Note: These instructions are but a slightly more specific version of these instructions here.
So you wanna' hit up the Kubernetes Dashboard
running on your cluster via an external URL but you wanna' keep that thing locked down with a username and password.
Smart thinking! This is how we do it. Start by cloning this project
to a directory in a location accessible to your kubectl and then cd into that directory.
Start by creating a file called auth containing your desired username and password using the htpasswd utility:
$ htpasswd -c auth <your username here>
New password: <your password here>
Re-type new password: <your password here again>
Adding password for user <username>cat the newly created auth file to see what htpasswd created. C'mon... you know you wanna' see what's in there.
If you want to add additional usernames/passwords to the auth file, simply rerun htpasswd without the -c argument:
$ htpasswd auth <new username>
New password: <new password>
Re-type new password: <new password again.>
Adding password for user <new username>Next, you'll need to create a secret called dashboard-auth-secret in the kube-system namespace. The ingress we're
about to create will look for a secret called dashboard-auth-secret which is why this secret needs to be named thusly.
$ kubectl create secret generic dashboard-auth-secret --from-file=auth -n kube-systemRun this command to see what Kubernetes thinks of your dirty little secret:
$ kubectl get secret dashboard-auth-secret -o yaml -n kube-systemDeploy the Kubernetes Dashboard if haven't already. Instructions here: (https://github.com/kubernetes/dashboard)
The various components of the dashboard run in the kube-system namespace which is why we need to create our secret
and ingress in that same namespace as well.
Now that you've got your secret in place and the dashboard is up and running and has presumably created a
service called kubernetes-dashboard, let's create that frickin' ingress already! You'll need to modify
the value of the host setting in dashboard-ingress.yaml to match the URL that you want the dashboard to
be reachable at. After you've done that, simply run:
$ kubectl apply -f dashboard-ingress.yaml That ought to do it. Your ingress should be in place and routing traffic from the dashboard URL that you specified
in the dashboard-ingress.yaml file to your Kubernetes dashboard and you should be prompted for a username and
password when you try to hit it.
If you've got a hankerin' to tear down all that you've just created, the following commands ought to do it:
$ kubectl delete -f dashboard-ingress.yaml
$ kubectl delete secret dashboard-auth-secret -n kube-systemAssuming that you deployed the dashboard by following these instructions, you can delete the dashboard deployment like so:
$ kubectl delete -f https://git.io/kube-dashboard