Kubernetes - 登录到 Kubernetes 仪表板问题

Posted 2023-03-22

【中文标题】Kubernetes - 登录到 Kubernetes 仪表板问题

【英文标题】：Kubernetes - login to kubernetes dashboard issue

【发布时间】：2020-10-31 20:12:53

【问题描述】：

所以我正在尝试调出我的 kubernetes 仪表板（远程服务器），但我遇到了问题。我该如何解决这个问题？

使用https://github.com/kubernetes/dashboard

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml

创建了一个 ServiceAccount

kubectl create serviceaccount dashboard-admin-sa

创建了 RBAC 配置文件

kubectl create clusterrolebinding dashboard-admin-sa --clusterrole=cluster-admin --serviceaccount=default:dashboard-admin-sa

当我加载页面时，我得到的不是 kubernetes 仪表板

  "paths": [
    "/apis",
    "/apis/",
    "/apis/apiextensions.k8s.io",
    "/apis/apiextensions.k8s.io/v1",
    "/apis/apiextensions.k8s.io/v1beta1",
    "/healthz",
    "/healthz/etcd",
    "/healthz/log",
    "/healthz/ping",
    "/healthz/poststarthook/crd-informer-synced",
    "/healthz/poststarthook/generic-apiserver-start-informers",
    "/healthz/poststarthook/start-apiextensions-controllers",
    "/healthz/poststarthook/start-apiextensions-informers",
    "/livez",
    "/livez/etcd",
    "/livez/log",
    "/livez/ping",
    "/livez/poststarthook/crd-informer-synced",
    "/livez/poststarthook/generic-apiserver-start-informers",
    "/livez/poststarthook/start-apiextensions-controllers",
    "/livez/poststarthook/start-apiextensions-informers",
    "/metrics",
    "/openapi/v2",
    "/readyz",
    "/readyz/etcd",
    "/readyz/log",
    "/readyz/ping",
    "/readyz/poststarthook/crd-informer-synced",
    "/readyz/poststarthook/generic-apiserver-start-informers",
    "/readyz/poststarthook/start-apiextensions-controllers",
    "/readyz/poststarthook/start-apiextensions-informers",
    "/readyz/shutdown",
    "/version"
  ]

详情：

kubectl 配置视图

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://100.xx.xx.x27:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: 
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

kubectl 获取 svc --all-namespaces

NAMESPACE              NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                  AGE
default                kubernetes                  ClusterIP   10.96.0.1        <none>        443/TCP                  7h19m
kube-system            kube-dns                    ClusterIP   10.96.0.10       <none>        53/UDP,53/TCP,9153/TCP   7h19m
kubernetes-dashboard   dashboard-metrics-scraper   ClusterIP   10.110.162.231   <none>        8000/TCP                 84m
kubernetes-dashboard   kubernetes-dashboard        ClusterIP   10.104.136.25    <none>        443/TCP                  84m

kubectl 获取 pod --all-namespaces

NAMESPACE              NAME                                                     READY   STATUS    RESTARTS   AGE
kube-system            coredns-66bff467f8-jk8ql                                 1/1     Running   1          7h27m
kube-system            coredns-66bff467f8-wxsnf                                 1/1     Running   1          7h27m
kube-system            etcd-ip-100-xx-xx-x27                      1/1     Running   1          7h28m
kube-system            kube-apiserver-ip-100-xx-xx-x27            1/1     Running   1          7h28m
kube-system            kube-controller-manager-ip-100-xx-xx-x27   1/1     Running   1          7h28m
kube-system            kube-proxy-vbddf                                         1/1     Running   1          7h27m
kube-system            kube-scheduler-ip-100-xx-xx-x27            1/1     Running   1          7h28m
kube-system            weave-net-cfk2m                                          2/2     Running   3          7h27m
kubernetes-dashboard   dashboard-metrics-scraper-6b4884c9d5-fwljp               1/1     Running   0          93m
kubernetes-dashboard   kubernetes-dashboard-7f99b75bf4-x2hpq                    1/1     Running   0          93m

【问题讨论】：

您如何访问仪表板？ kubectl 代理？从 kubernetes-dashboard pod 共享日志

通过网络浏览器100.xx.xx.x27:6443/ui。相当新的Kubernetes。如何共享 kubernetes-dashboard pod 日志？

添加 kubectl 日志的输出 kubernetes-dashboard-7f99b75bf4-x2hpq -n kube-system。 kubernetes 是如何部署的..minikube 还是别的什么？

kubernetes-dashboard-7f99b75bf4-x2hpq -n kube-system 结果：bash: kubernetes-dashboard-7f99b75bf4-x2hpq: command not found。它没有使用 minikube。并用这篇文章设置了linuxtechi.com/install-kubernetes-1-7-centos7-rhel7

然后使用上述说明设置仪表板

【参考方案1】：

这是我建议在设置 kubernetes 仪表板时遵循的非常好的指南 - https://jhooq.com/setting-up-kubernetes-dashboard/#kubernetes-dashboard-local-cluster

但我在这里看到的是-

保持kubectl proxy 运行，否则您将无法访问仪表板，并且可能会导致 http 404 还要检查令牌的有效性。 检查服务帐户，这是我用于服务帐户的内容

cat <<EOF | kubectl create -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
EOF

集群角色绑定

cat <<EOF | kubectl create -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system
EOF

希望它能解决您的问题。如果没有，请查看指南并比较您在设置仪表板时执行的步骤

【讨论】：

感谢您分享这篇文章！我看不到的唯一方面是您是否在远程使用它而不是在本地使用它。如果你想把它变成生产环境，有没有办法把它添加到文章中。

kubectl 代理是必须运行才能远程访问仪表板还是仅在本地访问的服务？

无论您是远程还是本地访问仪表板，kubectl 代理都应该正在运行。

关于您的问题“我不知道您是否正在远程使用它？”您可以参考第 3 点 - jhooq.com/setting-up-kubernetes-dashboard/…。在那里，您将了解如何在 Google Cloud 服务上远程访问仪表板

Rahul，感谢分享并指出这些项目。您能否添加一个设置以仅访问 kubernetes 安装而无需谷歌云服务集成？本质上是在没有 Google 云服务的情况下登录到 Kubernetes 仪表板？谢谢