9

我已经建立了一个有 2 个节点的集群。一个是主节点,另一个是节点,都在不同的 Azure ubuntu VM 上。对于网络,我使用了 Canal 工具。 $ kubectl get nodes NAME STATUS ROLES AGE VERSION ubuntu-aniket1 Ready master 57m v1.10.0 ubutu-aniket Ready <none> 56m v1.10.0

$ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system canal-jztfd 3/3 Running 0 57m kube-system canal-mdbbp 3/3 Running 0 57m kube-system etcd-ubuntu-aniket1 1/1 Running 0 58m kube-system kube-apiserver-ubuntu-aniket1 1/1 Running 0 58m kube-system kube-controller-manager-ubuntu-aniket1 1/1 Running 0 58m kube-system kube-dns-86f4d74b45-8zqqr 3/3 Running 0 58m kube-system kube-proxy-k5ggz 1/1 Running 0 58m kube-system kube-proxy-vx9sq 1/1 Running 0 57m kube-system kube-scheduler-ubuntu-aniket1 1/1 Running 0 58m kube-system kubernetes-dashboard-54865c6fb9-kg5zt 1/1 Running 0 26m 当我尝试创建 kubernetes 仪表板时

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml 并将代理设置为

sh $ kubectl proxy --address 0.0.0.0 --accept-hosts '.*' Starting to serve on [::]:8001 当我在浏览器中点击 urlhttp://<master IP>:8001时,它显示以下输出 { "paths": [ "/api", "/api/v1", "/apis", "/apis/", "/apis/admissionregistration.k8s.io", "/apis/admissionregistration.k8s.io/v1beta1", "/apis/apiextensions.k8s.io", "/apis/apiextensions.k8s.io/v1beta1", "/apis/apiregistration.k8s.io", "/apis/apiregistration.k8s.io/v1", "/apis/apiregistration.k8s.io/v1beta1", "/apis/apps", "/apis/apps/v1", "/apis/apps/v1beta1", "/apis/apps/v1beta2", "/apis/authentication.k8s.io", "/apis/authentication.k8s.io/v1", "/apis/authentication.k8s.io/v1beta1", "/apis/authorization.k8s.io", "/apis/authorization.k8s.io/v1", "/apis/authorization.k8s.io/v1beta1", "/apis/autoscaling", "/apis/autoscaling/v1", "/apis/autoscaling/v2beta1", "/apis/batch", "/apis/batch/v1", "/apis/batch/v1beta1", "/apis/certificates.k8s.io", "/apis/certificates.k8s.io/v1beta1", "/apis/crd.projectcalico.org", "/apis/crd.projectcalico.org/v1", "/apis/events.k8s.io", "/apis/events.k8s.io/v1beta1", "/apis/extensions", "/apis/extensions/v1beta1", "/apis/networking.k8s.io", "/apis/networking.k8s.io/v1", "/apis/policy", "/apis/policy/v1beta1", "/apis/rbac.authorization.k8s.io", "/apis/rbac.authorization.k8s.io/v1", "/apis/rbac.authorization.k8s.io/v1beta1", "/apis/storage.k8s.io", "/apis/storage.k8s.io/v1", "/apis/storage.k8s.io/v1beta1", "/healthz", "/healthz/autoregister-completion", "/healthz/etcd", "/healthz/ping", "/healthz/poststarthook/apiservice-openapi-controller", "/healthz/poststarthook/apiservice-registration-controller", "/healthz/poststarthook/apiservice-status-available-controller", "/healthz/poststarthook/bootstrap-controller", "/healthz/poststarthook/ca-registration", "/healthz/poststarthook/generic-apiserver-start-informers", "/healthz/poststarthook/kube-apiserver-autoregistration", "/healthz/poststarthook/rbac/bootstrap-roles", "/healthz/poststarthook/start-apiextensions-controllers", "/healthz/poststarthook/start-apiextensions-informers", "/healthz/poststarthook/start-kube-aggregator-informers", "/healthz/poststarthook/start-kube-apiserver-informers", "/logs", "/metrics", "/openapi/v2", "/swagger-2.0.0.json", "/swagger-2.0.0.pb-v1", "/swagger-2.0.0.pb-v1.gz", "/swagger.json", "/swaggerapi", "/version" ] } 但是当我尝试点击时,http://<master IP>:8001/ui我无法看到 Kubernetes 仪表板。相反,我看到以下输出 { "paths": [ "/apis", "/apis/", "/apis/apiextensions.k8s.io", "/apis/apiextensions.k8s.io/v1beta1", "/healthz", "/healthz/etcd", "/healthz/ping", "/healthz/poststarthook/generic-apiserver-start-informers", "/healthz/poststarthook/start-apiextensions-controllers", "/healthz/poststarthook/start-apiextensions-informers", "/metrics", "/openapi/v2", "/swagger-2.0.0.json", "/swagger-2.0.0.pb-v1", "/swagger-2.0.0.pb-v1.gz", "/swagger.json", "/swaggerapi", "/version" ] }

你能帮我解决仪表板问题吗?

提前致谢

4

3 回答 3

9

尝试前往:

http://<master IP>:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

如此处所述:https ://github.com/kubernetes/dashboard

于 2018-04-02T14:10:47.747 回答
0

当我在 aws ec2 机器上创建我的自托管 kubernetes 集群时,我遇到了同样的问题。我按照以下方式进行了故障排除并修复了

$ ssh -i ~/.ssh/id_rsa admin@api.example.com (Enter in Master machines from kops installed machine)

$ kubectl proxy --address=0.0.0.0 --port-8001 &

$ ssh -i pemfile username@Ip-address (in machine where you installed kops )

$ cat ~/.kube/config (to get user  name and password )

$ kubectl -n kube-system describe secret admin-user-token-id

获取仪表板

http://MasterIP_address:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

于 2019-02-06T10:00:17.443 回答
0

正如kubernetes/dashboard 问题 1803中提到的:

想要启用 RBAC 的 kubernetes 1.6 用户的更改应首先配置它们以允许仪表板访问 api 服务器。

确保您已在此处定义服务帐户,以便能够访问仪表板。

请参阅“服务帐户权限”:

默认 RBAC 策略授予控制平面组件、节点和控制器的范围权限,但不授予“<code>kube-system”命名空间之外的服务帐户权限(除了授予所有经过身份验证的用户的发现权限)。

这允许您根据需要将特定角色授予特定服务帐户。
细粒度的角色绑定提供了更高的安全性,但需要更多的管理工作。
更广泛的授权可以为服务帐户提供不必要的(并且可能会升级)API 访问权限,但更易于管理。

于 2018-04-02T13:19:40.423 回答