Kubernetes 首次创建Pod报错No API token found for service account "default", retry after the token is auto
Kubernetes 初始集群创建首个Pod时候报错:
Error from server (ServerTimeout): error when creating "hello-world-pod.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account
解决方案:
1)禁用ServiceAccount
编辑/etc/kubernetes/apiserver:
删除配置文件中KUBE_ADMISSION_CONTROL的ServiceAccount的选项
即将:KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
改为:KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
2)配置ServiceAccount
1:首先生成密钥
openssl genrsa -out /etc/kubernetes/serviceaccount.key 2048
2: 编辑/etc/kubernetes/apiserver
添加内容
KUBE_API_ARGS="--service_account_key_file=/etc/kubernetes/serviceaccount.key"
3:编辑/etc/kubernetes/controller-manager
添加内容
KUBE_CONTROLLER_MANAGER_ARGS="--service_account_private_key_file=/etc/kubernetes/serviceaccount.key"
重启对应的服务: systemctl restart etcd kube-apiserver kube-controller-manager kube-scheduler
重新创建Pod, ok