加入 Gitee

与超过 1200万开发者一起发现、参与优秀开源项目，私有仓库也完全免费：）

克隆/下载

README.md 1.53 KB

AI 代码解读

# User guide

* [Accessing Dashboard](accessing-dashboard/README.md)
* [Access control](access-control/README.md)
  * [Creating sample user](access-control/creating-sample-user.md)
* [Integrations](integrations.md)
* [Labels](labels.md)

## User Impersonation

Impersonation uses a reverse proxy to inject a user's identifying information (username, groups and extra scopes) as headers in each request to the API server. The Dashboard can pass these headers to the API server if your reverse proxy will inject them in the requests.

![Impersonation Architecture](images/dashboard-impersonation.png "Impersonation Architecture")

Impersonation is useful in situations where using a user's token isn't available, such as cloud-hosted Kubernetes services.  To use impersonation a reverse proxy must:

1. Have a Kubernetes service account that [has RBAC permissions to impersonate other users](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#user-impersonation)
2. Generate the `Impersonate-User` header with a unique name identifying the user
3. *Optional* Generate the `Impersonate-Group` header(s) with the impersonated user's group data
4. *Optional* Generate the `Impersonate-Extra` header(s) with additional authorization data

Impersonation will only work when the reverse proxy provides the `Authorization` header with a valid service account.  It will not work with any other method of authenticating to the dashboard.

----
_Copyright 2019 [The Kubernetes Dashboard Authors](https://github.com/kubernetes/dashboard/graphs/contributors)_

一键复制编辑原始数据按行查看历史

提交于 2023-07-07 16:55 . feat: Update helm deployment (#7969)

User guide

User Impersonation

Impersonation uses a reverse proxy to inject a user's identifying information (username, groups and extra scopes) as headers in each request to the API server. The Dashboard can pass these headers to the API server if your reverse proxy will inject them in the requests.

Impersonation Architecture

Impersonation is useful in situations where using a user's token isn't available, such as cloud-hosted Kubernetes services. To use impersonation a reverse proxy must:

Have a Kubernetes service account that has RBAC permissions to impersonate other users
Generate the Impersonate-User header with a unique name identifying the user
Optional Generate the Impersonate-Group header(s) with the impersonated user's group data
Optional Generate the Impersonate-Extra header(s) with additional authorization data

Impersonation will only work when the reverse proxy provides the Authorization header with a valid service account. It will not work with any other method of authenticating to the dashboard.

Copyright 2019 The Kubernetes Dashboard Authors

1

https://gitee.com/guerlab_net/k8s_dashboard.git

git@gitee.com:guerlab_net/k8s_dashboard.git

guerlab_net

k8s_dashboard

dashboard

master