sumit4myself
commented
7 years ago fixed by creating serviceaccount.
Open sumit4myself opened 7 years ago
sumit4myself
commented
7 years ago fixed by creating serviceaccount.
RaySinnema
commented
7 years ago This should be added to the documentation.
scipionyx
commented
7 years ago I'm facing the same problem, and the serviceaccount is the default. I see the code where it fails and it seems that it is related to the serviceaccount but I can not understand how to fix it, can anyone help?
donovanmuller
commented
7 years ago @scipionyx Have you given the default Service Account the view role?
$ oc policy add-role-to-user view system:serviceaccount:default:myproject
rwenz3l
commented
6 years ago I'm also facing this issue on a selfhosted cluster. I assigned the view role (clusterRole) to the default serviceaccount in the default namespace:
kubectl create rolebinding scdf-bind \
--clusterrole=scdf-cr \
--serviceaccount=default:scdf-sa \
--namespace=defaultThe view Role is somewhat limited though. In my observation (kubectl describe clusterrole view) it can not read secrets or pod-infos.
But even if I create a dedicated service-account and grant full api access it is unable to get the necessary objects. Something else seems to be in the way and I can't figure it out.
debajyoti1d1mukherjee
commented
6 years ago I am facing an issue while trying to access configmap from Spring Boot application. The pod containing the application failed to start . I found the following error from logs of the failed pod:
08:30:09.516 [main] DEBUG io.fabric8.kubernetes.client.Config - Trying to configure client from Kubernetes config... 08:30:09.556 [main] DEBUG io.fabric8.kubernetes.client.Config - Did not find Kubernetes config at: [/root/.kube/config]. Ignoring. 08:30:09.557 [main] DEBUG io.fabric8.kubernetes.client.Config - Trying to configure client from service account... 08:30:09.557 [main] DEBUG io.fabric8.kubernetes.client.Config - Found service account ca cert at: [/var/run/secrets/kubernetes.io/serviceaccount/ca.crt]. 08:30:09.570 [main] DEBUG io.fabric8.kubernetes.client.Config - Found service account token at: [/var/run/secrets/kubernetes.io/serviceaccount/token]. 08:30:09.570 [main] DEBUG io.fabric8.kubernetes.client.Config - Trying to configure client namespace from Kubernetes service account namespace path... 08:30:09.571 [main] DEBUG io.fabric8.kubernetes.client.Config - Found service account namespace at: [/var/run/secrets/kubernetes.io/serviceaccount/namespace]. 2017-12-06 08:30:11.768 WARN 5 --- [ main] i.f.s.cloud.kubernetes.StandardPodUtils : Failed to get pod with name:[publicservice-698495cdd4-chf9c]. You should look into this if things aren't working as you expect. Are you missing serviceaccount permissions? java.lang.NoSuchMethodError: io.fabric8.kubernetes.client.KubernetesClient.pods()Lio/fabric8/kubernetes/client/dsl/MixedOperation; at io.fabric8.spring.cloud.kubernetes.StandardPodUtils.internalGetPod(StandardPodUtils.java:56) [spring-cloud-kubernetes-core-0.1.6.jar!/:na] at io.fabric8.spring.cloud.kubernetes.StandardPodUtils.lambda$new$0(StandardPodUtils.java:40) [spring-cloud-kubernetes-core-0.1.6.jar!/:na] at io.fabric8.spring.cloud.kubernetes.LazilyInstantiate.swapper(LazilyInstantiate.java:41) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na] at io.fabric8.spring.cloud.kubernetes.LazilyInstantiate.lambda$new$0(LazilyInstantiate.java:34) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na] at io.fabric8.spring.cloud.kubernetes.LazilyInstantiate.get(LazilyInstantiate.java:29) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na] at at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172) ~[spring-context-4.3.12.RELEASE.jar!/:4.3.12.RELEASE] at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165) ~[spring-context-4.3.12.RELEASE.jar!/:4.3.12.RELEASE] at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139) ~[spring-context-4.3.12.RELEASE.jar!/:4.3.12.RELEASE] at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:122) ~[spring-context-4.3.12.RELEASE.jar!/:4.3.12.RELEASE] at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:74) ~[spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE] at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:54) ~[spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE] at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:325) ~[spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:296) ~[spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1118) ~[spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1107) ~[spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE] at com.example.demo.PublcserviceApplication.main(PublcserviceApplication.java:33) ~[classes!/:0.0.1-SNAPSHOT] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_111] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_111] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_111] at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_111] at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) ~[publicservice.jar:0.0.1-SNAPSHOT] at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) ~[publicservice.jar:0.0.1-SNAPSHOT] at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) ~[publicservice.jar:0.0.1-SNAPSHOT] at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) ~[publicservice.jar:0.0.1-SNAPSHOT] 2017-12-06 08:30:11.980 INFO 5 --- [ main] s.c.a.AnnotationConfigApplicationContext : Refreshing ( ( )__ | ' | '| | ' \/ _` | \ \ \ \ \/ _)| |)| | | | | || (| | ) ) ) ) ' |__| .|| ||| |\, | / / / / =========|_|==============|__/=//// :: Spring Boot :: (v1.5.8.RELEASE) 2017-12-06 08:30:15.141 ERROR 5 --- [ main] o.s.boot.SpringApplication : Application startup failed java.lang.NoSuchMethodError: io.fabric8.kubernetes.client.KubernetesClient.configMaps()Lio/fabric8/kubernetes/client/dsl/MixedOperation; at io.fabric8.spring.cloud.kubernetes.config.ConfigMapPropertySource.getData(ConfigMapPropertySource.java:68) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na] at io.fabric8.spring.cloud.kubernetes.config.ConfigMapPropertySource.<init>(ConfigMapPropertySource.java:50) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na] at io.fabric8.spring.cloud.kubernetes.config.ConfigMapPropertySourceLocator.locate(ConfigMapPropertySourceLocator.java:44) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na] at io.fabric8.spring.cloud.kubernetes.config.ConfigMapPropertySourceLocator.locate(ConfigMapPropertySourceLocator.java:28) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na] at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:93) ~[spring-cloud-context-1.2.2.RELEASE.jar!/:1.2.2.RELEASE] at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:567) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE] at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:338) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:301) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1118) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1107) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE] at com.example.demo.PublcserviceApplication.main(PublcserviceApplication.java:33) [classes!/:0.0.1-SNAPSHOT] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_111] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_111] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_111] at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_111] at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [publicservice.jar:0.0.1-SNAPSHOT] at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [publicservice.jar:0.0.1-SNAPSHOT] at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [publicservice.jar:0.0.1-SNAPSHOT] at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [publ icservice.jar:0.0.1-SNAPSHOT]
Here is the attached code and pom.xml code.zip
Here is attached serviceaccount.yml , roles.yml, rolebindings.yml,configmap.yml configmap_and_roles.zip
deployment.yml and service.yml deployment_and_service.yml.zip
malcolmm83
commented
6 years ago I feel like the cleanest thing to do would be to define a role specifically for this. The question is what permissions it needs to have. The docs suggest a view called "cluster-reader" that I don't have on my cluster. I'm using Typhoon.
luismbarbosa
commented
5 years ago any update ?
rubenqba
commented
4 years ago FYI
If you use DigitalOcean Kubernetes cluster, setting automountServiceAccountToken in container specs works for me:
spec:
automountServiceAccountToken: true <-- this
containers:
cristianburca
commented
4 years ago I have the same issue. btw automountServiceAccountToken is not the real problem (is need of course) The switch happens when changing into the configmap, but after that in the log I still see
"WARN","loggerName":"org.springframework.cloud.kubernetes.StandardPodUtils","message":"Failed to get pod with name:[test-sss-zt8c9]. You should look into this if things aren't working as you expect. Are you missing serviceaccount permissions?","thrown":{"commonElementCount":0,"localizedMessage":"Operation: [get] for kind: [Pod] with name: [test-sss-zt8c9] in namespace: [test] failed ,"name":"io.fabric8.kubernetes.client.KubernetesClientException","cause":{"commonElementCount":40,"localizedMessage":"connect timed out","message":"connect timed out"
nidhi5885
commented
4 years ago Hey there,
I am getting this exception when trying to start a Spring Boot microservice (which is Spring Boot Zuul gateway) on Kubernetes - AWS EKS
io.fabric8.kubernetes.client.KubernetesClientException: Operation: [list] for kind: [Service] with name: [null] in namespace: [null] failed. at io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:64) ~[kubernetes-client-4.4.1.jar!/:na] at io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:72) ~[kubernetes-client-4.4.1.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.BaseOperation.listRequestHelper(BaseOperation.java:149) ~[kubernetes-client-4.4.1.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:612) ~[kubernetes-client-4.4.1.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:63) ~[kubernetes-client-4.4.1.jar!/:na] at org.springframework.cloud.kubernetes.discovery.KubernetesDiscoveryClient.getServices(KubernetesDiscoveryClient.java:278) ~[spring-cloud-kubernetes-discovery-1.1.2.RELEASE.jar!/:1.1.2.RELEASE] at org.springframework.cloud.kubernetes.discovery.KubernetesDiscoveryClient.getServices(KubernetesDiscoveryClient.java:274) ~[spring-cloud-kubernetes-discovery-1.1.2.RELEASE.jar!/:1.1.2.RELEASE] at org.springframework.cloud.client.discovery.composite.CompositeDiscoveryClient.getServices(CompositeDiscoveryClient.java:67) ~[spring-cloud-commons-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.cloud.netflix.zuul.filters.discovery.DiscoveryClientRouteLocator.locateRoutes(DiscoveryClientRouteLocator.java:121) ~[spring-cloud-netflix-zuul-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.cloud.netflix.zuul.filters.discovery.DiscoveryClientRouteLocator.locateRoutes(DiscoveryClientRouteLocator.java:44) ~[spring-cloud-netflix-zuul-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.cloud.netflix.zuul.filters.SimpleRouteLocator.doRefresh(SimpleRouteLocator.java:186) ~[spring-cloud-netflix-zuul-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.cloud.netflix.zuul.filters.discovery.DiscoveryClientRouteLocator.refresh(DiscoveryClientRouteLocator.java:171) ~[spring-cloud-netflix-zuul-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.cloud.netflix.zuul.filters.CompositeRouteLocator.refresh(CompositeRouteLocator.java:78) ~[spring-cloud-netflix-zuul-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.cloud.netflix.zuul.web.ZuulHandlerMapping.setDirty(ZuulHandlerMapping.java:79) ~[spring-cloud-netflix-zuul-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.cloud.netflix.zuul.ZuulServerAutoConfiguration$ZuulRefreshListener.reset(ZuulServerAutoConfiguration.java:315) ~[spring-cloud-netflix-zuul-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.cloud.netflix.zuul.ZuulServerAutoConfiguration$ZuulRefreshListener.onApplicationEvent(ZuulServerAutoConfiguration.java:296) ~[spring-cloud-netflix-zuul-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE] at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE] at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE] at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:403) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE] at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:360) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE] at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:897) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE] at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:162) ~[spring-boot-2.2.7.RELEASE.jar!/:2.2.7.RELEASE] at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:553) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE] at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141) ~[spring-boot-2.2.7.RELEASE.jar!/:2.2.7.RELEASE] at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747) ~[spring-boot-2.2.7.RELEASE.jar!/:2.2.7.RELEASE] at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) ~[spring-boot-2.2.7.RELEASE.jar!/:2.2.7.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) ~[spring-boot-2.2.7.RELEASE.jar!/:2.2.7.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) ~[spring-boot-2.2.7.RELEASE.jar!/:2.2.7.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1215) ~[spring-boot-2.2.7.RELEASE.jar!/:2.2.7.RELEASE] at com.vr20.coreAuth.CoreAuthApplication.main(CoreAuthApplication.java:43) ~[classes!/:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na] at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na] at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) ~[core-auth-0.0.1-SNAPSHOT.jar:na] at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) ~[core-auth-0.0.1-SNAPSHOT.jar:na] at org.springframework.boot.loader.Launcher.launch(Launcher.java:51) ~[core-auth-0.0.1-SNAPSHOT.jar:na] at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:52) ~[core-auth-0.0.1-SNAPSHOT.jar:na] Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na] at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326) ~[na:na] at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:269) ~[na:na] at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264) ~[na:na] at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:645) ~[na:na] at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464) ~[na:na] at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360) ~[na:na] at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) ~[na:na] at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) ~[na:na] at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) ~[na:na] at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:183) ~[na:na] at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:168) ~[na:na] at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1148) ~[na:na] at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1057) ~[na:na] at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:395) ~[na:na] at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:319) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:283) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:168) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:257) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:126) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[okhttp-3.12.0.jar!/:na] at io.fabric8.kubernetes.client.utils.BackwardsCompatibilityInterceptor.intercept(BackwardsCompatibilityInterceptor.java:119) ~[kubernetes-client-4.4.1.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[okhttp-3.12.0.jar!/:na] at io.fabric8.kubernetes.client.utils.ImpersonatorInterceptor.intercept(ImpersonatorInterceptor.java:68) ~[kubernetes-client-4.4.1.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[okhttp-3.12.0.jar!/:na] at io.fabric8.kubernetes.client.utils.HttpClientUtils.lambda$createHttpClient$3(HttpClientUtils.java:112) ~[kubernetes-client-4.4.1.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[okhttp-3.12.0.jar!/:na] at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:254) ~[okhttp-3.12.0.jar!/:na] at okhttp3.RealCall.execute(RealCall.java:92) ~[okhttp-3.12.0.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:404) ~[kubernetes-client-4.4.1.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:365) ~[kubernetes-client-4.4.1.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:347) ~[kubernetes-client-4.4.1.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.BaseOperation.listRequestHelper(BaseOperation.java:145) ~[kubernetes-client-4.4.1.jar!/:na] ... 36 common frames omitted Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[na:na] at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[na:na] at java.base/sun.security.validator.Validator.validate(Validator.java:264) ~[na:na] at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) ~[na:na] at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222) ~[na:na] at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) ~[na:na] at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:629) ~[na:na] ... 78 common frames omitted Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:na] at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:na] at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[na:na] at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[na:na] ... 84 common frames omitted
Any help would be appreciated
tiarebalbi
commented
4 years ago 
jiahaolinTHG
commented
3 years ago Hello, just want to check if there's a way to not fail app start up if the service account doesn't work? Thanks!
manali14
commented
1 year ago I am facing a similar issue where a spring boot application isn't able to read from configmap intermittently. SA, Role & RoleBinding are correct and it generally works post I delete my replicaSet.
Would appreciate any help in how to debug that further, probably some debug logs?
manusa
commented
1 year ago This project was migrated to https://github.com/spring-cloud/spring-cloud-kubernetes and is no longer maintained.
You should try asking in that repository.
11:53:53.862 [main] DEBUG io.fabric8.kubernetes.client.Config - Trying to configure client from Kubernetes config... 11:53:53.876 [main] DEBUG io.fabric8.kubernetes.client.Config - Did not find Kubernetes config at: [/.kube/config]. Ignoring. 11:53:53.876 [main] DEBUG io.fabric8.kubernetes.client.Config - Trying to configure client from service account... 11:53:53.877 [main] DEBUG io.fabric8.kubernetes.client.Config - Found service account ca cert at: [/var/run/secrets/kubernetes.io/serviceaccount/ca.crt]. 11:53:53.880 [main] DEBUG io.fabric8.kubernetes.client.Config - Found service account token at: [/var/run/secrets/kubernetes.io/serviceaccount/token]. 11:53:53.880 [main] DEBUG io.fabric8.kubernetes.client.Config - Trying to configure client namespace from Kubernetes service account namespace path... 11:53:53.880 [main] DEBUG io.fabric8.kubernetes.client.Config - Found service account namespace at: [/var/run/secrets/kubernetes.io/serviceaccount/namespace]. 2017-04-19 11:53:57.134 WARN 6 --- [ main] i.f.s.cloud.kubernetes.StandardPodUtils : Failed to get pod with name:[kubernetes-discovery-27485661-9ds67]. You should look into this if things aren't working as you expect. Are you missing serviceaccount permissions?
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://kubernetes.default.svc/api/v1/namespaces/myproject/pods/kubernetes-discovery-27485661-9ds67. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked.. at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:320) ~[kubernetes-client-2.2.0.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:267) ~[kubernetes-client-2.2.0.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:239) ~[kubernetes-client-2.2.0.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:232) ~[kubernetes-client-2.2.0.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleGet(OperationSupport.java:228) ~[kubernetes-client-2.2.0.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.BaseOperation.handleGet(BaseOperation.java:711) ~[kubernetes-client-2.2.0.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.BaseOperation.get(BaseOperation.java:192) ~[kubernetes-client-2.2.0.jar!/:na] at io.fabric8.spring.cloud.kubernetes.StandardPodUtils.internalGetPod(StandardPodUtils.java:56) [spring-cloud-kubernetes-core-0.1.6.jar!/:na] at io.fabric8.spring.cloud.kubernetes.StandardPodUtils.lambda$new$0(StandardPodUtils.java:40) [spring-cloud-kubernetes-core-0.1.6.jar!/:na] at io.fabric8.spring.cloud.kubernetes.LazilyInstantiate.swapper(LazilyInstantiate.java:41) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na] at io.fabric8.spring.cloud.kubernetes.LazilyInstantiate.lambda$new$0(LazilyInstantiate.java:34) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na] at io.fabric8.spring.cloud.kubernetes.LazilyInstantiate.get(LazilyInstantiate.java:29) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na] at io.fabric8.spring.cloud.kubernetes.profile.KubernetesProfileApplicationListener.addKubernetesProfile(KubernetesProfileApplicationListener.java:49) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na] at io.fabric8.spring.cloud.kubernetes.profile.KubernetesApplicationContextInitializer.initialize(KubernetesApplicationContextInitializer.java:53) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na] at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:611) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE] at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:348) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:312) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE] at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:134) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE] at org.springframework.cloud.bootstrap.BootstrapApplicationListener.bootstrapServiceContext(BootstrapApplicationListener.java:175) ~[spring-cloud-context-1.2.0.RELEASE.jar!/:1.2.0.RELEASE] at org.springframework.cloud.bootstrap.BootstrapApplicationListener.onApplicationEvent(BootstrapApplicationListener.java:98) ~[spring-cloud-context-1.2.0.RELEASE.jar!/:1.2.0.RELEASE] at org.springframework.cloud.bootstrap.BootstrapApplicationListener.onApplicationEvent(BootstrapApplicationListener.java:64) ~[spring-cloud-context-1.2.0.RELEASE.jar!/:1.2.0.RELEASE] at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:167) ~[spring-context-4.3.7.RELEASE.jar!/:4.3.7.RELEASE] at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139) ~[spring-context-4.3.7.RELEASE.jar!/:4.3.7.RELEASE] at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:122) ~[spring-context-4.3.7.RELEASE.jar!/:4.3.7.RELEASE] at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:73) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE] at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:54) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE] at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:336) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:307) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1162) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1151) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE] at com.rsystems.kubernetes.Application.main(Application.java:34) ~[classes!/:1.2] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_121] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_121] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_121] at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_121] at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) ~[app.jar:1.2] at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) ~[app.jar:1.2] at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) ~[app.jar:1.2] at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) ~[app.jar:1.2]