Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error creating: pods "goldilocks-vpa-install-" is forbidden: error looking up service account default/goldilocks-vpa-install: serviceaccount "goldilocks-vpa-install" not found #306

Closed
rolfberkenbosch opened this issue Jun 5, 2020 · 2 comments
Closed

Error creating: pods "goldilocks-vpa-install-" is forbidden: error looking up service account default/goldilocks-vpa-install: serviceaccount "goldilocks-vpa-install" not found #306

rolfberkenbosch opened this issue Jun 5, 2020 · 2 comments
Labels
goldilocks goldilocks chart question Further information is requested stale Marked as stale by stalebot

Comments

@rolfberkenbosch
Copy link

rolfberkenbosch commented Jun 5, 2020
edited

I get the following error with helm:
Error creating: pods "goldilocks-vpa-install-" is forbidden: error looking up service account default/goldilocks-vpa-install: serviceaccount "goldilocks-vpa-install" not found

When i looked into the code i see the following:


1 | apiVersion: batch/v1 |   |  
-- | -- | -- | --
2 | kind: Job |   |  
3 | metadata: |   |  
4 | annotations: |   |  
5 | helm.sh/hook: 'pre-install,pre-upgrade' |   |  
6 | helm.sh/hook-delete-policy: 'hook-succeeded,before-hook-creation' |   |  
7 | helm.sh/hook-weight: '-70' |   |  
8 | kubectl.kubernetes.io/last-applied-configuration: > |   |  
9 | {"apiVersion":"batch/v1","kind":"Job","metadata":{"annotations":{"helm.sh/hook":"pre-install,pre-upgrade","helm.sh/hook-delete-policy":"hook-succeeded,before-hook-creation","helm.sh/hook-weight":"-70"},"labels":{"app.kubernetes.io/component":"vpa-install","app.kubernetes.io/instance":"goldilocks","app.kubernetes.io/managed-by":"Tiller","app.kubernetes.io/name":"goldilocks","helm.sh/chart":"goldilocks-2.3.1"},"name":"goldilocks-vpa-install","namespace":"default"},"spec":{"template":{"metadata":{"labels":{"app.kubernetes.io/component":"vpa-install","app.kubernetes.io/instance":"goldilocks","app.kubernetes.io/managed-by":"Tiller","app.kubernetes.io/name":"goldilocks","helm.sh/chart":"goldilocks-2.3.1"},"name":"goldilocks-vpa-install"},"spec":{"containers":[{"args":["-c","kubectl |   |  
10 | apply -f |   |  
11 | https://raw.githubusercontent.com/kubernetes/autoscaler/e16a0adef6c7d79a23d57f9bbbef26fc9da59378/vertical-pod-autoscaler/deploy/recommender-deployment.yaml\nkubectl |   |  
12 | apply -f |   |  
13 | https://raw.githubusercontent.com/kubernetes/autoscaler/e16a0adef6c7d79a23d57f9bbbef26fc9da59378/vertical-pod-autoscaler/deploy/vpa-beta2-crd.yaml\nkubectl |   |  
14 | apply -f |   |  
15 | https://raw.githubusercontent.com/kubernetes/autoscaler/e16a0adef6c7d79a23d57f9bbbef26fc9da59378/vertical-pod-autoscaler/deploy/vpa-rbac.yaml\n"],"command":["bash"],"image":"quay.io/reactiveops/ci-images:v9-alpine","name":"vpa-install"}],"restartPolicy":"Never","serviceAccountName":"goldilocks-vpa-install"}}}} |   |  
16 | labels: |   |  
17 | app.kubernetes.io/component: vpa-install |   |  
18 | app.kubernetes.io/instance: goldilocks |   |  
19 | app.kubernetes.io/managed-by: Tiller |   |  
20 | app.kubernetes.io/name: goldilocks |   |  
21 | helm.sh/chart: goldilocks-2.3.1 |   |  
22 | name: goldilocks-vpa-install |   |  
23 | namespace: default |   |  
24 | resourceVersion: '13458861' |   |  
25 | selfLink: /apis/batch/v1/namespaces/default/jobs/goldilocks-vpa-install |   |  
26 | uid: e8692b6c-64db-41a2-86c8-8f5493210ee7 |   |  
27 | spec: |   |  
28 | backoffLimit: 6 |   |  
29 | completions: 1 |   |  
30 | parallelism: 1 |   |  
31 | selector: |   |  
32 | matchLabels: |   |  
33 | controller-uid: e8692b6c-64db-41a2-86c8-8f5493210ee7 |   |  
34 | template: |   |  
35 | metadata: |   |  
36 | creationTimestamp: null |   |  
37 | labels: |   |  
38 | app.kubernetes.io/component: vpa-install |   |  
39 | app.kubernetes.io/instance: goldilocks |   |  
40 | app.kubernetes.io/managed-by: Tiller |   |  
41 | app.kubernetes.io/name: goldilocks |   |  
42 | controller-uid: e8692b6c-64db-41a2-86c8-8f5493210ee7 |   |  
43 | helm.sh/chart: goldilocks-2.3.1 |   |  
44 | job-name: goldilocks-vpa-install |   |  
45 | name: goldilocks-vpa-install |   |  
46 | spec: |   |  
47 | containers: |   |  
48 | - args: |   |  
49 | - '-c' |   |  
50 | - > |   |  
51 | kubectl apply -f |   |  
52 | https://raw.githubusercontent.com/kubernetes/autoscaler/e16a0adef6c7d79a23d57f9bbbef26fc9da59378/vertical-pod-autoscaler/deploy/recommender-deployment.yaml |   |  
53 |   |   |  
54 | kubectl apply -f |   |  
55 | https://raw.githubusercontent.com/kubernetes/autoscaler/e16a0adef6c7d79a23d57f9bbbef26fc9da59378/vertical-pod-autoscaler/deploy/vpa-beta2-crd.yaml |   |  
56 |   |   |  
57 | kubectl apply -f |   |  
58 | https://raw.githubusercontent.com/kubernetes/autoscaler/e16a0adef6c7d79a23d57f9bbbef26fc9da59378/vertical-pod-autoscaler/deploy/vpa-rbac.yaml |   |  
59 | command: |   |  
60 | - bash |   |  
61 | image: 'quay.io/reactiveops/ci-images:v9-alpine' |   |  
62 | imagePullPolicy: IfNotPresent |   |  
63 | name: vpa-install |   |  
64 | resources: {} |   |  
65 | terminationMessagePath: /dev/termination-log |   |  
66 | terminationMessagePolicy: File |   |  
67 | dnsPolicy: ClusterFirst |   |  
68 | restartPolicy: Never |   |  
69 | schedulerName: default-scheduler |   |  
70 | securityContext: {} |   |  
71 | serviceAccount: goldilocks-vpa-install |   |  
72 | serviceAccountName: goldilocks-vpa-install |   |  
73 | terminationGracePeriodSeconds: 30 |   |  
74 | status: |   |  
75 | active: 1 |   |  
76 | failed: 4 |   |  
77 | startTime: '2020-06-05T19:57:26Z'

Line 52, 55 and 58 has tabs, that really strange.

But after fixing those tabs, I get the following error message:

The Job "goldilocks-vpa-install" is invalid:

  • spec.template.metadata.labels[controller-uid]: Invalid value: map[string]string{"app.kubernetes.io/component":"vpa-install", "app.kubernetes.io/instance":"goldilocks", "app.kubernetes.io/managed-by":"Tiller", "app.kubernetes.io/name":"goldilocks", "controller-uid":"e8692b6c-64db-41a2-86c8-8f5493210ee7", "helm.sh/chart":"goldilocks-2.3.1", "job-name":"goldilocks-vpa-install"}: must be '0d8e2040-05af-4e71-a3d4-573382279110'
  • spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"controller-uid":"e8692b6c-64db-41a2-86c8-8f5493210ee7"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: selector not auto-generated
@rolfberkenbosch rolfberkenbosch changed the title [CHART NAME] <brief description of problem> Error creating: pods "goldilocks-vpa-install-" is forbidden: error looking up service account default/goldilocks-vpa-install: serviceaccount "goldilocks-vpa-install" not found Jun 5, 2020
@sudermanjr
Copy link
Member

Can you please share the exact command you ran, and the entire output?

The output serviceaccount "goldilocks-vpa-install" not found seems to suggest that the install hook serviceAccount did not get applied.

charts/stable/goldilocks/templates/vpa-install-hook.yaml

Lines 2 to 9 in c560e24

apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
"helm.sh/hook": "pre-install,pre-upgrade"
"helm.sh/hook-delete-policy": "hook-succeeded,before-hook-creation,hook-failed"
"helm.sh/hook-weight": "-100"
name: {{ include "goldilocks.fullname" . }}-vpa-install

@sudermanjr sudermanjr added goldilocks goldilocks chart question Further information is requested labels Jun 8, 2020
@sudermanjr sudermanjr mentioned this issue Jun 8, 2020
Closed
@stale
Copy link

stale bot commented Aug 8, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale Marked as stale by stalebot label Aug 8, 2020
@stale stale bot closed this as completed Aug 15, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
goldilocks goldilocks chart question Further information is requested stale Marked as stale by stalebot
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sudermanjr @rolfberkenbosch