K
Q

Kubernetes dashboard gives "Unauthorized" when using proxy

10/9/2018

I'm trying to work with a Kubernetes dashboard on a newly set up AKS cluster with Kubernetes 1.9.9 deployed on Azure.

I run kubectl proxy and open http://localhost:8001/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy/#!/overview?namespace=default to look at the dashboard.

I get a message Unauthorized. And almost all functionality is disabled.

When I google this problem most solutions seem to revolve around not going against anything but localhost to reach the dashboard. But I am going against localhost. Isn't kubectl proxy supposed to give me an automatically authorized entry point?

-- worldsayshi
azure-aks
kubernetes

Similar Questions

Use hosts file for docker-in-docker container in kubernetes pod
No such file or directory after declared the volumeMounts
How to achieve high availability and load balancing in Kubernetes cluster
Kubernetes set Eviction Thresholds, system-reserved , kube-reserved

1 Answer

10/9/2018

This really depends on what ServiceAccount or User you are using to connect to the kube-apiserver. If you really want to have access without looking at policies in detail (gives access to everything), you can kubectl apply -f something like this:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: my-cluster-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: <your-user-from-your-~/.kube/config>

Alternatively:

kubectl create clusterrolebinding my-cluster-admin --clusterrole=cluster-admin --user=<your-user-from-your-~/.kube/config>

You can also use a Group or ServiceAccount in place of a User.

-- Rico
Source: StackOverflow