Comments (8)
Does it make sense to use Auth0
from kubeless-ui.
For which part would you need authentication?
from kubeless-ui.
That's the bit I am not sure yet:
- I think the UI should be tied to the k8s cluster auth (so for instance if we were using coreOS dex, we could use social login in the k8s cluster and same in kubeless UI). then with RBAC setup in k8s, folks would only deploy functions where they are allowed to. But forcing folks to deploy Dex might be too much.
- the functions themselves will need some type of auth, but that's not really a UI issue.
If we were to use Auth0 for auth/authz to the UI, I think (current understanding of Auth0) that we would be tied to a single application. All users of kubeless (as in worldwide on different clusters) would authenticate via the same Auth0 app.
from kubeless-ui.
I would also advocate for adding authentication. I deployed the UI after standing up a cluster via Stackpoint only to find it open to the world and having to take it down. I'll be looking for an alternative way to leverage the UI because I like the utility of it, bit having some auth in front would be good. Is the expectation that the UI sits only on an internal network and would never be accessed over the Internet?
from kubeless-ui.
The problem is that to create a function through the UI, one needs to pass its k8s creds somehow otherwise the service account running the UI needs "cluster wide" access.
This is the same issue as the k8s dashboard
from kubeless-ui.
Godo wiki doc here: https://github.com/kubernetes/dashboard/wiki/Access-control
from kubeless-ui.
Definitely, would like to see Open ID Connect
support. It is one of the natively supported authentication strategies in Kubernetes that supports external identity provider logins (Auth0
, Google
and GitHub
among others). Kubernetes's Dashboard
is tacking support in kubernetes/dashboard#2353, however, they're waiting for some APIs to land in Core in order to query the configured authentication strategies in Kubernetes.
As far as being secure out of the box. I'd recommend changeing the service type to ClusterIP
and just using kubectl proxy
to open a secure channel into the cluster. Then access kubeless-ui
using the service proxy URL over localhost:8001
(http://localhost:8001/api/v1/proxy/namespaces/kubeless/services/ui:ui-port/
). The Kubernetes Dashboard uses a similar strategy.
from kubeless-ui.
@thoughtentity yes good points.
We are actually re-writing a kubeless UI in kubeapps: https://github.com/kubeapps/kubeapps . the dashboard is indeed opened via a proxy connection, plus we are starting to align with the k8s dashboard auth strategies:
PR welcome on any projects to move in the right direction :)
from kubeless-ui.
Related Issues (20)
- Additional Documentation HOT 1
- Want flexible root URL HOT 3
- Fix CSS for large functions name HOT 1
- Kubeless UI only has Node 6, Ruby 2.4 and Python 2.7 as possible runtimes
- Issue with basic authentication HOT 2
- Stuck in loading pods HOT 1
- Support for other namespace and other KAFKA services! HOT 4
- Can't access kubeless-ui non-localhost HOT 1
- kubeless-ui needs to enable visibility to configmap HOT 1
- new code updated on kubeless-ui doesn't take effect HOT 2
- adding deps doesn't work HOT 2
- run function gives 500 HOT 3
- Support offline, on-prem installs HOT 3
- AceEditor mode bug
- kubeless-ui doesnt support functions in other namespaces HOT 3
- UI not working HOT 1
- no matches for kind "Deployment" in version "extensions/v1beta1"
- UI page is not scrolling Down. HOT 2
- k8s.yaml has duplicate key. HOT 2
- UI create functions failed (connect ECONNREFUSED 127.0.0.1:8080) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubeless-ui.