How to access Kubernetes Dashboard as admin with userid/passwd outside cluster?

0
votes

Desired Outcome: I want to set up a CSV file with userids and passwords and access Kubernetes Dashboard as a full admin, preferably from anywhere with a browser. I am just learning kubernetes and want to experiment with cluster management, deployments, etc. This is just for learning and is not a Production Setup. I am using Kubernetes version 1.9.2 and created a 3-machine cluster (master and 2 workers)

Background/What I've done so far:
I read the Dashboard README and I created an admin-user and admin-role-binding with the files shown below. I can then use the kubectl describe secret command to get the admin user's token. I run kubectl proxy on the cluster master and authenticate to the Dashboard with that token using a browser running on the cluster master. All of this works.

admin-user.yaml:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system

admin-role-binding.yaml:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

I can login to the dashboard as admin IF:

  1. I run kubectl proxy
  2. I access the dashboard with a browser where I ran command (1)
  3. I use the "token" option to login and paste the admin user's token which I get using the kubectl describe secret command.

What I'd like to do:

  1. Set up a CSV file with userids/passwords
  2. Login as admin with userid/password
  3. Be able to login from anywhere

To that end, I created a CSV file, e.g. /home/chris/myusers.txt:

mypasswd,admin,42

I did not know what value to use for id so I just punted with 42.

I then edited the file:
/etc/kubernetes/manifests/kube-apiserver.yaml and adding this line:
--basic-auth-file=/home/chris/myusers.txt

and then restarting kubelet:
sudo systemctl restart kubelet

However when I did that, my cluster stopped working and I couldn't access the Dashboard so I reverted back where I still use the admin user's token.

My questions are:

  1. Is it possible to do what I'm trying to do here?
  2. What id values do I use in the user CSV file? What groups would I specify?
  3. What other changes do I need to make to get all of this to work? If I modify the apiserver manifest to use a file with userids/passwords, does that mess up the rest of the configuration for my cluster?
1
kuberneteskubernetes-security

1 Answers

0
votes

You can try this one it is working for me. Taking reference from here.

  volumeMounts:
    - mountPath: /etc/kubernetes/auth.csv
      name: kubernetes-dashboard
      readOnly: true
  volumes:
  - hostPath:
      path: /etc/kubernetes/auth.csv
    name: kubernetes-dashboard

How to config simple login/pass authentication for kubernetes desktop UI