用户“ system:anonymous”无法在名称空间“默认”中的API组“”中创建资源“ pods”

时间:2019-06-06 20:30:21

标签: apache-spark kubernetes amazon-eks

我正在尝试在EKS上运行Spark。创建了一个EKS集群,添加了节点,然后尝试从EC2实例提交Spark作业。

运行以下命令进行访问:

kubectl create serviceaccount spark
kubectl create clusterrolebinding spark-role --clusterrole=admin --serviceaccount=default:spark --namespace=default
使用

spark-submit命令:

bin/spark-submit \
--master k8s://https://XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.us-east-1.eks.amazonaws.com \
--deploy-mode cluster \
--name spark-pi \
--class org.apache.spark.examples.SparkPi \
--conf spark.executor.instances=2 \
--conf spark.app.name=spark-pi \
--conf spark.kubernetes.authenticate.driver.serviceAccountName=spark  \
--conf spark.kubernetes.container.image=k8sspark:latest \
--conf spark.kubernetes.authenticate.submission.caCertFile=ca.pem \
local:////usr/spark-2.4.3-bin-hadoop2.7/examples/jars/spark-examples_2.11-2.4.3.jar 100000

它返回:

  

log4j:WARN找不到记录器的附加程序(io.fabric8.kubernetes.client.Config)。   log4j:WARN请正确初始化log4j系统。   log4j:WARN有关更多信息,请参见http://logging.apache.org/log4j/1.2/faq.html#noconfig。   使用Spark的默认log4j配置文件:org / apache / spark / log4j-defaults.properties   19/06/06 16:03:50警告WatchConnectionManager:执行器在close()中关闭后没有及时终止,在以下位置将其杀死:io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@5b43fbf6   线程“主” io.fabric8.kubernetes.client.KubernetesClientException中的异常:执行失败:POST位于https://XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.us-east-1.eks.amazonaws.com/api/v1/namespaces/default/pods。消息:禁止豆荚:用户“ system:anonymous”无法在名称空间“默认”的API组“”中创建资源“豆荚”。收到的状态:Status(apiVersion = v1,代码= 403,详细信息= StatusDetails(原因= [],group = null,kind = pods,name = null,retryAfterSeconds = null,uid = null,additionalProperties = {}),kind =状态,消息=禁止:用户“ system:anonymous”无法在名称空间“默认”的API组“”中创建资源“ pods”,元数据= ListMeta(_continue = null,resourceVersion = null,selfLink = null,additionalProperties = {}),原因=禁止,状态=故障,AdditionalProperties = {})。           在io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:478)           在io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:417)           在io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:381)           在io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:344)           在io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleCreate(OperationSupport.java:227)           在io.fabric8.kubernetes.client.dsl.base.BaseOperation.handleCreate(BaseOperation.java:787)           在io.fabric8.kubernetes.client.dsl.base.BaseOperation.create(BaseOperation.java:357)           在org.apache.spark.deploy.k8s.submit.Client $$ anonfun $ run $ 2.apply(KubernetesClientApplication.scala:141)           在org.apache.spark.deploy.k8s.submit.Client $$ anonfun $ run $ 2.apply(KubernetesClientApplication.scala:140)           在org.apache.spark.util.Utils $ .tryWithResource(Utils.scala:2543)           在org.apache.spark.deploy.k8s.submit.Client.run(KubernetesClientApplication.scala:140)           在org.apache.spark.deploy.k8s.submit.KubernetesClientApplication $$ anonfun $ run $ 5.apply(KubernetesClientApplication.scala:250)           在org.apache.spark.deploy.k8s.submit.KubernetesClientApplication $$ anonfun $ run $ 5.apply(KubernetesClientApplication.scala:241)           在org.apache.spark.util.Utils $ .tryWithResource(Utils.scala:2543)           在org.apache.spark.deploy.k8s.submit.KubernetesClientApplication.run(KubernetesClientApplication.scala:241)           在org.apache.spark.deploy.k8s.submit.KubernetesClientApplication.start(KubernetesClientApplication.scala:204)           在org.apache.spark.deploy.SparkSubmit.org $ apache $ spark $ deploy $ SparkSubmit $$ runMain(SparkSubmit.scala:849)           在org.apache.spark.deploy.SparkSubmit.doRunMain $ 1(SparkSubmit.scala:167)           在org.apache.spark.deploy.SparkSubmit.submit(SparkSubmit.scala:195)           在org.apache.spark.deploy.SparkSubmit.doSubmit(SparkSubmit.scala:86)           在org.apache.spark.deploy.SparkSubmit $$ anon $ 2.doSubmit(SparkSubmit.scala:924)           在org.apache.spark.deploy.SparkSubmit $ .main(SparkSubmit.scala:933)           在org.apache.spark.deploy.SparkSubmit.main(SparkSubmit.scala)   19/06/06 16:03:50 INFO ShutdownHookManager:调用了关闭挂钩   19/06/06 16:03:50信息ShutdownHookManager:删除目录/ tmp / spark-0060fe01-33eb-4cb4-b96b-d5be687016bc

尝试使用管理员权限创建其他clusterrole。但这没有用。

有什么办法解决这个问题吗?

1 个答案:

答案 0 :(得分:1)

我在 GKE 上遇到了类似的问题,我采取的措施是:

  1. 删除 $HOME/.kube 文件夹:
    rm -rvf ~/.kube

  2. 要获取新的 k8 凭据,应创建一个新文件夹 ~/.kube

  3. 在运行 spark-submit 之前,请确保先运行以下命令:

kubectl get pods

如果 kubectl get 操作成功完成,您将拥有一个 ~/.kube/config 目录。

相关问题
最新问题