pods 被禁止:用户“system:serviceaccount:kubernetes-dashboard:admin-user"；无法列出资源“pods"在 API 组“"中在命名空间“default"中 [英] pods is forbidden: User "system:serviceaccount:kubernetes-dashboard:admin-user" cannot list resource "pods" in API group "" in the namespace "default"

问题描述

我正在尝试按照 这篇文章 在 Ubuntu 18.04 上设置 Kubernetes.

一切正常，但是当我尝试访问本地 Kubernetes 仪表板时，它显示为空，并且没有像 pods、services & 那样可见.部署.

但是当我运行 $>kubectl get pods,svc,deployments 然后它显示以下输出.如果命令行显示所有详细信息，为什么我看到空的 Kubernetes 仪表板?

我已经运行了以下命令

$>kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml$>kubectl 代理

我在这里缺少任何配置吗?有什么建议可以解决这个问题吗?

$>kubectl 获取 pods --all-namespacesNAMESPACE NAME READY STATUS RESTARTS 年龄kubernetes-dashboard 仪表板-metrics-scraper-76585494d8-4rrdp 1/1 运行 3 46hkubernetes-dashboard kubernetes-dashboard-5996555fd8-sxgxf 1/1 运行 16 46h

查看通知部分后，发现这些错误

<块引用>

1. 禁止事件:用户system:serviceaccount:kubernetes-dashboard:admin-user"无法列出命名空间default"中API组"中的资源events"

2. pods 被禁止:用户system:serviceaccount:kubernetes-dashboard:admin-user"无法列出命名空间default"中API组"中的资源pods"

<小时>

更新 1:

应用 RBAC kubectl apply -f filename.yml

apiVersion: v1种类:服务账户元数据:名称:管理员用户命名空间:kube-system---api版本:rbac.authorization.k8s.io/v1beta1种类:ClusterRoleBinding元数据:名称:管理员用户角色参考:apiGroup: rbac.authorization.k8s.io种类:集群角色名称:集群管理员科目:- 种类:ServiceAccount名称:管理员用户命名空间:kube-system

解决方案

您可能需要将仪表板服务帐户绑定到集群管理员角色:

kubectl create clusterrolebinding dashboard-admin-sa--clusterrole=cluster-admin --serviceaccount=default:dashboard-admin-sa

否则，仪表板服务帐户无权访问将填充仪表板的数据.

I am trying to setup Kubernetes on Ubuntu 18.04 by following this article.

Everything works fine but when I am trying to access local Kubernetes dashboard then it shows empty and nothing is visible like pods,services & deployments.

However when I am running $> kubectl get pods,svc,deployments then it shows following output.If command line is showing all the details why I am seeing empty Kubernetes dashboard?

I already ran following commands

$> kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

$> kubectl proxy

Am I missing any configuration here? Any suggestions to fix this issue?

$> kubectl get pods --all-namespaces
NAMESPACE              NAME                                         READY   STATUS    RESTARTS   AGE

kubernetes-dashboard   dashboard-metrics-scraper-76585494d8-4rrdp   1/1     Running   3          46h
kubernetes-dashboard   kubernetes-dashboard-5996555fd8-sxgxf        1/1     Running   16         46h

After looking at the notification section, found these errors

1. events is forbidden: User "system:serviceaccount:kubernetes-dashboard:admin-user" cannot list resource "events" in API group "" in the namespace "default"

2. pods is forbidden: User "system:serviceaccount:kubernetes-dashboard:admin-user" cannot list resource "pods" in API group "" in the namespace "default"

---

Update 1:

its working now after applying RBAC kubectl apply -f filename.yml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

解决方案

You probably need to bind the dashboard service account to the cluster admin role:

kubectl create clusterrolebinding dashboard-admin-sa --clusterrole=cluster-admin --serviceaccount=default:dashboard-admin-sa

Otherwise, the dashboard services account doesn't have access to the data that would populate the dashboard.

这篇关于pods 被禁止:用户“system:serviceaccount:kubernetes-dashboard:admin-user"；无法列出资源“pods"在 API 组“"中在命名空间“default"中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！