Not Able To Create Pod in Kubernetes

Question

I followed the official Kubernetes installation guide to install Kubernetes on Fedora 22 severs. Everything works out for me during the installation .

After the installation. I could see all my nodes are up-running and connected to the master. However, it kept failing while I try to create a simple pod, according to the 101 guide.

$ create -f pod-nginx.yaml 

Error from server: error when creating "pod-nginx.yaml": Pod "nginx" is forbidden: no API token found for service account default/default, retry after the token is automatically created and added to the service account

Do I need to create a API token? If yes, how?

I googled the issue, but without any helpful results. Looks like I am the only one hit into the issue on this planet.

Dose anyone have ideas on this?

Answer 1

1.  

   openssl genrsa -out /tmp/serviceaccount.key 2048
   

2.  

   vim /etc/kubernetes/apiserver:
   KUBE_API_ARGS="--service_account_key_file=/tmp/serviceaccount.key"
   

3.  

   vim /etc/kubernetes/controller-manager
   KUBE_CONTROLLER_MANAGER_ARGS="--service_account_private_key_file=/tmp/serviceaccount.key"
   systemctl restart kube-controller-manager.service
   

Answer 2

The ServiceAccount admission controller prevents pods from being created until their service account in their namespace is initialized.

If the controller-manager is started with the appropriate arguments, it will automatically populate namespaces with a default service account, and auto-create the API token for that service account.

It looks like that guide needs to be updated with the information from this comment: https://github.com/GoogleCloudPlatform/kubernetes/issues/11355#issuecomment-127378691