Deployment fails on kubernetes using docker for windows

[simonkleinfeld]

Hi, i'm trying to install openwhisk on my local single node cluster using Docker for Windows. I followed the install instructions on https://github.com/apache/openwhisk-deploy-kube/blob/master/docs/k8s-docker-for-windows.md but if i run helm install owdev ./helm/openwhisk -n openwhisk --create-namespace -f mycluster.yaml i get the following error: Error: pods "owdev-wskadmin" is forbidden: error looking up service account openwhisk/default: serviceaccount "default" not found I also did a reset of my kubernetes cluster and tried it again, with the same result.

The mycluster.yaml looks so:

whisk:
        ingress:
                type: NodePort
                apiHostName: 192.168.65.4 
                apiHostPort: 31001
nginx:
        httpsNodePort: 31001

I'm using the following versions: docker for windows: 3.2.2 kubernetes: 1.19.7 helm: 3.5.2

Thank you

[dgrove-oss]

The default service account should be created automatically by Kubernetes in every namespace it creates. Try doing a kubectl get sa -n default and kubectl get sa -n openwhisk and see what service accounts (sa) are available.

[simonkleinfeld]

For kubectl get sa -n default: No resources found in default namespace. and kubectl get sa -n openwhisk: NAME SECRETS AGE owdev-core 0 77m owdev-init-sa 0 77m owdev-invoker 0 77m

The default service account was not created isn't?

[dgrove-oss]

It looks like the default service account is missing. You can probably hack around it by just creating one, but it seems really strange that it is missing. It smells like a bug with Docker Desktop on Windows.

[simonkleinfeld]

I did a reset from my docker installation and then everything works fine. Thanks for your help, I am new to kubernetes etc and didn't know that this user should be created automatically.

[DanielLee343]

Hi, I have a following question, my default service account seems to be there, but Im still stuck at Error: pods "owdev-wskadmin" is forbidden: error looking up service account openwhisk/default: serviceaccount "default" not found.

[lyuze@storage-2 openwhisk-deploy-kube]$ docker ps
CONTAINER ID   IMAGE                  COMMAND                  CREATED        STATUS        PORTS                       NAMES
c3dba0af7943   kindest/node:v1.20.7   "/usr/local/bin/entr…"   19 hours ago   Up 11 hours                               kind-worker2
2d142d00b1be   kindest/node:v1.20.7   "/usr/local/bin/entr…"   19 hours ago   Up 11 hours   0.0.0.0:31001->31001/tcp    kind-worker
61ca9e93bbf6   kindest/node:v1.20.7   "/usr/local/bin/entr…"   19 hours ago   Up 11 hours   127.0.0.1:35501->6443/tcp   kind-control-plane
[lyuze@storage-2 openwhisk-deploy-kube]$ helm install owdev ./helm/openwhisk -n openwhisk --create-namespace -f mycluster.yaml
Error: INSTALLATION FAILED: failed to create resource: pods "owdev-wskadmin" is forbidden: error looking up service account openwhisk/default: serviceaccount "default" not found
[lyuze@storage-2 openwhisk-deploy-kube]$ 
[lyuze@storage-2 openwhisk-deploy-kube]$ kubectl get sa -n default
NAME      SECRETS   AGE
default   1         18h
[lyuze@storage-2 openwhisk-deploy-kube]$ kubectl get sa -n openwhisk
NAME            SECRETS   AGE
owdev-core      0         84s
owdev-init-sa   0         84s
owdev-invoker   0         84s

My mycluster.yaml:

whisk:
  ingress:
    type: NodePort
    apiHostName: localhost
    apiHostPort: 31001
    apiHostProto: "https"
    useInternally: false

nginx:
  httpsNodePort: 31001

# disable affinity
affinity:
  enabled: false
toleration:
  enabled: false
invoker:
  options: "-Dwhisk.kubernetes.user-pod-node-affinity.enabled=false"
  # must use KCF as kind uses containerd as its container runtime
  containerFactory:
    impl: "kubernetes"

Any idea why? Thanks!