K8s仪表板未登录(k8s版本1.11) [英] K8s Dashboard not logging in (k8s version 1.11)
问题描述
我使用kubeadm工具进行了K8s(1.11)集群.它在群集中具有1个主节点和一个节点.
I did K8s(1.11) cluster using kubeadm tool. It 1 master and one node in the cluster.
-
我在那里应用了仪表板UI. kubectl create -f https://raw.githubusercontent .com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
I applied dashboard UI there. kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
创建的服务帐户(此链接之后: https://github .com/kubernetes/dashboard/wiki/Creating-sample-user )
Created service account (followed this link: https://github.com/kubernetes/dashboard/wiki/Creating-sample-user)
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
和
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
启动kube代理:kubectl proxy --address 0.0.0.0 --accept-hosts '.*'
并使用以下URL从远程主机访问仪表板:http://<k8s master node IP>:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
And access dashboard from remote host using this URL: http://<k8s master node IP>:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
它要求登录令牌:使用以下命令获得令牌:kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Its asking for token for login: got token using this command: kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
在浏览器中复制并应用令牌之后.它没有登录.它也没有显示身份验证错误…不确定这是什么错误吗?我的令牌错误还是我的kube proxy命令错误?
After copy and apply the token in browser.. its not logging in. Its not showing authentication error too… Not sure wht is wrong with this? Is my token wrong or my kube proxy command wrong?
推荐答案
我根据您发布的内容重新创建了所有步骤.
I recreated all the steps in accordance to what you've posted.
发现问题出在<k8s master node IP>中,在这种情况下,您应该使用localhost.因此,要访问正确的仪表板,您必须使用:
Turns out the issue is in the <k8s master node IP>, you should use localhost in this case. So to access the proper dashboard, you have to use:
启动kubectl代理时-在主节点上创建到apiserver的隧道.默认情况下,仪表板以ServiceType:ClusterIP开头.在此模式下,主节点上的端口未打开,这就是您无法在主节点IP"上访问该端口的原因.如果要使用主节点IP,则必须将ServiceType更改为NodePort.
When you start kubectl proxy - you create a tunnel to your apiserver on the master node. By default, Dashboard is starting with ServiceType: ClusterIP. The Port on the master node in this mode is not open, and that is the reason you can't reach it on the 'master node IP'. If you would like to use master node IP, you have to change the ServiceType to NodePort.
您必须删除旧服务,并通过将服务类型更改为NodePort来更新配置,如以下示例所示(请注意,由于默认情况下假定使用ClusterIP,因此不存在).
You have to delete the old service and update the config by changing service type to NodePort as in the example below (note that ClusterIP is not there because it is assumed by default).
创建一个新的Yaml文件名newservice.yaml
Create a new yaml file name newservice.yaml
---
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
删除旧服务
kubectl delete service kubernetes-dashboard -n kube-system
应用新服务
kubectl apply -f newservice.yaml
运行描述服务
kubectl describe svc kubernetes-dashboard -n kube-system | grep "NodePort"
您可以将该端口与主节点的IP地址一起使用
and you can use that port with the IP address of the master node
Type: NodePort
NodePort: <unset> 30518/TCP
http://<k8s master node IP>:30518/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
请注意,端口号是随机生成的,您的端口号可能会有所不同.
Note that the port number is generated randomly and yours will be probably different.
这篇关于K8s仪表板未登录(k8s版本1.11)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
