Readonly kubernetes dashboard

Hello,

By default kubernetes providing dashboard with cluster-admin role. Is there a way to get readonly kubernetes dashboard where we can share with everyone.

Thanks,
Niranjan

You can make a read-only dashboard by changing the cluster-role the Kubernetes Dashboard is associated with to one with restricted permissions.

Here is a handy guide I came across.

2 Likes

Thanks @macintoshprime.
i have implemented readonly dashboard

1 Like

As mentioned in the link, We bind the dashboard serviceaccount to clusterrole “view” and added additional permissions as needed like node list.

What about limited write access? Say I need someone to be able to see everything and bounce some pods? Have you done that or seen it done? I’m struggling to find examples, and have not been able to get it working to just have access to delete pods.

You could create a serviceaccount with those permissions and use that to login. I don’t have an example on hand though. You could modify the example in the guide above to meet you needs.

Yep, that’s what I’m doing, the question is more what specific permissions are tied to what functionality? For example, if I grant “”/pod/*, that user can use kubectl to do anything to any pod, but they can’t do it through the dashboard, and no errors are logged or popped up to indicate what specific permission is lacking. I can find lists of what permissions there are (more or less), but not a clear guide for how to make things accessible through the dashboard without it being all or nothing. Most tutorials are content to say “grant admin access,” which is of course not a production-friendly auth model :laughing:

Does the default dashboard work if my cluster doesn’t have heapster running?
If it doesn’t, what are my options?

Its not working for me , as i am able to login with different sa account with custom Cluserrole and uaterrolebinding but i can still edit the pods and deployments via ui , its not logging in with read only mode .
Please help me out