CODEWITHSUNDEEP
kubernetes
Dolphin
Dolphin

Reputation: 38763

Is it possible to disable kubernetes dashboard tls check

I am login kubernetes dashboard in my local machine(http://kubernetes.dolphin.com:8443/#/login), and I define a virutal domain name in /etc/hosts:

192.168.31.30 kubernetes.dolphin.com

and now I am login kubernetes dashboard uing this domain, but it give me tips:

Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost.

is it possbile to close kubernetes dashboard(kubernetesui/dashboard:v2.0.3) tls security check in kubernetes dashboard yaml? Because my kubernetes in localhost machine and do not need TLS security.Now my login dashboard look like this.

enter image description here

Upvotes: 0

Views: 7982

Answers (2)

Andreas
Andreas

Reputation: 111

According to GitHub docs you have to first enable insecure login like so:

      containers:
      - args:
        #- "--auto-generate-certificates"  # this must be out 
        - "--enable-insecure-login"
        - "--insecure-bind-address=0.0.0.0"
        #- "--insecure-port=5443"  # 9090 by deafult

and then of course add insecure port mapping:

        ports:
        - containerPort: 9090
          protocol: TCP

But please bear in mind that it won't resolve your problem. Traffic to your dashboard instance still is not served via HTTPS from external source. What you ought to do is to use HTTPS connection to the dashboard from your browser using e.g. self-signed certificates in NGINX.

Example how to achieve that:

server {
    # Secure HTTPS (443) port - self-signed certs
    server_name         localhost;
    listen              443 ssl;
    ssl_certificate     /var/www/certbot/nginx-dev.crt; # managed manually, change to your path
    ssl_certificate_key /var/www/certbot/nginx-dev.key; # managed manually, change to your path
    ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
    ssl_prefer_server_ciphers on;

    location = /favicon.ico { 
        access_log      off; 
        log_not_found   off; 
    }
    
    location /{
        proxy_set_header    Host $http_host;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto $scheme;
        proxy_pass          http://<cluster-vm-ip>:<api-port>/api/v1/namespaces/<your-namespace>/services/https:kubernetes-dashboard:8443/proxy/;
    }
}

server {
    # Insecure HTTP (80) port - permanent redirection to HTTPS
    server_name         localhost;
    listen              80;

    if ($host = localhost) {
        return 301 https://$host$request_uri;
    }
    return              404;
}

And result (mind that I have a Kubernetes Cluster running in other machine in my private network):

Kubernetes Dashboard

Hope that helps!

Upvotes: 1

Dolphin
Dolphin

Reputation: 38763

enable kubernetes dahboard http access:

containers:
    - name: kubernetes-dashboard
        image: 'kubernetesui/dashboard:v2.0.3'
        args:
        - '--namespace=default'
        - '--insecure-port=5443'

so you could using 5443 port to forward kubernetes dashboard access data, and do not need to login. But you should not do like this in production environment.

Upvotes: 4

Related Questions