pods 被禁止:用户“system:serviceaccount:kubernetes-dashboard:admin-user";无法列出资源“pods"在 API 组“"中在命名空间“default"中 [英] pods is forbidden: User "system:serviceaccount:kubernetes-dashboard:admin-user" cannot list resource "pods" in API group "" in the namespace "default"
问题描述
我正在尝试按照 这篇文章 在 Ubuntu 18.04 上设置 Kubernetes.
一切正常,但是当我尝试访问本地 Kubernetes 仪表板时,它显示为空,并且没有像 pods、services & 那样可见.部署.
但是当我运行 $>kubectl get pods,svc,deployments
然后它显示以下输出.如果命令行显示所有详细信息,为什么我看到空的 Kubernetes 仪表板?
我已经运行了以下命令
$>kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml$>kubectl 代理
我在这里缺少任何配置吗?有什么建议可以解决这个问题吗?
$>kubectl 获取 pods --all-namespacesNAMESPACE NAME READY STATUS RESTARTS 年龄kubernetes-dashboard 仪表板-metrics-scraper-76585494d8-4rrdp 1/1 运行 3 46hkubernetes-dashboard kubernetes-dashboard-5996555fd8-sxgxf 1/1 运行 16 46h
查看通知部分后,发现这些错误
<块引用>禁止事件:用户system:serviceaccount:kubernetes-dashboard:admin-user"无法列出命名空间default"中API组"中的资源events"
pods 被禁止:用户system:serviceaccount:kubernetes-dashboard:admin-user"无法列出命名空间default"中API组"中的资源pods"
<小时>
更新 1:
应用 RBAC kubectl apply -f filename.yml
apiVersion: v1种类:服务账户元数据:名称:管理员用户命名空间:kube-system---api版本:rbac.authorization.k8s.io/v1beta1种类:ClusterRoleBinding元数据:名称:管理员用户角色参考:apiGroup: rbac.authorization.k8s.io种类:集群角色名称:集群管理员科目:- 种类:ServiceAccount名称:管理员用户命名空间:kube-system
您可能需要将仪表板服务帐户绑定到集群管理员角色:
kubectl create clusterrolebinding dashboard-admin-sa--clusterrole=cluster-admin --serviceaccount=default:dashboard-admin-sa
否则,仪表板服务帐户无权访问将填充仪表板的数据.
I am trying to setup Kubernetes on Ubuntu 18.04 by following this article.
Everything works fine but when I am trying to access local Kubernetes dashboard then it shows empty and nothing is visible like pods,services & deployments.
However when I am running $> kubectl get pods,svc,deployments
then it shows following output.If command line is showing all the details why I am seeing empty Kubernetes dashboard?
I already ran following commands
$> kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
$> kubectl proxy
Am I missing any configuration here? Any suggestions to fix this issue?
$> kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kubernetes-dashboard dashboard-metrics-scraper-76585494d8-4rrdp 1/1 Running 3 46h
kubernetes-dashboard kubernetes-dashboard-5996555fd8-sxgxf 1/1 Running 16 46h
After looking at the notification section, found these errors
events is forbidden: User "system:serviceaccount:kubernetes-dashboard:admin-user" cannot list resource "events" in API group "" in the namespace "default"
pods is forbidden: User "system:serviceaccount:kubernetes-dashboard:admin-user" cannot list resource "pods" in API group "" in the namespace "default"
Update 1:
its working now after applying RBAC kubectl apply -f filename.yml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
You probably need to bind the dashboard service account to the cluster admin role:
kubectl create clusterrolebinding dashboard-admin-sa
--clusterrole=cluster-admin --serviceaccount=default:dashboard-admin-sa
Otherwise, the dashboard services account doesn't have access to the data that would populate the dashboard.
这篇关于pods 被禁止:用户“system:serviceaccount:kubernetes-dashboard:admin-user";无法列出资源“pods"在 API 组“"中在命名空间“default"中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!