5 kubernetes kubernetes-dashboard
部署 webui(k8s 仪表板)后,我登录到仪表板,但在那里找不到任何内容,而是通知中的错误列表。
tatefulsets.apps is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "statefulsets" in API group "apps" in the namespace "default" 2 minutes ago
error
replicationcontrollers is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "replicationcontrollers" in API group "" in the namespace "default" 2 minutes ago
error
replicasets.apps is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "replicasets" in API group "apps" in the namespace "default" 2 minutes ago
error
deployments.apps is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "deployments" in API group "apps" in the namespace "default" 2 minutes ago
error
jobs.batch is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "jobs" in API group "batch" in the namespace "default" 2 minutes ago
error
events is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "events" in API group "" in the namespace "default" 2 minutes ago
error
pods is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "pods" in API group "" in the namespace "default" 2 minutes ago
error
daemonsets.apps is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "daemonsets" in API group "apps" in the namespace "default" 2 minutes ago
error
cronjobs.batch is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "cronjobs" in API group "batch" in the namespace "default" 2 minutes ago
error
namespaces is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "namespaces" in API group "" at the cluster scope
这是我所有的 pod
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system calico-kube-controllers-58497c65d5-828dm 1/1 Running 0 64m 10.244.192.193 master-node1 <none> <none>
kube-system calico-node-dblzp 1/1 Running 0 17m 157.245.57.140 cluster3-node1 <none> <none>
kube-system calico-node-dwdvh 1/1 Running 1 49m 157.245.57.139 cluster2-node2 <none> <none>
kube-system calico-node-gskr2 1/1 Running 0 17m 157.245.57.133 cluster1-node2 <none> <none>
kube-system calico-node-jm5rd 1/1 Running 0 17m 157.245.57.144 cluster4-node2 <none> <none>
kube-system calico-node-m8htd 1/1 Running 0 17m 157.245.57.141 cluster3-node2 <none> <none>
kube-system calico-node-n7d44 1/1 Running 0 64m 157.245.57.146 master-node1 <none> <none>
kube-system calico-node-wblpr 1/1 Running 0 17m 157.245.57.135 cluster2-node1 <none> <none>
kube-system calico-node-wbrzf 1/1 Running 1 29m 157.245.57.136 cluster1-node1 <none> <none>
kube-system calico-node-wqwkj 1/1 Running 0 17m 157.245.57.142 cluster4-node1 <none> <none>
kube-system coredns-78fcd69978-cnzxv 1/1 Running 0 64m 10.244.192.194 master-node1 <none> <none>
kube-system coredns-78fcd69978-f4ln8 1/1 Running 0 64m 10.244.192.195 master-node1 <none> <none>
kube-system etcd-master-node1 1/1 Running 1 64m 157.245.57.146 master-node1 <none> <none>
kube-system kube-apiserver-master-node1 1/1 Running 1 64m 157.245.57.146 master-node1 <none> <none>
kube-system kube-controller-manager-master-node1 1/1 Running 1 64m 157.245.57.146 master-node1 <none> <none>
kube-system kube-proxy-2b5bz 1/1 Running 0 17m 157.245.57.144 cluster4-node2 <none> <none>
kube-system kube-proxy-cslwc 1/1 Running 3 49m 157.245.57.139 cluster2-node2 <none> <none>
kube-system kube-proxy-hlvxc 1/1 Running 0 17m 157.245.57.140 cluster3-node1 <none> <none>
kube-system kube-proxy-kkdqn 1/1 Running 0 17m 157.245.57.142 cluster4-node1 <none> <none>
kube-system kube-proxy-sm7nq 1/1 Running 0 17m 157.245.57.133 cluster1-node2 <none> <none>
kube-system kube-proxy-wm42s 1/1 Running 0 64m 157.245.57.146 master-node1 <none> <none>
kube-system kube-proxy-wslxd 1/1 Running 0 17m 157.245.57.141 cluster3-node2 <none> <none>
kube-system kube-proxy-xnh24 1/1 Running 0 17m 157.245.57.135 cluster2-node1 <none> <none>
kube-system kube-proxy-zvsqf 1/1 Running 1 29m 157.245.57.136 cluster1-node1 <none> <none>
kube-system kube-scheduler-master-node1 1/1 Running 1 64m 157.245.57.146 master-node1 <none> <none>
kubernetes-dashboard dashboard-metrics-scraper-856586f554-c4thn 1/1 Running 0 14m 10.244.14.65 cluster2-node2 <none> <none>
kubernetes-dashboard kubernetes-dashboard-67484c44f6-hwvj5 1/1 Running 0 14m 10.244.213.65 cluster1-node1 <none> <none>
这是我的所有节点:
NAME STATUS ROLES AGE VERSION
cluster1-node1 Ready <none> 29m v1.22.1
cluster1-node2 Ready <none> 17m v1.22.1
cluster2-node1 Ready <none> 17m v1.22.1
cluster2-node2 Ready <none> 49m v1.22.1
cluster3-node1 Ready <none> 17m v1.22.1
cluster3-node2 Ready <none> 17m v1.22.1
cluster4-node1 Ready <none> 17m v1.22.1
cluster4-node2 Ready <none> 17m v1.22.1
master-node1 Ready control-plane,master 65m v1.22.1
我怀疑 kubernetes-dashboard 命名空间配置错误,因此无法访问系统。
我已经根据随附的教程重新创建了这种情况,它对我有用。确保您正在尝试正确登录:
为了保护您的集群数据,Dashboard 默认情况下使用最小的 RBAC 配置进行部署。目前,Dashboard 仅支持使用 Bearer Token 登录。要为此演示创建令牌,您可以按照我们的 创建示例用户指南进行操作。
警告: 本教程中创建的示例用户将具有管理权限,并且仅用于教育目的。
您还可以创建admin role:
kubectl create clusterrolebinding serviceaccounts-cluster-admin \
--clusterrole=cluster-admin \
--group=system:serviceaccounts
但是,您需要知道这可能是一个非常危险的解决方案,因为您正在授予 root 权限来为每个已读取机密的用户创建 pod。您应该仅将这种方法用于学习和演示目的。
您可以在此处阅读有关此解决方案的更多信息以及有关RBAC 授权的更多信息。
另请参阅这个问题。
| 归档时间: |
|
| 查看次数: |
7198 次 |
| 最近记录: |