使用gcloud,我创建了一个标准群集。
当我运行命令kubectl cluster-info
时,我得到以下输出:
Kubernetes master is running at https://<cluster-ip>
GLBCDefaultBackend is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/default-http-backend:http/proxy
Heapster is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/heapster/proxy
KubeDNS is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
kubernetes-dashboard is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
Metrics-server is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy
当我想访问仪表板(Web ui界面)时,例如kubernetes-dashboard is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
,我遇到此错误:
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "services \"https:kubernetes-dashboard:\" is forbidden: User \"system:anonymous\" cannot get services/proxy in the namespace \"kube-system\"",
"reason": "Forbidden",
"details": {
"name": "https:kubernetes-dashboard:",
"kind": "services"
},
"code": 403
}
我知道有关kubernetes仪表板的这类问题有很多问题,但是我没有权利直接从gcloud直接通过web ui进行访问和连接。
答案 0 :(得分:0)
您需要先运行kubectl proxy
才能与http://164.160.91.13/~southaf2/对等地访问kubernetes仪表板。
之后,您可以提供不记名令牌或Kubeconfig文件,请参阅hoe上的此文档以获取documentation。
另一个获得对GKE仪表板的完全访问权限的选项,如下所示:
gcloud get-credentials <GKE cluster name> --zone <zone> --project <project>
gcloud config config-helper --format=json | jq .credential.access_token
复制令牌并将其用于完全访问所有“仪表板”部分。