You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
master-01:~ # kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
k8s-dashboard-kubernetes-dashboard-7d75c67879-kr89x 1/1 Running 0 17h
master-01:~ # kubectl describe pods -n kubernetes-dashboard
Name: k8s-dashboard-kubernetes-dashboard-7d75c67879-kr89x
Namespace: kubernetes-dashboard
Priority: 0
Node: worker-02/192.168.0.62
Start Time: Wed, 07 Oct 2020 23:27:08 +0000
Labels: app.kubernetes.io/component=kubernetes-dashboard
app.kubernetes.io/instance=k8s-dashboard
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=kubernetes-dashboard
app.kubernetes.io/version=2.0.4
helm.sh/chart=kubernetes-dashboard-2.8.1
pod-template-hash=7d75c67879
Annotations: seccomp.security.alpha.kubernetes.io/pod: runtime/default
Status: Running
IP: 10.40.0.4
IPs:
IP: 10.40.0.4
Controlled By: ReplicaSet/k8s-dashboard-kubernetes-dashboard-7d75c67879
Containers:
kubernetes-dashboard:
Container ID: cri-o://1bf0b7f78e9df5a80006368dd2935763da2732f31e3220161f2589d0b477db83
Image: kubernetesui/dashboard:v2.0.4
Image ID: docker.io/kubernetesui/dashboard@sha256:23f11302695679d55ae7342a5ce89ff5cf636ccebf59b866325b092197938dbe
Port: 9090/TCP
Host Port: 0/TCP
Args:
--namespace=kubernetes-dashboard
--enable-insecure-login=true
State: Running
Started: Thu, 08 Oct 2020 03:33:00 +0000
Ready: True
Restart Count: 0
Limits:
cpu: 2
memory: 200Mi
Requests:
cpu: 100m
memory: 200Mi
Liveness: http-get http://:9090/ delay=30s timeout=30s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/certs from kubernetes-dashboard-certs (rw)
/tmp from tmp-volume (rw)
/var/run/secrets/kubernetes.io/serviceaccount from k8s-dashboard-kubernetes-dashboard-token-rbm7v (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kubernetes-dashboard-certs:
Type: Secret (a volume populated by a Secret)
SecretName: k8s-dashboard-kubernetes-dashboard-certs
Optional: false
tmp-volume:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
k8s-dashboard-kubernetes-dashboard-token-rbm7v:
Type: Secret (a volume populated by a Secret)
SecretName: k8s-dashboard-kubernetes-dashboard-token-rbm7v
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events: <none>
Message obtained while accessing dashboard.kn0wledge.lan
Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost. Read more here .
Expected result
I should be able to login to the dashboard as the "--enable-insecure-login" and "protocolHttp" options are set to true.
Comments
I'm not able to login through the k8s dashboard in HTTP with the "--enable-insecure-login" and "protocolHttp" options enabled.
I also tried juste setting "--enable-insecure-login" instead of "--enable-insecure-login=true" in extravalues.
Enabling the skip login option did not work neither.
Thanks for your time.
The text was updated successfully, but these errors were encountered:
It does not say that you will be allowed to log in over HTTP. It only says that when Dashboard is not served over HTTPS the login screen will still be enabled. Sign-in will always be restricted to HTTP(S) + localhost or HTTPS and external domains as described in the error message that you see on the login screen.
This argument is for people that want to use reverse OAuth proxy as a user-facing part so that Dashboard can run on HTTP, but the proxy will still expose it over HTTPS in the end. Everything works correctly here.
It does not say that you will be allowed to log in over HTTP. It only says that when Dashboard is not served over HTTPS the login screen will still be enabled. Sign-in will always be restricted to HTTP(S) + localhost or HTTPS and external domains as described in the error message that you see on the login screen.
This argument is for people that want to use reverse OAuth proxy as a user-facing part so that Dashboard can run on HTTP, but the proxy will still expose it over HTTPS in the end. Everything works correctly here.
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
@floreks wouldn't it make sense to rename the arg then? I ran into the same issue and in my opinion the argument has the wrong name. enable insecure login sounds for me like I am able to login over plain HTTP.
What the argument is actually doing: enable login view, even if the dashboard is served over HTTP.
Environment
I am building a kubernetes cluster composed of one master and two workers nodes using OpenSuse Kubic distro.
Steps to reproduce
Create a values.yaml file containing the following lines :
Deploy the dashboard using helm :
Observed result
Kubectl results :
Message obtained while accessing dashboard.kn0wledge.lan
Expected result
I should be able to login to the dashboard as the "--enable-insecure-login" and "protocolHttp" options are set to true.
Comments
I'm not able to login through the k8s dashboard in HTTP with the "--enable-insecure-login" and "protocolHttp" options enabled.
I also tried juste setting "--enable-insecure-login" instead of "--enable-insecure-login=true" in extravalues.
Enabling the skip login option did not work neither.
Thanks for your time.
The text was updated successfully, but these errors were encountered: