kubernetes - 使用 gcloud 访问 Kubernetes 仪表板

Question

使用 gcloud 我创建了一个站立集群。

当我运行命令时，kubectl cluster-info我有这个输出：

Kubernetes master is running at https://<cluster-ip>
GLBCDefaultBackend is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/default-http-backend:http/proxy
Heapster is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/heapster/proxy
KubeDNS is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
kubernetes-dashboard is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
Metrics-server is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy

当我想访问仪表板（web ui 界面）时，例如kubernetes-dashboard is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy我有这个错误：

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "services \"https:kubernetes-dashboard:\" is forbidden: User \"system:anonymous\" cannot get services/proxy in the namespace \"kube-system\"",
  "reason": "Forbidden",
  "details": {
    "name": "https:kubernetes-dashboard:",
    "kind": "services"
  },
  "code": 403
}

我知道关于 kubernetes 仪表板的此类问题有很多问题，但我找不到直接从 gcloud 通过 web ui 正确访问和连接的权利。

Answer 1

您需要先运行才能以对等文档kubectl proxy的身份访问 kubernetes 仪表板。之后，您可以提供不记名令牌或 Kubeconfig 文件，请参阅有关 hoe 的此文档以获取Bearer Token。

获得对 GKE 仪表板的完全访问权限的另一种选择如下：

gcloud get-credentials <GKE cluster name> --zone <zone> --project <project>
gcloud config config-helper --format=json | jq .credential.access_token

复制令牌并使用它来完全访问所有仪表板部分。