Tan Le
Reputation: 339
Deploy customized kube-scheduler
I deploy kube-scheduler using https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ .
I followed the steps exactly at the beginning however it does not schedule the node using "my-scheduler" the node is pending instead.
The log of "my-scheduler" pod is
E0207 20:35:43.079477 1 reflector.go:205] k8s.io/kubernetes/vendor/k8s.io/client-go/informers/factory.go:87: Failed to list *v1beta1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:kube-system:default" cannot list poddisruptionbudgets.policy at the cluster scope
E0207 20:35:43.080416 1 reflector.go:205] k8s.io/kubernetes/vendor/k8s.io/client-go/informers/factory.go:87: Failed to list *v1.Service: services is forbidden: User "system:serviceaccount:kube-system:default" cannot list services at the cluster scope
E0207 20:35:43.081490 1 reflector.go:205] k8s.io/kubernetes/vendor/k8s.io/client-go/informers/factory.go:87: Failed to list *v1.PersistentVolume: persistentvolumes is forbidden: User "system:serviceaccount:kube-system:default" cannot list persistentvolumes at the cluster scope
E0207 20:35:43.082515 1 reflector.go:205] k8s.io/kubernetes/cmd/kube-scheduler/app/server.go:593: Failed to list *v1.Pod: pods is forbidden: User "system:serviceaccount:kube-system:default" cannot list pods at the cluster scope
E0207 20:35:43.083566 1 reflector.go:205] k8s.io/kubernetes/vendor/k8s.io/client-go/informers/factory.go:87: Failed to list *v1.Node: nodes is forbidden: User "system:serviceaccount:kube-system:default" cannot list nodes at the cluster scope
E0207 20:35:43.084795 1 reflector.go:205] k8s.io/kubernetes/vendor/k8s.io/client-go/informers/factory.go:87: Failed to list *v1.ReplicationController: replicationcontrollers is forbidden: User "system:serviceaccount:kube-system:default" cannot list replicationcontrollers at the cluster scope
E0207 20:35:44.077899 1 reflector.go:205] k8s.io/kubernetes/vendor/k8s.io/client-go/informers/factory.go:87: Failed to list *v1.PersistentVolumeClaim: persistentvolumeclaims is forbidden: User "system:serviceaccount:kube-system:default" cannot list persistentvolumeclaims at the cluster scope
E0207 20:35:44.078410 1 reflector.go:205] k8s.io/kubernetes/vendor/k8s.io/client-go/informers/factory.go:87: Failed to list *v1beta1.ReplicaSet: replicasets.extensions is forbidden: User "system:serviceaccount:kube-system:default" cannot list replicasets.extensions at the cluster scope
E0207 20:35:44.079496 1 reflector.go:205] k8s.io/kubernetes/vendor/k8s.io/client-go/informers/factory.go:87: Failed to list *v1beta1.StatefulSet: statefulsets.apps is forbidden: User "system:serviceaccount:kube-system:default" cannot list statefulsets.apps at the cluster scope
E0207 20:35:44.080585 1 reflector.go:205] k8s.io/kubernetes/vendor/k8s.io/client-go/informers/factory.go:87: Failed to list *v1beta1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:serviceaccount:kube-system:default" cannot list poddisruptionbudgets.policy at the cluster scope
E0207 20:35:44.081675 1 reflector.go:205] k8s.io/kubernetes/vendor/k8s.io/client-go/informers/factory.go:87: Failed to list *v1.Service: services is forbidden: User "system:serviceaccount:kube-system:default" cannot list services at the cluster scope
E0207 20:35:44.082726 1 reflector.go:205] k8s.io/kubernetes/vendor/k8s.io/client-go/informers/factory.go:87: Failed to list *v1.PersistentVolume: persistentvolumes is forbidden: User "system:serviceaccount:kube-system:default" cannot list persistentvolumes at the cluster scope
E0207 20:35:44.083811 1 reflector.go:205] k8s.io/kubernetes/cmd/kube-scheduler/app/server.go:593: Failed to list *v1.Pod: pods is forbidden: User "system:serviceaccount:kube-system:default" cannot list pods at the cluster scope
E0207 20:35:44.084887 1 reflector.go:205] k8s.io/kubernetes/vendor/k8s.io/client-go/informers/factory.go:87: Failed to list *v1.Node: nodes is forbidden: User "system:serviceaccount:kube-system:default" cannot list nodes at the cluster scope
E0207 20:35:44.085921 1 reflector.go:205] k8s.io/kubernetes/vendor/k8s.io/client-go/informers/factory.go:87: Failed to list *v1.ReplicationController: replicationcontrollers is forbidden: User "system:serviceaccount:kube-system:default" cannot list replicationcontrollers at the cluster scope
It seems it does not have permission to access resources. I tried configured RBAC as the link says but it does not help.
Please help me if you ever tried this.
Upvotes: 1
Views: 1380
Answers (1)
Tan Le
Reputation: 339
I don't know why the new scheduler use "system:serviceaccount:kube-system:default" instead of "system:kube-system". The quick solution is:
kubectl create clusterrolebinding --user system:serviceaccount:kube-system:default kube-system-cluster-admin --clusterrole cluster-admin
Upvotes: 3
Related Questions
- Run a pod without scheduler in Kubernetes
- How to change default kube-scheduler in kubernetes
- Kubernetes scheduler
- How to access kube-scheduler on a kubernetes cluster?
- Deploy a custom kubernetes scheduler as a pod
- How to customize the behavior of the kube-scheduler on AKS?
- Creating custom scheduler doesn't work
- How to create a config file for kube-scheduler to use by the --config argument
- How to run kubernetes custom scheduler?