I have a Kubernetes Engine cluster set up in Google Cloud Platform and it's working wonderfully. I can query the Kubernetes API itself to get info on Kubernetes objects, using the IP-based URL of the Kubernetes Master seen when running kubectl cluster-info.
I'd like to create a simple dashboard for less technical users that pulls its info from the Kubernetes API, and this is done client-side (using React). However, I only have the IP-based endpoint and so my requests are blocked by the CORS policy. How can I resolve this simply?
I understand that if I owned the cluster I'd be able to update kube-apiserver.yaml to provide a more permissive value for --cors-allowed-origins, but as far as I can tell I don't have access to this in GKE.
https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/
I've also tried putting a Kong proxy in front of the kubernetes.default internal service, but kubernetes.default is secured with a self-signed certificate that Kong doesn't trust. Should I be pointing Kong at the Kubernetes Master IP instead, even though this isn't inside the cluster? I'm using the Kong Ingress Controller so I don't know if I can point it at "external" endpoints like the Kubernetes Master IP. I could try to spin up a service for this but don't want to go down a rabbithole without some advice.
https://github.com/Kong/kubernetes-ingress-controller
I've also considered that I could write my own little adapter that routes through to kubernetes.default and uses the certificate authority file that Kubernetes will inject. I think this would work, but getting this to work with the server-sent events of the watch endpoints will be a pain and I think it's more effort than I should be going into.
I'm surprised this isn't a more common question, and that makes me think I'm doing something unusual. I'd be keen to see examples of dashboards written over the Kubernetes API.
