[swozey]

You recommend RBAC but then state that the k8s-dash starts with full permissions. That's not true at all when using RBAC. You need to define which namespaces, resources, etc get accessed. Right now with k8s if you deploy RBAC + k8s-dash (which is basically deprecated anyway) and don't set up its RBAC svc account you won't be able to view things in k8s without putting in your personal admin token because it would use the default service account which has no/very limited permissions.

Definitely suggest adding more RBAC examples to this. And things like ETCD w/SSL, etc.

[towolf]

Someone installed the dashboard for us before the RBAC stuff was added. The fun started when we realized that the old ClusterRoleBinding needed to be deleted manually.

Clicking SKIP hence gave full access until we did.

It's nice when things are idempotent, but removing stray things that should go absent is usually overlooked.

[Filligree]

If k8s-dash is deprecated, what's the replacement?

[swozey]

I may be wrong on that, or it's in flux. About 6 months ago in one of the changelogs or GKE blogs it was mentioned that the k8s-dash was being deprecated as GKE was launching its own proprietary dashboard (basically the GKE UI now). But sig-UI is still a thing so maybe that changed or I misread. Or it was more specific to GKE users, not entirely sure and having trouble tracking all that down now.. Sorry if misinforming anyone, hopefully a SIG member can chime in.

I don't believe I'm confusing this with kube-ui, which was deprecated for kube-dash.

https://github.com/kubernetes/community/tree/master/sig-ui

[mugsie]

kubernetes dashboard[0] is still very much alive afaik.

Some providers / distros may have deprecated it, but the community hasn't.

0 - https://github.com/kubernetes/dashboard