Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
0.30.0: "minikube dashboard --url" never completes #3236
What you expected to happen:
How to reproduce it:
Anything else do we need to know:
The process seems to wait for
While the commit specifies that the change from
Correct, as a security precaution, as of v0.30.0, the dashboard is now only exposed on-demand, by "minikube dashboard", which in-turn runs "kubectl proxy" underneath to enforce additional security restrictions to prevent DNS repinning attacks. Here's the security advisory:
If you wish to ignore the security precaution, you may locally reverti the YAML change so that the NodePort is exposed.
So, regarding #3208 and this issue -- if I understand it correctly, this could easily be solved by requiring user to specify credentials (username/password) for setting up a dashboard with minikube?
Exactly. Maybe this could/should be solved in two steps? E.g.
Either way, IMHO
I believe the only debate is regarding what would be more proper way of action:
Issues go stale after 90d of inactivity.
If this issue is safe to close now please do so with
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
Closing as not feasible. Requiring users to execute two steps by default just isn't feasible. For security purposes (DNS repinning attacks), the URL should not be guessable, which is why we launch the proxy before hand.
NOTE: As of v0.33, the dashboard service no longer runs by default, so the command command also runs the dashboard service if it isn't running already.
If these security precautions are problematic in your environment - you are welcome to kubectl apply your own dashboard which does not use a proxy. You can then use