zoukankan      html  css  js  c++  java
  • 错误: No API token found for service account "default",

    [root@kubernetes-master pods]# kubectl create -f mysql.yaml
    Error from server (ServerTimeout): error when creating "mysql.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account

    解决认证问题:

    1去除认证

    创建pod:
    
    # kubectl create -f mysql.yaml
    此时有如下报错:
    
    Error from server (ServerTimeout): error when creating "mysql.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account
    解决办法是编辑/etc/kubernetes/apiserver 去除 KUBE_ADMISSION_CONTROL中的SecurityContextDeny,ServiceAccount,并重启kube-apiserver.service服务:
    
    #vim /etc/kubernetes/apiserver
    KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"
    
    #systemctl restart kube-apiserver.service
    之后重新创建pod:
    
    # kubectl create -f mysql.yaml
    pod "mysql" created

    2建立证书

    出处: 
    http://stackoverflow.com/questions/34464779/pod-mysql-is-forbidden-no-api-token-found-for-service-account-default-default

    To get your setup working, you can do the same thing local-up-cluster.sh is doing:

    Generate a signing key: 
    openssl genrsa -out /tmp/serviceaccount.key 2048

    Update /etc/kubernetes/apiserver: 
    KUBE_API_ARGS=”–service_account_key_file=/tmp/serviceaccount.key”

    Update /etc/kubernetes/controller-manager: 
    KUBE_CONTROLLER_MANAGER_ARGS=”–service_account_private_key_file=/tmp/serviceaccount.key”

    From https://github.com/kubernetes/kubernetes/issues/11355#issuecomment-127378691

  • 相关阅读:
    B
    A
    P1057 传球游戏
    P1702 突击考试
    P1394 山上的国度
    P2117 小Z的矩阵
    P1510 精卫填海
    P1294 高手去散步
    P1071 潜伏者
    保留
  • 原文地址:https://www.cnblogs.com/menkeyi/p/7096605.html
Copyright © 2011-2022 走看看