如何为kubernetes桌面UI配置简单的登录/通过身份验证
我是kubernetes的新手,我只是通过kubeadm安装kubernetes并运行仪表板UI,但无法配置对它的访问。在文档之后,我将行添加--basic-
auth-file=/etc/kubernetes/auth.csv到/etc/kubernetes/manifests/kube-
apiserver.yaml,创建文件并放入一个字符串,如pass,admin,admin。但是在该api服务器崩溃之后,删除此字符串并重新启动服务器后,它又恢复了正常。如何在不使api服务器崩溃的情况下将该参数传递给api服务器,也许还有其他需要从该文件中添加或删除?这是我的
apiVersion: v1kind: Pod
metadata:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ""
creationTimestamp: null
labels:
component: kube-apiserver
tier: control-plane
name: kube-apiserver
namespace: kube-system
spec:
containers:
- command:
- kube-apiserver
- --admission-control=Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota
- --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
- --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
- --secure-port=6443
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --requestheader-allowed-names=front-proxy-client
- --service-account-key-file=/etc/kubernetes/pki/sa.pub
- --client-ca-file=/etc/kubernetes/pki/ca.crt
- --enable-bootstrap-token-auth=true
- --allow-privileged=true
- --requestheader-username-headers=X-Remote-User
- --advertise-address=236.273.51.124
- --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
- --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
- --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
- --insecure-port=0
- --requestheader-group-headers=X-Remote-Group
- --requestheader-extra-headers-prefix=X-Remote-Extra-
- --service-cluster-ip-range=10.96.0.0/12
- --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
- --authorization-mode=Node,RBAC
- --etcd-servers=http://127.0.0.1:2379
image: gcr.io/google_containers/kube-apiserver-amd64:v1.8.0
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /healthz
port: 6443
scheme: HTTPS
initialDelaySeconds: 15
timeoutSeconds: 15
name: kube-apiserver
resources:
requests:
cpu: 250m
volumeMounts:
- mountPath: /etc/kubernetes/pki
name: k8s-certs
readOnly: true
- mountPath: /etc/ssl/certs
name: ca-certs
readOnly: true
- mountPath: /etc/pki
name: ca-certs-etc-pki
回答:
您的基本身份验证文件/etc/kubernetes/auth.csv在kube-apiserver
pod容器内不可用。应该将其安装到Pod的容器以及证书文件夹中。只需将其添加到volume和volumeMounts部分:
volumeMounts: - mountPath: /etc/kubernetes/auth.csv
name: kubernetes-dashboard
readOnly: true
volumes:
- hostPath:
path: /etc/kubernetes/auth.csv
name: kubernetes-dashboard
以上是 如何为kubernetes桌面UI配置简单的登录/通过身份验证 的全部内容, 来源链接: utcz.com/qa/414426.html
