Deploying the dashboard with a reverse proxy
Proxies are a common pattern in Kubernetes. There are proxies at every layer in a Kubernetes cluster. The proxy pattern is also used by most service mesh implementations on Kubernetes, creating side cars that will intercept requests. The difference between the reverse proxy described here and these proxies is in their intent. Microservice proxies often do not carry a session, whereas web applications need a session to manage state.
The following diagram shows the architecture of a Kubernetes Dashboard with a reverse proxy:
Figure 7.6: Kubernetes Dashboard with a reverse proxy
The reverse proxy shown in Figure 7.6 performs three roles:
- Authentication: The reverse proxy intercepts unauthenticated requests (or stale sessions) and triggers the authentication process with an OpenID Connect identity provider to authenticate the user.
- Session management: Kubernetes' Dashboard is a user-facing application...