Kubernetes禁止:用户“系统:匿名"无法获取路径"/" [英] Kubernetes forbidden: User "system:anonymous" cannot get path "/"
问题描述
在部署到AWS EKS时,我很难通过Internet公开我的应用程序.
I'm struggling to expose my app over the Internet when deployed to AWS EKS.
我已经创建了部署和服务,使用kubectl时我可以看到它们都在运行.我可以看到该应用已成功连接到外部数据库,因为它在启动时运行了一个初始化该数据库的脚本.
I have created a deployment and a service, I can see both of these running when using kubectl. I can see that the app has successfully connected to an external database as it runs a script on startup that initialises said database.
尝试通过Internet访问该应用程序时出现了我的问题.我尝试访问群集端点,但出现此错误:
My issue is arising when trying to access the app over the internet. I have tried accessing the cluster endpoint and I am getting this error:
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "forbidden: User "system:anonymous" cannot get path "/"",
"reason": "Forbidden",
"details": {
},
"code": 403
}
但是,如果我访问"/readyz"路径,则会得到确定"的返回. "/version"返回以下内容:
However, if I access the "/readyz" path I get "ok" returned. "/version" returns the following:
{
"major": "1",
"minor": "16+",
"gitVersion": "v1.16.8-eks-e16311",
"gitCommit": "e163110a04dcb2f39c3325af96d019b4925419eb",
"gitTreeState": "clean",
"buildDate": "2020-03-27T22:37:12Z",
"goVersion": "go1.13.8",
"compiler": "gc",
"platform": "linux/amd64"
}
我的deployment.yml文件包含以下内容:
My deployment.yml file contains the following:
apiVersion: apps/v1
kind: Deployment
metadata:
name: client
labels:
app: client
spec:
replicas: 1
selector:
matchLabels:
app: client
template:
metadata:
labels:
app: client
spec:
containers:
- name: client
image: image/repo
ports:
- containerPort: 80
imagePullPolicy: Always
我的service.yml:
My service.yml:
apiVersion: v1
kind: Service
metadata:
name: client
labels:
run: client
spec:
type: LoadBalancer
ports:
- name: "80"
port: 80
targetPort: 80
protocol: TCP
selector:
run: client
我可以看到已经在AWS控制台中创建了Load Balancer,并且我尝试更新LB的安全组以能够与集群终端节点进行通信. LB仪表板显示了一个附加的实例"OutOfService",并且在监视"选项卡下,我可以看到一个不正常的主机.
I can see the Load Balancer has been created in the AWS console and I have tried updating the security group of the LB to be able to talk to the cluster endpoint. The LB dashboard is showing the one attached instance is 'OutOfService' and also under the monitoring tab, I can see one Unhealthy Host.
我尝试访问控制台EC2区域中提供的Load Balancer端点(这与作为LB服务的EXTERNAL-IP从kubectl get services返回的内容匹配),并且我得到了一个空响应在那里.
I've tried accessing the Load Balancer endpoint as provided in the EC2 area of the console (this matches what is returned from kubectl get services as the EXTERNAL-IP of the LB service) and I'm getting an empty response from there.
curl XXXXXXX.eu-west-2.elb.amazonaws.com:80
curl: (52) Empty reply from server
在网络浏览器中访问时是相同的.
This is the same when accessing in a web browser.
我似乎正在与这个人转转,将不胜感激.
I seem to be going round in circles with this one any help at all would be greatly appreciated.
推荐答案
在这里我从来没有深入探讨这个问题.我再次开始,并为要尝试部署的软件使用了一个预制的Helm图表,它可以正常工作.
I never got to the bottom of the issue here. I started again and used A pre-made Helm chart for the software I was trying to deploy and it worked.
这篇关于Kubernetes禁止:用户“系统:匿名"无法获取路径"/"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
