Bug 1256651 - "no API token found for service account default/default" when creating pod
"no API token found for service account default/default" when creating pod
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: kubernetes (Show other bugs)
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: Jan Chaloupka
: Extras
Depends On:
  Show dependency treegraph
Reported: 2015-08-25 03:44 EDT by Guohua Ouyang
Modified: 2016-09-08 07:27 EDT (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-06-24 09:41:47 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Comment 2 Timothy St. Clair 2015-08-25 10:10:59 EDT
What instructions did you follow for setup?

Also, do you have the full command lines for the daemons?
Comment 3 Eric Paris 2015-08-25 10:24:04 EDT
Service accounts require a key, referenced by both the apiserver and the controller-manager.
Comment 4 Jordan Liggitt 2015-08-25 10:43:45 EDT
A signing key is needed for the tokens to be set up automatically. If there are install scripts, the scripts should set up that key (see Kubernetes local-up-cluster.sh for an example, or follow instructions from https://github.com/kubernetes/kubernetes/issues/11355#issuecomment-127378691

I'm open to suggestions for a place to put those instructions, or better defaults in the systemd env files to make it clear that key is required
Comment 6 Jan Chaloupka 2015-08-26 03:54:16 EDT
https://github.com/projectatomic/adb-atomic-developer-bundle/pull/76 (comment form jasonbrooks) shows how to set service account key with ansible:

KUBE_API_ARGS="--tls-cert-file=/etc/kubernetes/certs/server.crt --tls-private-key-file=/etc/kubernetes/certs/server.key --client-ca-file=/etc/kubernetes/certs/ca.crt --token-auth-file=/etc/kubernetes/tokens/known_tokens.csv --service-account-key-file=/etc/kubernetes/certs/server.crt"
Comment 14 Andy Goldstein 2016-06-24 09:41:47 EDT
Closing due to age. Reopen if you still feel this is an issue.
Comment 15 Jan Chaloupka 2016-09-08 07:27:34 EDT
For 1-node cluster deployment one can use https://github.com/kubernetes/contrib/blob/master/ansible/scripts/deploy-local-cluster.sh. As the cluster is deployed on localhost, flannel installation is skipped as it is not needed.

Note You need to log in before you can comment on or make changes to this bug.