无法使用令牌和服务帐户登录Kubernetes仪表板 [英] Not able to login to Kubernetes dashboard using token with service account
问题描述
我已经安装了Kubernetes仪表板,并创建了具有适当权限的服务帐户用户,但是由于某些原因,使用令牌登录失败.
I've installed the Kubernetes dashboard, and created a service account user with the appropriate permissions, however logging in with a token fails for some reason.
我看到以下日志:
2018/08/17 14:26:06 [2018-08-17T14:26:06Z] Incoming HTTP/2.0 GET /api/v1/csrftoken/login request from 10.244.0.0:34914: {}
2018/08/17 14:26:06 [2018-08-17T14:26:06Z] Outcoming response to 10.244.0.0:34914 with 200 status code
2018/08/17 14:26:06 [2018-08-17T14:26:06Z] Incoming HTTP/2.0 POST /api/v1/login request from 10.244.0.0:34914: {
"kubeConfig": "",
"password": "",
"token": "ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnJkV0psTFhONWMzUmxiU0lzSW10MVltVnlibVYwWlhNdWFXOHZjMlZ5ZG1salpXRmpZMjkxYm5RdmMyVmpjbVYwTG01aGJXVWlPaUpoWkcxcGJpMTFjMlZ5TFhSdmEyVnVMV2RrZG5oM0lpd2lhM1ZpWlhKdVpYUmxjeTVwYnk5elpYSjJhV05sWVdOamIzVnVkQzl6WlhKMmFXTmxMV0ZqWTI5MWJuUXVibUZ0WlNJNkltRmtiV2x1TFhWelpYSWlMQ0pyZFdKbGNtNWxkR1Z6TG1sdkwzTmxjblpwWTJWaFkyTnZkVzUwTDNObGNuWnBZMlV0WVdOamIzVnVkQzUxYVdRaU9pSmtaVEF4TnpRNU15MWhNakE0TFRFeFpUZ3RPRGxrWmkwd09EQXdNamRoTURobFpHTWlMQ0p6ZFdJaU9pSnplWE4wWlcwNmMyVnlkbWxqWldGalkyOTFiblE2YTNWaVpTMXplWE4wWlcwNllXUnRhVzR0ZFhObGNpSjkucHhfMDEwUTBYU2tPMmNhVi1ZYlRDYlllSTNVMVlmcGh3UFZ4TXBOYmF6dWpSM1gtOGVBTUZmbm1GNHlYWHFZWGw5eWlVYmRvQ3lBSl9YcHF5bTlLQThRaWx6MFU3eWZ1WV9BbUg4NmtDNE9hYW5aem1xSmp2N3ZObDY1MU1OeWF0dU5nR0JmU21GZXRCMnoxUkdYRmlIVF9UczljMjh1ZkZiSXNZNkRMVml4Y2JhUS0za2JxOW9PbzZ3NV8zc3ZRQ3dmNjNiTVNaSEpzdkgyUndwVkhkbFJnM3Rmbl9RRUxGcWtJYzZycERibFlUbXZJcVdVaWJjQVdHcXhDRVR6NU5vUGlnbndMaVpuVi1lZFpKZDRpbUJZNU5Ia3FLM0Q0TDgyTnp1NzJkUVU3M3B4T3F5Q3FVSlNhQ3IyVU52eVVucHRENTZTemdtSTBaM0JqUVkyTjFB",
"username": ""
}
2018/08/17 14:26:06 Non-critical error occurred during resource retrieval: the server has asked for the client to provide credentials
2018/08/17 14:26:06 [2018-08-17T14:26:06Z] Outcoming response to 10.244.0.0:34914 with 200 status code
2018/08/17 14:26:24 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
Kubernetes版本:
Kubernetes version:
kubectl version
Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.7", GitCommit:"dd5e1a2978fd0b97d9b78e1564398aeea7e7fe92", GitTreeState:"clean", BuildDate:"2018-04-19T00:05:56Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.2", GitCommit:"bb9ffb1654d4a729bb4cec18ff088eacc153c239", GitTreeState:"clean", BuildDate:"2018-08-07T23:08:19Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
推荐答案
注意:仪表板不应通过HTTP公开公开.对于通过HTTP访问的域,将无法登录.单击登录页面上的登录"按钮后,什么也不会发生.
NOTE: Dashboard should not be exposed publicly over HTTP. For domains accessed over HTTP it will not be possible to sign in. Nothing will happen after clicking Sign in button on login page.
chrissound 写道:
我通过为仪表板用户授予集群管理员权限并在登录提示符下单击跳过"来解决此问题:
I've worked around this by giving cluster admin permission to the dashboard user and just clicking 'skip' at the login prompt:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
这篇关于无法使用令牌和服务帐户登录Kubernetes仪表板的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!