Kubersphere 访问容器界面终端失败

Yyuxiaoba · 2020年4月9日

部署版本：Kubernetes 1.17 Kubersphere 2.1.1
目前 Kubesphere 已经部署成功，但是直接从网页访问 terminal 终端的功能还有问题
对于 kubectl 终端

对于应用容器终端

请问这个跟哪个权限有关呢？我用的已经是 admin 的账号，是最高权限呢？
或者它跟哪个服务有关，需要看哪些Pod呢？

huanggze · 2020年4月10日

yuxiaoba @hongming 能帮忙看看吗？

Yyuxiaoba · 2020年4月16日

想捞一下自己，有没有大佬们能提示一下呢？

Jeff · 2020年4月17日

yuxiaoba 你是不是用了nginx代理？你搜下论坛，如果是nginx代理的话，需要配置下websocket

Yyuxiaoba · 2020年4月28日

确实是nginx问题，感谢回复，利用下面nginx配置已解决问题

server {
    listen 80;
    include ssl-conf/ssl-full.loadttl.com.conf;
    server_name kubesphere.loadttl.com;  
    access_log /var/log/nginx/access.log json;
    error_log /var/log/nginx/error.log;
    index index.html index.htm;
    if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
    location / {
        proxy_http_version 1.1;
        proxy_pass http://10.10.10.120:30880;
        proxy_redirect off;
        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  3600s;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }
    location /api/ {
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_pass http://10.10.10.120:30880;
        proxy_set_header    Host $host:$server_port;
        proxy_set_header    Upgrade $http_upgrade;
        proxy_set_header    X-Forwarded-Proto $scheme;
        proxy_set_header    Connection "upgrade"; 
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /apis/monitoring.coreos.com/ {
        proxy_pass http://10.10.10.120:30880;
        proxy_redirect off;
        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  3600s;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /api/v1/ {
        proxy_pass http://10.10.10.120:30880;
        # proxy_redirect off;
        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  3600s;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /apis/storage.k8s.io {
        proxy_pass http://10.10.10.120:30880;
        proxy_redirect off;
        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  3600s;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /apis/apps/v1/namespaces/ {
        proxy_http_version 1.1;
        proxy_pass http://10.10.10.120:30880;
        proxy_redirect off;
        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  3600s;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }
    location /kapis/resources.kubesphere.io/v1alpha2/namespaces {
        proxy_http_version 1.1;
        proxy_pass http://10.10.10.120:30880;
        proxy_redirect off;
        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  3600s;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
    }
    location /kapis/resources.kubesphere.io/ {
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_pass http://10.10.10.120:30880;
        proxy_set_header    Host $host:$server_port;
        proxy_set_header    Upgrade $http_upgrade;
        proxy_set_header    X-Forwarded-Proto $scheme;
        proxy_set_header    Connection "upgrade"; 
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /apis/devops.kubesphere.io/ {
        proxy_http_version 1.1;
        proxy_pass http://10.10.10.120:30880;
        proxy_redirect off;
        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  3600s;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /apis/apps/v1/ {
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_pass http://10.10.10.120:30880;
        proxy_set_header    Host $host:$server_port;
        proxy_set_header    Upgrade $http_upgrade;
        proxy_set_header    X-Forwarded-Proto $scheme;
        proxy_set_header    Connection "upgrade"; 
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /apis/ {
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_pass http://10.10.10.120:30880;
        proxy_set_header    Host $host:$server_port;
        proxy_set_header    Upgrade $http_upgrade;
        proxy_set_header    X-Forwarded-Proto $scheme;
        proxy_set_header    Connection "upgrade"; 
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /api/v1/watch/namespaces {
        proxy_pass http://10.10.10.120:30880;
        proxy_set_header    Host $host:$server_port;
        proxy_set_header    Upgrade $http_upgrade;
        proxy_set_header    X-Forwarded-Proto $scheme;
        proxy_set_header    Connection "upgrade"; 
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    }


    location /kapis/terminal.kubesphere.io/ {
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_pass http://10.10.10.120:30880;
        proxy_set_header    Host $host:$server_port;
        proxy_set_header    Upgrade $http_upgrade;
        proxy_set_header    X-Forwarded-Proto $scheme;
        proxy_set_header    Connection "upgrade"; 
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

1735802356 · 2020年10月22日

yuxiaoba 是必须要配这么多location才可以嘛，我也遇到这个问题了

Jeff · 2020年10月22日

1735802356 路径有重叠可以写成一个啊

1735802356 · 2020年10月23日

Jeff 那也需要配挺多个配置的

LAS · 2020年11月26日

目前在3.0也出现了这个问题，请问具体的nginx配置需要修改哪里的配置文件？或者具体的解决思路是什么？可以赐教一下吗？

uyuan · 2021年12月10日

反向代理配置的问题，参考此文https://segmentfault.com/a/1190000018712908解决

doudecheng · 2022年6月21日

通过location正则表达式去解决避免写很多个代理

server {
listen 443 ssl;
server_name ks.local.com;
ssl_certificate /usr/local/ssl/iflytek_com_ca.crt;
ssl_certificate_key /usr/local/ssl/iflytek_com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:!RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;

#kslocal 为upstream

location ^~ /kapis/terminal.kubesphere.io {
proxy_pass http://kslocal;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_set_header Host $http_host;
}

location ~*/(.*) {
proxy_pass http://kslocal/$1?$args;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

}

lqdflying · 2024年5月21日

上边给出的配置都不对,你们不要被误导了.

我直接贴一个正确的配置吧. upstream名字自己去改

map $http_upgrade $connection_upgrade {
  default upgrade;
  '' close;
}
upstream k8master {
    server 192.168.31.91:30880;
    server 192.168.31.92:30880;
}

server {
    listen 80;
    server_name ks.liuqd.sg;
    location ~ /kapis/terminal.kubesphere.io {
        proxy_pass http://k8master;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $http_host;
    }
    location ~*/(.*) {
        proxy_pass http://k8master/$1?$args;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

XX · 21 1月

lqdflying 配上还是打不开

Kubersphere 访问容器界面终端失败

YyuxiaobaK零S

huanggzeK零SK壹S

YyuxiaobaK零S

JeffK零SK壹S

YyuxiaobaK零S

1735802356

JeffK零SK壹S

1735802356

LASK零S

uyuan

doudecheng

lqdflying

XX