Web UI部署、集群参考自 https://blog.csdn.net/weixin_41806245/article/details/89381752
解决方案参考自https://www.cnblogs.com/harlanzhang/p/10045975.html

部署完K8sWeb UI后,在Web上部署Pod、Service、RS、RC等资源报错

报错信息: pods is forbidden: User "system:serviceaccount:kube-system:namespace-controller" cannot create resource "pods" in API group "" in the namespace "default"

问题分析: API组中用户不能在默认命名空间创建Pod,也就是说使用原token认证登录的用户是无权操作

解决方案:

在这里插入图片描述
1.创建kubernetes-dashboard管理员角色

[root@k8s-master ~]# vi k8s-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: dashboard-admin
subjects:
  - kind: ServiceAccount
    name: dashboard-admin
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

[root@k8s-master ~]# kubectl create -f k8s-admin.yaml

2.获取dashboard管理员角色token

[root@k8s-master ~]# kubectl describe secret dashboard-admin-token-7z6zm -n kube-system     
Name:         dashboard-admin-token-7z6zm
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: f0d1d33f-d43d-11e9-a75a-fa163e7d0486

Type:  kubernetes.io/service-account-token

Data
====
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tN3o2em0iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZjBkMWQzM2YtZDQzZC0xMWU5LWE3NWEtZmExNjNlN2QwNDg2Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.Jmws1PEvnjG4fmR2YoZTV909dvPwJdRTi_KSkUnezA1i1GBd7YHpIjw_MmVj8Vx-C4dE83OPPqS2UIdslJQV-KsAYQNOMaPxhxOz4WRgIzEcxpOXMEKny93AGB6PcpQrmtNnmnwGEX8wF-dqogqoyH-8X-iDdpQ75-TbrVmco-NZtb7GMGKiTnBK_cRZ2iGg-Oq4ic7YoJpM0C1a87xNb4kOfUCIShj1JqWJTdoMtvjiCSTvjBVz8mICvQ9qMrJfxCZZJ6BjNNvMDqrd2cWKu14mjDo_hipt6DBcKSZDmp-jBCccx4RG_9CGpp6UyeFWVuEvDxeN8ABkX6RB74s3hw
ca.crt:     1025 bytes
namespace:  11 bytes

3.使用第二步第12行的token登陆kubernetes-dashboard web界面即可

附加阅读:详解kubernetes-dashboard.yaml文件,理解RBAC角色控制和认证

Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐