foreword
I also just started learning k8s. When I created a pod, I found that this error was reported:
Error from server (ServerTimeout): error when creating "busybox.yaml": No API token found for
service account "default", retry after the token is automatically created and added to the service
accountanalyze
According to the error message, it can be initially seen that the API token is not set in the service account.
not understand well. . Decisive Baidu Google.
solve
There are two solutions:
Method 1: Disable ServiceAccount
Edit /etc/kubenetes/apiserver: Remove the ServiceAccount
in the following line and change it to :
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
This method is relatively crude, and may encounter situations where ServiceAccount must be used.
Method 2: Configure ServiceAccount
1. First generate the key:
openssl genrsa -out /etc/kubernetes/serviceaccount.key 2048
2. Edit and /etc/kubenetes/apiserver
add the following:
KUBE_API_ARGS="--service_account_key_file=/etc/kubernetes/serviceaccount.key"
3. Edit and /etc/kubernetes/controller-manager
add the following:
KUBE_CONTROLLER_MANAGER_ARGS="--service_account_private_key_file=/etc/kubernetes/serviceaccount.key"
Finally, no matter what the solution is, you need to restart the kubernetes service:
systemctl restart etcd kube-apiserver kube-controller-manager kube-scheduler
Epilogue
The second method is recommended here, because it is necessary to have a ServiceAccount to pull the image from the private repository by default in the configuration later. .
References:
https://linuxacademy.com/community/posts/show/topic/15747-error-creating-kubernetes-pod-no-api-token-found-for-service-acc
https://github.com/ kubernetes/kubernetes/issues/11355#issuecomment-127378691