Restricted Kubernetes dashboard?

Based on the answer from lwolf, I used the kubernetes-dashboard.yaml and changed it to run on the slaves, in the default namespace.

The important change is the kind: ClusterRole, name: view part, which assigns the view role to the dashboard user.

apiVersion: v1kind: ServiceAccountmetadata:  labels:    k8s-app: kubernetes-dashboard  name: ro-dashboard---apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRoleBindingmetadata:  name: ro-dashboard  labels:    k8s-app: kubernetes-dashboardroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: viewsubjects:- kind: ServiceAccount  name: ro-dashboard  apiGroup: ''  namespace: default---kind: DeploymentapiVersion: extensions/v1beta1metadata:  labels:    k8s-app: kubernetes-dashboard  name: ro-dashboardspec:  replicas: 1  revisionHistoryLimit: 0  selector:    matchLabels:      k8s-app: kubernetes-dashboard  template:    metadata:      labels:        k8s-app: kubernetes-dashboard    spec:      containers:      - name: kubernetes-dashboard        image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.6.3        ports:        - containerPort: 9090          protocol: TCP        livenessProbe:          httpGet:            path: /            port: 9090          initialDelaySeconds: 30          timeoutSeconds: 30      serviceAccountName: ro-dashboard---kind: ServiceapiVersion: v1metadata:  labels:    k8s-app: kubernetes-dashboard  name: ro-dashboardspec:  type: LoadBalancer  ports:  - port: 80    targetPort: 9090  selector:    k8s-app: kubernetes-dashboard

It should be possible in kubernetes with RBAC enabled.You do not need to run a pod with kubectl proxy.I'm not sure whether it is possible to have 2 different sets of permissions for the same pod, but worst case you have to run 2 dashboards.

Basically, what you need to do is:

• deploy dashboard in your cluster with read-only permissions in RBAC
• expose your running dashboard service
• add ingress with basic HTTP auth