kubectl get serviceaccounts | rg lego的输出:
kube-lego2-kube-lego 1 21h
然而,
kubectl get events --all-namespaces | rg kube-lego2的输出:
kube-lego 5m 20h 67 kube-lego-7c66c7fddf ReplicaSet Warning FailedCreate replicaset-controller Error creating: pods "kube-lego-7c66c7fddf-" is forbidden: service account kube-lego/kube-lego2-kube-lego was not found, retry after the service account is created
为什么我收到此错误?它是由于kube-lego/前缀吗?为什么那样?
可能与命名空间有关吗?
kubectl get deployment --namespace=kube-lego kube-lego -o yaml --export的输出:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "4"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"extensions/v1beta1","kind":"Deployment","metadata":{"annotations":{},"name":"kube-lego","namespace":"kube-lego"},"spec":{"replicas":1,"template":{"metadata":{"labels":{"app":"kube-lego"}},"spec":{"containers":[{"env":[{"name":"LEGO_LOG_LEVEL","value":"debug"},{"name":"LEGO_EMAIL","valueFrom":{"configMapKeyRef":{"key":"lego.email","name":"kube-lego"}}},{"name":"LEGO_URL","valueFrom":{"configMapKeyRef":{"key":"lego.url","name":"kube-lego"}}},{"name":"LEGO_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"LEGO_POD_IP","valueFrom":{"fieldRef":{"fieldPath":"status.podIP"}}}],"image":"jetstack/kube-lego:master-4209","imagePullPolicy":"Always","name":"kube-lego","ports":[{"containerPort":8080}],"readinessProbe":{"httpGet":{"path":"/healthz","port":8080},"initialDelaySeconds":5,"timeoutSeconds":1}}]}}}}
creationTimestamp: null
generation: 1
labels:
app: kube-lego
name: kube-lego
selfLink: /apis/extensions/v1beta1/namespaces/kube-lego/deployments/kube-lego
spec:
replicas: 1
selector:
matchLabels:
app: kube-lego
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: kube-lego
spec:
containers:
- env:
- name: LEGO_LOG_LEVEL
value: debug
- name: LEGO_EMAIL
valueFrom:
configMapKeyRef:
key: lego.email
name: kube-lego
- name: LEGO_URL
valueFrom:
configMapKeyRef:
key: lego.url
name: kube-lego
- name: LEGO_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: LEGO_POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
image: jetstack/kube-lego:master-4209
imagePullPolicy: Always
name: kube-lego
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: kube-lego2-kube-lego
serviceAccountName: kube-lego2-kube-lego
terminationGracePeriodSeconds: 30
status: {}
答案 0 :(得分:1)
可能与命名空间有关吗?
kube-lego2-kube-lego位于default名称空间中,而kube-lego中应存在该名称。