当前位置: 首页 > 工具软件 > SY-UI > 使用案例 >

k8s WEB-UI页面无数据,pod报RABC权限问题

秦弘亮
2023-12-01

登陆WEB-UI页面发现无任何数据,整体页面为空

查看 kubernetes-dashboard 的pod日志是RABC权限问题
2021/08/19 07:33:30 [2021-08-19T07:33:30Z] Outcoming response to 10.244.0.0:39799 with 200 status code
2021/08/19 07:33:34 [2021-08-19T07:33:34Z] Incoming HTTP/2.0 GET /api/v1/crd?itemsPerPage=10&page=1&sortBy=d,creationTimestamp request from 10.244.0.0:39799: 
2021/08/19 07:33:34 Non-critical error occurred during resource retrieval: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
2021/08/19 07:33:34 [2021-08-19T07:33:34Z] Outcoming response to 10.244.0.0:39799 with 200 status code
2021/08/19 07:33:35 [2021-08-19T07:33:35Z] Incoming HTTP/2.0 GET /api/v1/namespace request from 10.244.0.0:39799: 
2021/08/19 07:33:35 Getting list of namespaces
2021/08/19 07:33:35 Non-critical error occurred during resource retrieval: namespaces is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot list resource "namespaces" in API group "" at the cluster scope
2021/08/19 07:33:35 [2021-08-19T07:33:35Z] Outcoming response to 10.244.0.0:39799 with 200 status code
2021/08/19 07:33:39 [2021-08-19T07:33:39Z] Incoming HTTP/2.0 GET /api/v1/crd?itemsPerPage=10&page=1&sortBy=d,creationTimestamp request from 10.244.0.0:39799: 
2021/08/19 07:33:39 Non-critical error occurred during resource retrieval: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
2021/08/19 07:33:39 [2021-08-19T07:33:39Z] Outcoming response to 10.244.0.0:39799 with 200 status code
2021/08/19 07:33:40 [2021-08-19T07:33:40Z] Incoming HTTP/2.0 GET /api/v1/namespace request from 10.244.0.0:39799: 
2021/08/19 07:33:40 Getting list of namespaces
2021/08/19 07:33:40 Non-critical error occurred during resource retrieval: namespaces is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot list resource "namespaces" in API group "" at the cluster scope
2021/08/19 07:33:40 [2021-08-19T07:33:40Z] Outcoming response to 10.244.0.0:39799 with 200 status code
2021/08/19 07:33:44 [2021-08-19T07:33:44Z] Incoming HTTP/2.0 GET /api/v1/crd?itemsPerPage=10&page=1&sortBy=d,creationTimestamp request from 10.244.0.0:39799: 
2021/08/19 07:33:44 Non-critical error occurred during resource retrieval: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
2021/08/19 07:33:44 [2021-08-19T07:33:44Z] Outcoming response to 10.244.0.0:39799 with 200 status code
2021/08/19 07:33:45 [2021-08-19T07:33:45Z] Incoming HTTP/2.0 GET /api/v1/namespace request from 10.244.0.0:39799: 
2021/08/19 07:33:45 Getting list of namespaces
2021/08/19 07:33:45 Non-critical error occurred during resource retrieval: namespaces is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot list resource "namespaces" in API group "" at the cluster scope
2021/08/19 07:33:45 [2021-08-19T07:33:45Z] Outcoming response to 10.244.0.0:39799 with 200 status code

将kubernetes-dashboard绑定cluster-admin权限

编写yaml文件
cat kubernetes-dashboard-admin_clusterroles.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard

kubectl apply -f kubernetes-dashboard-admin_clusterroles.yaml
clusterrolebinding.rbac.authorization.k8s.io "kubernetes-dashboard" created

登陆WEB-UI页面,数据恢复正常

报错:

[root@pro1 WEB-UI]# kubectl apply -f kubernetes-dashboard-admin_clusterroles.yaml
The ClusterRoleBinding "kubernetes-dashboard" is invalid: roleRef: Invalid value: rbac.RoleRef{APIGroup:"rbac.authorization.k8s.io", Kind:"ClusterRole", Name:"cluster-admin"}: cannot change roleRef

解决:

[root@pro1 WEB-UI]# kubectl delete -f kubernetes-dashboard-admin_clusterroles.yaml 
clusterrolebinding.rbac.authorization.k8s.io "kubernetes-dashboard" deleted
[root@pro1 WEB-UI]# 
[root@pro1 WEB-UI]# kubectl apply -f kubernetes-dashboard-admin_clusterroles.yaml
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created

 类似资料: