存在服务帐户,但出现了“服务帐户kube-lego/kube-lego2-kube-lego未找到,创建服务帐户后重试”的错误。
存在服务帐户,但出现了“服务帐户kube-lego/kube-lego2-kube-lego未找到,创建服务帐户后重试”的错误。
提问于 2018-05-17 09:20:41
kubectl get serviceaccounts | rg lego输出
kube-lego2-kube-lego 1 21h然而,
kubectl get events --all-namespaces | rg kube-lego2输出
kube-lego 5m 20h 67 kube-lego-7c66c7fddf ReplicaSet Warning FailedCreate replicaset-controller Error creating: pods "kube-lego-7c66c7fddf-" is forbidden: service account kube-lego/kube-lego2-kube-lego was not found, retry after the service account is created我为什么要犯这个错误?是因为kube-lego/前缀吗?那是怎么回事?
也许和命名空间有关?
kubectl get deployment --namespace=kube-lego kube-lego -o yaml --export输出
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "4"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"extensions/v1beta1","kind":"Deployment","metadata":{"annotations":{},"name":"kube-lego","namespace":"kube-lego"},"spec":{"replicas":1,"template":{"metadata":{"labels":{"app":"kube-lego"}},"spec":{"containers":[{"env":[{"name":"LEGO_LOG_LEVEL","value":"debug"},{"name":"LEGO_EMAIL","valueFrom":{"configMapKeyRef":{"key":"lego.email","name":"kube-lego"}}},{"name":"LEGO_URL","valueFrom":{"configMapKeyRef":{"key":"lego.url","name":"kube-lego"}}},{"name":"LEGO_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"LEGO_POD_IP","valueFrom":{"fieldRef":{"fieldPath":"status.podIP"}}}],"image":"jetstack/kube-lego:master-4209","imagePullPolicy":"Always","name":"kube-lego","ports":[{"containerPort":8080}],"readinessProbe":{"httpGet":{"path":"/healthz","port":8080},"initialDelaySeconds":5,"timeoutSeconds":1}}]}}}}
creationTimestamp: null
generation: 1
labels:
app: kube-lego
name: kube-lego
selfLink: /apis/extensions/v1beta1/namespaces/kube-lego/deployments/kube-lego
spec:
replicas: 1
selector:
matchLabels:
app: kube-lego
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: kube-lego
spec:
containers:
- env:
- name: LEGO_LOG_LEVEL
value: debug
- name: LEGO_EMAIL
valueFrom:
configMapKeyRef:
key: lego.email
name: kube-lego
- name: LEGO_URL
valueFrom:
configMapKeyRef:
key: lego.url
name: kube-lego
- name: LEGO_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: LEGO_POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
image: jetstack/kube-lego:master-4209
imagePullPolicy: Always
name: kube-lego
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: kube-lego2-kube-lego
serviceAccountName: kube-lego2-kube-lego
terminationGracePeriodSeconds: 30
status: {}回答 1
Stack Overflow用户
回答已采纳
发布于 2018-05-17 10:50:58
也许和命名空间有关?
- 是的,ServiceAccount是命名空间资源。您必须在引用它的同一个名称空间中使用ServiceAccount才能正常工作。根据我在这里收集的信息,您的ServiceAccount
kube-lego2-kube-lego位于default名称空间中,而它应该存在于kube-lego中。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/50387787
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号