Output of kubectl get serviceaccounts | rg lego:
kube-lego2-kube-lego 1 21hHowever,
Output of kubectl get events --all-namespaces | rg kube-lego2:
kube-lego 5m 20h 67 kube-lego-7c66c7fddf ReplicaSet Warning FailedCreate replicaset-controller Error creating: pods "kube-lego-7c66c7fddf-" is forbidden: service account kube-lego/kube-lego2-kube-lego was not found, retry after the service account is createdWhy am I getting this error? Is it due the kube-lego/ prefix? Why is that there?
Maybe something to do with the namespace?
Output of kubectl get deployment --namespace=kube-lego kube-lego -o yaml --export:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "4"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"extensions/v1beta1","kind":"Deployment","metadata":{"annotations":{},"name":"kube-lego","namespace":"kube-lego"},"spec":{"replicas":1,"template":{"metadata":{"labels":{"app":"kube-lego"}},"spec":{"containers":[{"env":[{"name":"LEGO_LOG_LEVEL","value":"debug"},{"name":"LEGO_EMAIL","valueFrom":{"configMapKeyRef":{"key":"lego.email","name":"kube-lego"}}},{"name":"LEGO_URL","valueFrom":{"configMapKeyRef":{"key":"lego.url","name":"kube-lego"}}},{"name":"LEGO_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"LEGO_POD_IP","valueFrom":{"fieldRef":{"fieldPath":"status.podIP"}}}],"image":"jetstack/kube-lego:master-4209","imagePullPolicy":"Always","name":"kube-lego","ports":[{"containerPort":8080}],"readinessProbe":{"httpGet":{"path":"/healthz","port":8080},"initialDelaySeconds":5,"timeoutSeconds":1}}]}}}}
creationTimestamp: null
generation: 1
labels:
app: kube-lego
name: kube-lego
selfLink: /apis/extensions/v1beta1/namespaces/kube-lego/deployments/kube-lego
spec:
replicas: 1
selector:
matchLabels:
app: kube-lego
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: kube-lego
spec:
containers:
- env:
- name: LEGO_LOG_LEVEL
value: debug
- name: LEGO_EMAIL
valueFrom:
configMapKeyRef:
key: lego.email
name: kube-lego
- name: LEGO_URL
valueFrom:
configMapKeyRef:
key: lego.url
name: kube-lego
- name: LEGO_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: LEGO_POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
image: jetstack/kube-lego:master-4209
imagePullPolicy: Always
name: kube-lego
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: kube-lego2-kube-lego
serviceAccountName: kube-lego2-kube-lego
terminationGracePeriodSeconds: 30
status: {}
Maybe something to do with the namespace?
kube-lego2-kube-lego is in default namespace while it should be present in kube-lego.