kubernetes dashboard unauthentication

前言

参考文档安装完Kubernetes cluster后安装k8s dashboard,发现不能访问。

这个问题在dashboard-issue上面引发了很多开发者的讨论,笔者浏览后发现可用的解决方案被淹没在众多讨论中,不易发现,这里列出来方便大家。

基础环境

  • Kubernetes:
{
  "Client Version": {
    "Major": "1",
    "Minor": "5",
    "GitVersion": "v1.5.1",
    "GitCommit": "82450d03cb057bab0950214ef122b67c83fb11df",
    "GitTreeState": "clean",
    "BuildDate": "2016-12-14T00:57:05Z",
    "GoVersion": "go1.7.4",
    "Compiler": "gc",
    "Platform": "linux/amd64"
  },
  "Server Version": {
    "Major": "1",
    "Minor": "5",
    "GitVersion": "v1.5.2",
    "GitCommit": "08e099554f3c31f6e6f07b448ab3ed78d0520507",
    "GitTreeState": "clean",
    "BuildDate": "2017-01-12T04:52:34Z",
    "GoVersion": "go1.7.4",
    "Compiler": "gc",
    "Platform": "linux/amd64"
  }
}
  • kubernetes master
    • internal ip: 192.168.10.124
    • centos 7 64bit
  • kubernetes slave:
    • internal ip: 192.168.10.134
    • centos 7 64bit

问题描述

安装dashboard

kubectl create -f https://rawgit.com/kubernetes/dashboard/master/src/deploy/kubernetes-dashboard.yaml  

执行

kubectl proxy --address=0.0.0.0  

访问master_ip:8001/ui得到Unauthorized

解决

kubectl proxy --address=0.0.0.0 --port=8001 --accept-hosts='^*$'  

然后访问master_ip:8001/ui

kubectl proxy --address=0.0.0.0  
kubectl describe services kubernetes-dashboard --namespace=kube-system

---output---
Name:                   kubernetes-dashboard  
Namespace:              kube-system  
Labels:                 app=kubernetes-dashboard  
Selector:               app=kubernetes-dashboard  
Type:                   NodePort  
IP:                     10.105.153.238  
Port:                   <unset> 80/TCP  
NodePort:               <unset> 30635/TCP  
Endpoints:              10.40.0.1:9090  
Session Affinity:       None  
No events.  

找到输出中的NodePort的值,我这里是30635,然后访问: master_ip:30635

问题

  • 只是解决了问题,没深入其中的原理。深入后回来补充。

相关链接