dashboard
dashboard copied to clipboard
Make 'isCurrentDomainSecure' more flexible
What would you like to be added?
For local development it would be great, if not exactly the host name must match 'localhost' (or 127.0.0.1), but if prefixes are allowed for non-https access. For example "dashboard.localhost".
The code could look like
private isCurrentDomainSecure_(): boolean {
return location.hostname.endsWith('localhost') || location.hostname.endsWith('127.0.0.1');
}
Why is this needed?
It is not easily possible to create TLS certificates for localhost. Using an ingress to access all cluster services - incl. the dashboard - would allow for a more consistent experience. To achieve this it is most convenient to use sudomains with the 'localhost' domain.
I am not sure why would it matter for the local dev environment. When running locally I simply grant Dashboard itself full privileges and disable HTTPS. Another option is to simply ignore the browser prompt about untrusted certificates since you know this is your local dev instance.
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/stale
is applied - After 30d of inactivity since
lifecycle/stale
was applied,lifecycle/rotten
is applied - After 30d of inactivity since
lifecycle/rotten
was applied, the issue is closed
You can:
- Mark this issue or PR as fresh with
/remove-lifecycle stale
- Mark this issue or PR as rotten with
/lifecycle rotten
- Close this issue or PR with
/close
- Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
I have a different motivation for allowing dashboard.localhost
: Dashboard doesn't have native support for operating from a subpath (#3686, #5017). The easiest way to run it behind Ingress/Gateway (providing authn middleware) is to use a hostname matcher.
I'm running my Bottlerocket/K8s tests in VirtualBox and using NAT with port-forwarding to the VM, which means my Gateway ends up as e.g. localhost:1234
. To differentiate Dashboard from something else running on the same Gateway, it would be nice to be able to just say dashboard.localhost:1234
in the browser, which AFAIK resolves the same as localhost
everywhere, but the Host
header becomes more useful.
Edit Confirmed that subdomains of localhost
should be treated as localhost.
: https://datatracker.ietf.org/doc/html/rfc6761#section-6.3
I built a monkey-patched PoC image and a script to monkey-patch the manifests: https://github.com/kubernetes/dashboard/issues/7058