Bypassing authentication for the local Kubernetes Cluster Dashboard

Premier Developer

Premier

Premier Developer Consultant Randy Patterson shares a tip to bypass authentication for the local Kubernetes Cluster Dashboard.


It’s no secret that you can run a local version of Kubernetes on Docker Desktop for Windows, however, getting the Dashboard installed and configured correctly can be challenging. The problem is that the default installation requires you to manage an admin user and copy that user’s bearer token into the portal to login. This process is fine for shared clusters but for a local cluster it just makes using the dashboard cumbersome. Fortunately, there is an easy workaround and this blog post will guide you through the process.

Once your local Kubernetes cluster is up and running, it’s time to configure and install the dashboard with the ability to skip the login process.

At the time of this writing the released version of the dashboard was 1.10.1, check the Github page for the latest version

First, open a PowerShell prompt and download the latest Kubernetes Dashboard YAML file.

Invoke-WebRequest -Uri https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml -OutFile kubernetes-dashboard.yaml

Next, open the downloaded file in your favorite text editor, I’ll use VS Code.

code .\kubernetes-dashboard.yaml

Locate the container -> args section under the Dashboard-Deployment section (around line 116) and add the following command line arguments:

--enable-skip-login
--disable-settings-authorizer

Your modified args section should look like the following

spec:
      containers:
      - name: kubernetes-dashboard
        image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
        ports:
        - containerPort: 8443
          protocol: TCP
        args:
          - --enable-skip-login
          - --disable-settings-authorizer        
          - --auto-generate-certificates
          # Uncomment the following line to manually specify Kubernetes API server Host
          # If not specified, Dashboard will attempt to auto discover the API server and connect
          # to it. Uncomment only if the default does not work.
          # - --apiserver-host=http://my-address:port
        volumeMounts:
        - name: kubernetes-dashboard-certs
          mountPath: /certs

Save your changes and exit the text editor then install the dashboard from a PowerShell prompt in the same directory as the kubernetes-dashboard.yaml file:

kubectl apply -f .\kubernetes-dashboard.yaml

The output should look something like this:

secret "kubernetes-dashboard-certs" created
serviceaccount "kubernetes-dashboard" created
role.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created
rolebinding.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created
deployment.apps "kubernetes-dashboard" created
service "kubernetes-dashboard" created

Finally, connect to the dashboard proxy

kubectl proxy

then navigate to web site:

http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

You can now skip the login process and navigate directly to the Dashboard Overview

C:\Users\ranpat\AppData\Local\Temp\SNAGHTMLe3395f6.PNG

This configuration option can be used on any Kubernetes Dashboard installation including Windows or Linux deployments. Bypassing the dashboard authentication can be a real time saver when testing with the locally deployed Kubernetes cluster.

1 comment

Leave a comment

  • Steve Guidos
    Steve Guidos

    Great article; it’s these little but repetitive tricks that help speed up the development cycle, and I’ll be passing this trick on to my team, thanks. Now if only someone can show how to browse directly to the Dashboard without needing to run the ‘kubectl proxy’ command, that would be great! I suspect that there should be a way to edit the .yaml file and expose the Dashboard’s port 8443, but I am still a Kubernetes newbie, and the topics of port forwarding, NodePorts, Ingresses, etc, are still confusing to me.