spring-cloud-kubernetes: KubernetesClientException when trying to start Spring Boot microservice on Kubernetes
I am getting this exception when trying to start a Spring Boot microservice (which is Spring Boot Zuul gateway, but I don’t think it matters too much) on Kubernetes:
o.s.c.kubernetes.StandardPodUtils.internalGetPod(66) - Failed to get pod with name:[podname-nqm46]. You should look into this if things aren't working as you expect. Are you missing serviceaccount permissions?
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://kubernetes.default.svc/api/v1/namespaces/default/pods/podname-nqm46. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods "podname-nqm46" is forbidden: User "system:serviceaccount:default:default" cannot get pods in the namespace "default".
Any idea why?
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 17 (10 by maintainers)
This most likely has to do with RBAC control in Kubernetes.
It seems like you have not specified a service account for the Pod that the application is running in (and hence
defaultis being used). To see how to configure a service account for a Pod check out this. Furthermore thedefaultservice account in the namespace you are running the Pod in (which is thedefaultnamespace) does not have any extra Roles assigned to it (which is the default behavior).Although you could grant the roles to the default user in the default namespace, a better approach would be to create a specific ServiceAccount, use that in the Pod and grant that service account the necessary roles.
Check out this for all the details.
Great, I’ll take a look on Monday most likely, thanks
You’re welcome, goood to hear it’s working!