如何从外部网络访问Kubernetes仪表板 [英] How to access Kubernetes Dashboard from outside network

问题描述

我正在尝试使用网络外部的Token方法访问kubernetes仪表板.

I am trying to access the kubernetes Dashboard using the Token method outside the network.

我运行了这两个命令来获取令牌

I ran these 2 commands to get the token

kubectl -n kube-system get secret

kubectl -n kube-system describe secret replicaset-controller-token-2p4fk

将粘贴的输出令牌复制到K8登录页面.

Copy paste output token into K8 Login page.

当我单击登录"按钮(页面未加载)时，出现此错误浏览器控制台.

I'm getting this error browser console when I click on Sign in button (Page is not loading).

我正在使用以下命令在内部服务器上运行k8:

I'm running k8 on the internal server using the command:

kubectl proxy --address 0.0.0.0 --accept-hosts '.*'

并尝试从外部网络访问k8 UI控制台.

And trying to access the k8 UI console from outside network.

Failed to load resource: the server responded with a status of 401 (Unauthorized)
vendor.bd425c26.js:6 Error during global settings reload:  Object
:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/api/v1/rbac/status:1 Failed to load resource: the server responded with a status of 401 (Unauthorized)
vendor.bd425c26.js:6 Possibly unhandled rejection: {"data":"MSG_LOGIN_UNAUTHORIZED_ERROR\n","status":401,"config":{"method":"GET","transformRequest":[null],"transformResponse":[null],"jsonpCallbackParam":"callback","url":"api/v1/rbac/status","headers":{"Accept":"application/json, text/plain, */*"}},"statusText":"Unauthorized","xhrStatus":"complete","resource":{}}

我什至尝试了这些步骤，但没有运气，单击登录"按钮后页面无法加载.

I even tried these steps but no luck the page is not loading on clicking Sign in button.

$ kubectl -n kube-system get secret
# All secrets with type 'kubernetes.io/service-account-token' will allow to log in.
# Note that they have different privileges.
NAME                                     TYPE                                  DATA      AGE
deployment-controller-token-frsqj        kubernetes.io/service-account-token   3         22h

$ kubectl -n kube-system describe secret deployment-controller-token-frsqj
Name:         deployment-controller-token-frsqj
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=deployment-controller
              kubernetes.io/service-account.uid=64735958-ae9f-11e7-90d5-02420ac00002

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkZXBsb3ltZW50LWN

这是我的Kube/配置文件

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRV..
    server: https://192.168.15.97:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: LS0tLS1CRUdJTiBD..
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJ..

为什么我没有在签名"按钮旁边看到跳过身份验证按钮?

And why is that I'm not seeing Skip auth button next to Sign button?

我也尝试了以下步骤:

运行以下命令:

1. 此命令将在默认名称空间中为仪表板创建服务帐户

1. This command will create a service account for the dashboard in the default namespace

$kubectl create serviceaccount dashboard -n default

此命令会将集群绑定规则添加到您的仪表板帐户

This command will add the cluster binding rules to your dashboard account

kubectl创建clusterrolebinding仪表板-admin -n默认\ --clusterrole =集群管理员\ --serviceaccount = default:仪表板

kubectl create clusterrolebinding dashboard-admin -n default \ --clusterrole=cluster-admin \ --serviceaccount=default:dashboard

此命令将为您提供仪表板登录所需的令牌

This command will give you the token required for your dashboard login

$kubectl get secret $(kubectl get serviceaccount dashboard -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode 可以帮我一下，我错过了什么.

$kubectl get secret $(kubectl get serviceaccount dashboard -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode Can some help me here what am i missing out.

一些发现:

Some Findings: Link kubectl proxy command only allows HTTP connection. For domains other than localhost and 127.0.0.1 it will not be possible to sign in. Nothing will happen after clicking Sign in button on login page.

kubectl proxy

不支持https调用.

Doesn't support https calls.

是否可以通过外部/本地Windows网络与Kubernetes服务器IP地址一起运行 kubectl代理命令?

Is there a way to run kubectl proxy command along with Kubernetes Server IP Address from an outside/Local windows network ?

注意: 本地系统是Windows 10& Windows. K8是Linux服务器. Docker版本:18.09& k8版本:v1.13.1

Note: The local system is a Windows 10 & K8 is a Linux server. Docker Version: 18.09 & k8 Version: v1.13.1

谢谢

推荐答案

https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard--1.7.X-and-above

我有一个音符:

不应使用kubectl proxy命令公开显示控制板，因为它仅允许HTTP连接.对于除localhost和127.0.0.1以外的域，将无法登录.单击登录页面上的登录"按钮后，什么也不会发生.

The Dashboard should not be exposed publicly using kubectl proxy command as it only allows HTTP connection. For domains other than localhost and 127.0.0.1 it will not be possible to sign in. Nothing will happen after clicking Sign in button on login page.

这篇关于如何从外部网络访问Kubernetes仪表板的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！