K
Q

Failed to scale nodes, forbidden system:serviceaccount:kube-system:cluster-autoscaler kubernetes

4/4/2019

When creating deployment autoscale in AWS, I found the error below.

Error in autoscale nodes inside cluster Kubernetes. Failed "forbidden":

I0404 13:45:37.161486       1 scale_down.go:414] Node ip-192-1-3-138.us-east-2.compute.internal is not suitable for removal - utilization too big (0.975000)
I0404 13:45:37.161680       1 cluster.go:90] Fast evaluation: ip-192-1-3-52.us-east-2.compute.internal for removal
I0404 13:45:37.161797       1 static_autoscaler.go:381] ip-192-1-3-52.us-east-2.compute.internal is unneeded since 2019-04-04 13:45:06.622944386 +0000 UTC m=+30.741137175 duration 30.402283426s
I0404 13:45:37.161819       1 static_autoscaler.go:381] ip-192-1-3-132.us-east-2.compute.internal is unneeded since 2019-04-04 13:45:06.622944386 +0000 UTC m=+30.741137175 duration 30.402283426s
I0404 13:45:37.161829       1 static_autoscaler.go:392] Scale down status: unneededOnly=true lastScaleUpTime=2019-04-04 13:44:56.571655112 +0000 UTC m=+20.689847772 lastScaleDownDeleteTime=2019-04-04 13:44:56.571655909 +0000 UTC m=+20.689848562 lastScaleDownFailTime=2019-04-04 13:44:56.571656847 +0000 UTC m=+20.689850183 scaleDownForbidden=false isDeleteInProgress=false
I0404 13:45:37.747920       1 reflector.go:161] Listing and watching *v1.Job from k8s.io/autoscaler/cluster-autoscaler/utils/kubernetes/listers.go:339
E0404 13:45:37.749860       1 reflector.go:126] k8s.io/autoscaler/cluster-autoscaler/utils/kubernetes/listers.go:339: Failed to list *v1.Job: jobs.batch is forbidden: User "system:serviceaccount:kube-system:cluster-autoscaler" cannot list jobs.batch at the cluster scope
I0404 13:45:38.822647       1 reflector.go:161] Listing and watching *v1.Job from k8s.io/autoscaler/cluster-autoscaler/utils/kubernetes/listers.go:339
E0404 13:45:38.825509       1 reflector.go:126] k8s.io/autoscaler/cluster-autoscaler/utils/kubernetes/listers.go:339: Failed to list *v1.Job: jobs.batch is forbidden: User "system:serviceaccount:kube-system:cluster-autoscaler" cannot list jobs.batch at the cluster scope
I0404 13:45:39.922706       1 reflector.go:161] Listing and watching *v1.Job from k8s.io/autoscaler/cluster-autoscaler/utils/kubernetes/listers.go:339
E0404 13:45:39.924756       1 reflector.go:126] k8s.io/autoscaler/cluster-autoscaler/utils/kubernetes/listers.go:339: Failed to list *v1.Job: jobs.batch is forbidden: User "system:serviceaccount:kube-system:cluster-autoscaler" cannot list jobs.batch at the cluster scope

I used the deployment template (autoscaler):

https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler-one-asg.yaml

I solved this, adding rules needed of the Job on file cluster-autoscaler-one-asg.yaml (Kind: ClusterRole):

  - apiGroups: ["batch", "extensions"]
    resources: ["jobs"]
    verbs: ["get", "list", "watch", "patch"]
-- reinaldo pinto
amazon-web-services
kubernetes
nodes
rules

Similar Questions

What is the relation between Rancher environment and K8S cluster? Rancher host and K8S node?
Correct way to connect to redis pod in Kubernetes with Node.JS
Security patches for Kubernetes Nodes
How to resolve HTTP 405 error NotAllowedMethod
Kubernetes event logs to elasticsearch
How to collect logs of every job of a Kubernetes CronJob for a period of time?
Failed to connect to database on Minikube
How can we specify dependency configuration values when creating a Helm application chart?

0 Answers