问题
I configured kubernetes cluster with one master and 4 worker nodes using KUBEADM tool IN LOCAL. All nodes are running fine. deployed an app and able access that app from browser. I have tried many ways to create a dashboard using kubectl but i am failed.
TRY1: tried directly with the below command:
$ sudo kubectl proxy --address="172.20.22.101" -p 8001
tried to access the dashboard using the url http://172.20.22.101:8001/api/v1, but it is saying unauthorized.
TRY2: created dashboard-admin.yaml file with the below content:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
And run the below command:
$ kubectl create -f dashboard-admin.yaml
It's shown me: clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created.
Running the below command:
$ sudo kubectl proxy --address="172.20.22.101" -p 443
its running fine. I am accessing the http://172.20.22.101:443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ URL from browser. it's showing same unauthorized error.
回答1:
run kubectl proxy command with --accept-hosts option
kubectl proxy --address="172.20.22.101" -p 8001 --accept-hosts="^*$"
and it will work fine.
Note: this is not recommended for production grade kubernetes clusters, since you're accessing the dashboard through plain http.
More secure alternative is to run access the dashboard through ssh tunnel like this.
in one terminal run:
kubectl proxy
in another terminal run a ssh tunnel to localhost:8001 (the default kubernetes dashboard port)
ssh -NT -l SSH_USER -p SSH_PORT K8S_CONTROLLER_IP_ADDR -L 8001:localhost:8001
来源:https://stackoverflow.com/questions/53521962/kubernetes-dashboard-showing-unauthorized