1

我已经使用 kubeadm 在 AWS EC2 上创建了 kubernetes 集群,我可以看到所有连接的节点,并且我的部署和服务也在工作。即使我公开了我的部署,我也可以从集群外部访问它,但是当我尝试从外部或本地访问 kubernetes api 时,我得到了错误

“用户“system:anonymous”无法进入集群范围。”

我的集群信息显示了这一点:

Kubernetes master is running at https://172.31.25.217:6443 
KubeDNS is running at https://172.31.25.217:6443/api/v1/proxy/namespaces/kube-system/services/kube-dns

172.31.25.217是集群的本地IP

我正在使用最新版本的 kubectl 和 kubeadm

kubectl version
Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:44:27Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:33:17Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
ubuntu@ip-172-31-25-217:/etc/kubernetes/manifests$ kubeadm version
kubeadm version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:33:17Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}

即使我尝试运行 kubectl proxy 并从 IP 上的集群外部访问仪表板:http://MASTER_IP:8001/ui,我也无法执行此操作,并且它显示连接被拒绝。

我缺少什么技巧?谁能帮我 ?

Kubectl 配置视图:`

kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://172.31.17.145:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

`

4

1 回答 1

0

我可以使用以下命令解决无法从外部集群访问的仪表板问题:

kubectl proxy --address='0.0.0.0' --port=8001 --accept-hosts='^*$'
于 2017-06-13T15:14:11.527 回答