无法访问Google Cloud上的Kubernetes仪表板 [英] Couldn't access Kubernetes dashboard on Google Cloud
问题描述
我正在按照此处中给出的说明进行操作.
I am following the instructions as given here.
我使用以下命令在正在键入的gcloud控制台中获取正在运行的群集:如链接中所述,curl -sS https://get.k8s.io | bash,然后,我从得到的命令中运行命令kubectl cluster-info:
I used the following command to get a running cluster, in gcloud console I typed: curl -sS https://get.k8s.io | bash as described in the link, after that, I ran the command kubectl cluster-info from that I got:
kubernetes-dashboard is running at https://35.188.109.36/api/v1/proxy/namespaces/kube-
system/services/kubernetes-dashboard
但是当我从firefox转到该URL时,出现的消息是:
but when I go to that url from firefox, the message that comes is:
User "system:anonymous" cannot proxy services in the namespace
"kube-system".: "No policy matched."
预期的行为:应询问管理员名称和密码以连接到仪表板.
Expected behavior: Should ask for an admin name and password to connect to the dashboard.
推荐答案
您是否没有使用GKE(谷歌Kubernetes引擎)来提供现成的仪表板插件的原因?
Is there a reason why you did not use GKE (Google Kubernetes Engine) which provides the dashboard add-on installed out of the box?
在您的情况下,只需:
- 可能未安装kubernetes-dashboard插件(但日志说的是,所以我认为这不是问题)
- 使
kubectl proxy工作的网络配置可能不存在 - 您使用的
curl .. | sh脚本可能未正确配置身份验证.
- the kubernetes-dashboard addon might not be installed (but logs say so, so I think this is not the problem)
- network configuration that makes
kubectl proxywork might not be there - the
curl .. | shscript you used probably did not configure the authentication properly.
我建议使用GKE,因为这是开箱即用的.您可以在此处找到文档: https://cloud.google.com/kubernetes- engine/docs/oss-ui
I recommend using GKE as this works out of the box. You can find documentation here: https://cloud.google.com/kubernetes-engine/docs/oss-ui
如果您仍要使用GCE,建议您在工作站(而不是Kubernetes节点)上运行kubectl proxy,并在浏览器中访问http://127.0.0.1:8001/ui以查看其是否有效.
If you still want to use GCE, I recommend running kubectl proxy on your workstation (not your kubernetes nodes) and visiting http://127.0.0.1:8001/ui on your browser to see if it works.
如果遇到有关权限不足的错误,则您可能正在使用足够新的Kubernetes版本,该版本在访问API的仪表板之类的Pod上强制执行RBAC策略.您可以通过运行以下命令来授予这些权限:
If you get an error about not having enough permissions, you might be using a Kubernetes version new enough that enforces RBAC policies on pods like dashboard which access the API. You can grant those permissions by running:
kubectl create clusterrolebinding add-on-cluster-admin \
--clusterrole=cluster-admin \
--serviceaccount=kube-system:default
我还建议您在Google Cloud Console中试用GKE UI: https://console.cloud.google .com/kubernetes
这篇关于无法访问Google Cloud上的Kubernetes仪表板的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
