k8s WEB-UI页面无数据,pod报RABC权限问题
登陆WEB-UI页面发现无任何数据,整体页面为空查看 kubernetes-dashboard 的pod日志是RABC权限问题2021/08/19 07:33:30 [2021-08-19T07:33:30Z] Outcoming response to 10.244.0.0:39799 with 200 status code2021/08/19 07:33:34 [2021-08-19T07:
登陆WEB-UI页面发现无任何数据,整体页面为空
查看 kubernetes-dashboard 的pod日志是RABC权限问题
2021/08/19 07:33:30 [2021-08-19T07:33:30Z] Outcoming response to 10.244.0.0:39799 with 200 status code
2021/08/19 07:33:34 [2021-08-19T07:33:34Z] Incoming HTTP/2.0 GET /api/v1/crd?itemsPerPage=10&page=1&sortBy=d,creationTimestamp request from 10.244.0.0:39799:
2021/08/19 07:33:34 Non-critical error occurred during resource retrieval: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
2021/08/19 07:33:34 [2021-08-19T07:33:34Z] Outcoming response to 10.244.0.0:39799 with 200 status code
2021/08/19 07:33:35 [2021-08-19T07:33:35Z] Incoming HTTP/2.0 GET /api/v1/namespace request from 10.244.0.0:39799:
2021/08/19 07:33:35 Getting list of namespaces
2021/08/19 07:33:35 Non-critical error occurred during resource retrieval: namespaces is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot list resource "namespaces" in API group "" at the cluster scope
2021/08/19 07:33:35 [2021-08-19T07:33:35Z] Outcoming response to 10.244.0.0:39799 with 200 status code
2021/08/19 07:33:39 [2021-08-19T07:33:39Z] Incoming HTTP/2.0 GET /api/v1/crd?itemsPerPage=10&page=1&sortBy=d,creationTimestamp request from 10.244.0.0:39799:
2021/08/19 07:33:39 Non-critical error occurred during resource retrieval: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
2021/08/19 07:33:39 [2021-08-19T07:33:39Z] Outcoming response to 10.244.0.0:39799 with 200 status code
2021/08/19 07:33:40 [2021-08-19T07:33:40Z] Incoming HTTP/2.0 GET /api/v1/namespace request from 10.244.0.0:39799:
2021/08/19 07:33:40 Getting list of namespaces
2021/08/19 07:33:40 Non-critical error occurred during resource retrieval: namespaces is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot list resource "namespaces" in API group "" at the cluster scope
2021/08/19 07:33:40 [2021-08-19T07:33:40Z] Outcoming response to 10.244.0.0:39799 with 200 status code
2021/08/19 07:33:44 [2021-08-19T07:33:44Z] Incoming HTTP/2.0 GET /api/v1/crd?itemsPerPage=10&page=1&sortBy=d,creationTimestamp request from 10.244.0.0:39799:
2021/08/19 07:33:44 Non-critical error occurred during resource retrieval: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
2021/08/19 07:33:44 [2021-08-19T07:33:44Z] Outcoming response to 10.244.0.0:39799 with 200 status code
2021/08/19 07:33:45 [2021-08-19T07:33:45Z] Incoming HTTP/2.0 GET /api/v1/namespace request from 10.244.0.0:39799:
2021/08/19 07:33:45 Getting list of namespaces
2021/08/19 07:33:45 Non-critical error occurred during resource retrieval: namespaces is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot list resource "namespaces" in API group "" at the cluster scope
2021/08/19 07:33:45 [2021-08-19T07:33:45Z] Outcoming response to 10.244.0.0:39799 with 200 status code
将kubernetes-dashboard绑定cluster-admin权限
编写yaml文件
cat kubernetes-dashboard-admin_clusterroles.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
kubectl apply -f kubernetes-dashboard-admin_clusterroles.yaml
clusterrolebinding.rbac.authorization.k8s.io "kubernetes-dashboard" created
登陆WEB-UI页面,数据恢复正常
报错:
[root@pro1 WEB-UI]# kubectl apply -f kubernetes-dashboard-admin_clusterroles.yaml
The ClusterRoleBinding "kubernetes-dashboard" is invalid: roleRef: Invalid value: rbac.RoleRef{APIGroup:"rbac.authorization.k8s.io", Kind:"ClusterRole", Name:"cluster-admin"}: cannot change roleRef
解决:
[root@pro1 WEB-UI]# kubectl delete -f kubernetes-dashboard-admin_clusterroles.yaml
clusterrolebinding.rbac.authorization.k8s.io "kubernetes-dashboard" deleted
[root@pro1 WEB-UI]#
[root@pro1 WEB-UI]# kubectl apply -f kubernetes-dashboard-admin_clusterroles.yaml
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
更多推荐
所有评论(0)