in the same directory as the kubernetes-dashboard.yaml file:
kubectl apply -f .\kubernetes-dashboard.yaml
The output should look something like this:
secret "kubernetes-dashboard-certs" created serviceaccount "kubernetes-dashboard" created role.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created rolebinding.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created deployment.apps "kubernetes-dashboard" created service "kubernetes-dashboard" created
Finally, connect to the dashboard proxy
then navigate to web site:
You can now skip the login process and navigate directly to the Dashboard Overview
This configuration option can be used on any Kubernetes Dashboard installation including Windows or Linux deployments. Bypassing the dashboard authentication can be a real time saver when testing with the locally deployed Kubernetes cluster.
Great article; it’s these little but repetitive tricks that help speed up the development cycle, and I’ll be passing this trick on to my team, thanks. Now if only someone can show how to browse directly to the Dashboard without needing to run the ‘kubectl proxy’ command, that would be great! I suspect that there should be a way to edit the .yaml file and expose the Dashboard’s port 8443, but I am still a Kubernetes newbie, and the topics of port forwarding, NodePorts, Ingresses, etc, are still confusing to me.