-
Notifications
You must be signed in to change notification settings - Fork 40k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Service account not working in hyperkube since v1.3.0-alpha.5 #26943
Comments
Can you provide interesting parts of the kubelet log? |
Not sure what is interesting. Uploaded all of the log file. |
can you kindly test this also with the shared volume mount solution? |
cc @jsafrane @fgrzadkowski @lavalamp @ncdc @kubernetes/sig-storage @kubernetes/rh-storage I think something is wrong with |
@cheld What OS? What Docker version? |
Docker: 1.10.3 (client+server) OS: Ubuntu 15.10 |
CC @batikanu |
@cheld have you tried |
@ncdc it works!
|
@cheld is it ok to close this? |
Okay, this is going to push us over docker @cheld Does everything work "normally" (for this solution) with |
rslave is how we do it for OpenShift. Everything should work just fine. On Tuesday, June 7, 2016, Lucas Käldström notifications@github.com wrote:
|
Does |
Manually tested emptyDir, downward api, service accounts with v1.2.4, alpha.4 and alpha.5. Seems to work fine BTW: the shared volume solution is not really working on my machine. (Error: Path /var/lib/kubelet is mounted on /var/lib/kubelet but it is not a shared mount..)
|
In your docker service file you have to clear or set for shared
|
Did your Docker unit file change between v1.3.0-alpha.4 and v1.3.0-alpha.5? Perhaps you had MountFlags=shared (or slave) when running v1.3.0-alpha.4 but it somehow was removed or changed to private for v1.3.0-alpha.5? |
@pmorie fyi in case you want to explain the various mount propagation modes 😄 |
I guess what I really need to do is write some doc on this subject. |
yes, I will do |
@pmorie @ncdc For me it does create mounts every n seconds. Now my
the same volume is mounted ~600 times. |
@luxas what is the propagation mode of the /var/lib/kubelet mount in the kubelet container? Inside the container, run this command:
|
@pmorie That was when I was testing |
|
I can confirm this remains broken in 1.3. The break appeared between alpha-4 and alpha-5. |
Use the shared mount without containerized. |
The official documentation to launch hyperkube is still not correct. I see two options to fix:
|
Also having this issue. The shared mount did not fix it for me. |
@tristanz It doesnt resolve the issue for me. I am following these docs with the modified kubelet start (This did work for me in v1.2.4). http://kubernetes.io/docs/getting-started-guides/docker-multinode/worker/
When I startup a pod, i see these logs in that kubelet container. Not sure what to make of that.
Happy to try more things, just let me know. Im not really sure what to do from this point. |
You need to add shared to kublet. This is required to make mounts done by kubelet visible to other containers (e.g. service accounts)
|
@cheld Cool! That works! The token and ca.crt are there now. Thanks! However something is still different here. The ingress doesnt complain about not finding the token and crt now but it is timing out on something. Same setup as v1.2.5 except for this change to the minion nodes running kubelet.
This could be just my setup. Will have to troubleshoot it some more to see what it is actually trying to do. |
Problem
Service account seems to be broken in Hyperkube
Steps:
Result is empty dir.
Comment:
It works in v1.3.0-alpha.4
The text was updated successfully, but these errors were encountered: