-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dashboard permission errors on upgrading to dashboard version 1.10.1 #3479
Comments
Are you skipping auth? |
We have a proxy in front for authentication. This was working fine till dashboard 1.8.3. |
@floreks I just re-checked with v1.10.0 and things seem to just work fine. It probably has to do with something that changed in v1.10.1 |
Most probably it is related to this changes:
You might have been using that without knowing. Try to see if adding |
I have the same issue in 1.10.1, 1.10.0 works fine. |
Can you show us your YAML files? |
Which file ? I don't use any yaml file, I use a token to connect. |
We figured that we need to specify --enable-insecure-login flag in our yaml, this was not needed in past, even though the flag has been available since long. Probably because of this particular change: |
It was added in 1.10.0 if I remember correctly. Basically, we do not recommend exposing Dashboard over HTTP, unless you are using some kind of reverse proxy for authentication and authorization. This was added for security reasons. If you have solved the issue then I think we can close. /close |
@floreks: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@floreks We have a reverse proxy for authentication and authorization deployed in front of the dashboard, can you confirm the usage of --enable-insecure-login flag is appropriate in that case? |
@gsadhani In this case you could actually use alternative deployment instead of a recommended one. This way Dashboard login view would not be shown at all and your proxy should handle passing the authorization header. |
… --enable-insecure-login instead of --enable-skip-login Ref: kubernetes/dashboard#3479 (comment) https://github.com/kubernetes/dashboard/wiki/Dashboard-arguments
I have a k8s 1.11.5 cluster which was running dashboard version 1.8.3. I upgraded the dashboard to version 1.10.1 but this gives me following error:
There are multiple pages/issues asking about the same thing and what I figured out is that all the solutions suggest giving admin privileges to dashboard's service account. But this is something we do not want to do since it could be a security issue. Some of the page links that suggest this are:
https://github.com/Azure/acs-engine/issues/3130
https://blogs.msdn.microsoft.com/kennethteo/2018/07/26/aks-with-aad/
We would like to know what exactly changed in the latest dashboard that is causing this? Is this expected?
The text was updated successfully, but these errors were encountered: