K
Q

How to Limit Kubernetes Dashboard Users from Seeing Secrets?

2/10/2017

The Kubernetes Dashboard allows users to see all secrets, including their raw values with just a couple clicks. These secrets will likely contain very sensitive data, such as production database passwords and private keys.

How do you limit users of the Dashboard, so that they can't see the sensitive data?

-- peterl
kops
kubernetes

Similar Questions

Kubernetes services sometimes unreachable
Docker + Kubernetes build
How to set up kubernetes on travis YML file
unable to call services from other nodes

1 Answer

6/27/2017

This is a known issue and it is simply not officially supported at the moment - the Dashboard is a super-user level administration tool. This should not be the case forever, but more help is needed to get it there.

There are some workarounds discussed in that issue thread that work currently. Here are some notable quirks around them to be aware of beforehand:

  • Should the dashboard be under a dashboard user, and limited by that? If so, like Anirudh suggested you can neuter parts of the Dashboard and it will work fine and get 403s if they access the Secrets panel.
  • Should the dashboard be under a logged in user, and be limited to what that user can see? This means that kubectl proxy will be necessary without some browser plugin or MITM proxy to attach the needed auth to dashboard server calls but it is possible.
-- Jasmine Hegman
Source: StackOverflow