Question

使用gcloud，我创建了一个标准群集。

当我运行命令kubectl cluster-info时，我得到以下输出：

Kubernetes master is running at https://<cluster-ip>
GLBCDefaultBackend is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/default-http-backend:http/proxy
Heapster is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/heapster/proxy
KubeDNS is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
kubernetes-dashboard is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
Metrics-server is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy

当我想访问仪表板（Web ui界面）时，例如kubernetes-dashboard is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy，我遇到此错误：

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "services \"https:kubernetes-dashboard:\" is forbidden: User \"system:anonymous\" cannot get services/proxy in the namespace \"kube-system\"",
  "reason": "Forbidden",
  "details": {
    "name": "https:kubernetes-dashboard:",
    "kind": "services"
  },
  "code": 403
}

我知道有关kubernetes仪表板的这类问题有很多问题，但是我没有权利直接从gcloud直接通过web ui进行访问和连接。

Answer 1

您需要先运行kubectl proxy才能与http://164.160.91.13/~southaf2/对等地访问kubernetes仪表板。之后，您可以提供不记名令牌或Kubeconfig文件，请参阅hoe上的此文档以获取documentation。

另一个获得对GKE仪表板的完全访问权限的选项，如下所示：

gcloud get-credentials <GKE cluster name> --zone <zone> --project <project>
gcloud config config-helper --format=json | jq .credential.access_token

复制令牌并将其用于完全访问所有“仪表板”部分。

使用gcloud访问kubernetes仪表板

1 个答案: