我有以下服务:如何在群集外部访问/公开kubernetes-dashboard服务?
[email protected]:~$ kubectl get services --all-namespaces
NAMESPACE NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes 100.64.0.1 <none> 443/TCP 48m
kube-system kube-dns 100.64.0.10 <none> 53/UDP,53/TCP 47m
kube-system kubernetes-dashboard 100.70.83.136 <nodes> 80/TCP 47m
我试图访问kubernetes仪表板。考虑到curl不是浏览器,下面的回应似乎是合理的。
[email protected]:~$ curl 100.70.83.136
<!doctype html> <html ng-app="kubernetesDashboard"> <head> <meta charset="utf-8"> <title>Kubernetes Dashboard</title> <link rel="icon" type="image/png" href="assets/images/kubernetes-logo.png"> <meta name="viewport" content="width=device-width"> <link rel="stylesheet" href="static/vendor.36bb79bb.css"> <link rel="stylesheet" href="static/app.d2318302.css"> </head> <body> <!--[if lt IE 10]>
<p class="browsehappy">You are using an <strong>outdated</strong> browser.
Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your
experience.</p>
<![endif]--> <kd-chrome layout="column" layout-fill> </kd-chrome> <script src="static/vendor.633c6c7a.js"></script> <script src="api/appConfig.json"></script> <script src="static/app.9ed974b1.js"></script> </body> </html>
根据文档,正确的接入点是https://localhost/ui。所以,我正在尝试它,并收到一些令人担忧的结果。 是否预计会有回应?
[email protected]:~$ curl https://localhost/ui
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
在没有证书验证的情况下尝试相同。对于卷曲它可能是好的。但我在浏览器中也是这样,它通过vagrant forwarded_port选项通过端口转发进行连接。
[email protected]:~$ curl -k https://localhost/ui
Unauthorized
我在做什么错了?以及如何确保我可以访问用户界面?目前它响应未经授权。
为仪表板的文档告诉密码是在配置:
[email protected]:~$ kubectl config view
apiVersion: v1
clusters: []
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []
,但现在看来还没有什么...... 它是预期的行为?我如何使用UI进行授权?
你见过http://stackoverflow.com/q/34306082/759019? –
我见过类似。我查到的任何地方都没有实际的答案(指令行动),或者它与1.4.0 kubernetes不兼容,或者我缺少一些基本的东西。 – Andrew