You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi @grampelberg.
I'd like to give it a try.
I've investigated a bit and it looks like it's possible to reuse some of kubernetes-dashboard packages for this feature.
Can you please help me to understand full scope of this task and maybe decompose it a bit.
As i can see:
Implement Authorization header usage;
Add some flag for installation (helm variable as well) so linkerd-dashboard will run as service account with minimal vital permissions;
Add documentation for this and add some examples of configuration (e.g. with nginx-ingress + oauth2-proxy);
Add login screen so auth with token/kubeconfig will be available (looks like out of scope).
@StupidScience I'd split this into at least a couple PRs as it'll take more than just implementing the header usage (you'll need to get impersonation working as well). You'll want to get a POC and short design together before doing any serious polishing.
Feature Request
Permit authentication in the dashboard based on authorisation header.
What problem are you trying to solve?
Use central authentication mechanism (such as Keycloak) which give users full access to objects they are granted using RBACs.
How should the problem be solved?
Implement Header authorisation token like in the kubernetes dashboard.
Then you can use dex or keycloak or any Oauth server to provide secure access
The text was updated successfully, but these errors were encountered: