java - Spring Cloud Kubernetes - 用户“system:serviceaccount:my-namespace:default”无法在集群范围内列出 API 组“”中的资源“服务”
问题描述
关于插件 Spring Cloud Kubernetes 的问题。
在一个非常简单的 main 上(只有一个重要的类):
@EnableScheduling
@EnableAdminServer
@EnableConfigServer
@EnableDiscoveryClient
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class);
}
}
用一个非常简单的 POM:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-kubernetes</artifactId>
</dependency>
我在应用程序启动时收到以下错误消息。
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://xxx.168.0.1/api/v1/services?labelSelector=type%3Dactuator%2Cspring-boot%3Dtrue. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. services is forbidden: User "system:serviceaccount:my-namespace:default" cannot list resource "services" in API group "" at the cluster scope.
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:589) ~[kubernetes-client-4.10.3.jar!/:na]
还有其他几个关于此的 SO 问题,但没有人谈论由 Spring Cloud Kubernetes 引起的问题。也许我应该找到一种方法来“尝试将请求范围限定为命名空间”而不是整个集群?
请问这个问题的根本原因是什么,请问如何解决?
谢谢
(整个堆栈)
[ main] o.s.boot.SpringApplication : Application run failed
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://xxx.168.0.1/api/v1/services?labelSelector=type%3Dactuator%2Cspring-boot%3Dtrue. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. services is forbidden: User "system:serviceaccount:my-namespace:default" cannot list resource "services" in API group "" at the cluster scope.
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:589) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:526) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:492) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:451) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:433) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.listRequestHelper(BaseOperation.java:166) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:640) ~[kubernetes-client-4.10.3.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:79) ~[kubernetes-client-4.10.3.jar!/:na]
at org.springframework.cloud.kubernetes.discovery.KubernetesDiscoveryClient.getServices(KubernetesDiscoveryClient.java:286) ~[spring-cloud-kubernetes-discovery-1.1.7.RELEASE.jar!/:1.1.7.RELEASE]
at org.springframework.cloud.kubernetes.discovery.KubernetesDiscoveryClient.getServices(KubernetesDiscoveryClient.java:282) ~[spring-cloud-kubernetes-discovery-1.1.7.RELEASE.jar!/:1.1.7.RELEASE]
at org.springframework.cloud.client.discovery.composite.CompositeDiscoveryClient.getServices(CompositeDiscoveryClient.java:67) ~[spring-cloud-commons-2.2.6.RELEASE.jar!/:2.2.6.RELEASE]
at de.codecentric.boot.admin.server.cloud.discovery.InstanceDiscoveryListener.discover(InstanceDiscoveryListener.java:126) ~[spring-boot-admin-server-cloud-2.3.0.jar!/:2.3.0]
at de.codecentric.boot.admin.server.cloud.discovery.InstanceDiscoveryListener.onApplicationReady(InstanceDiscoveryListener.java:100) ~[spring-boot-admin-server-cloud-2.3.0.jar!/:2.3.0]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.context.event.ApplicationListenerMethodAdapter.doInvoke(ApplicationListenerMethodAdapter.java:305) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.event.ApplicationListenerMethodAdapter.processEvent(ApplicationListenerMethodAdapter.java:190) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.event.ApplicationListenerMethodAdapter.onApplicationEvent(ApplicationListenerMethodAdapter.java:153) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:404) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:361) ~[spring-context-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
at org.springframework.boot.context.event.EventPublishingRunListener.running(EventPublishingRunListener.java:108) ~[spring-boot-2.3.5.RELEASE.jar!/:2.3.5.RELEASE]
at org.springframework.boot.SpringApplicationRunListeners.running(SpringApplicationRunListeners.java:77) ~[spring-boot-2.3.5.RELEASE.jar!/:2.3.5.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:330) ~[spring-boot-2.3.5.RELEASE.jar!/:2.3.5.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1237) ~[spring-boot-2.3.5.RELEASE.jar!/:2.3.5.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) ~[spring-boot-2.3.5.RELEASE.jar!/:2.3.5.RELEASE]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) ~
解决方案
似乎您使用的帐户可能未经我在网上找到的授权。我可以确定一个解决方案的方式很少,但有一个可能有用的资源:
https://stackoverflow.com/a/58701728/7619034
还有其他人,但 SO 不喜欢链接(到外部网站)。如果这根本没有帮助,我可以建议
推荐阅读
- ssl - ssl 安装后网页重定向到 index.php
- php - 基于少量参数 Laravel 的搜索条件
- dataframe - 如何根据特定值拆分Golang中的结构
- node.js - 将值存储到从函数返回的变量
- php - Codeigniter在多个页面中包含来自联系页面的联系表格
- angular - Angular 单元测试模拟重播主题
- python - Xlwings 从多张工作表的数据创建图表
- c - C: glib.h `pkg-config --cflags --libs glib-2.0` valgrind 仍然可以访问
- sql - 如何在 SQL 中拆分字符串并将各个部分汇总为新的数字变量?
- html - 我可以使用保管箱或谷歌驱动器作为我网站的存储空间吗?