Is it possible to have a restricted Kubernetes dashboard? The idea is to have a pod running kubectl proxy
in the cluster (protected with basic HTTP authentication) to get a quick overview of the status:
However, I do not want users to be able to do "privileged" actions, like creating new pods, deleting pods or accessing secrets.
Is there some option to start the dashboard with a specified user or with restricted permissions?
It should be possible in kubernetes with RBAC enabled.
You do not need to run a pod with kubectl proxy
.
I'm not sure whether it is possible to have 2 different sets of permissions for the same pod, but worst case you have to run 2 dashboards.
Basically, what you need to do is: