unable to decode "https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml": no kind "Role" is registered for version "rbac.authorization.k8s.io/v1"
unable to decode "https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml": no kind "ClusterRole" is registered for version "rbac.authorization.k8s.io/v1"
unable to decode "https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml": no kind "RoleBinding" is registered for version "rbac.authorization.k8s.io/v1"
unable to decode "https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml": no kind "ClusterRoleBinding" is registered for version "rbac.authorization.k8s.io/v1"
unable to decode "https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml": no kind "Deployment" is registered for version "apps/v1"
unable to decode "https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml": no kind "Deployment" is registered for version "apps/v1"
因爲我們使用kubeadm搭建的集羣會默認開啓RABC(角色訪問控制機制),所以我們必須要進行額外的設置。
RBAC
K8S 1.6引進,是讓用戶能夠訪問 k8S API 資源的授權方式【不授權就沒有資格訪問K8S的資源】
用戶
K8S有兩種用戶:User和Service Account。其中,User給人用,Service Account給進程用,讓進程有相關權限。如Dashboard就是一個進程,我們就可以創建一個Service Account給它
角色
Role是一系列權限的集合,例如一個Role可包含讀取和列出 Pod的權限【 ClusterRole 和 Role 類似,其權限範圍是整個集羣】
角色綁定
RoleBinding把角色映射到用戶,從而讓這些用戶擁有該角色的權限【ClusterRoleBinding 和RoleBinding 類似,可讓用戶擁有 ClusterRole 的權限】
Secret
Secret是一個包含少量敏感信息如密碼,令牌,或祕鑰的對象。把這些信息保存在 Secret對象中,可以在這些信息被使用時加以控制,並可以降低信息泄露的風險
配置kubenetes的flannel網絡的時候,出現以下報錯
The connection to the server localhost:8080 was refused - did you specify the right host or port?
原因:kubenetes master沒有與本機綁定,集羣初始化的時候沒有設置
解決辦法:通過代理來訪問
(export KUBECONFIG=/etc/kubernetes/admin.conf)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
kubectl proxy
https://192.168.95.139:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/