问题描述
我在本地使用KUBEADM工具配置了具有1个主节点和4个工作节点的kubernetes集群.所有节点都运行良好.部署了一个应用程序,并能够从浏览器访问该应用程序.我尝试了多种使用kubectl创建仪表板的方法,但失败了.
I configured kubernetes cluster with one master and 4 worker nodes using KUBEADM tool IN LOCAL. All nodes are running fine. deployed an app and able access that app from browser. I have tried many ways to create a dashboard using kubectl but i am failed.
TRY1:直接尝试使用以下命令:
TRY1: tried directly with the below command:
$ sudo kubectl proxy --address="172.20.22.101" -p 8001
尝试使用url http://172.20.22.101:8001/api/v1访问仪表板,但这是未经授权的.
tried to access the dashboard using the url http://172.20.22.101:8001/api/v1, but it is saying unauthorized.
TRY2:创建了以下内容的dashboard-admin.yaml文件:
TRY2: created dashboard-admin.yaml file with the below content:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
并运行以下命令:
$ kubectl create -f dashboard-admin.yaml
显示给我:clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created.
运行以下命令:
$ sudo kubectl proxy --address="172.20.22.101" -p 443
它运行良好.我正在访问 http: //172.20.22.101:443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/来自浏览器的URL.它显示了相同的未授权错误.
its running fine. I am accessing the http://172.20.22.101:443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ URL from browser. it's showing same unauthorized error.
推荐答案
使用-accept-hosts 选项
kubectl proxy --address="172.20.22.101" -p 8001 --accept-hosts="^*$"
它将正常工作.
注意:不建议将其用于生产级kubernetes集群,因为您是通过纯http访问仪表板的.
更安全的选择是像这样通过ssh隧道运行对仪表板的访问.
More secure alternative is to run access the dashboard through ssh tunnel like this.
在一个终端运行中:
kubectl proxy
在另一个终端中运行SSH隧道到localhost:8001(默认的kubernetes仪表板端口)
in another terminal run a ssh tunnel to localhost:8001 (the default kubernetes dashboard port)
ssh -NT -l SSH_USER -p SSH_PORT K8S_CONTROLLER_IP_ADDR -L 8001:localhost:8001
这篇关于Kubernetes仪表板显示未经授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!