The user "system: anonymous" cannot get the path "/

Question

The user "system: anonymous" cannot get the path "/

I just installed the kubenetes cluster base at this link https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#multi-platform I check with the kubectl receiving nodes, then the node wizard is ready, but when I get access to the link https: // k8s-master-ip: 6443 / it shows an error: The user "system: anonymous" cannot get the path "/". What trick am I missing?

+4

kubernetes kubectl kubeadm

Tien dung tran Jul 14 '17 at 4:31

source share

1 answer

Eugene Chow · Answer 1 · 2017-07-14T08:08:52+0000

Recent kubernet deployment tools include RBAC in the cluster. When he accesses https://192.168.70.94:6443/api/v1/..., Jenkins is discarded to all users system:anonymous. This user has virtually no privileges for kube-apiserver.

The bottom line is that Jenkins must authenticate with kube-apiserver - either with a token-holder or with a client certificate signed by the k8s cluster CA key.

Method 1. This is preferable if Jenkins is hosted in a k8s cluster:

Create a ServiceAccount in k8s for the plugin
Create an RBAC profile (i.e. Role / RoleBinding or ClusterRole / ClusterRoleBinding) tied to ServiceAccount
Configure the plugin to use the ServiceAccount token when accessing the URL https://192.168.70.94:6443/api/v1/...

2. Jenkins k8s, . :

, CA- k8s. , CA, .
RBAC (.. Role/RoleBinding ClusterRole/ClusterRoleBinding),
URL https://192.168.70.94:6443/api/v1/...

. , 1 , CA.

The user "system: anonymous" cannot get the path "/

More articles: