search

go-faster / portoshim

CRI plugin for Porto container runtime
Other
0 stars 0 forks source link

In-cluster authentication not working? #4

Closed ernado closed 9 months ago

ernado commented 9 months ago

Full logs: minikube-fail-logs.txt

Suspicious kube scheduler logs:

==> kube-scheduler [kube-scheduler-minikube-463a/kube-scheduler-9b75] <==
I0128 12:42:35.188954       7 serving.go:348] Generated self-signed cert in-memory
W0128 12:42:36.090939       7 requestheader_controller.go:193] Unable to get configmap/extension-apiserver-authentication in kube-system.  Usually fixed by 'kubectl create rolebinding -n kube-system ROLEBINDING_NAME --role=extension-apiserver-authentication-reader --serviceaccount=YOUR_NS:YOUR_SA'
W0128 12:42:36.090952       7 authentication.go:368] Error looking up in-cluster authentication configuration: configmaps "extension-apiserver-authentication" is forbidden: User "system:kube-scheduler" cannot get resource "configmaps" in API group "" in the namespace "kube-system"
W0128 12:42:36.090957       7 authentication.go:369] Continuing without authentication configuration. This may treat all requests as anonymous.
W0128 12:42:36.090961       7 authentication.go:370] To require authentication configuration lookup to succeed, set --authentication-tolerate-lookup-failure=false
I0128 12:42:36.105977       7 server.go:154] "Starting Kubernetes Scheduler" version="v1.28.4"
I0128 12:42:36.105987       7 server.go:156] "Golang settings" GOGC="" GOMAXPROCS="" GOTRACEBACK=""
I0128 12:42:36.106678       7 secure_serving.go:213] Serving securely on 127.0.0.1:10259
I0128 12:42:36.106726       7 configmap_cafile_content.go:202] "Starting controller" name="client-ca::kube-system::extension-apiserver-authentication::client-ca-file"
I0128 12:42:36.106733       7 shared_informer.go:311] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I0128 12:42:36.106741       7 tlsconfig.go:240] "Starting DynamicServingCertificateController"
W0128 12:42:36.113721       7 reflector.go:535] pkg/server/dynamiccertificates/configmap_cafile_content.go:206: failed to list *v1.ConfigMap: configmaps "extension-apiserver-authentication" is forbidden: User "system:kube-scheduler" cannot list resource "configmaps" in API group "" in the namespace "kube-system"
E0128 12:42:36.113735       7 reflector.go:147] pkg/server/dynamiccertificates/configmap_cafile_content.go:206:
ernado commented 9 months ago

Actually it is working after retry.