search

kubernetes / dashboard

General-purpose web UI for Kubernetes clusters
Apache License 2.0
14.38k stars 4.16k forks source link

Support --apiserver-host and --apiserver-skip-tls-verify in Auth module #9352

Open leonjyq opened 2 months ago

leonjyq commented 2 months ago

What would you like to be added?

For the dashboard auth module, I would like to be able to specify the --apiserver-host and --apiserver-skip-tls-verify like what we can do in API module.

Why is this needed?

Below is the solution we want to implement, we specify the api host to kube-oidc-proxy to leverage its capability for impersonating the request with Azure AD group. API module supports specifying the api host, but Auth module can't. This causes that Auth module will talk to Kubernetes API server directly instead of kube-oidc-proxy, and Kubernetes API server doesn't acknowledge the token signed by Dex. image

josemaia commented 1 week ago

Hi, I see there is a new dashboard release 7.7.0 with this code in master branch, but there was no new image build of the auth image. is there anything special that needs to be done for this to happen? This would be very helpful for my use-case :) @maciaszczykm @floreks

Thanks.

floreks commented 1 week ago

We will do the full release too. It was just a quick release with all helm changes.