kubernetes dashboard (web ui) 没有任何显示
kubernetes dashboard (web ui) has nothing to display
部署webui(k8s dashboard)后,我登录了dashboard,但没有找到,而是通知中的错误列表。
tatefulsets.apps is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "statefulsets" in API group "apps" in the namespace "default" 2 minutes ago
error
replicationcontrollers is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "replicationcontrollers" in API group "" in the namespace "default" 2 minutes ago
error
replicasets.apps is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "replicasets" in API group "apps" in the namespace "default" 2 minutes ago
error
deployments.apps is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "deployments" in API group "apps" in the namespace "default" 2 minutes ago
error
jobs.batch is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "jobs" in API group "batch" in the namespace "default" 2 minutes ago
error
events is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "events" in API group "" in the namespace "default" 2 minutes ago
error
pods is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "pods" in API group "" in the namespace "default" 2 minutes ago
error
daemonsets.apps is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "daemonsets" in API group "apps" in the namespace "default" 2 minutes ago
error
cronjobs.batch is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "cronjobs" in API group "batch" in the namespace "default" 2 minutes ago
error
namespaces is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "namespaces" in API group "" at the cluster scope
这是我的全部pods
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system calico-kube-controllers-58497c65d5-828dm 1/1 Running 0 64m 10.244.192.193 master-node1 <none> <none>
kube-system calico-node-dblzp 1/1 Running 0 17m 157.245.57.140 cluster3-node1 <none> <none>
kube-system calico-node-dwdvh 1/1 Running 1 49m 157.245.57.139 cluster2-node2 <none> <none>
kube-system calico-node-gskr2 1/1 Running 0 17m 157.245.57.133 cluster1-node2 <none> <none>
kube-system calico-node-jm5rd 1/1 Running 0 17m 157.245.57.144 cluster4-node2 <none> <none>
kube-system calico-node-m8htd 1/1 Running 0 17m 157.245.57.141 cluster3-node2 <none> <none>
kube-system calico-node-n7d44 1/1 Running 0 64m 157.245.57.146 master-node1 <none> <none>
kube-system calico-node-wblpr 1/1 Running 0 17m 157.245.57.135 cluster2-node1 <none> <none>
kube-system calico-node-wbrzf 1/1 Running 1 29m 157.245.57.136 cluster1-node1 <none> <none>
kube-system calico-node-wqwkj 1/1 Running 0 17m 157.245.57.142 cluster4-node1 <none> <none>
kube-system coredns-78fcd69978-cnzxv 1/1 Running 0 64m 10.244.192.194 master-node1 <none> <none>
kube-system coredns-78fcd69978-f4ln8 1/1 Running 0 64m 10.244.192.195 master-node1 <none> <none>
kube-system etcd-master-node1 1/1 Running 1 64m 157.245.57.146 master-node1 <none> <none>
kube-system kube-apiserver-master-node1 1/1 Running 1 64m 157.245.57.146 master-node1 <none> <none>
kube-system kube-controller-manager-master-node1 1/1 Running 1 64m 157.245.57.146 master-node1 <none> <none>
kube-system kube-proxy-2b5bz 1/1 Running 0 17m 157.245.57.144 cluster4-node2 <none> <none>
kube-system kube-proxy-cslwc 1/1 Running 3 49m 157.245.57.139 cluster2-node2 <none> <none>
kube-system kube-proxy-hlvxc 1/1 Running 0 17m 157.245.57.140 cluster3-node1 <none> <none>
kube-system kube-proxy-kkdqn 1/1 Running 0 17m 157.245.57.142 cluster4-node1 <none> <none>
kube-system kube-proxy-sm7nq 1/1 Running 0 17m 157.245.57.133 cluster1-node2 <none> <none>
kube-system kube-proxy-wm42s 1/1 Running 0 64m 157.245.57.146 master-node1 <none> <none>
kube-system kube-proxy-wslxd 1/1 Running 0 17m 157.245.57.141 cluster3-node2 <none> <none>
kube-system kube-proxy-xnh24 1/1 Running 0 17m 157.245.57.135 cluster2-node1 <none> <none>
kube-system kube-proxy-zvsqf 1/1 Running 1 29m 157.245.57.136 cluster1-node1 <none> <none>
kube-system kube-scheduler-master-node1 1/1 Running 1 64m 157.245.57.146 master-node1 <none> <none>
kubernetes-dashboard dashboard-metrics-scraper-856586f554-c4thn 1/1 Running 0 14m 10.244.14.65 cluster2-node2 <none> <none>
kubernetes-dashboard kubernetes-dashboard-67484c44f6-hwvj5 1/1 Running 0 14m 10.244.213.65 cluster1-node1 <none> <none>
这是我所有的节点:
NAME STATUS ROLES AGE VERSION
cluster1-node1 Ready <none> 29m v1.22.1
cluster1-node2 Ready <none> 17m v1.22.1
cluster2-node1 Ready <none> 17m v1.22.1
cluster2-node2 Ready <none> 49m v1.22.1
cluster3-node1 Ready <none> 17m v1.22.1
cluster3-node2 Ready <none> 17m v1.22.1
cluster4-node1 Ready <none> 17m v1.22.1
cluster4-node2 Ready <none> 17m v1.22.1
master-node1 Ready control-plane,master 65m v1.22.1
怀疑是kubernetes-dashboard命名空间配置错误,导致无法访问系统
我已经根据随附的教程重新创建了这种情况,它对我有用。
确保您是 trying properly login:
To protect your cluster data, Dashboard deploys with a minimal RBAC configuration by default. Currently, Dashboard only supports logging in with a Bearer Token. To create a token for this demo, you can follow our guide on creating a sample user.
Warning: The sample user created in the tutorial will have administrative privileges and is for educational purposes only.
您还可以创建 admin role:
kubectl create clusterrolebinding serviceaccounts-cluster-admin \
--clusterrole=cluster-admin \
--group=system:serviceaccounts
但是,您需要知道这可能是一个非常危险的解决方案,因为您授予 root 权限以为每个读取机密的用户创建 pods。您应该仅将此方法用于学习和演示目的。
您可以阅读有关此解决方案的更多信息 here and more about RBAC authorization。
另见 。
如果您已经为 kubernetes-dashboard 应用了正确的 ClusterRoleBinding 并且仍然收到 forbidden 消息,请查看 token 您正在使用它来访问仪表板。
在 kubectl get serviceaccount kubernetes-dashboard -o yaml 中查找 .secrets.name。这是您需要用来登录的令牌
然后kubectl get secret <the token name> -o jsonpath='{.data.token}' | base64 -d。复制所有令牌。请注意,您不应 复制最后一个 % 字符。
部署webui(k8s dashboard)后,我登录了dashboard,但没有找到,而是通知中的错误列表。
tatefulsets.apps is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "statefulsets" in API group "apps" in the namespace "default" 2 minutes ago
error
replicationcontrollers is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "replicationcontrollers" in API group "" in the namespace "default" 2 minutes ago
error
replicasets.apps is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "replicasets" in API group "apps" in the namespace "default" 2 minutes ago
error
deployments.apps is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "deployments" in API group "apps" in the namespace "default" 2 minutes ago
error
jobs.batch is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "jobs" in API group "batch" in the namespace "default" 2 minutes ago
error
events is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "events" in API group "" in the namespace "default" 2 minutes ago
error
pods is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "pods" in API group "" in the namespace "default" 2 minutes ago
error
daemonsets.apps is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "daemonsets" in API group "apps" in the namespace "default" 2 minutes ago
error
cronjobs.batch is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "cronjobs" in API group "batch" in the namespace "default" 2 minutes ago
error
namespaces is forbidden: User "system:serviceaccount:kubernetes-dashboard:default" cannot list resource "namespaces" in API group "" at the cluster scope
这是我的全部pods
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system calico-kube-controllers-58497c65d5-828dm 1/1 Running 0 64m 10.244.192.193 master-node1 <none> <none>
kube-system calico-node-dblzp 1/1 Running 0 17m 157.245.57.140 cluster3-node1 <none> <none>
kube-system calico-node-dwdvh 1/1 Running 1 49m 157.245.57.139 cluster2-node2 <none> <none>
kube-system calico-node-gskr2 1/1 Running 0 17m 157.245.57.133 cluster1-node2 <none> <none>
kube-system calico-node-jm5rd 1/1 Running 0 17m 157.245.57.144 cluster4-node2 <none> <none>
kube-system calico-node-m8htd 1/1 Running 0 17m 157.245.57.141 cluster3-node2 <none> <none>
kube-system calico-node-n7d44 1/1 Running 0 64m 157.245.57.146 master-node1 <none> <none>
kube-system calico-node-wblpr 1/1 Running 0 17m 157.245.57.135 cluster2-node1 <none> <none>
kube-system calico-node-wbrzf 1/1 Running 1 29m 157.245.57.136 cluster1-node1 <none> <none>
kube-system calico-node-wqwkj 1/1 Running 0 17m 157.245.57.142 cluster4-node1 <none> <none>
kube-system coredns-78fcd69978-cnzxv 1/1 Running 0 64m 10.244.192.194 master-node1 <none> <none>
kube-system coredns-78fcd69978-f4ln8 1/1 Running 0 64m 10.244.192.195 master-node1 <none> <none>
kube-system etcd-master-node1 1/1 Running 1 64m 157.245.57.146 master-node1 <none> <none>
kube-system kube-apiserver-master-node1 1/1 Running 1 64m 157.245.57.146 master-node1 <none> <none>
kube-system kube-controller-manager-master-node1 1/1 Running 1 64m 157.245.57.146 master-node1 <none> <none>
kube-system kube-proxy-2b5bz 1/1 Running 0 17m 157.245.57.144 cluster4-node2 <none> <none>
kube-system kube-proxy-cslwc 1/1 Running 3 49m 157.245.57.139 cluster2-node2 <none> <none>
kube-system kube-proxy-hlvxc 1/1 Running 0 17m 157.245.57.140 cluster3-node1 <none> <none>
kube-system kube-proxy-kkdqn 1/1 Running 0 17m 157.245.57.142 cluster4-node1 <none> <none>
kube-system kube-proxy-sm7nq 1/1 Running 0 17m 157.245.57.133 cluster1-node2 <none> <none>
kube-system kube-proxy-wm42s 1/1 Running 0 64m 157.245.57.146 master-node1 <none> <none>
kube-system kube-proxy-wslxd 1/1 Running 0 17m 157.245.57.141 cluster3-node2 <none> <none>
kube-system kube-proxy-xnh24 1/1 Running 0 17m 157.245.57.135 cluster2-node1 <none> <none>
kube-system kube-proxy-zvsqf 1/1 Running 1 29m 157.245.57.136 cluster1-node1 <none> <none>
kube-system kube-scheduler-master-node1 1/1 Running 1 64m 157.245.57.146 master-node1 <none> <none>
kubernetes-dashboard dashboard-metrics-scraper-856586f554-c4thn 1/1 Running 0 14m 10.244.14.65 cluster2-node2 <none> <none>
kubernetes-dashboard kubernetes-dashboard-67484c44f6-hwvj5 1/1 Running 0 14m 10.244.213.65 cluster1-node1 <none> <none>
这是我所有的节点:
NAME STATUS ROLES AGE VERSION
cluster1-node1 Ready <none> 29m v1.22.1
cluster1-node2 Ready <none> 17m v1.22.1
cluster2-node1 Ready <none> 17m v1.22.1
cluster2-node2 Ready <none> 49m v1.22.1
cluster3-node1 Ready <none> 17m v1.22.1
cluster3-node2 Ready <none> 17m v1.22.1
cluster4-node1 Ready <none> 17m v1.22.1
cluster4-node2 Ready <none> 17m v1.22.1
master-node1 Ready control-plane,master 65m v1.22.1
怀疑是kubernetes-dashboard命名空间配置错误,导致无法访问系统
我已经根据随附的教程重新创建了这种情况,它对我有用。 确保您是 trying properly login:
To protect your cluster data, Dashboard deploys with a minimal RBAC configuration by default. Currently, Dashboard only supports logging in with a Bearer Token. To create a token for this demo, you can follow our guide on creating a sample user.
Warning: The sample user created in the tutorial will have administrative privileges and is for educational purposes only.
您还可以创建 admin role:
kubectl create clusterrolebinding serviceaccounts-cluster-admin \
--clusterrole=cluster-admin \
--group=system:serviceaccounts
但是,您需要知道这可能是一个非常危险的解决方案,因为您授予 root 权限以为每个读取机密的用户创建 pods。您应该仅将此方法用于学习和演示目的。
您可以阅读有关此解决方案的更多信息 here and more about RBAC authorization。
另见
如果您已经为 kubernetes-dashboard 应用了正确的 ClusterRoleBinding 并且仍然收到 forbidden 消息,请查看 token 您正在使用它来访问仪表板。
在 kubectl get serviceaccount kubernetes-dashboard -o yaml 中查找 .secrets.name。这是您需要用来登录的令牌
然后kubectl get secret <the token name> -o jsonpath='{.data.token}' | base64 -d。复制所有令牌。请注意,您不应 复制最后一个 % 字符。