错误： No API token found for service account "default",

[root@kubernetes-master pods]# kubectl create -f mysql.yaml
Error from server (ServerTimeout): error when creating "mysql.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account

解决认证问题：

1去除认证

创建pod:

# kubectl create -f mysql.yaml
此时有如下报错：

Error from server (ServerTimeout): error when creating "mysql.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account
解决办法是编辑/etc/kubernetes/apiserver 去除 KUBE_ADMISSION_CONTROL中的SecurityContextDeny,ServiceAccount，并重启kube-apiserver.service服务：

#vim /etc/kubernetes/apiserver
KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"

#systemctl restart kube-apiserver.service
之后重新创建pod:

# kubectl create -f mysql.yaml
pod "mysql" created

2建立证书

出处： 
http://stackoverflow.com/questions/34464779/pod-mysql-is-forbidden-no-api-token-found-for-service-account-default-default

To get your setup working, you can do the same thing local-up-cluster.sh is doing:

Generate a signing key: 
openssl genrsa -out /tmp/serviceaccount.key 2048

Update /etc/kubernetes/apiserver: 
KUBE_API_ARGS=”–service_account_key_file=/tmp/serviceaccount.key”

Update /etc/kubernetes/controller-manager: 
KUBE_CONTROLLER_MANAGER_ARGS=”–service_account_private_key_file=/tmp/serviceaccount.key”

From https://github.com/kubernetes/kubernetes/issues/11355#issuecomment-127378691