Custom password for kubernetes dashboard when using eks

1/5/2021

Is it possible to configure a custom password for the Kubernetes dashboard when using eks without customizing "kube-apiserver"? This URL mentions changes in "kube-apiserver" https://techexpert.tips/kubernetes/kubernetes-dashboard-user-authentication/

-- Tanya
amazon-eks
kubernetes
kubernetes-dashboard

1 Answer

1/5/2021

In K8s, requests come as Authentication and Authorization (so the API server can determine if this user can perform the requested action). K8s dont have users, in the simple meaning of that word (Kubernetes users are just strings associated with a request through credentials). The credential strategy is a choice you make while you install the cluster (you can choose from x509, password files, Bearer tokens, etc.).

Without API K8s server automatically falls back to an anonymous user and there is no way to check if provided credentials are valid.

You can do something like : not tested

  • Create a new credential using OpenSSL

export NEW_CREDENTIAL=USER:$(echo PASSWORD | openssl passwd -apr1 -noverify -stdin)

  • Append the previously created credentials to /opt/bitnami/kubernetes/auth.
echo $NEW_CREDENTIAL | sudo tee -a /opt/kubernetes/auth

Replace the cluster basic-auth secret.

kubectl delete secret basic-auth -n kube-system

kubectl create secret generic basic-auth --from-file=/opt/kubernetes/auth -n kube-system
-- Harsh Manvar
Source: StackOverflow