Kubernetes 找不到服务帐户“”的API令牌;默认\";
无法在Kubernetes中创建Pod版本:v1.10.0-beta.3 在主节点上创建pod时,我会遇到以下错误:Kubernetes 找不到服务帐户“”的API令牌;默认\";,kubernetes,kubernetes-security,Kubernetes,Kubernetes Security,无法在Kubernetes中创建Pod版本:v1.10.0-beta.3 在主节点上创建pod时,我会遇到以下错误: kubectl create -f ./nginx-rc.yaml ERROR: No API token found for service account \"default\", retry after the token is automatically created and added to the service account\ 已执行命令:openssl g
kubectl create -f ./nginx-rc.yaml
ERROR:
No API token found for service account \"default\", retry after the token is automatically created and added to the service account\
openssl genrsa-out/tmp/servicecomport.ket 2048
/etc/kubernetes/apiserver
文件以添加以下内容:
KUBE_API_ARGS="--service_account_key_file=/tmp/serviceaccount.key"
/etc/kubernetes/controller manager
,并添加以下内容:
KUBE_CONTROLLER_MANAGER_ARGS="--
service_account_private_key_file=/tmp/serviceaccount.key"
No API token found for service account \"default\", retry after the token is automatically created and added to the service account\
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,ResourceQuota"
仍然错误:
No API token found for service account \"default\", retry after the token is automatically created and added to the service account\
我该如何解决这个问题?我也面临同样的问题,并遵循以下步骤
然后删除干净的ETCD DB,将网络配置加载到ETCD,并作为新群集启动群集 您是否对这个pod也有问题?例如,对于
kubectl运行nginx--image=nginx
?您是否使用google kubernetes引擎?由于您无法在Google Cloud实现中的主机上运行pod,而且我认为v1.10还不可用,因此我认为您使用了错误的标记。您是否找到了解决方案?在哪里可以找到公钥和私钥文件?在我的例子中,kubectl get sa返回零个“0”密钥。我还创建了“openssl genrsa-out/etc/kubernetes/servicecomport.key 2048”,并将其与apiserver和controller manager文件中的相应文件相关联。但它似乎对我不起作用。
No API token found for service account \"default\", retry after the token is automatically created and added to the service account\