not able to access kubernetes dashboard in gcloud

2019-04-02 00:18发布

问题:

I am following the instructions as given here

I used the command to get a running cluster, in gcloud console I typed: curl -sS https://get.k8s.io | bash as described in the link, after that I ran the command kubectl cluster-info from that I got:

kubernetes-dashboard is running at https://35.188.109.36/api/v1/proxy/namespaces/kube-
system/services/kubernetes-dashboard

but when I go to that url from firefox, the message that comes is:

User "system:anonymous" cannot proxy services in the namespace 
"kube-system".: "No policy matched."

Expected behaviour: Should ask for admin name and password to connect to the dashboard.

I dont understand why its so difficult to even access the kubernetes dashboad in google compute engine. I have seen other issues as well like these but no great help. I also deleted the whole service of dashboard (which was cluster ip type by default) and made it NodePort type to expose it as mentioned in the last answer of Unable to access Kubernetes Dashboard but no help. Please help.

回答1:

Is there a reason why you did not use GKE (Google Kubernetes Engine) which provides the dashboard add-on installed out of the box?

In your case, simply:

  • the kubernetes-dashboard addon might not be installed (but logs say so, so I think this is not the problem)
  • network configuration that makes kubectl proxy work might not be there
  • the curl .. | sh script you used probably did not configure the authentication properly.

I recommend using GKE as this works out of the box. You can find documentation here: https://cloud.google.com/kubernetes-engine/docs/oss-ui


If you still want to use GCE, I recommend running kubectl proxy on your workstation (not your kubernetes nodes) and visiting http://127.0.0.1:8001/ui on your browser to see if it works.

If you get an error about not having enough permissions, you might be using a Kubernetes version new enough that enforces RBAC policies on pods like dashboard which access the API. You can grant those permissions by running:

kubectl create clusterrolebinding add-on-cluster-admin  \
  --clusterrole=cluster-admin  \
  --serviceaccount=kube-system:default

I also recommend trying out GKE UI in Google Cloud Console: https://console.cloud.google.com/kubernetes



回答2:

you can run kubectl proxy locally and access it at http://localhost:8001/ui