使用 gcloud 访问 kubernetes 仪表板
Access to kubernetes dashboard using gcloud
我使用 gcloud 创建了一个独立集群。
当我 运行 命令 kubectl cluster-info 我有这个输出:
Kubernetes master is running at https://<cluster-ip>
GLBCDefaultBackend is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/default-http-backend:http/proxy
Heapster is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/heapster/proxy
KubeDNS is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
kubernetes-dashboard is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
Metrics-server is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy
当我想访问控制面板(Web ui 界面)时,例如 kubernetes-dashboard is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy 我遇到了这个错误:
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "services \"https:kubernetes-dashboard:\" is forbidden: User \"system:anonymous\" cannot get services/proxy in the namespace \"kube-system\"",
"reason": "Forbidden",
"details": {
"name": "https:kubernetes-dashboard:",
"kind": "services"
},
"code": 403
}
我知道有很多关于 kubernetes 仪表板的问题,但我找不到直接从 gcloud 通过 Web ui 正确访问和连接的权利。
您需要先 运行 kubectl proxy 才能像 documentation 一样访问 kubernetes 仪表板。
之后,您可以提供承载令牌或 Kubeconfig 文件,请参阅有关 hoe 的文档以获取 Bearer Token.
获得对 GKE 仪表板的完全访问权限的另一个选项见下文:
gcloud get-credentials <GKE cluster name> --zone <zone> --project <project>
gcloud config config-helper --format=json | jq .credential.access_token
复制令牌并使用它获得对所有仪表板部分的完全访问权限。
我使用 gcloud 创建了一个独立集群。
当我 运行 命令 kubectl cluster-info 我有这个输出:
Kubernetes master is running at https://<cluster-ip>
GLBCDefaultBackend is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/default-http-backend:http/proxy
Heapster is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/heapster/proxy
KubeDNS is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
kubernetes-dashboard is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
Metrics-server is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy
当我想访问控制面板(Web ui 界面)时,例如 kubernetes-dashboard is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy 我遇到了这个错误:
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "services \"https:kubernetes-dashboard:\" is forbidden: User \"system:anonymous\" cannot get services/proxy in the namespace \"kube-system\"",
"reason": "Forbidden",
"details": {
"name": "https:kubernetes-dashboard:",
"kind": "services"
},
"code": 403
}
我知道有很多关于 kubernetes 仪表板的问题,但我找不到直接从 gcloud 通过 Web ui 正确访问和连接的权利。
您需要先 运行 kubectl proxy 才能像 documentation 一样访问 kubernetes 仪表板。
之后,您可以提供承载令牌或 Kubeconfig 文件,请参阅有关 hoe 的文档以获取 Bearer Token.
获得对 GKE 仪表板的完全访问权限的另一个选项见下文:
gcloud get-credentials <GKE cluster name> --zone <zone> --project <project>
gcloud config config-helper --format=json | jq .credential.access_token
复制令牌并使用它获得对所有仪表板部分的完全访问权限。