Security ConsiderationsΒΆ
Kubernetes Web View exposes all Kubernetes object details via its web frontend. There are a number of security precautions to make:
- Do not expose Kubernetes Web View to the public without authorization (e.g. OAuth2 redirect flow or some authorizing web proxy).
- The default RBAC role for kube-web-view (provided in the
deploy
folder) provides full read-only access to the cluster β modify it accordingly to limit the scope. - Design and understand your access control: decide whether you use kube-web-view only locally (with personal credentials), have a central deployment (with service credentials) to multiple clusters, use OAuth2 Support for cluster access via
--cluster-auth-use-session-token
, or have it deployed per cluster with limited access. - Understand the security risks of exposing your cluster details to Kubernetes Web View users β you should only trust users who you would also give full read-only access to the Kubernetes API.
- Check your Kubernetes objects for potential sensitive information, e.g. application developers might have used container environment variables (
env
) to contain passwords (instead of using secrets or other methods), mitigate accordingly!
Kubernetes Web View tries to have some sane defaults to prevent information leakage:
- Pod container logs are not shown by default as they might contain sensitive information (e.g. access logs, personal data, etc). You have to enable them via the
--show-container-logs
command line flag. - Contents of Kubernetes secrets are masked out (hidden) by default. If you are sure that you want to show secrets (e.g. because you only run kube-web-view on your local computer (
localhost
)), you can disable this feature via the--show-secrets
command line flag.
Note that these are just additional features to prevent accidental security issues β you are responsible for securing Kubernetes Web View appropriately!