Kubernetes仪表板“被禁止".在整个网站 [英] Kubernetes Dashboard "is forbidden" all over the site
问题描述
我在Kubernetes的整个仪表板站点上都被禁止" *(见图片)
I get "is forbidden" all over the dashboard site in Kubernetes*(See image)
要复制:
-
不是通过shell而是通过网站创建Google Kubernetes集群.
Create a Google Kubernetes Cluster via the site, not from shell.
选择Kubernetes版本1.8.6
Select Kubernetes version 1.8.6
通过连接按钮打开外壳:gcloud container clusters get-credentials cluster-1 --zone us-central1-a --project awear-cloud
Open shell via the connect button: gcloud container clusters get-credentials cluster-1 --zone us-central1-a --project awear-cloud
Kubectl proxy
注意:也尝试过:http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
你知道为什么吗?
推荐答案
您的群集似乎已启用RBAC,并且仪表板缺少在仪表板窗格中定义的服务帐户.通过添加此SA及其角色/绑定,您应该能够轻松缓解此问题.为什么不首先创建它对我来说还是个谜,除非您可能指定了诸如ie之类的东西.旧版身份验证.
It looks like your cluster is RBAC enabled and the dashboard is missing a service account defined in the dashboard pod(s). You should be able to easily mitigate this issue by adding this SA and it's Roles/Bindings. Why is it not created in the first place is a mystery for me, unless you maybe specified something like ie. legacy auth.
这篇关于Kubernetes仪表板“被禁止".在整个网站的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!