search

matt-deboer / kuill

A multitenant UI for kubernetes.
MIT License
37 stars 1 forks source link

nodes is forbidden: User \"system:serviceaccount:default:default\" cannot list nodes at the cluster scope #84

Open JinsYin opened 6 years ago

JinsYin commented 6 years ago 
$ helm install . --name kuill

$ kubectl logs -f kuill-kuill-6697f6c9c4-bnn7v
time="2018-02-01T11:17:23Z" level=warning msg="OpenID+Connect authenticator is not enabled; the following required flags were missing: oidc-provider-name, oidc-provider, public-url, oidc-client-secret, oidc-client-id"
time="2018-02-01T11:17:23Z" level=warning msg="SAML authenticator is not enabled; the following required flags were missing: public-url, saml-groups-attribute, saml-sp-cert, saml-sp-key"
time="2018-02-01T11:17:23Z" level=info msg="Enabled authenticator: anonymous:anonymous => /auth/anonymous/anonymous"
time="2018-02-01T11:17:23Z" level=info msg="Enabled kubernetes api proxy for https://172.254.0.1:443"
time="2018-02-01T11:17:23Z" level=error msg="nodes is forbidden: User \"system:serviceaccount:default:default\" cannot list nodes at the cluster scope"
time="2018-02-01T11:17:23Z" level=info msg="kuill!@v0.2-b9 listening on :8080"
time="2018-02-01T11:17:23Z" level=warning msg="TLS is disabled; server is running in an insecure configuration"
time="2018-02-01T11:17:38Z" level=error msg="nodes is forbidden: User \"system:serviceaccount:default:default\" cannot list nodes at the cluster scope"
time="2018-02-01T11:17:53Z" level=error msg="nodes is forbidden: User \"system:serviceaccount:default:default\" cannot list nodes at the cluster scope"
time="2018-02-01T11:18:08Z" level=error msg="nodes is forbidden: User \"system:serviceaccount:default:default\" cannot list nodes at the cluster scope"
time="2018-02-01T11:18:23Z" level=error msg="namespaces is forbidden: User \"system:serviceaccount:default:default\" cannot list namespaces at the cluster scope"
time="2018-02-01T11:18:23Z" level=error msg="nodes is forbidden: User \"system:serviceaccount:default:default\" cannot list nodes at the cluster scope"
time="2018-02-01T11:18:25Z" level=error msg="namespaces is forbidden: User \"system:serviceaccount:default:default\" cannot list namespaces at the cluster scope"
time="2018-02-01T11:18:26Z" level=error msg="KubeKindAggregatingWatchProxy: Failed to list namespaces; namespaces is forbidden: User \"system:serviceaccount:default:default\" cannot list namespaces at the cluster scope"
time="2018-02-01T11:18:29Z" level=error msg="KubeKindAggregatingWatchProxy: Failed to list namespaces; namespaces is forbidden: User \"system:serviceaccount:default:default\" cannot list namespaces at the cluster scope"
time="2018-02-01T11:18:32Z" level=error msg="KubeKindAggregatingWatchProxy: Failed to list namespaces; namespaces is forbidden: User \"system:serviceaccount:default:default\" cannot list namespaces at the cluster scope"
time="2018-02-01T11:18:35Z" level=error msg="KubeKindAggregatingWatchProxy: Failed to list namespaces; namespaces is forbidden: User \"system:serviceaccount:default:default\" cannot list namespaces at the cluster scope"
time="2018-02-01T11:18:38Z" level=error msg="nodes is forbidden: User \"system:serviceaccount:default:default\" cannot list nodes at the cluster scope"
matt-deboer commented 6 years ago

looks like I wasn't actually assigning the service account in the deployment's pod template; should be fixed now in master

JinsYin commented 6 years ago 
$ kubectl logs -f kuill-kuill-58fd464f46-rx4n6
time="2018-02-06T01:31:43Z" level=warning msg="OpenID+Connect authenticator is not enabled; the following required flags were missing: oidc-client-id, public-url, oidc-provider-name, oidc-provider, oidc-client-secret"
time="2018-02-06T01:31:43Z" level=warning msg="SAML authenticator is not enabled; the following required flags were missing: public-url, saml-groups-attribute, saml-sp-cert, saml-sp-key"
time="2018-02-06T01:31:43Z" level=info msg="Enabled authenticator: anonymous:anonymous => /auth/anonymous/anonymous"
time="2018-02-06T01:31:44Z" level=info msg="Enabled kubernetes api proxy for https://172.254.0.1:443"
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xf173f4]

goroutine 1 [running]:
github.com/matt-deboer/kuill/pkg/metrics.convertSummary(0xc420367a80, 0x0, 0x0, 0x0, 0x0, 0xc420364960, 0xe, 0x0, 0x0, 0x0, ...)
    /home/travis/gopath/src/github.com/matt-deboer/kuill/pkg/metrics/metrics.go:194 +0x94
github.com/matt-deboer/kuill/pkg/metrics.(*Provider).summarize(0xc420382d50, 0xc420382d50)
    /home/travis/gopath/src/github.com/matt-deboer/kuill/pkg/metrics/metrics.go:97 +0x837
github.com/matt-deboer/kuill/pkg/metrics.NewMetricsProvider(0xc4203cc940, 0xf, 0xc420586dc8, 0xf58908)
    /home/travis/gopath/src/github.com/matt-deboer/kuill/pkg/metrics/metrics.go:38 +0x9f
main.setupMetrics(0xc4201746e0, 0xc4203f6060, 0xc4203cc940)
    /home/travis/gopath/src/github.com/matt-deboer/kuill/pkg/server/main.go:503 +0x2f
main.main.func1(0xc4201746e0)
    /home/travis/gopath/src/github.com/matt-deboer/kuill/pkg/server/main.go:270 +0x2cf
github.com/matt-deboer/kuill/vendor/github.com/urfave/cli.HandleAction(0x1001d00, 0x120fa50, 0xc4201746e0, 0xc4200923c0, 0x0)
    /home/travis/gopath/src/github.com/matt-deboer/kuill/vendor/github.com/urfave/cli/app.go:503 +0x7c
github.com/matt-deboer/kuill/vendor/github.com/urfave/cli.(*App).Run(0xc420162a80, 0xc42000e1d0, 0x1, 0x1, 0x0, 0x0)
    /home/travis/gopath/src/github.com/matt-deboer/kuill/vendor/github.com/urfave/cli/app.go:268 +0x6ca
main.main()
    /home/travis/gopath/src/github.com/matt-deboer/kuill/pkg/server/main.go:292 +0x25ea
matt-deboer commented 6 years ago

looks like you hit a different snag :/ give it a try now with latest...