Is it possible to disable kubernetes dashboard tls check

Question

I am login kubernetes dashboard in my local machine(http://kubernetes.dolphin.com:8443/#/login), and I define a virutal domain name in /etc/hosts:

192.168.31.30 kubernetes.dolphin.com

and now I am login kubernetes dashboard uing this domain, but it give me tips:

Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost.

is it possbile to close kubernetes dashboard(kubernetesui/dashboard:v2.0.3) tls security check in kubernetes dashboard yaml? Because my kubernetes in localhost machine and do not need TLS security.Now my login dashboard look like this.

Did you try on `https` instead? like `https://kubernetes.dolphin.com:8443/#/login` and on the not secure screen click Proceed and see if you can login? — vijay v, Jul 18 '20 at 05:52
logs shows `2020-07-18T06:06:54.534154842Z 2020/07/18 06:06:54 Metric client health check failed: the server could not find the requested resource (get services dashboard-metrics-scraper). Retrying in 30 seconds.@vijay ` — Dolphin, Jul 18 '20 at 06:08
Can you check out the steps in this thread @Dolphin [kubernetes-dashboard-error-metric-client-health-check-failed-the-server](https://stackoverflow.com/questions/57520036/kubernetes-dashboard-error-metric-client-health-check-failed-the-server-coul) — vijay v, Jul 18 '20 at 06:11

score 4 · Accepted Answer · answered Jul 18 '20 at 09:03

enable kubernetes dahboard http access:

containers:
    - name: kubernetes-dashboard
        image: 'kubernetesui/dashboard:v2.0.3'
        args:
        - '--namespace=default'
        - '--insecure-port=5443'

so you could using 5443 port to forward kubernetes dashboard access data, and do not need to login. But you should not do like this in production environment.

Andreas · Answer 2 · 2023-03-19T12:26:30.510

According to GitHub docs you have to first enable insecure login like so:

      containers:
      - args:
        #- "--auto-generate-certificates"  # this must be out 
        - "--enable-insecure-login"
        - "--insecure-bind-address=0.0.0.0"
        #- "--insecure-port=5443"  # 9090 by deafult

and then of course add insecure port mapping:

        ports:
        - containerPort: 9090
          protocol: TCP

But please bear in mind that it won't resolve your problem. Traffic to your dashboard instance still is not served via HTTPS from external source. What you ought to do is to use HTTPS connection to the dashboard from your browser using e.g. self-signed certificates in NGINX.

Example how to achieve that:

server {
    # Secure HTTPS (443) port - self-signed certs
    server_name         localhost;
    listen              443 ssl;
    ssl_certificate     /var/www/certbot/nginx-dev.crt; # managed manually, change to your path
    ssl_certificate_key /var/www/certbot/nginx-dev.key; # managed manually, change to your path
    ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
    ssl_prefer_server_ciphers on;

    location = /favicon.ico { 
        access_log      off; 
        log_not_found   off; 
    }
    
    location /{
        proxy_set_header    Host $http_host;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto $scheme;
        proxy_pass          http://<cluster-vm-ip>:<api-port>/api/v1/namespaces/<your-namespace>/services/https:kubernetes-dashboard:8443/proxy/;
    }
}

server {
    # Insecure HTTP (80) port - permanent redirection to HTTPS
    server_name         localhost;
    listen              80;

    if ($host = localhost) {
        return 301 https://$host$request_uri;
    }
    return              404;
}

And result (mind that I have a Kubernetes Cluster running in other machine in my private network):

Kubernetes Dashboard

Hope that helps!

Is it possible to disable kubernetes dashboard tls check

2 Answers2