How to restrict users of the Kubernete dashboard from viewing secrets?

Question

How to restrict users of the Kubernete dashboard from viewing secrets?

The Kubernetes toolbar allows users to see all the secrets, including their original values, in just a couple of clicks. These secrets probably contain very important data, such as production database passwords and private keys.

How do you restrict dashboard users so that they cannot see sensitive data?

+4

kubernetes kops

peterl Feb 10 '17 at 23:23

source share

1 answer

Jasmine Hegman · Answer 1 · 2017-06-27T21:44:38+0000

This is a known issue , and at the moment it is not officially supported officially - Dashboard is a superuser-level administration tool. This one does not have to be forever, but additional help is needed to get it.

There are several workarounds in this issue that are currently working. Here are some notable quirks around them that you need to know in advance:

If the control panel is under the control panel user and is limited to this? If this is the case, like Anidrud, you can use the auxiliary parts of the toolbar and they will work fine and get 403s if they get access to the Secrets panel.
, ? , kubectl proxy - - MITM auth , .

How to restrict users of the Kubernete dashboard from viewing secrets?

More articles: