dashboard - 无法通过 token 访问 kubernetes 仪表板

Question

1. 我已经使用 kubeadm v1.8.5 设置了 kubernetes
2. 使用以下方法设置仪表板:

wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.8.0/src/deploy/recommended/kubernetes-dashboard.yaml`

kubectl create -f kubernetes-dashboard.yaml

kubectl create -f kubernetes-dashboard-admin.rbac.yaml

然后按照建议使用 http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ 设置 kubectl 代理.

当我尝试使用 kubernetes-dashboard-admin token 登录时。使用以下命令接收 token :

    kubectl -n kube-system get secret | grep -i dashboard-admin | awk '{print $1}' | xargs -I {} 
    kubectl -n kube-system describe secret {}

我的问题来了:我无法通过 token 访问仪表板，当我粘贴 token 并单击“登录”按钮时，没有任何反应。我的日志中什么也没有得到[使用 tail -f/var/log/messages 和journalctl -xeu kubelet]。我是 k8s 的新手，也许有人可以告诉我日志在哪里？

这是我的 k8s 集群信息:

[root@k8s-1 pki]# kubectl cluster-info

Kubernetes master is running at https://172.16.1.15:6443
KubeDNS is running at https://172.16.1.15:6443/api/v1/namespaces/kube-system/services/kube-dns/proxy
kubernetes-dashboard is running at https://172.16.1.15:6443/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

[root@k8s-1 pki]# kubectl 获取节点

NAME      STATUS    ROLES     AGE       VERSION
k8s-1     Ready     master    4d        v1.8.5
k8s-2     Ready     <none>    4d        v1.8.5
k8s-3     Ready     <none>    4d        v1.8.5

[root@k8s-1 pki]# kubectl get pods --all-namespaces

NAMESPACE     NAME                                    READY     STATUS    RESTARTS   AGE
kube-system   etcd-k8s-1                              1/1       Running   2          4d
kube-system   kube-apiserver-k8s-1                    1/1       Running   2          4d
kube-system   kube-controller-manager-k8s-1           1/1       Running   1          4d
kube-system   kube-dns-545bc4bfd4-94vxx               3/3       Running   3          4d
kube-system   kube-flannel-ds-97frd                   1/1       Running   2          4d
kube-system   kube-flannel-ds-bl9tp                   1/1       Running   2          4d
kube-system   kube-flannel-ds-bn9hp                   1/1       Running   1          4d
kube-system   kube-proxy-9ncdm                        1/1       Running   0          4d
kube-system   kube-proxy-qjm9k                        1/1       Running   1          4d
kube-system   kube-proxy-rknz4                        1/1       Running   0          4d
kube-system   kube-scheduler-k8s-1                    1/1       Running   2          4d
kube-system   kubernetes-dashboard-7486b894c6-tszq9   1/1       Running   0          2h

kubernetes-dashboard-admin-rbac.yaml 是:

[root@k8s-1 仪表板]# cat kubernetes-dashboard-admin.rbac.yaml

---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
  name: kubernetes-dashboard-admin
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard-admin
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard-admin
  namespace: kube-system

有什么建议吗？谢谢!!!

Answer 1

尝试使用 https 连接，我有同样的问题，这对我有用

Kubernetes 手册:

NOTE: Dashboard should not be exposed publicly using kubectl proxy command as it only allows HTTP connection. For domains other than localhost and 127.0.0.1 it will not be possible to sign in. Nothing will happen after clicking Sign in button on login page. Logging in is only available when accessing Dashboard over HTTPS or when domain is either localhost or 127.0.0.1. It's done this way for security reasons. Closing as this works as intended.