Kuryr guide
feiskyer opened this issue · comments
- 创建 K8s project。
- 修改 K8s project member 加入到 service project。
- 在该 Project 中新增 Security Groups,参考 kuryr-kubernetes manually。
- 在该 Project 中新增 pod_subnet 子网络。
- 在该 Project 中新增 service_subnet 子网络。
Seems the step is very clear for new comers. @kairen Could you help to add a detailed guide for this steps?
我知道是角色绑定的关系,但是不知道如何解决
[root@c43-0-11 ~]# curl -ikL https://10.110.0.11:6443/api/v1/namespaces/kube-system/services/kibana-logging/proxy
HTTP/1.1 403 Forbidden
Content-Type: application/json
X-Content-Type-Options: nosniff
Date: Thu, 07 Dec 2017 09:06:12 GMT
Content-Length: 349
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "services "kibana-logging" is forbidden: User "system:anonymous" cannot get services/proxy in the namespace "kube-system"",
"reason": "Forbidden",
"details": {
"name": "kibana-logging",
"kind": "services"
},
"code": 403
@dinghao2020 这个问题跟Kuryr没关系了,https端口是需要认证授权的,需要配置认证和授权,参考https://kubernetes.io/docs/admin/authentication/ 和 https://kubernetes.io/docs/admin/authorization/rbac/