我有以下服务:
ubuntu@master:~$ kubectl get services --all-namespaces
NAMESPACE NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes 100.64.0.1 <none> 443/TCP 48m
kube-system kube-dns 100.64.0.10 <none> 53/UDP,53/TCP 47m
kube-system kubernetes-dashboard 100.70.83.136 <nodes> 80/TCP 47m
我正在尝试访问 kubernetes 仪表板。考虑到curl不是浏览器,以下响应似乎是合理的。
ubuntu@master:~$ curl 100.70.83.136
<!doctype html> <html ng-app="kubernetesDashboard"> <head> <meta charset="utf-8"> <title>Kubernetes Dashboard</title> <link rel="icon" type="image/png" href="assets/images/kubernetes-logo.png"> <meta name="viewport" content="width=device-width"> <link rel="stylesheet" href="static/vendor.36bb79bb.css"> <link rel="stylesheet" href="static/app.d2318302.css"> </head> <body> <!--[if lt IE 10]>
<p class="browsehappy">You are using an <strong>outdated</strong> browser.
Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your
experience.</p>
<![endif]--> <kd-chrome layout="column" layout-fill> </kd-chrome> <script src="static/vendor.633c6c7a.js"></script> <script src="api/appConfig.json"></script> <script src="static/app.9ed974b1.js"></script> </body> </html>
根据文档,正确的接入点是https://localhost/ui https://localhost/ui。所以,我正在尝试,但收到的结果有点令人担忧。这是预期的反应吗?
ubuntu@master:~$ curl https://localhost/ui
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
在没有证书验证的情况下尝试相同的操作。对于卷曲来说可能没问题。但我在浏览器中得到了相同的结果,即通过 vagrantforwarded_port 选项通过端口转发进行连接。
ubuntu@master:~$ curl -k https://localhost/ui
Unauthorized
我做错了什么?以及如何确保我可以访问用户界面?目前它以“未经授权”响应。
仪表板的文档告诉密码位于配置中:
ubuntu@master:~$ kubectl config view
apiVersion: v1
clusters: []
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []
但我好像什么都没有……这是预期的行为吗?如何通过 UI 进行授权?