Open bcle opened 3 years ago
This command shows that the serviceaccount directory appears correctly mounted. It's just that its contents are missing the token file:
$ kubectl describe pod xenial
Namespace: default
Priority: 0
Node: kip-provider-0/10.0.29.198
Start Time: Mon, 13 Sep 2021 20:59:18 -0700
Labels: run=xenial
Annotations: <none>
Status: Running
IP: 10.0.30.142
IPs:
IP: 10.0.30.142
Containers:
xenial:
Container ID:
Image: ubuntu:xenial
Image ID: ubuntu:xenial
Port: <none>
Host Port: <none>
Command:
bash
-c
while true; do echo `date`; sleep 5; done
State: Running
Started: Mon, 01 Jan 0001 00:00:00 +0000
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-lb7j8 (ro)
Pods using in-cluster authentication are failing because
/run/secrets/kubernetes.io/serviceaccount/token
is missing from their file system. I am using this KIP provider version:on a AWS cluster recently created using KIP's terraform script.
One way to reproduce this problem is to start a simple ubuntu pod that runs an infinite loop:
Then, this command shows the contents of
/run/secrets/kubernetes.io/serviceaccount/
:The output shows that the
token
file is missing: