-
Bug
-
Resolution: Done
-
Medium
-
Beijing Release
-
None
The kubeadm will enable the RBAC in Kubernetes Claster.
We follow the instructions from https://wiki.onap.org/display/DW/Deploying+Kubernetes+Cluster+with+kubeadm to depoly onap (from OOM master).
All the containers are up and running.
However, there is some issue with kube2msb.
Keep getting this error from kube2msb log:
E0130 21:33:32.464069 7 reflector.go:216] kube2msb/kube2msb.go:214: Failed to list *api.Pod: pods is forbidden: User "system:serviceaccount:kube-system:default" cannot list pods at the cluster scope
E0130 21:33:32.464161 7 reflector.go:216] kube2msb/kube2msb.go:148: Failed to list *api.Service: services is forbidden: User "system:serviceaccount:kube-system:default" cannot list services at the cluster scope
E0130 21:33:33.465608 7 reflector.go:216] kube2msb/kube2msb.go:148: Failed to list *api.Service: services is forbidden: User "system:serviceaccount:kube-system:default" cannot list services at the cluster scope
E0130 21:33:33.465672 7 reflector.go:216] kube2msb/kube2msb.go:214: Failed to list *api.Pod: pods is forbidden: User "system:serviceaccount:kube-system:default" cannot list pods at the cluster scope
From the log, we can see that the kube2msb got the right system:serviceaccount token. But the api access to pod and service is forbidden.
This issue is very similar with https://github.com/prometheus/prometheus/issues/2763
- mentioned in
-
Page Loading...