Kubernetes - 登录到 Kubernetes 仪表板问题
Posted
技术标签:
【中文标题】Kubernetes - 登录到 Kubernetes 仪表板问题【英文标题】:Kubernetes - login to kubernetes dashboard issue 【发布时间】:2020-10-31 20:12:53 【问题描述】:所以我正在尝试调出我的 kubernetes 仪表板(远程服务器),但我遇到了问题。我该如何解决这个问题?
-
使用https://github.com/kubernetes/dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml
-
创建了一个 ServiceAccount
kubectl create serviceaccount dashboard-admin-sa
-
创建了 RBAC 配置文件
kubectl create clusterrolebinding dashboard-admin-sa --clusterrole=cluster-admin --serviceaccount=default:dashboard-admin-sa
当我加载页面时,我得到的不是 kubernetes 仪表板
"paths": [
"/apis",
"/apis/",
"/apis/apiextensions.k8s.io",
"/apis/apiextensions.k8s.io/v1",
"/apis/apiextensions.k8s.io/v1beta1",
"/healthz",
"/healthz/etcd",
"/healthz/log",
"/healthz/ping",
"/healthz/poststarthook/crd-informer-synced",
"/healthz/poststarthook/generic-apiserver-start-informers",
"/healthz/poststarthook/start-apiextensions-controllers",
"/healthz/poststarthook/start-apiextensions-informers",
"/livez",
"/livez/etcd",
"/livez/log",
"/livez/ping",
"/livez/poststarthook/crd-informer-synced",
"/livez/poststarthook/generic-apiserver-start-informers",
"/livez/poststarthook/start-apiextensions-controllers",
"/livez/poststarthook/start-apiextensions-informers",
"/metrics",
"/openapi/v2",
"/readyz",
"/readyz/etcd",
"/readyz/log",
"/readyz/ping",
"/readyz/poststarthook/crd-informer-synced",
"/readyz/poststarthook/generic-apiserver-start-informers",
"/readyz/poststarthook/start-apiextensions-controllers",
"/readyz/poststarthook/start-apiextensions-informers",
"/readyz/shutdown",
"/version"
]
详情:
kubectl 配置视图
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://100.xx.xx.x27:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences:
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
kubectl 获取 svc --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 7h19m
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 7h19m
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.110.162.231 <none> 8000/TCP 84m
kubernetes-dashboard kubernetes-dashboard ClusterIP 10.104.136.25 <none> 443/TCP 84m
kubectl 获取 pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-66bff467f8-jk8ql 1/1 Running 1 7h27m
kube-system coredns-66bff467f8-wxsnf 1/1 Running 1 7h27m
kube-system etcd-ip-100-xx-xx-x27 1/1 Running 1 7h28m
kube-system kube-apiserver-ip-100-xx-xx-x27 1/1 Running 1 7h28m
kube-system kube-controller-manager-ip-100-xx-xx-x27 1/1 Running 1 7h28m
kube-system kube-proxy-vbddf 1/1 Running 1 7h27m
kube-system kube-scheduler-ip-100-xx-xx-x27 1/1 Running 1 7h28m
kube-system weave-net-cfk2m 2/2 Running 3 7h27m
kubernetes-dashboard dashboard-metrics-scraper-6b4884c9d5-fwljp 1/1 Running 0 93m
kubernetes-dashboard kubernetes-dashboard-7f99b75bf4-x2hpq 1/1 Running 0 93m
【问题讨论】:
您如何访问仪表板? kubectl 代理?从 kubernetes-dashboard pod 共享日志 通过网络浏览器100.xx.xx.x27:6443/ui。相当新的Kubernetes。如何共享 kubernetes-dashboard pod 日志? 添加 kubectl 日志的输出 kubernetes-dashboard-7f99b75bf4-x2hpq -n kube-system。 kubernetes 是如何部署的..minikube 还是别的什么? kubernetes-dashboard-7f99b75bf4-x2hpq -n kube-system 结果:bash: kubernetes-dashboard-7f99b75bf4-x2hpq: command not found。它没有使用 minikube。并用这篇文章设置了linuxtechi.com/install-kubernetes-1-7-centos7-rhel7 然后使用上述说明设置仪表板 【参考方案1】:这是我建议在设置 kubernetes 仪表板时遵循的非常好的指南 - https://jhooq.com/setting-up-kubernetes-dashboard/#kubernetes-dashboard-local-cluster
但我在这里看到的是-
-
保持
kubectl proxy
运行,否则您将无法访问仪表板,并且可能会导致 http 404
还要检查令牌的有效性。
检查服务帐户,这是我用于服务帐户的内容
cat <<EOF | kubectl create -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
EOF
-
集群角色绑定
cat <<EOF | kubectl create -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
EOF
希望它能解决您的问题。如果没有,请查看指南并比较您在设置仪表板时执行的步骤
【讨论】:
感谢您分享这篇文章!我看不到的唯一方面是您是否在远程使用它而不是在本地使用它。如果你想把它变成生产环境,有没有办法把它添加到文章中。 kubectl 代理是必须运行才能远程访问仪表板还是仅在本地访问的服务? 无论您是远程还是本地访问仪表板,kubectl 代理都应该正在运行。 关于您的问题“我不知道您是否正在远程使用它?”您可以参考第 3 点 - jhooq.com/setting-up-kubernetes-dashboard/…。在那里,您将了解如何在 Google Cloud 服务上远程访问仪表板 Rahul,感谢分享并指出这些项目。您能否添加一个设置以仅访问 kubernetes 安装而无需谷歌云服务集成?本质上是在没有 Google 云服务的情况下登录到 Kubernetes 仪表板?谢谢以上是关于Kubernetes - 登录到 Kubernetes 仪表板问题的主要内容,如果未能解决你的问题,请参考以下文章