使用gcloud访问kubernetes仪表板

时间:2018-12-06 11:22:41

标签: kubernetes devops gcloud kubernetes-dashboard

使用gcloud,我创建了一个标准群集。

当我运行命令kubectl cluster-info时,我得到以下输出:

Kubernetes master is running at https://<cluster-ip>
GLBCDefaultBackend is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/default-http-backend:http/proxy
Heapster is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/heapster/proxy
KubeDNS is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
kubernetes-dashboard is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
Metrics-server is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy

当我想访问仪表板(Web ui界面)时,例如kubernetes-dashboard is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy,我遇到此错误:

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "services \"https:kubernetes-dashboard:\" is forbidden: User \"system:anonymous\" cannot get services/proxy in the namespace \"kube-system\"",
  "reason": "Forbidden",
  "details": {
    "name": "https:kubernetes-dashboard:",
    "kind": "services"
  },
  "code": 403
}

我知道有关kubernetes仪表板的这类问题有很多问题,但是我没有权利直接从gcloud直接通过web ui进行访问和连接。

1 个答案:

答案 0 :(得分:0)

您需要先运行kubectl proxy才能与http://164.160.91.13/~southaf2/对等地访问kubernetes仪表板。 之后,您可以提供不记名令牌或Kubeconfig文件,请参阅hoe上的此文档以获取documentation

另一个获得对GKE仪表板的完全访问权限的选项,如下所示:

gcloud get-credentials <GKE cluster name> --zone <zone> --project <project>
gcloud config config-helper --format=json | jq .credential.access_token

复制令牌并将其用于完全访问所有“仪表板”部分。