我使用kubeadm在AWS EC2上创建了kubernetes集群, 我可以看到所有连接的节点,我的部署和服务也工作。即使我暴露我的部署,我也可以从集群外部访问它,但是当我尝试从外部或本地访问kubernetes api时,我收到错误
"用户"系统:匿名"无法进入群集范围。"
我的群集信息显示:
Kubernetes master is running at https://172.31.25.217:6443
KubeDNS is running at https://172.31.25.217:6443/api/v1/proxy/namespaces/kube-system/services/kube-dns
172.31.25.217是群集的本地IP
我使用的是最新版本的kubectl和kubeadm
kubectl version
Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:44:27Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:33:17Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
ubuntu@ip-172-31-25-217:/etc/kubernetes/manifests$ kubeadm version
kubeadm version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:33:17Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
即使我尝试运行kubectl代理并从IP上的群集外部访问仪表板:http://MASTER_IP:8001/ui,我也无法执行此操作并显示连接被拒绝。
我错过了什么诀窍?任何人都可以帮助我吗?
Kubectl配置视图:`
kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://172.31.17.145:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
`
答案 0 :(得分:0)
我能够使用以下命令解决我无法从外部群集访问仪表板的问题:
kubectl proxy --address='0.0.0.0' --port=8001 --accept-hosts='^*$'