Kubernetes仪表板显示未经授权 [英] Kubernetes dashboard showing Unauthorized

问题描述

我在本地使用KUBEADM工具配置了具有1个主节点和4个工作节点的kubernetes集群.所有节点都运行良好.部署了一个应用程序，并能够从浏览器访问该应用程序.我尝试了多种使用kubectl创建仪表板的方法，但失败了.

I configured kubernetes cluster with one master and 4 worker nodes using KUBEADM tool IN LOCAL. All nodes are running fine. deployed an app and able access that app from browser. I have tried many ways to create a dashboard using kubectl but i am failed.

TRY1:直接尝试使用以下命令:

TRY1: tried directly with the below command:

$ sudo kubectl proxy --address="172.20.22.101" -p 8001 

尝试使用url http://172.20.22.101:8001/api/v1访问仪表板，但这是未经授权的.

tried to access the dashboard using the url http://172.20.22.101:8001/api/v1, but it is saying unauthorized.

TRY2:创建了以下内容的dashboard-admin.yaml文件:

TRY2: created dashboard-admin.yaml file with the below content:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
   name: kubernetes-dashboard
   labels:
     k8s-app: kubernetes-dashboard
roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: cluster-admin
subjects:
-  kind: ServiceAccount
   name: kubernetes-dashboard
   namespace: kube-system

并运行以下命令:

$ kubectl create -f dashboard-admin.yaml

显示给我:clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created.

运行以下命令:

$ sudo kubectl proxy --address="172.20.22.101" -p 443

它运行良好.我正在访问 http: //172.20.22.101:443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/来自浏览器的URL.它显示了相同的未授权错误.

its running fine. I am accessing the http://172.20.22.101:443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ URL from browser. it's showing same unauthorized error.

推荐答案

使用-accept-hosts 选项

 kubectl proxy --address="172.20.22.101" -p 8001  --accept-hosts="^*$"

它将正常工作.

注意:不建议将其用于生产级kubernetes集群，因为您是通过纯http访问仪表板的.

更安全的选择是像这样通过ssh隧道运行对仪表板的访问.

More secure alternative is to run access the dashboard through ssh tunnel like this.

在一个终端运行中:

kubectl proxy 

在另一个终端中运行SSH隧道到localhost:8001(默认的kubernetes仪表板端口)

in another terminal run a ssh tunnel to localhost:8001 (the default kubernetes dashboard port)

ssh -NT -l SSH_USER -p SSH_PORT K8S_CONTROLLER_IP_ADDR -L 8001:localhost:8001

这篇关于Kubernetes仪表板显示未经授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！