您的位置: 首页  >  技术问答  >  无法访问Google Cloud上的Kubernetes仪表板

无法访问Google Cloud上的Kubernetes仪表板

分类: 技术问答 2022-06-06 13:17:04
问题描述:

我正在按照此处中给出的说明进行操作.

I am following the instructions as given here.

我使用以下命令在正在键入的gcloud控制台中获取正在运行的群集:如链接中所述,curl -sS https://get.k8s.io | bash,然后,我从得到的命令中运行命令kubectl cluster-info:

I used the following command to get a running cluster, in gcloud console I typed: curl -sS https://get.k8s.io | bash as described in the link, after that, I ran the command kubectl cluster-info from that I got:

kubernetes-dashboard is running at https://35.188.109.36/api/v1/proxy/namespaces/kube-
system/services/kubernetes-dashboard

但是当我从firefox转到该URL时,出现的消息是:

but when I go to that url from firefox, the message that comes is: 

User "system:anonymous" cannot proxy services in the namespace 
"kube-system".: "No policy matched."

预期的行为:应询问管理员名称和密码以连接到仪表板.

Expected behavior: Should ask for an admin name and password to connect to the dashboard.

您是否没有使用GKE(谷歌Kubernetes引擎)来提供现成的仪表板插件的原因?

Is there a reason why you did not use GKE (Google Kubernetes Engine) which provides the dashboard add-on installed out of the box?

在您的情况下,只需:

  • 可能未安装kubernetes-dashboard插件(但日志说的是,所以我认为这不是问题)
  • 使kubectl proxy工作的网络配置可能不存在
  • 您使用的curl .. | sh脚本可能未正确配置身份验证.
  • the kubernetes-dashboard addon might not be installed (but logs say so, so I think this is not the problem)
  • network configuration that makes kubectl proxy work might not be there
  • the curl .. | sh script you used probably did not configure the authentication properly.

我建议使用GKE,因为这是开箱即用的.您可以在此处找到文档: https://cloud.google.com/kubernetes- engine/docs/oss-ui

I recommend using GKE as this works out of the box. You can find documentation here: https://cloud.google.com/kubernetes-engine/docs/oss-ui

如果您仍要使用GCE,建议您在工作站(而不是Kubernetes节点)上运行kubectl proxy,并在浏览器中访问http://127.0.0.1:8001/ui以查看其是否有效.

If you still want to use GCE, I recommend running kubectl proxy on your workstation (not your kubernetes nodes) and visiting http://127.0.0.1:8001/ui on your browser to see if it works.

如果遇到有关权限不足的错误,则您可能正在使用足够新的Kubernetes版本,该版本在访问API的仪表板之类的Pod上强制执行RBAC策略.您可以通过运行以下命令来授予这些权限:

If you get an error about not having enough permissions, you might be using a Kubernetes version new enough that enforces RBAC policies on pods like dashboard which access the API. You can grant those permissions by running:

kubectl create clusterrolebinding add-on-cluster-admin  \
  --clusterrole=cluster-admin  \
  --serviceaccount=kube-system:default

我还建议您在Google Cloud Console中试用GKE UI: https://console.cloud.google .com/kubernetes

相关推荐