k8s.io/client-go/informers/factory.go:159: failed to list *v1.ServiceAccount: Unauthorized #212
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
k8s version : v1.26.5
I am trying to run this pod-identitywebhook on an onprem cluster.
The mutatingwebhook is created fine and the deployment create pods without any issues.
The webhook is not mutating requests this is what i see this in pod logs
W0223 04:44:12.616581 1 client_config.go:618] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I0223 04:44:12.617802 1 main.go:291] Creating server
I0223 04:44:12.617831 1 main.go:312] Listening on :9999 for metrics and healthz
I0223 04:44:12.617937 1 main.go:306] Listening on :443
W0223 04:44:12.629160 1 reflector.go:539] k8s.io/client-go/informers/factory.go:159: failed to list *v1.ServiceAccount: Unauthorized
E0223 04:44:12.629213 1 reflector.go:147] k8s.io/client-go/informers/factory.go:159: Failed to watch *v1.ServiceAccount: failed to list *v1.ServiceAccount: Unauthorized
W0223 04:44:13.830045 1 reflector.go:539] k8s.io/client-go/informers/factory.go:159: failed to list *v1.ServiceAccount: Unauthorized
E0223 04:44:13.830118 1 reflector.go:147] k8s.io/client-go/informers/factory.go:159: Failed to watch *v1.ServiceAccount: failed to list *v1.ServiceAccount: Unauthorized
W0223 04:44:16.722853 1 reflector.go:539] k8s.io/client-go/informers/factory.go:159: failed to list *v1.ServiceAccount: Unauthorized
E0223 04:44:16.722907 1 reflector.go:147] k8s.io/client-go/informers/factory.go:159: Failed to watch *v1.ServiceAccount: failed to list *v1.ServiceAccount: Unauthorized
W0223 04:44:20.647315 1 reflector.go:539] k8s.io/client-go/informers/factory.go:159: failed to list *v1.ServiceAccount: Unauthorized
E0223 04:44:20.647366 1 reflector.go:147] k8s.io/client-go/informers/factory.go:159: Failed to watch *v1.ServiceAccount: failed to list *v1.ServiceAccount: Unauthorized
W0223 04:44:29.097820 1 reflector.go:539] k8s.io/client-go/informers/factory.go:159: failed to list *v1.ServiceAccount: Unauthorized
E0223 04:44:29.097873 1 reflector.go:147] k8s.io/client-go/informers/factory.go:159: Failed to watch *v1.ServiceAccount: failed to list *v1.ServiceAccount: Unauthorized
W0223 04:44:49.630920 1 reflector.go:539] k8s.io/client-go/informers/factory.go:159: failed to list *v1.ServiceAccount: Unauthorized
E0223 04:44:49.630973 1 reflector.go:147] k8s.io/client-go/informers/factory.go:159: Failed to watch *v1.ServiceAccount: failed to list *v1.ServiceAccount: Unauthorized
What you expected to happen:
How to reproduce it (as minimally and precisely as possible):
git clone the repo
cd deploy
change image in deployment-base.yaml to "amazon/amazon-eks-pod-identity-webhook:0.5.0"
k apply -f auth.yaml
for mutatingwebhook change apiVersion : admissionregistration.k8s.io/v1 instead of v1beta1. *** this is what i think is causing the issue, but we can not use v1beta1 with 1.26
k apply -f mutatingwebhook.yaml
k apply -f deployment-base.yaml
k apply -f service.yaml
Environment:
ubuntu 22.04
k8s version 1.26.5
0.5.0
The text was updated successfully, but these errors were encountered: