unable to access kubernetes dashboard via token
zhw*_*x22 3 dashboard kubernetes kubeadm
- I have setup a kubernetes using kubeadm v1.8.5
- Setup a dashboard using:
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.8.0/src/deploy/recommended/kubernetes-dashboard.yaml`
kubectl create -f kubernetes-dashboard.yaml
kubectl create -f kubernetes-dashboard-admin.rbac.yaml
Then setup kubectl proxy, using
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/as recommended.When I am trying to login using kubernetes-dashboard-admin token. Token was received by using the command:
kubectl -n kube-system get secret | grep -i dashboard-admin | awk '{print $1}' | xargs -I {}
kubectl -n kube-system describe secret {}
Here comes my problem: I CANT access the dashboard via token, when I paste the token and click "Signin" botton, nothing happened. And I get nothing in my log[using tail -f /var/log/messages and journalctl -xeu kubelet]. I am a newbee on k8s, maybe someone could tell me where the log is?
这是我的k8s cluster-info:
[root @ k8s-1 pki]# kubectl cluster-info
Kubernetes master is running at https://172.16.1.15:6443
KubeDNS is running at https://172.16.1.15:6443/api/v1/namespaces/kube-system/services/kube-dns/proxy
kubernetes-dashboard is running at https://172.16.1.15:6443/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
[root @ k8s-1 pki]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-1 Ready master 4d v1.8.5
k8s-2 Ready <none> 4d v1.8.5
k8s-3 Ready <none> 4d v1.8.5
[root @ k8s-1 pki]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system etcd-k8s-1 1/1 Running 2 4d
kube-system kube-apiserver-k8s-1 1/1 Running 2 4d
kube-system kube-controller-manager-k8s-1 1/1 Running 1 4d
kube-system kube-dns-545bc4bfd4-94vxx 3/3 Running 3 4d
kube-system kube-flannel-ds-97frd 1/1 Running 2 4d
kube-system kube-flannel-ds-bl9tp 1/1 Running 2 4d
kube-system kube-flannel-ds-bn9hp 1/1 Running 1 4d
kube-system kube-proxy-9ncdm 1/1 Running 0 4d
kube-system kube-proxy-qjm9k 1/1 Running 1 4d
kube-system kube-proxy-rknz4 1/1 Running 0 4d
kube-system kube-scheduler-k8s-1 1/1 Running 2 4d
kube-system kubernetes-dashboard-7486b894c6-tszq9 1/1 Running 0 2h
kubernetes-dashboard-admin-rbac.yaml是:
[root @ k8s-1信息中心]# cat kubernetes-dashboard-admin.rbac.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
name: kubernetes-dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-admin
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard-admin
namespace: kube-system
有什么建议么?谢谢!!!
小智 9
试试这个令牌(输出):
kubectl -n kube-system get secret |grep kubernetes-dashboard-token |cut -f1 -d ' ' | xargs kubectl -n kube-system describe secret
如果不起作用,请使用此令牌(输出)尝试/测试登录:
kubectl -n kube-system get secret |grep namespace-controller-token |cut -f1 -d ' ' | xargs kubectl -n kube-system describe secret
祝你好运..
小智 6
尝试使用https连接,我有同样的问题,这对我有用
Kubernetes手册:
注意:仪表板不应使用kubectl proxy命令公开公开,因为它仅允许HTTP连接。对于非localhost和127.0.0.1的域,将无法登录。单击登录页面上的“登录”按钮后,将不会进行任何操作。仅当通过HTTPS访问仪表板或域为localhost或127.0.0.1时,登录才可用。出于安全原因,以这种方式完成此操作。关闭会按预期进行。
您应该首先创建一个管理员用户并向其添加 cluster-admin 集群角色绑定:
使用这些文件admin-user.yaml和admin-user-clusterrolebinding.yaml来创建具有 cluster-admin 集群角色绑定的管理员用户:
[root@k8s-1 kubernetes-via-kubeadm]# kubectl create -f admin-user.yaml
serviceaccount "admin-user" created
[root@k8s-1 kubernetes-via-kubeadm]# kubectl create -f admin-user-clusterrolebinding.yaml
clusterrolebinding "admin-user" created
要获取此管理员用户的令牌:
[root@k8s-1 kubernetes-via-kubeadm]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') | grep ^token: | sed 's/token:[ ]*/Token:\n/'
Token:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLW1oNzIyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwNWM0ZDZmZC0yZjYyLTExZTgtYTMxNi1jMDNmZDU2MmJiNzciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.butKxegADx3JQvKpn9Prf7RL_SoxaEyi_scYOvXurm4BAwEj8zfC9a7djqQ9mBtd5cQHlljvMb-3qFc6UPOzAwR8fc5khk-nAkH-5XeahpT8WsyxMcKxqLuyAg8gh4ZtMKvBPk9kOWDtyRBzAeGkisbLxr43ecKO71F5G8D7HR2UGSm-x4Pvhq0uqj8GyIcHw902Ti92BPuBRf-SyTl8uDCQJSDkS5Tru5w0p82borNuVXd1mmDwuI87ApQrqXTY9rbJ61m8iTr0kKJBqw5bHAUAhxwAVtVEKQNNKT6cxWp1FlhHbNkM9bhcj1qj8bN1QCMjPWlWKj7NkPbbBAJthQ
您可以使用该令牌登录您的 kubernetes-dashboard。
| 归档时间: |
|
| 查看次数: |
6283 次 |
| 最近记录: |