我已经安装了Kubernetes仪表板,并创建了具有适当权限的服务帐户用户,但是由于某些原因,使用令牌登录失败。
我看到以下日志:
2018/08/17 14:26:06 [2018-08-17T14:26:06Z] Incoming HTTP/2.0 GET /api/v1/csrftoken/login request from 10.244.0.0:34914: {}
2018/08/17 14:26:06 [2018-08-17T14:26:06Z] Outcoming response to 10.244.0.0:34914 with 200 status code
2018/08/17 14:26:06 [2018-08-17T14:26:06Z] Incoming HTTP/2.0 POST /api/v1/login request from 10.244.0.0:34914: {
"kubeConfig": "",
"password": "",
"token": "ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnJkV0psTFhONWMzUmxiU0lzSW10MVltVnlibVYwWlhNdWFXOHZjMlZ5ZG1salpXRmpZMjkxYm5RdmMyVmpjbVYwTG01aGJXVWlPaUpoWkcxcGJpMTFjMlZ5TFhSdmEyVnVMV2RrZG5oM0lpd2lhM1ZpWlhKdVpYUmxjeTVwYnk5elpYSjJhV05sWVdOamIzVnVkQzl6WlhKMmFXTmxMV0ZqWTI5MWJuUXVibUZ0WlNJNkltRmtiV2x1TFhWelpYSWlMQ0pyZFdKbGNtNWxkR1Z6TG1sdkwzTmxjblpwWTJWaFkyTnZkVzUwTDNObGNuWnBZMlV0WVdOamIzVnVkQzUxYVdRaU9pSmtaVEF4TnpRNU15MWhNakE0TFRFeFpUZ3RPRGxrWmkwd09EQXdNamRoTURobFpHTWlMQ0p6ZFdJaU9pSnplWE4wWlcwNmMyVnlkbWxqWldGalkyOTFiblE2YTNWaVpTMXplWE4wWlcwNllXUnRhVzR0ZFhObGNpSjkucHhfMDEwUTBYU2tPMmNhVi1ZYlRDYlllSTNVMVlmcGh3UFZ4TXBOYmF6dWpSM1gtOGVBTUZmbm1GNHlYWHFZWGw5eWlVYmRvQ3lBSl9YcHF5bTlLQThRaWx6MFU3eWZ1WV9BbUg4NmtDNE9hYW5aem1xSmp2N3ZObDY1MU1OeWF0dU5nR0JmU21GZXRCMnoxUkdYRmlIVF9UczljMjh1ZkZiSXNZNkRMVml4Y2JhUS0za2JxOW9PbzZ3NV8zc3ZRQ3dmNjNiTVNaSEpzdkgyUndwVkhkbFJnM3Rmbl9RRUxGcWtJYzZycERibFlUbXZJcVdVaWJjQVdHcXhDRVR6NU5vUGlnbndMaVpuVi1lZFpKZDRpbUJZNU5Ia3FLM0Q0TDgyTnp1NzJkUVU3M3B4T3F5Q3FVSlNhQ3IyVU52eVVucHRENTZTemdtSTBaM0JqUVkyTjFB",
"username": ""
}
2018/08/17 14:26:06 Non-critical error occurred during resource retrieval: the server has asked for the client to provide credentials
2018/08/17 14:26:06 [2018-08-17T14:26:06Z] Outcoming response to 10.244.0.0:34914 with 200 status code
2018/08/17 14:26:24 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
Kubernetes版本:
kubectl version
Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.7", GitCommit:"dd5e1a2978fd0b97d9b78e1564398aeea7e7fe92", GitTreeState:"clean", BuildDate:"2018-04-19T00:05:56Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.2", GitCommit:"bb9ffb1654d4a729bb4cec18ff088eacc153c239", GitTreeState:"clean", BuildDate:"2018-08-07T23:08:19Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
答案 0 :(得分:1)
注意:仪表板不应通过HTTP公开公开。对于通过HTTP访问的域,将无法登录。单击登录页面上的“登录”按钮后,什么也不会发生。
另外,正如chrissound写道:
我通过为仪表板用户授予集群管理员权限并在登录提示符下单击“跳过”来解决此问题:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-deployment-structure>
<sub-deployment name="pfi-web.war">
<exclusions>
<module name="org.apache.commons.logging" />
<module name="org.apache.log4j" />
<module name="org.jboss.logging" />
<module name="org.jboss.logging.jul-to-slf4j-stub" />
<module name="org.jboss.logmanager" />
<module name="org.jboss.logmanager.log4j" />
<module name="org.slf4j" />
<module name="org.slf4j.impl" />
</exclusions>
</sub-deployment>
</jboss-deployment-structure>
答案 1 :(得分:0)
注意:不应使用kubectl proxy命令公开显示控制板,因为它仅允许HTTP连接。对于除localhost和127.0.0.1之外的域,将无法登录。单击登录页面上的“登录”按钮后,什么也不会发生。
您可以将服务kubernetes-dashboard更改和发布为NodePort类型,然后使用指定的NodePort访问仪表板。例如:
---
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
kubernetes.io/cluster-service: "true"
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 31115
selector:
k8s-app: kubernetes-dashboard