0

请帮助我理解为什么 Kubernetes 的仪表板不能与 ServiceMesh 一起使用。将 EKS 和 AppMesh 用于 ServiceMesh 通常,当我在没有 AppMesh 的名称空间上进行相同的安装时,它可以正常工作,但是当想要推送由 AppMesh 控制的流量时,我会收到权限错误:

2021/06/17 09:11:02 Starting overwatch
2021/06/17 09:11:02 Using namespace: shared-system
2021/06/17 09:11:02 Using in-cluster config to connect to apiserver
2021/06/17 09:11:02 Using secret token for csrf signing
2021/06/17 09:11:02 Initializing csrf token from kubernetes-dashboard-csrf secret
panic: an error on the server ("") has prevented the request from succeeding (get secrets kubernetes-dashboard-csrf)
goroutine 1 [running]:
github.com/kubernetes/dashboard/src/app/backend/client/csrf.(*csrfTokenManager).init(0xc000159160)
    /home/runner/work/dashboard/dashboard/src/app/backend/client/csrf/manager.go:41 +0x413
github.com/kubernetes/dashboard/src/app/backend/client/csrf.NewCsrfTokenManager(...)
    /home/runner/work/dashboard/dashboard/src/app/backend/client/csrf/manager.go:66
github.com/kubernetes/dashboard/src/app/backend/client.(*clientManager).initCSRFKey(0xc000116080)
    /home/runner/work/dashboard/dashboard/src/app/backend/client/manager.go:503 +0xc6
github.com/kubernetes/dashboard/src/app/backend/client.(*clientManager).init(0xc000116080)
    /home/runner/work/dashboard/dashboard/src/app/backend/client/manager.go:471 +0x47
github.com/kubernetes/dashboard/src/app/backend/client.NewClientManager(...)
    /home/runner/work/dashboard/dashboard/src/app/backend/client/manager.go:552
main.main()
    /home/runner/work/dashboard/dashboard/src/app/backend/dashboard.go:105 +0x21c

它是否以某种方式连接到一个 pod 上的两个容器?并且它不能授予两者的访问权限?或者是什么原因?使用默认仪表板设置(只需重命名命名空间):

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml

并添加了 appmesh VirtualNode:

apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualNode
metadata:
  name: kubernetes-dashboard-virtual-node
  namespace: shared-system
spec:
  podSelector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  listeners:
    - portMapping:
        port: 8443
        protocol: http
      healthCheck:
        protocol: http
        path: '/'
        healthyThreshold: 5
        unhealthyThreshold: 5
        timeoutMillis: 2000
        intervalMillis: 5000
  serviceDiscovery:
    dns:
      hostname: dashboard.svc.cluster.local
  logging:
    accessLog:
      file:
        path: /dev/stdout

有人遇到过这样的问题吗?

4

0 回答 0