search

opsnull / follow-me-install-kubernetes-cluster

和我一步步部署 kubernetes 集群
Other
7.39k stars 2.9k forks source link

Browser can not access to `kubernetes-dashboard` #656

Closed huymq1710 closed 3 months ago

huymq1710 commented 3 months ago

Document version v1.16

Symptom

Step 08-3.dashboard插件.md

I had already done A.浏览器访问kube-apiserver安全端口.md and can access to the https://idc-k8s-01:6443

{
  "paths": [
    "/api",
    "/api/v1",
    ...
  ]
}

However , when I try to access kubernetes-dashboard. It showed

Safari can't open the page "https://idc-k8s-01:4443/". The error is: "The certificate for this server is invalid. You might be connecting to a server that is pretending to be "idc-k8s-01" which could put your confidential information at risk." (MSURLErrorDomain:-1.202)

Here is my deployment status

[root@idc-k8s-01 ~]# kubectl get pods -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-7b8b58dc8b-m74cf   1/1     Running   0          49m
kubernetes-dashboard-6cfc8c4c9-44vdk         1/1     Running   0          49m
[root@idc-k8s-01 ~]# kubectl port-forward -n kubernetes-dashboard  svc/kubernetes-dashboard 4443:443 --address 0.0.0.0
Forwarding from 0.0.0.0:4443 -> 8443
Handling connection for 4443
Handling connection for 4443

Logs

[root@idc-k8s-01 work]# kubectl logs -n kubernetes-dashboard kubernetes-dashboard-6cfc8c4c9-44vdk
2024/04/01 13:31:43 Starting overwatch
2024/04/01 13:31:43 Using namespace: kubernetes-dashboard
2024/04/01 13:31:43 Using in-cluster config to connect to apiserver
2024/04/01 13:31:43 Using secret token for csrf signing
2024/04/01 13:31:43 Initializing csrf token from kubernetes-dashboard-csrf secret
2024/04/01 13:31:43 Empty token. Generating and storing in a secret kubernetes-dashboard-csrf
2024/04/01 13:31:43 Successful initial request to the apiserver, version: v1.16.6
2024/04/01 13:31:43 Generating JWE encryption key
2024/04/01 13:31:43 New synchronizer has been registered: kubernetes-dashboard-key-holder-kubernetes-dashboard. Starting
2024/04/01 13:31:43 Starting secret synchronizer for kubernetes-dashboard-key-holder in namespace kubernetes-dashboard
2024/04/01 13:31:45 Initializing JWE encryption key from synchronized object
2024/04/01 13:31:45 Creating in-cluster Sidecar client
2024/04/01 13:31:45 Auto-generating certificates
2024/04/01 13:31:45 Successful request to sidecar
2024/04/01 13:31:45 Successfully created certificates
2024/04/01 13:31:45 Serving securely on HTTPS port: 8443
2024/04/01 13:33:51 http: TLS handshake error from 127.0.0.1:50580: remote error: tls: unknown certificate
2024/04/01 13:33:51 http: TLS handshake error from 127.0.0.1:50594: remote error: tls: unknown certificate
2024/04/01 13:34:00 http: TLS handshake error from 127.0.0.1:55552: remote error: tls: unknown certificate
2024/04/01 13:34:03 http: TLS handshake error from 127.0.0.1:48098: remote error: tls: unknown certificate
2024/04/01 13:34:03 http: TLS handshake error from 127.0.0.1:48102: remote error: tls: unknown certificate
2024/04/01 13:34:30 http: TLS handshake error from 127.0.0.1:46716: remote error: tls: unknown certificate
[root@idc-k8s-01 work]# kubectl logs -n kubernetes-dashboard dashboard-metrics-scraper-7b8b58dc8b-m74cf | head
{"level":"info","msg":"Kubernetes host: https://10.96.0.1:443","time":"2024-04-01T13:31:44Z"}
172.30.163.0 - - [01/Apr/2024:13:31:45 +0000] "GET /healthz HTTP/1.1" 200 13 "" "dashboard/v2.0.0-rc4"
172.30.163.0 - - [01/Apr/2024:13:32:15 +0000] "GET /healthz HTTP/1.1" 200 13 "" "dashboard/v2.0.0-rc4"
103.172.238.94 - - [01/Apr/2024:13:32:19 +0000] "GET / HTTP/1.1" 200 6 "" "kube-probe/1.16"
103.172.238.94 - - [01/Apr/2024:13:32:29 +0000] "GET / HTTP/1.1" 200 6 "" "kube-probe/1.16"
103.172.238.94 - - [01/Apr/2024:13:32:39 +0000] "GET / HTTP/1.1" 200 6 "" "kube-probe/1.16"
{"level":"error","msg":"Error scraping node metrics: the server could not find the requested resource (get nodes.metrics.k8s.io)","time":"2024-04-01T13:32:44Z"}
172.30.163.0 - - [01/Apr/2024:13:32:45 +0000] "GET /healthz HTTP/1.1" 200 13 "" "dashboard/v2.0.0-rc4"
103.172.238.94 - - [01/Apr/2024:13:32:49 +0000] "GET / HTTP/1.1" 200 6 "" "kube-probe/1.16"
103.172.238.94 - - [01/Apr/2024:13:32:59 +0000] "GET / HTTP/1.1" 200 6 "" "kube-probe/1.16"
...
{"level":"error","msg":"Error scraping node metrics: the server could not find the requested resource (get nodes.metrics.k8s.io)","time":"2024-04-01T14:35:44Z"}
172.30.163.0 - - [01/Apr/2024:14:35:47 +0000] "GET /healthz HTTP/1.1" 200 13 "" "dashboard/v2.0.0-rc4"
103.172.238.94 - - [01/Apr/2024:14:35:49 +0000] "GET / HTTP/1.1" 200 6 "" "kube-probe/1.16"
103.172.238.94 - - [01/Apr/2024:14:35:59 +0000] "GET / HTTP/1.1" 200 6 "" "kube-probe/1.16"
103.172.238.94 - - [01/Apr/2024:14:36:09 +0000] "GET / HTTP/1.1" 200 6 "" "kube-probe/1.16"
172.30.163.0 - - [01/Apr/2024:14:36:17 +0000] "GET /healthz HTTP/1.1" 200 13 "" "dashboard/v2.0.0-rc4"
103.172.238.94 - - [01/Apr/2024:14:36:19 +0000] "GET / HTTP/1.1" 200 6 "" "kube-probe/1.16"
103.172.238.94 - - [01/Apr/2024:14:36:29 +0000] "GET / HTTP/1.1" 200 6 "" "kube-probe/1.16"
103.172.238.94 - - [01/Apr/2024:14:36:39 +0000] "GET / HTTP/1.1" 200 6 "" "kube-probe/1.16"
{"level":"error","msg":"Error scraping node metrics: the server could not find the requested resource (get nodes.metrics.k8s.io)","time":"2024-04-01T14:36:44Z"}
172.30.163.0 - - [01/Apr/2024:14:36:47 +0000] "GET /healthz HTTP/1.1" 200 13 "" "dashboard/v2.0.0-rc4"
103.172.238.94 - - [01/Apr/2024:14:36:49 +0000] "GET / HTTP/1.1" 200 6 "" "kube-probe/1.16"
103.172.238.94 - - [01/Apr
huymq1710 commented 3 months ago

Fix: https://github.com/kubernetes/dashboard/issues/2995#issuecomment-551309479