无需kubectl代理即可访问Kubernetes仪表板
[英]Enable access to Kubernetes Dashboard without kubectl proxy
问题描述
If I move a relevant config file and run kubectl proxy it will allow me to access the Kubernetes dashboard through this URL: 
如果我移动相关的配置文件并运行kubectl proxy ,它将允许我通过以下URL访问Kubernetes仪表板:
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
However if I try to access the node directly, without kubectl proxy , I will get a 403 Forbidden. 但是,如果我尝试不使用kubectl proxy直接访问该节点,则会收到403 Forbidden。
http://dev-master:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
Our kubernetes clusters are hidden inside a private network that users need to VPN in to; 我们的kubernetes集群隐藏在用户需要VPN接入的专用网络中; furthermore only some of us can talk to the master node of each of our clusters after authenticating to the VPN. 此外,在对VPN进行身份验证后,只有我们当中的一些人可以与每个集群的主节点进行对话。 As such, running kubectl proxy is a redundant step, and choosing the appropriate config file for each cluster is an additional pain, especially when we want to compare the state of different clusters. 因此,运行kubectl proxy是多余的步骤,为每个集群选择适当的配置文件是另外一个kubectl proxy ,特别是当我们要比较不同集群的状态时。
What needs to be changed to allow "anonymous" HTTP access to the dashboard of these already-secured kubernetes master nodes? 需要进行哪些更改才能允许“匿名” HTTP访问这些已经受保护的kubernetes主节点的仪表板?
1 个解决方案
解决方案1
3 2018-12-24 21:56:20
您可能希望为仪表板窗格设置服务(NodePort或LoadBalancer),以将其暴露给外界(好在群集的PoV之外,而PoV仍然是您的内部网络)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.