问题描述

我试图在一台使用kubespray的计算机上建立一个新的kubernetes集群(提交7e84de2ae116f624b570eadc28022e924bd273bc).

I am trying to set up a new kubernetes cluster on one machine with kubespray (commit 7e84de2ae116f624b570eadc28022e924bd273bc).

在运行剧本之后(在新的ubuntu 16.04上)，我打开仪表板并看到那些警告弹出窗口:

After running the playbook (on a fresh ubuntu 16.04), I open the dashboard and see those warning popups:

- configmaps is forbidden: User "system:serviceaccount:default:default" cannot list configmaps in the namespace "default"
- persistentvolumeclaims is forbidden: User "system:serviceaccount:default:default" cannot list persistentvolumeclaims in the namespace "default"
- secrets is forbidden: User "system:serviceaccount:default:default" cannot list secrets in the namespace "default"
- services is forbidden: User "system:serviceaccount:default:default" cannot list services in the namespace "default"
- ingresses.extensions is forbidden: User "system:serviceaccount:default:default" cannot list ingresses.extensions in the namespace "default"
- daemonsets.apps is forbidden: User "system:serviceaccount:default:default" cannot list daemonsets.apps in the namespace "default"
- pods is forbidden: User "system:serviceaccount:default:default" cannot list pods in the namespace "default"
- events is forbidden: User "system:serviceaccount:default:default" cannot list events in the namespace "default"
- deployments.apps is forbidden: User "system:serviceaccount:default:default" cannot list deployments.apps in the namespace "default"
- replicasets.apps is forbidden: User "system:serviceaccount:default:default" cannot list replicasets.apps in the namespace "default"
- jobs.batch is forbidden: User "system:serviceaccount:default:default" cannot list jobs.batch in the namespace "default"
- cronjobs.batch is forbidden: User "system:serviceaccount:default:default" cannot list cronjobs.batch in the namespace "default"
- replicationcontrollers is forbidden: User "system:serviceaccount:default:default" cannot list replicationcontrollers in the namespace "default"
- statefulsets.apps is forbidden: User "system:serviceaccount:default:default" cannot list statefulsets.apps in the namespace "default"

kubectl命令似乎很好(代理工作，列出pod等.不返回错误，/api可以访问)，但是，仪表板似乎无法获取任何有用的信息.我应该如何调试呢?

The kubectl commands seem fine (proxy works, listing pods etc. return no error, /api is reachable), however, the dashboard seem unable to fetch any useful information. How should I go about debugging that?

推荐答案

kubectl create clusterrolebinding default-admin --clusterrole cluster-admin --serviceaccount=default:default

似乎可以解决问题-不过，我欢迎您提供解释.(这是对kubespray的监督吗?我需要在其中设置一个变量吗?它与RBAC有关吗?)

seems to do the trick - I'd welcome an explanation though.(Is it an oversight in kubespray? I need to set up a variable there? Is it related to RBAC?)

这篇关于kubespray仪表板警告禁止弹出窗口的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！