kiali无法登陆的问题

2023-12-25 09:29:34

原因

在升配k8s集群后,发现kiali无法登陆,具体为什么因升配k8s集群而导致kiali无法登陆,原因暂不清楚。

大致不能登陆原因如下图:

kiali无法登陆的问题

上图红色字体翻译如下:

The Kiali secret is missing. Users are prohibited from accessing Kiali until an administrator creates a valid secret. Please refer to the Kiali documentation for more details.

kiali的密钥不见了,在管理员创建有效密钥之前,禁止用户访问kiali。请参阅kiali文档以获取更多详细信息。

根据翻译可知是因为kiali的密钥丢失了

排查

查看kiali的secretname

kiali-deployment.yaml

  kubectl get deployment kiali -n istio-system -o yaml --export
Flag --export has been deprecated, This flag is deprecated and will be removed in future.
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "1"
    field.cattle.io/publicEndpoints: '[{"addresses":["47.112.190.16"],"port":80,"protocol":"HTTP","serviceName":"istio-system:kiali","ingressName":"istio-system:kiali","hostname":"kiali.stage.realibox.com","path":"/","allNodes":false}]'
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"app":"kiali","install.operator.istio.io/owning-resource":"installed-state","install.operator.istio.io/owning-resource-namespace":"istio-system","istio.io/rev":"default","operator.istio.io/component":"AddonComponents","operator.istio.io/managed":"Reconcile","operator.istio.io/version":"1.7.4","release":"istio"},"name":"kiali","namespace":"istio-system"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"kiali"}},"template":{"metadata":{"annotations":{"kiali.io/runtimes":"go,kiali","prometheus.io/port":"9090","prometheus.io/scrape":"true","sidecar.istio.io/inject":"false"},"labels":{"app":"kiali","release":"istio"},"name":"kiali"},"spec":{"affinity":{"nodeAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"preference":{"matchExpressions":[{"key":"kubernetes.io/arch","operator":"In","values":["amd64"]}]},"weight":2},{"preference":{"matchExpressions":[{"key":"kubernetes.io/arch","operator":"In","values":["ppc64le"]}]},"weight":2},{"preference":{"matchExpressions":[{"key":"kubernetes.io/arch","operator":"In","values":["s390x"]}]},"weight":2}],"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/arch","operator":"In","values":["amd64","ppc64le","s390x"]}]}]}}},"containers":[{"command":["/opt/kiali/kiali","-config","/kiali-configuration/config.yaml","-v","3"],"env":[{"name":"ACTIVE_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}}],"image":"quay.io/kiali/kiali:v1.22","livenessProbe":{"httpGet":{"path":"/kiali/healthz","port":20001,"scheme":"HTTP"},"initialDelaySeconds":5,"periodSeconds":30},"name":"kiali","readinessProbe":{"httpGet":{"path":"/kiali/healthz","port":20001,"scheme":"HTTP"},"initialDelaySeconds":5,"periodSeconds":30},"resources":{"requests":{"cpu":"10m"}},"volumeMounts":[{"mountPath":"/kiali-configuration","name":"kiali-configuration"},{"mountPath":"/kiali-cert","name":"kiali-cert"},{"mountPath":"/kiali-secret","name":"kiali-secret"}]}],"serviceAccountName":"kiali-service-account","volumes":[{"configMap":{"name":"kiali"},"name":"kiali-configuration"},{"name":"kiali-cert","secret":{"optional":true,"secretName":"istio.kiali-service-account"}},{"name":"kiali-secret","secret":{"optional":true,"secretName":"kiali"}}]}}}}
  creationTimestamp: null
  generation: 1
  labels:
    app: kiali
    install.operator.istio.io/owning-resource: installed-state
    install.operator.istio.io/owning-resource-namespace: istio-system
    istio.io/rev: default
    operator.istio.io/component: AddonComponents
    operator.istio.io/managed: Reconcile
    operator.istio.io/version: 1.7.4
    release: istio
  name: kiali
  selfLink: /apis/extensions/v1beta1/namespaces/istio-system/deployments/kiali
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: kiali
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      annotations:
        kiali.io/runtimes: go,kiali
        prometheus.io/port: "9090"
        prometheus.io/scrape: "true"
        sidecar.istio.io/inject: "false"
      creationTimestamp: null
      labels:
        app: kiali
        release: istio
      name: kiali
    spec:
      affinity:
        nodeAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - preference:
              matchExpressions:
              - key: kubernetes.io/arch
                operator: In
                values:
                - amd64
            weight: 2
          - preference:
              matchExpressions:
              - key: kubernetes.io/arch
                operator: In
                values:
                - ppc64le
            weight: 2
          - preference:
              matchExpressions:
              - key: kubernetes.io/arch
                operator: In
                values:
                - s390x
            weight: 2
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/arch
                operator: In
                values:
                - amd64
                - ppc64le
                - s390x
      containers:
      - command:
        - /opt/kiali/kiali
        - -config
        - /kiali-configuration/config.yaml
        - -v
        - "3"
        env:
        - name: ACTIVE_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        image: quay.io/kiali/kiali:v1.22
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /kiali/healthz
            port: 20001
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 30
          successThreshold: 1
          timeoutSeconds: 1
        name: kiali
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /kiali/healthz
            port: 20001
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 30
          successThreshold: 1
          timeoutSeconds: 1
        resources:
          requests:
            cpu: 10m
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /kiali-configuration
          name: kiali-configuration
        - mountPath: /kiali-cert
          name: kiali-cert
        - mountPath: /kiali-secret
          name: kiali-secret
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: kiali-service-account
      serviceAccountName: kiali-service-account
      terminationGracePeriodSeconds: 30
      volumes:
      - configMap:
          defaultMode: 420
          name: kiali
        name: kiali-configuration
      - name: kiali-cert
        secret:
          defaultMode: 420
          optional: true
          secretName: istio.kiali-service-account
      - name: kiali-secret
        secret:
          defaultMode: 420
          optional: true
          secretName: kiali
status: {}

有关密钥的地方

- name: kiali-secret
        secret:
          defaultMode: 420
          optional: true
          secretName: kiali

查找密钥

kubectl get secret -n istio-system | grep kiali
无

解决

创建密钥

apiVersion: v1
kind: Secret
metadata:
  name: kiali
  namespace: istio-system
data:
## echo -n admin |  base64
#YWRtaW4=
  username: YWRtaW4=
  passphrase: YWRtaW4=

删除旧kiali pod 恢复

kiali无法登陆的问题

上一篇:ECC初探


下一篇:亲测!K8S集群跨节点挂载CephFS(下)