K
Q

Securing Kubernetes Dashboard with ABAC

2/20/2019

I have Kubernetes Dashboard installed with basic auth using ABAC. Is there a way to make a user/group that can readonly when logged into the dashboard? Currently, if I skip the login screen (not logged in), I can still view and modify the cluster inside dashboard. Adding "readonly":true to the system:authenticated line doesn't seem to do anything.

I have a policy file:

{
  "apiVersion": "abac.authorization.kubernetes.io/v1beta1",
  "kind": "Policy",
  "spec": {
    "user": "admin",
    "namespace": "*",
    "resource": "*",
    "apiGroup": "*"
  }
}
{
  "apiVersion": "abac.authorization.kubernetes.io/v1beta1",
  "kind": "Policy",
  "spec": {
    "group": "system:authenticated",
    "nonResourcePath": "*"
  }
}
-- hyperstack
abac
dashboard
kubernetes
readonly

Similar Questions

Output of "helm list --all" is empty
Can multiple PersistentVolumeClaims bind to the same local-storage PersistentVolume?
JupyterHub Auto HTTPS Letsencrypt: Kubernetes Ingress Controller Fake Certificate
Prometheus Adapter Custom Metrics for Libvirt in a K8S Cluster
Kubernetes /bin/bash with -c argument returns - : invalid option
kubernetes Service failing while offline (without internet) k3s installation

0 Answers