kibana-logging service cannot access

[zhangguanzhang]

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },
  "status": "Failure",
  "message": "services \"kibana-logging\" is forbidden: User \"system:anonymous\" cannot get services/proxy in the namespace \"kube-system\"",
  "reason": "Forbidden",
  "details": {
    "name": "kibana-logging",
    "kind": "services"
  },
  "code": 403
}

[kairen]

The proxy API can't access through system:anonymous user, you must create RBAC roles to define permission.

[zhangguanzhang]

I just know the RBAC's effect, i could not write it to access, can you write for me?

[kairen]

You can refer the following file to create RBAC for kube-logging:

kube-ansible/roles/k8s-addon/templates/dashboard/dashboard-anonymous-rbac.yml.j2

Lines 1 to 28 in 996613e

	kind: ClusterRole
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: anonymous-dashboard-proxy-role
	rules:
	- apiGroups:
	- ""
	resources:
	- "services/proxy"
	resourceNames:
	- "https:kubernetes-dashboard:"
	verbs:
	- get
	- create
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: anonymous-dashboard-proxy-binding
	namespace: ""
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: anonymous-dashboard-proxy-role
	subjects:
	- apiGroup: rbac.authorization.k8s.io
	kind: User
	name: system:anonymous