Dashboard: Login improvements

Created on 11 Sep 2017  路  13Comments  路  Source: kubernetes/dashboard

Tracking issue for further non-critical login improvements.

  • [x] Allow overriding key holder name/namespace with arguments passed to dashboard. This will allow multiple dashboard deployments to use different encryption keys.
  • [ ] Token blacklisting feature
    In case user logs out his token should be invalidated. We should blacklist it until it expires.
  • [ ] Key rotation feature
  • [ ] Consider generating self-signed certificates signed by apiserver CA. This would allow to keep HTTPS enabled by default.
  • [ ] Support for external identity providers (i.e. Github OAuth, OIDC). #2621, #2630
  • [ ] Improve error handling and localize all errors.
  • [ ] https://github.com/kubernetes/dashboard/issues/964#issuecomment-332842897
  • [ ] Allow logging in when a very long token is provided (i.e. Azure with groups, etc.)
kinfeature lifecyclfrozen prioritcritical-urgent
Source
picture floreks
👍27

Most helpful comment

It would be absolutely fantastic if we could get some traction on this.

picture jurgenweber on 26 Feb 2019
👍14

All 13 comments

It would be nice when I login with kubeconfig file to automatically show me the namespace from kubeconfig file instead of just showing default namespace by default.

cohadar picture cohadar on 24 Nov 2017

Is there a ticket on the core side that tracks implementation of the API features/endpoints required for OIDC to work sensibly in dashboard?

pdf picture pdf on 9 Mar 2018

I haven't been following core roadmap lately, so I don't know. We'll try to revisit it after angular migration.

floreks picture floreks on 9 Mar 2018

What's the latest on this? I'm interested in having OIDC auth information published in the kube-public namespace for interested clients to discover, for other reasons, in addition to possibly having the dashboard auth scenario be much simpler.

colemickens picture colemickens on 26 Jun 2018

It would be also awesome if, when you go to some url (for example, dashboard/#!/log/namespace/pod), and it required sign, it wouldn't forget your url and send you to the page you wanted, and not to overview of default namespace.

yhaskell picture yhaskell on 26 Sep 2018
👍3

It would be absolutely fantastic if we could get some traction on this.

jurgenweber picture jurgenweber on 26 Feb 2019
👍14

Also interested by the feature that @cohadar suggested :

It would be nice when I login with kubeconfig file to automatically show me the namespace from kubeconfig file instead of just showing default namespace by default.

Any news/info about this ?
Thanks

erandu picture erandu on 1 Jul 2019

Is there any integration on access to the dashboard and AWS IAM?

Many thanks.

nandonespolo picture nandonespolo on 6 Dec 2019
👍2

Still waiting for this...

sshishov picture sshishov on 22 Mar 2020

@sshishov You can wait or you can contribute. We are not able to do everything instantly with just a few people.

maciaszczykm picture maciaszczykm on 23 Mar 2020
👍2

Any news regarding oidc support? :)

andloh picture andloh on 4 Jul 2020
👍6

I know this things take a long time.. any news about it ?

barnybadzoo picture barnybadzoo on 16 Nov 2020

The main issue is that we don't have anyone willing to work on that right now. Our main focus goes to designing and creating a new standalone gRPC API for Dashboard.

floreks picture floreks on 16 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

lukmanulhakimd picture lukmanulhakimd  路  4Comments
minminmsn picture minminmsn  路  4Comments
pavankjadda picture pavankjadda  路  3Comments
maciaszczykm picture maciaszczykm  路  3Comments
mxey picture mxey  路  3Comments