Kubernetes 仪表板在配置后无法正常工作

【问题标题】:Kubernetes Dashboard not working after configuring itKubernetes 仪表板在配置后无法正常工作
【发布时间】:2021-07-01 15:54:30
【问题描述】:

我在我的服务器上使用 Flannel 安装了一个单节点 Kubernetes 集群:

https://gist.github.com/BeerOnBeard/ebe63521607aa0db3851c39a5760489b

安装后,我无法让仪表板运行。 外部 IP 待定且无。

版本: kubectl 版本

Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.1", GitCommit:"5e58841cce77d4bc13713ad2b91fa0d961e69192", GitTreeState:"clean", BuildDate:"2021-05-12T14:18:45Z", GoVersion:"go1.16.4", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:53:14Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"linux/amd64"}

仪表板:

kubectl -n kubernetes-dashboard get svc
NAME                        TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP      10.106.250.241   <none>        8000/TCP        3d4h
kubernetes-dashboard        LoadBalancer   10.99.69.152     <pending>     443:31109/TCP   3d4h

如果我访问 IP 地址:

https://IP_ADDRESS:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

我明白了:

    {
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },
  "status": "Failure",
  "message": "services \"https:kubernetes-dashboard:\" is forbidden: User \"system:anonymous\" cannot get resource \"services/proxy\" in API group \"\" in the namespace \"kubernetes-dashboard\"",
  "reason": "Forbidden",
  "details": {
    "name": "https:kubernetes-dashboard:",
    "kind": "services"
  },
  "code": 403
}

检查 pod:

kubectl get pods --all-namespaces
NAMESPACE              NAME                                         READY   STATUS    RESTARTS   AGE
kube-system            coredns-558bd4d5db-g2xj9                     1/1     Running   1          3d4h
kube-system            coredns-558bd4d5db-k5q6q                     1/1     Running   1          3d4h
kube-system            etcd-dyd-001                                 1/1     Running   1          3d4h
kube-system            kube-apiserver-dyd-001                       1/1     Running   1          3d4h
kube-system            kube-controller-manager-dyd-001              1/1     Running   1          3d4h
kube-system            kube-flannel-ds-lv6hv                        1/1     Running   1          3d4h
kube-system            kube-proxy-vssrp                             1/1     Running   1          3d4h
kube-system            kube-scheduler-dyd-001                       1/1     Running   1          3d4h
kubernetes-dashboard   dashboard-metrics-scraper-778b77d469-2p7dl   1/1     Running   1          136m
kubernetes-dashboard   kubernetes-dashboard-68f7c6c68f-hv5v6        1/1     Running   1          136m

我尝试使用以下方法修复它:

kubectl delete clusterrolebinding kubernetes-dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml

我得到:

namespace/kubernetes-dashboard unchanged
serviceaccount/kubernetes-dashboard unchanged
service/kubernetes-dashboard unchanged
secret/kubernetes-dashboard-certs unchanged
secret/kubernetes-dashboard-csrf configured
secret/kubernetes-dashboard-key-holder unchanged
configmap/kubernetes-dashboard-settings unchanged
role.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard configured
service/dashboard-metrics-scraper unchanged
deployment.apps/dashboard-metrics-scraper configured

我真的不明白。有什么想法可能是错的吗?

【问题讨论】:

  • stackoverflow.com/questions/45608533/…
  • 你好@dev。以上来源有帮助吗?
  • 很遗憾没有,我擦掉了所有东西,我又试了一次。
  • 我明白了。如果第二次尝试后问题仍然存在,请告诉我们。
  • 是的还是做不到。有什么建议吗?

标签: kubernetes


【解决方案1】:

您的 RBAC 配置似乎不正确。看看这个错误:

  "message": "services \"https:kubernetes-dashboard:\" is forbidden: User \"system:anonymous\" cannot get resource \"services/proxy\" in API group \"\" in the namespace \"kubernetes-dashboard\""

意思是你需要创建一个ClusterRolekubernetes-dashboard授予权限,并绑定到system:anonymous用户。

ClusterRole 可能如下所示:

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kubernetes-dashboard
rules:
- apiGroups: [""]
  resources: ["services/proxy"]
  resourceNames: ["https:kubernetes-dashboard:"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- nonResourceURLs: ["/ui", "/ui/*", "/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/*"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

对应的ClusterRoleBinding 如下所示:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubernetes-dashboard
subjects:
- kind: User
  name: system:anonymous

将这些配置应用到您的集群中并检查结果。

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2017-06-04
    • 2018-11-19
    • 2020-11-12
    • 2016-12-08
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode