search

mbruzek / layer-k8s

A repository for the Kubernetes charm implmeneted in the reactive framework.
9 stars 3 forks source link

Kubernetes Dashboard #46

Open lazypower opened 8 years ago

lazypower commented 8 years ago

Kubernetes project has released the dashboard, and we can include this in the charms with a single deploy stanza

kubectl create -f https://rawgit.com/kubernetes/dashboard/master/src/deploy/kubernetes-dashboard.yaml
lazypower commented 8 years ago

Upon further investigation, it seems like this should not be running by default. I say this in part due to its lack of basic auth protection. In its current form, we would need the client polling the cluster to have a client certificate for x509 auth reasons. The alternative is to setup an ingress like the following:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
 name: kubedash-ingress
 namespace: kube-system
spec:
 rules:
   - host: kubernetes.dasapp.co
     http:
       paths:
         - path: /
           backend:
             serviceName: kubernetes-dashboard
             servicePort: 80

This however, will create an ingress rule to load balance to the kibe-dashboard, however it has no authentication. Allowing random browsers administrative access to the cluster.

Perhaps this should be an optional add-on that can be exposed/unexposed?

I'm not sure what the right path forward here is, but we should certainly flesh this out more.

the ui

lazypower commented 8 years ago

After additional investigation, the dashboard requires a few more services to be useful