Hello,
I did a clear installation, and I had few issues
- documentation - there is written that it is enough just to run "kubectl proxy", this is not really true, you have to export different port than 8080 first:
export KUBERNETES_MASTER=https://your.domain:6443
- documentation - it is not mentioned that if you are using SSL which is enabled by default, you have to use also CA validation, so
kubectl --certificate-authority=/etc/kubernetes/pki/ca.crt
- RBAC - In documantation is stated
This is intentional for security reasons (no authentication / authorization)
This is not exactly true with new version of Kubernetes, which is included in actual package. You have to use RBAC authentification according to Kubernetes documentation. I am still fighting how to get rid of this message
"message": "services "https:kubernetes-dashboard:" is forbidden: User "system:anonymous" cannot get services/proxy in the namespace "kube-system"",
After running
kubectl --certificate-authority=/etc/kubernetes/pki/ca.crt proxy
and tunneling it through SSH to my localhost
and accessing
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
Can you please help. I cannot even get pods even when I use
kubeadm token list
and use selected tokens because tokens has low privileges
[root@ip-10-0-0-18 kubernetes]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
******* 23h 2018-09-30T14:34:31Z authentication,signing system:bootstrappers:kubeadm:default-node-token
******** authentication,signing system:bootstrappers:kubeadm:default-node-token
I need a token with system.master privileges but I have no idea how to get it.