Permission denied while creating kube client

[r4j4h]

While following the Software Loadbalancer using keepalived and nginx example I find the BindIP never populates in the config map.

Upon inspection the problem is possibly related to needing to make a service account beforehand?

Here's the output of the two relevant containers:

[root@kubebox-node1 vagrant]# kubectl log kube-loadbalancer-rc-orxys
W1206 20:37:58.496741    9760 cmd.go:345] log is DEPRECATED and will be removed in a future version. Use logs instead.
I1206 20:37:42.873660       1 factory.go:59] Registered backend loadbalancer-daemon.
I1206 20:37:42.874149       1 factory.go:59] Registered backend f5.
I1206 20:37:42.874228       1 factory.go:59] Registered backend openstack-lbaasv2.
F1206 20:37:42.874765       1 main.go:71] failed to create client: open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied

[root@kubebox-node1 vagrant]# kubectl log loadbalancer-daemon-d4u8x 
W1206 20:41:05.170089   10809 cmd.go:345] log is DEPRECATED and will be removed in a future version. Use logs instead.
I1206 20:40:47.672500       1 nginx.go:336] executing nginx
I1206 20:40:47.879536       1 utils.go:57] Monitoring proccess /var/run/nginx.pid. PID: 14
I1206 20:40:47.969268       1 keepalived.go:108] Starting keepalived with options [--log-console --vrrp --release-vips]
W1206 20:40:47.994005       1 utils.go:48] Error reading PID file /var/run/keepalived.pid: open /var/run/keepalived.pid: no such file or directory. Trying again...
I1206 20:40:48.999012       1 utils.go:57] Monitoring proccess /var/run/keepalived.pid. PID: 20
[root@kubebox-node1 vagrant]# 

[r4j4h]

Following up this was an issue with Linux itself and was fixed with

sudo chcon -Rt svirt_sandbox_file_t /var/lib/kubelet

References

https://bugzilla.redhat.com/show_bug.cgi?id=1317023 http://stackoverflow.com/questions/35338213/kubernetes-serviceaccounts-and-selinux