Not Able To Create Pod in Kubernetes

12
votes

I followed the official Kubernetes installation guide to install Kubernetes on Fedora 22 severs. Everything works out for me during the installation .

After the installation. I could see all my nodes are up-running and connected to the master. However, it kept failing while I try to create a simple pod, according to the 101 guide.

$ create -f pod-nginx.yaml

Error from server: error when creating "pod-nginx.yaml": Pod "nginx" is forbidden: no API token found for service account default/default, retry after the token is automatically created and added to the service account

Do I need to create a API token? If yes, how?

I googled the issue, but without any helpful results. Looks like I am the only one hit into the issue on this planet.

Dose anyone have ideas on this?

2
kubernetes

2 Answers

18
votes

The ServiceAccount admission controller prevents pods from being created until their service account in their namespace is initialized.

If the controller-manager is started with the appropriate arguments, it will automatically populate namespaces with a default service account, and auto-create the API token for that service account.

It looks like that guide needs to be updated with the information from this comment: https://github.com/GoogleCloudPlatform/kubernetes/issues/11355#issuecomment-127378691

14
votes

  1.  

    openssl genrsa -out /tmp/serviceaccount.key 2048

  2.  

    vim /etc/kubernetes/apiserver:
KUBE_API_ARGS="--service_account_key_file=/tmp/serviceaccount.key"

  3.  

    vim /etc/kubernetes/controller-manager
KUBE_CONTROLLER_MANAGER_ARGS="--service_account_private_key_file=/tmp/serviceaccount.key"
systemctl restart kube-controller-manager.service