• 创建 K8s project。
• 修改 K8s project member 加入到 service project。
• 在该 Project 中新增 Security Groups，参考 kuryr-kubernetes manually。
• 在该 Project 中新增 pod_subnet 子网络。
• 在该 Project 中新增 service_subnet 子网络。

Seems the step is very clear for new comers. @kairen Could you help to add a detailed guide for this steps?

我知道是角色绑定的关系，但是不知道如何解决

[root@c43-0-11 ~]# curl -ikL https://10.110.0.11:6443/api/v1/namespaces/kube-system/services/kibana-logging/proxy
HTTP/1.1 403 Forbidden
Content-Type: application/json
X-Content-Type-Options: nosniff
Date: Thu, 07 Dec 2017 09:06:12 GMT
Content-Length: 349

{
"kind": "Status",
"apiVersion": "v1",
"metadata": {

},
"status": "Failure",
"message": "services "kibana-logging" is forbidden: User "system:anonymous" cannot get services/proxy in the namespace "kube-system"",
"reason": "Forbidden",
"details": {
"name": "kibana-logging",
"kind": "services"
},
"code": 403

@dinghao2020 这个问题跟Kuryr没关系了，https端口是需要认证授权的，需要配置认证和授权，参考https://kubernetes.io/docs/admin/authentication/ 和 https://kubernetes.io/docs/admin/authorization/rbac/