Kubernetes 显示错误 "User "system:anonymous“无法进入集群范围。”
Kubernetes Showing error "User "system:anonymous" cannot get at the cluster scope."
我已经使用 kubeadm 在 AWS EC2 上创建了 kubernetes 集群,
我可以看到所有连接的节点,我的部署和服务也在工作。即使当我公开我的部署时,我也可以从集群外部访问它,但是当我尝试从外部或本地访问 kubernetes api 时,我收到错误
"User "system:anonymous" 无法进入集群范围。"
我的集群信息显示如下:
Kubernetes master is running at https://172.31.25.217:6443
KubeDNS is running at https://172.31.25.217:6443/api/v1/proxy/namespaces/kube-system/services/kube-dns
172.31.25.217为集群本地IP
我使用的是最新版本的 kubectl 和 kubeadm
kubectl version
Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:44:27Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:33:17Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
ubuntu@ip-172-31-25-217:/etc/kubernetes/manifests$ kubeadm version
kubeadm version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:33:17Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
即使我尝试 运行 kubectl 代理并从 IP 上的集群外部访问仪表板:http://MASTER_IP:8001/ui,我也无法做到这一点,它显示连接被拒绝。
我缺少什么技巧?谁能帮帮我?
Kubectl 配置视图:`
kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://172.31.17.145:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
`
我可以使用以下命令解决无法从集群外部访问仪表板的问题:
kubectl proxy --address='0.0.0.0' --port=8001 --accept-hosts='^*$'
我已经使用 kubeadm 在 AWS EC2 上创建了 kubernetes 集群, 我可以看到所有连接的节点,我的部署和服务也在工作。即使当我公开我的部署时,我也可以从集群外部访问它,但是当我尝试从外部或本地访问 kubernetes api 时,我收到错误
"User "system:anonymous" 无法进入集群范围。"
我的集群信息显示如下:
Kubernetes master is running at https://172.31.25.217:6443
KubeDNS is running at https://172.31.25.217:6443/api/v1/proxy/namespaces/kube-system/services/kube-dns
172.31.25.217为集群本地IP
我使用的是最新版本的 kubectl 和 kubeadm
kubectl version
Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:44:27Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:33:17Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
ubuntu@ip-172-31-25-217:/etc/kubernetes/manifests$ kubeadm version
kubeadm version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:33:17Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
即使我尝试 运行 kubectl 代理并从 IP 上的集群外部访问仪表板:http://MASTER_IP:8001/ui,我也无法做到这一点,它显示连接被拒绝。
我缺少什么技巧?谁能帮帮我?
Kubectl 配置视图:`
kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://172.31.17.145:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
`
我可以使用以下命令解决无法从集群外部访问仪表板的问题:
kubectl proxy --address='0.0.0.0' --port=8001 --accept-hosts='^*$'