Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kubeadm cluster gets forbidden errors for controller-manager and scheduler #89480

Open
leexiaominghub opened this issue Mar 25, 2020 · 2 comments
Open

Comments

@leexiaominghub
Copy link

@leexiaominghub leexiaominghub commented Mar 25, 2020

Which jobs are failing:

Which test(s) are failing:
I want use the SDS of istio, and set the apiserver these flags:

- --service-account-signing-key-file=/etc/kubernetes/pki/sa.key
- --service-account-api-audiences=kubernetes.default.svc

however, after kubeamd init done, the contronller manager and scheduler get errors like this:
E0325 14:53:27.189015 1 leaderelection.go:331] error retrieving resource lock kube-system/kube-controller-manager: Get https://10.6.136.48:6443/api/v1/namespaces/kube-system/endpoints/kube-controller-manager?timeout=10s: Forbidden

E0325 14:49:29.939069 1 reflector.go:153] k8s.io/client-go/informers/factory.go:135: Failed to list *v1.PersistentVolumeClaim: Get https://10.6.136.48:6443/api/v1/persistentvolumeclaims?limit=500&resourceVersion=0: Forbidden

Since when has it been failing:

Testgrid link:

Reason for failure:

Anything else we need to know:
Are the values of flags of apiserver I made wrong?
thanks a lot!

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

@k8s-ci-robot k8s-ci-robot commented Mar 25, 2020

@leexiaominghub: There are no sig labels on this issue. Please add an appropriate label by using one of the following commands:

  • /sig <group-name>
  • /wg <group-name>
  • /committee <group-name>

Please see the group list for a listing of the SIGs, working groups, and committees available.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@liggitt

This comment has been minimized.

Copy link
Member

@liggitt liggitt commented Mar 25, 2020

Those flags don't seem related. Do you have more details about the content of the forbidden errors?

@liggitt liggitt changed the title TokenRequestProjection gets errors kubeadm cluster gets forbidden errors for controller-manager and scheduler Mar 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.