search

kubeflow / kfctl

kfctl is a CLI for deploying and managing Kubeflow
Apache License 2.0
181 stars 137 forks source link

Unable to attach or mount volumes: unmounted volumes=[istio-token] #406

Open zhangchunsheng opened 4 years ago

zhangchunsheng commented 4 years ago

kubeflow / cache-deployer-deployment log

Unable to attach or mount volumes: unmounted volumes=[istio-token], unattached volumes=[kubeflow-pipelines-cache-deployer-sa-token-s9jjq istio-envoy sds-uds-path istio-token]: timed out waiting for the condition

MountVolume.SetUp failed for volume "istio-token" : failed to fetch token: the API server does not have TokenRequest endpoints enabled
issue-label-bot[bot] commented 4 years ago

Issue-Label Bot is automatically applying the labels:

Label Probability
kind/bug 0.79
area/kfctl 0.51

Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback! Links: app homepage, dashboard and code for this bot.

zhangchunsheng commented 4 years ago

add flag in /etc/kubernetes/manifests/kube-apiserver.yaml

- --service-account-signing-key-file=/etc/kubernetes/pki/sa.key
- --service-account-issuer=kubernetes.default.svc
jbottum commented 4 years ago

@zhangchunsheng which cloud are you running on ? AWS, GCP, on-prem ?

zhangchunsheng commented 4 years ago

@zhangchunsheng which cloud are you running on ? AWS, GCP, on-prem ?

Aliyun

issue-label-bot[bot] commented 4 years ago

Issue-Label Bot is automatically applying the labels:

Label Probability
platform/aws 0.80

Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback! Links: app homepage, dashboard and code for this bot.

shantanuVerma7 commented 3 years ago

Add following flags/feature gates in you API Server. In the file /etc/kubernetes/manifests/kube-apiserver.yaml

- --feature-gates=TokenRequest=true
- --feature-gates=TokenRequestProjection=true

It should look something like this

spec:
  containers:
  - command:
    - kube-apiserver
    - --advertise-address=192.168.28.60
    - --allow-privileged=true
    - --feature-gates=TokenRequest=true
    - --feature-gates=TokenRequestProjection=true
    - --authorization-mode=Node,RBAC
    - --client-ca-file=/etc/kubernetes/pki/ca.crt
kim-sardine commented 3 years ago

Add following flags/feature gates in you API Server. In the file /etc/kubernetes/manifests/kube-apiserver.yaml

- --feature-gates=TokenRequest=true
- --feature-gates=TokenRequestProjection=true

It should look something like this

spec:
  containers:
  - command:
    - kube-apiserver
    - --advertise-address=192.168.28.60
    - --allow-privileged=true
    - --feature-gates=TokenRequest=true
    - --feature-gates=TokenRequestProjection=true
    - --authorization-mode=Node,RBAC
    - --client-ca-file=/etc/kubernetes/pki/ca.crt

@shantanuVerma7 You saved me.

wsl2 ubuntu + docker desktop + kfctl_istio_dex v1.2.0 works perfectly with below changes

    - --service-account-signing-key-file=/run/config/pki/sa.key
    - --service-account-issuer=kubernetes.default.svc
    - --feature-gates=TokenRequest=true
    - --feature-gates=TokenRequestProjection=true
theathibm commented 3 years ago

@kim-sardine @shantanuVerma7 I need to thank you guys as well. I just installed 1.2 kf on Mac Docker-Desktop Kubernetes:

In case anyone tries to install kf 1.2 on docker-desktop 2.4.0 with kubernetes 1.18.8 I did the following:

# Edit kube-apiserver.yaml in docker-desktop
# docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh
# vi /var/lib/kubeadm/manifests/kube-apiserver.yaml
# ADD FOLLLOWING:
        # - --service-account-signing-key-file=/run/config/pki/sa.key
        # - --service-account-issuer=kubernetes.default.svc
        # - --feature-gates=TokenRequest=true
        # - --feature-gates=TokenRequestProjection=true

This caused the "kube-apiserver-docker-desktop" to restart in the docker kubernetes, and then kf installed (after some time) successfully

Note: also edited kfctl_k8s_istio.v1.2.0.yaml and added "clusterName: docker-desktop". This allowed both apply and delete to work properly

qinjie545 commented 3 years ago

@kim-sardine @shantanuVerma7 I need to thank you guys as well. I just installed 1.2 kf on Mac Docker-Desktop Kubernetes:

In case anyone tries to install kf 1.2 on docker-desktop 2.4.0 with kubernetes 1.18.8 I did the following:

# Edit kube-apiserver.yaml in docker-desktop
# docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh
# vi /var/lib/kubeadm/manifests/kube-apiserver.yaml
# ADD FOLLLOWING:
        # - --service-account-signing-key-file=/run/config/pki/sa.key
        # - --service-account-issuer=kubernetes.default.svc
        # - --feature-gates=TokenRequest=true
        # - --feature-gates=TokenRequestProjection=true

This caused the "kube-apiserver-docker-desktop" to restart in the docker kubernetes, and then kf installed (after some time) successfully

Note: also edited kfctl_k8s_istio.v1.2.0.yaml and added "clusterName: docker-desktop". This allowed both apply and delete to work properly

do as above steps, work properly, docker-desktop on Mac