Open jo-krk opened 1 year ago
nkwangleiGIT
commented
1 year ago currently, I'm using keycloak-gatekeeper as a sidecar proxy to use the token from OIDC, here is a sample for your reference: https://github.com/kubebb/addon-components/tree/master/kube-dashboard
k8s-triage-robot
commented
9 months ago The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale is appliedlifecycle/stale was applied, lifecycle/rotten is appliedlifecycle/rotten was applied, the issue is closedYou can:
/remove-lifecycle stale/closePlease send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
aslafy-z
commented
9 months ago I made a oauth2-proxy compatible adapter that forwards requests to kubernetes-dashboard with the right headers format, see a sample deployment at https://github.com/aslafy-z/k8s-dashboard-impersonation-proxy/tree/main?tab=readme-ov-file#demo.
k8s-triage-robot
commented
8 months ago The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale is appliedlifecycle/stale was applied, lifecycle/rotten is appliedlifecycle/rotten was applied, the issue is closedYou can:
/remove-lifecycle rotten/closePlease send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
aslafy-z
commented
8 months ago /remove-lifecycle rotten
k8s-triage-robot
commented
5 months ago The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale is appliedlifecycle/stale was applied, lifecycle/rotten is appliedlifecycle/rotten was applied, the issue is closedYou can:
/remove-lifecycle stale/closePlease send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
k8s-triage-robot
commented
4 months ago The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale is appliedlifecycle/stale was applied, lifecycle/rotten is appliedlifecycle/rotten was applied, the issue is closedYou can:
/remove-lifecycle rotten/closePlease send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
aslafy-z
commented
3 months ago /remove-lifecycle rotten
k8s-triage-robot
commented
4 weeks ago The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale is appliedlifecycle/stale was applied, lifecycle/rotten is appliedlifecycle/rotten was applied, the issue is closedYou can:
/remove-lifecycle stale/closePlease send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
aslafy-z
commented
4 weeks ago /remove-lifecycle stale
What would you like to be added?
Hi, It's not really a feature request, more like a wish to hear best-practices/recipes-that-work, please feel free to move, if you think there is better type/label for it.
My goal is to provide Dashboard to few different teams, who have different permissions (configured via RBACs) and accessible via OIDC & Keycloak. To achieve that I was using oauth2-proxy, but soon I realized that oauth2-proxy and XHR requests, from Dashboard, don't work nicely together - I can see Dashboard page failing with "CORS: Missing allow origin" error after a while, Origin being "Origin: null", so I can't really allow it @ Keycloak.
How others are achieving it? I think it should be common setup to have Dashboard working with OIDC. I'm ready to replace oauth2-proxy with something else, if required.
Thanks.
Why is this needed?
I think it should be common scenario to use Dashboard with OIDC.