Spring Cloud Kubernetes - 用户 "system:serviceaccount:my-namespace:default" 无法在集群范围内列出 API 组“”中的资源 "services"
Spring Cloud Kubernetes - User "system:serviceaccount:my-namespace:default" cannot list resource "services" in API group "" at the cluster scope
关于插件的问题Spring Cloud Kubernetes。
在一个非常简单的 main 上(只有一个重要的 class):
@EnableScheduling
@EnableAdminServer
@EnableConfigServer
@EnableDiscoveryClient
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class);
}
}
使用非常简单的 POM:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-kubernetes</artifactId>
</dependency>
我在应用程序启动时收到以下错误消息。
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://xxx.168.0.1/api/v1/services?labelSelector=type%3Dactuator%2Cspring-boot%3Dtrue. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. services is forbidden: User "system:serviceaccount:my-namespace:default" cannot list resource "services" in API group "" at the cluster scope.
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:589) ~[kubernetes-client-4.10.3.jar!/:na]
关于此还有其他几个 SO 问题,但 none 谈论的是由 Spring Cloud Kubernetes 引起的问题。也许我应该找到一种方法来“尝试将该请求限定到一个名称空间”而不是整个集群?
请问这个问题的根本原因是什么,请问如何解决?
谢谢
(整个堆栈)
[ main] o.s.boot.SpringApplication : Application run failed
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://xxx.168.0.1/api/v1/services?labelSelector=type%3Dactuator%2Cspring-boot%3Dtrue. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. services is forbidden: User "system:serviceaccount:my-namespace:default" cannot list resource "services" in API group "" at the cluster scope.
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:589) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:526) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:492) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:451) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:433) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.listRequestHelper(BaseOperation.java:166) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:640) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:79) ~[kubernetes-client-4.10.3.jar!/:na]
at org.springframework.cloud.kubernetes.discovery.KubernetesDiscoveryClient.getServices(KubernetesDiscoveryClient.java:286) ~[spring-cloud-kubernetes-discovery-1.1.7.RELEASE.jar!/:1.1.7.RELEASE]
at org.springframework.cloud.kubernetes.discovery.KubernetesDiscoveryClient.getServices(KubernetesDiscoveryClient.java:282) ~[spring-cloud-kubernetes-discovery-1.1.7.RELEASE.jar!/:1.1.7.RELEASE]
at org.springframework.cloud.client.discovery.composite.CompositeDiscoveryClient.getServices(CompositeDiscoveryClient.java:67) ~[spring-cloud-commons-2.2.6.RELEASE.jar!/:2.2.6.RELEASE]
at de.codecentric.boot.admin.server.cloud.discovery.InstanceDiscoveryListener.discover(InstanceDiscoveryListener.java:126) ~[spring-boot-admin-server-cloud-2.3.0.jar!/:2.3.0]
at de.codecentric.boot.admin.server.cloud.discovery.InstanceDiscoveryListener.onApplicationReady(InstanceDiscoveryListener.java:100) ~[spring-boot-admin-server-cloud-2.3.0.jar!/:2.3.0]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.context.event.ApplicationListenerMethodAdapter.doInvoke(ApplicationListenerMethodAdapter.java:305) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.event.ApplicationListenerMethodAdapter.processEvent(ApplicationListenerMethodAdapter.java:190) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.event.ApplicationListenerMethodAdapter.onApplicationEvent(ApplicationListenerMethodAdapter.java:153) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:404) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:361) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.boot.context.event.EventPublishingRunListener.running(EventPublishingRunListener.java:108) ~[spring-boot-2.3.5.RELEASE.jar!/:2.3.5.RELEASE]
at org.springframework.boot.SpringApplicationRunListeners.running(SpringApplicationRunListeners.java:77) ~[spring-boot-2.3.5.RELEASE.jar!/:2.3.5.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:330) ~[spring-boot-2.3.5.RELEASE.jar!/:2.3.5.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1237) ~[spring-boot-2.3.5.RELEASE.jar!/:2.3.5.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) ~[spring-boot-2.3.5.RELEASE.jar!/:2.3.5.RELEASE]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) ~
看来您使用的帐户可能未经我在网上找到的授权。我几乎无法确定一个单一的解决方案,但有一个可能有用的资源:
还有其他的,但 SO 不喜欢链接(到外部站点)。如果这根本没有帮助,我可以建议
关于插件的问题Spring Cloud Kubernetes。
在一个非常简单的 main 上(只有一个重要的 class):
@EnableScheduling
@EnableAdminServer
@EnableConfigServer
@EnableDiscoveryClient
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class);
}
}
使用非常简单的 POM:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-kubernetes</artifactId>
</dependency>
我在应用程序启动时收到以下错误消息。
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://xxx.168.0.1/api/v1/services?labelSelector=type%3Dactuator%2Cspring-boot%3Dtrue. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. services is forbidden: User "system:serviceaccount:my-namespace:default" cannot list resource "services" in API group "" at the cluster scope.
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:589) ~[kubernetes-client-4.10.3.jar!/:na]
关于此还有其他几个 SO 问题,但 none 谈论的是由 Spring Cloud Kubernetes 引起的问题。也许我应该找到一种方法来“尝试将该请求限定到一个名称空间”而不是整个集群?
请问这个问题的根本原因是什么,请问如何解决?
谢谢
(整个堆栈)
[ main] o.s.boot.SpringApplication : Application run failed
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://xxx.168.0.1/api/v1/services?labelSelector=type%3Dactuator%2Cspring-boot%3Dtrue. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. services is forbidden: User "system:serviceaccount:my-namespace:default" cannot list resource "services" in API group "" at the cluster scope.
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:589) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:526) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:492) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:451) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:433) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.listRequestHelper(BaseOperation.java:166) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:640) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:79) ~[kubernetes-client-4.10.3.jar!/:na]
at org.springframework.cloud.kubernetes.discovery.KubernetesDiscoveryClient.getServices(KubernetesDiscoveryClient.java:286) ~[spring-cloud-kubernetes-discovery-1.1.7.RELEASE.jar!/:1.1.7.RELEASE]
at org.springframework.cloud.kubernetes.discovery.KubernetesDiscoveryClient.getServices(KubernetesDiscoveryClient.java:282) ~[spring-cloud-kubernetes-discovery-1.1.7.RELEASE.jar!/:1.1.7.RELEASE]
at org.springframework.cloud.client.discovery.composite.CompositeDiscoveryClient.getServices(CompositeDiscoveryClient.java:67) ~[spring-cloud-commons-2.2.6.RELEASE.jar!/:2.2.6.RELEASE]
at de.codecentric.boot.admin.server.cloud.discovery.InstanceDiscoveryListener.discover(InstanceDiscoveryListener.java:126) ~[spring-boot-admin-server-cloud-2.3.0.jar!/:2.3.0]
at de.codecentric.boot.admin.server.cloud.discovery.InstanceDiscoveryListener.onApplicationReady(InstanceDiscoveryListener.java:100) ~[spring-boot-admin-server-cloud-2.3.0.jar!/:2.3.0]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.context.event.ApplicationListenerMethodAdapter.doInvoke(ApplicationListenerMethodAdapter.java:305) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.event.ApplicationListenerMethodAdapter.processEvent(ApplicationListenerMethodAdapter.java:190) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.event.ApplicationListenerMethodAdapter.onApplicationEvent(ApplicationListenerMethodAdapter.java:153) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:404) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:361) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.boot.context.event.EventPublishingRunListener.running(EventPublishingRunListener.java:108) ~[spring-boot-2.3.5.RELEASE.jar!/:2.3.5.RELEASE]
at org.springframework.boot.SpringApplicationRunListeners.running(SpringApplicationRunListeners.java:77) ~[spring-boot-2.3.5.RELEASE.jar!/:2.3.5.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:330) ~[spring-boot-2.3.5.RELEASE.jar!/:2.3.5.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1237) ~[spring-boot-2.3.5.RELEASE.jar!/:2.3.5.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) ~[spring-boot-2.3.5.RELEASE.jar!/:2.3.5.RELEASE]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) ~
看来您使用的帐户可能未经我在网上找到的授权。我几乎无法确定一个单一的解决方案,但有一个可能有用的资源:
还有其他的,但 SO 不喜欢链接(到外部站点)。如果这根本没有帮助,我可以建议