search

pacoxu / kubernetes

Production-Grade Container Scheduling and Management
https://kubernetes.io
Apache License 2.0
2 stars 4 forks source link

oidc-discovery-test pod 错误 #1771

Open pacoxu opened 2 years ago

pacoxu commented 2 years ago

I0903 21:43:28.775] Sep 3 21:43:24.460: INFO: polling logs I0903 21:43:28.775] Sep 3 21:43:24.499: INFO: Pod logs: I0903 21:43:28.775] 2021/09/03 21:42:53 OK: Got token I0903 21:43:28.776] 2021/09/03 21:42:53 validating with in-cluster discovery I0903 21:43:28.776] 2021/09/03 21:42:53 OK: got issuer https://kubernetes.default.svc.cluster.local I0903 21:43:28.776] 2021/09/03 21:42:53 Full, not-validated claims: I0903 21:43:28.776] openidmetadata.claims{Claims:jwt.Claims{Issuer:"https://kubernetes.default.svc.cluster.local", Subject:"system:serviceaccount:svcaccounts-3499:default", Audience:jwt.Audience{"oidc-discovery-test"}, Expiry:1630705972, NotBefore:1630705372, IssuedAt:1630705372, ID:""}, Kubernetes:openidmetadata.kubeClaims{Namespace:"svcaccounts-3499", ServiceAccount:openidmetadata.kubeName{Name:"default", UID:"e9b8ee11-28ae-4eef-893f-795b53766971"}}} I0903 21:43:28.777] 2021/09/03 21:42:53 OK: Constructed OIDC provider for issuer https://kubernetes.default.svc.cluster.local I0903 21:43:28.777] 2021/09/03 21:42:53 failed to validate with in-cluster discovery: failed to verify signature: fetching keys oidc: get keys failed Get "https://10.138.0.6:443/openid/v1/jwks": x509: certificate is valid for 35.227.180.194, 10.0.0.1, not 10.138.0.6 I0903 21:43:28.777] 2021/09/03 21:42:53 falling back to validating with external discovery I0903 21:43:28.777] 2021/09/03 21:42:53 OK: got issuer https://kubernetes.default.svc.cluster.local I0903 21:43:28.778] 2021/09/03 21:42:53 Full, not-validated claims: I0903 21:43:28.778] openidmetadata.claims{Claims:jwt.Claims{Issuer:"https://kubernetes.default.svc.cluster.local", Subject:"system:serviceaccount:svcaccounts-3499:default", Audience:jwt.Audience{"oidc-discovery-test"}, Expiry:1630705972, NotBefore:1630705372, IssuedAt:1630705372, ID:""}, Kubernetes:openidmetadata.kubeClaims{Namespace:"svcaccounts-3499", ServiceAccount:openidmetadata.kubeName{Name:"default", UID:"e9b8ee11-28ae-4eef-893f-795b53766971"}}}

pacoxu commented 2 years ago

W0903 21:08:41.328] Looking for address 'bootstrap-e2e-master-ip' W0903 21:08:42.496] Using master: bootstrap-e2e-master (external IP: 35.227.180.194; internal IP: (not set))