Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubernetes Discovery error - You should look into this if things aren't working as you expect. Are you missing serviceaccount permissions? #80

Open
sumit4myself opened this issue Apr 19, 2017 · 15 comments
Open

Kubernetes Discovery error - You should look into this if things aren't working as you expect. Are you missing serviceaccount permissions? #80

sumit4myself opened this issue Apr 19, 2017 · 15 comments

Comments

@sumit4myself
Copy link

11:53:53.862 [main] DEBUG io.fabric8.kubernetes.client.Config - Trying to configure client from Kubernetes config...
11:53:53.876 [main] DEBUG io.fabric8.kubernetes.client.Config - Did not find Kubernetes config at: [/.kube/config]. Ignoring.
11:53:53.876 [main] DEBUG io.fabric8.kubernetes.client.Config - Trying to configure client from service account...
11:53:53.877 [main] DEBUG io.fabric8.kubernetes.client.Config - Found service account ca cert at: [/var/run/secrets/kubernetes.io/serviceaccount/ca.crt].
11:53:53.880 [main] DEBUG io.fabric8.kubernetes.client.Config - Found service account token at: [/var/run/secrets/kubernetes.io/serviceaccount/token].
11:53:53.880 [main] DEBUG io.fabric8.kubernetes.client.Config - Trying to configure client namespace from Kubernetes service account namespace path...
11:53:53.880 [main] DEBUG io.fabric8.kubernetes.client.Config - Found service account namespace at: [/var/run/secrets/kubernetes.io/serviceaccount/namespace].
2017-04-19 11:53:57.134 WARN 6 --- [ main] i.f.s.cloud.kubernetes.StandardPodUtils : Failed to get pod with name:[kubernetes-discovery-27485661-9ds67]. You should look into this if things aren't working as you expect. Are you missing serviceaccount permissions?

io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://kubernetes.default.svc/api/v1/namespaces/myproject/pods/kubernetes-discovery-27485661-9ds67. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked..
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:320) ~[kubernetes-client-2.2.0.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:267) ~[kubernetes-client-2.2.0.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:239) ~[kubernetes-client-2.2.0.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:232) ~[kubernetes-client-2.2.0.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleGet(OperationSupport.java:228) ~[kubernetes-client-2.2.0.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.handleGet(BaseOperation.java:711) ~[kubernetes-client-2.2.0.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.get(BaseOperation.java:192) ~[kubernetes-client-2.2.0.jar!/:na]
at io.fabric8.spring.cloud.kubernetes.StandardPodUtils.internalGetPod(StandardPodUtils.java:56) [spring-cloud-kubernetes-core-0.1.6.jar!/:na]
at io.fabric8.spring.cloud.kubernetes.StandardPodUtils.lambda$new$0(StandardPodUtils.java:40) [spring-cloud-kubernetes-core-0.1.6.jar!/:na]
at io.fabric8.spring.cloud.kubernetes.LazilyInstantiate.swapper(LazilyInstantiate.java:41) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na]
at io.fabric8.spring.cloud.kubernetes.LazilyInstantiate.lambda$new$0(LazilyInstantiate.java:34) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na]
at io.fabric8.spring.cloud.kubernetes.LazilyInstantiate.get(LazilyInstantiate.java:29) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na]
at io.fabric8.spring.cloud.kubernetes.profile.KubernetesProfileApplicationListener.addKubernetesProfile(KubernetesProfileApplicationListener.java:49) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na]
at io.fabric8.spring.cloud.kubernetes.profile.KubernetesApplicationContextInitializer.initialize(KubernetesApplicationContextInitializer.java:53) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:611) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:348) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:312) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:134) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at org.springframework.cloud.bootstrap.BootstrapApplicationListener.bootstrapServiceContext(BootstrapApplicationListener.java:175) ~[spring-cloud-context-1.2.0.RELEASE.jar!/:1.2.0.RELEASE]
at org.springframework.cloud.bootstrap.BootstrapApplicationListener.onApplicationEvent(BootstrapApplicationListener.java:98) ~[spring-cloud-context-1.2.0.RELEASE.jar!/:1.2.0.RELEASE]
at org.springframework.cloud.bootstrap.BootstrapApplicationListener.onApplicationEvent(BootstrapApplicationListener.java:64) ~[spring-cloud-context-1.2.0.RELEASE.jar!/:1.2.0.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:167) ~[spring-context-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139) ~[spring-context-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:122) ~[spring-context-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:73) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:54) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:336) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:307) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1162) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1151) ~[spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at com.rsystems.kubernetes.Application.main(Application.java:34) ~[classes!/:1.2]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_121]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_121]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_121]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_121]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) ~[app.jar:1.2]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) ~[app.jar:1.2]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) ~[app.jar:1.2]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) ~[app.jar:1.2]
@sumit4myself sumit4myself changed the title Kubernetes Discover error - You should look into this if things aren't working as you expect. Are you missing serviceaccount permissions? Kubernetes Discovery error - You should look into this if things aren't working as you expect. Are you missing serviceaccount permissions? Apr 19, 2017
@sumit4myself
Copy link
Author

fixed by creating serviceaccount.

@RaySinnema
Copy link

This should be added to the documentation.

@iocanel iocanel reopened this May 5, 2017
@scipionyx
Copy link

I'm facing the same problem, and the serviceaccount is the default.
I see the code where it fails and it seems that it is related to the serviceaccount but I can not understand how to fix it, can anyone help?

@donovanmuller
Copy link
Contributor

@scipionyx Have you given the default Service Account the view role?

$ oc policy add-role-to-user view system:serviceaccount:default:myproject

@rwenz3l
Copy link

rwenz3l commented Nov 13, 2017

I'm also facing this issue on a selfhosted cluster. I assigned the view role (clusterRole) to the default serviceaccount in the default namespace:

kubectl create rolebinding scdf-bind \
        --clusterrole=scdf-cr \
        --serviceaccount=default:scdf-sa \
        --namespace=default

The view Role is somewhat limited though. In my observation (kubectl describe clusterrole view) it can not read secrets or pod-infos.

But even if I create a dedicated service-account and grant full api access it is unable to get the necessary objects. Something else seems to be in the way and I can't figure it out.

@debajyoti1d1mukherjee
Copy link

debajyoti1d1mukherjee commented Dec 6, 2017
edited
Loading

I am facing an issue while trying to access configmap from Spring Boot application. The pod containing the application failed to start .
I found the following error from logs of the failed pod:

08:30:09.516 [main] DEBUG io.fabric8.kubernetes.client.Config - Trying to configure client from Kubernetes config...
08:30:09.556 [main] DEBUG io.fabric8.kubernetes.client.Config - Did not find Kubernetes config at: [/root/.kube/config]. Ignoring.
08:30:09.557 [main] DEBUG io.fabric8.kubernetes.client.Config - Trying to configure client from service account...
08:30:09.557 [main] DEBUG io.fabric8.kubernetes.client.Config - Found service account ca cert at: [/var/run/secrets/kubernetes.io/serviceaccount/ca.crt].
08:30:09.570 [main] DEBUG io.fabric8.kubernetes.client.Config - Found service account token at: [/var/run/secrets/kubernetes.io/serviceaccount/token].
08:30:09.570 [main] DEBUG io.fabric8.kubernetes.client.Config - Trying to configure client namespace from Kubernetes service account namespace path...
08:30:09.571 [main] DEBUG io.fabric8.kubernetes.client.Config - Found service account namespace at: [/var/run/secrets/kubernetes.io/serviceaccount/namespace].
2017-12-06 08:30:11.768 WARN 5 --- [ main] i.f.s.cloud.kubernetes.StandardPodUtils : Failed to get pod with name:[publicservice-698495cdd4-chf9c]. You should look into this if things aren't working as you expect. Are you missing serviceaccount permissions?
java.lang.NoSuchMethodError: io.fabric8.kubernetes.client.KubernetesClient.pods()Lio/fabric8/kubernetes/client/dsl/MixedOperation;
at io.fabric8.spring.cloud.kubernetes.StandardPodUtils.internalGetPod(StandardPodUtils.java:56) [spring-cloud-kubernetes-core-0.1.6.jar!/:na]
at io.fabric8.spring.cloud.kubernetes.StandardPodUtils.lambda$new$0(StandardPodUtils.java:40) [spring-cloud-kubernetes-core-0.1.6.jar!/:na]
at io.fabric8.spring.cloud.kubernetes.LazilyInstantiate.swapper(LazilyInstantiate.java:41) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na]
at io.fabric8.spring.cloud.kubernetes.LazilyInstantiate.lambda$new$0(LazilyInstantiate.java:34) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na]
at io.fabric8.spring.cloud.kubernetes.LazilyInstantiate.get(LazilyInstantiate.java:29) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na]
at
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172) ~[spring-context-4.3.12.RELEASE.jar!/:4.3.12.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165) ~[spring-context-4.3.12.RELEASE.jar!/:4.3.12.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139) ~[spring-context-4.3.12.RELEASE.jar!/:4.3.12.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:122) ~[spring-context-4.3.12.RELEASE.jar!/:4.3.12.RELEASE]
at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:74) ~[spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:54) ~[spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:325) ~[spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:296) ~[spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1118) ~[spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1107) ~[spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at com.example.demo.PublcserviceApplication.main(PublcserviceApplication.java:33) ~[classes!/:0.0.1-SNAPSHOT]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_111]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_111]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_111]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_111]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) ~[publicservice.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) ~[publicservice.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) ~[publicservice.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) ~[publicservice.jar:0.0.1-SNAPSHOT]
2017-12-06 08:30:11.980 INFO 5 --- [ main] s.c.a.AnnotationConfigApplicationContext : Refreshing
( ( )___ | '_ | '| | ' / ` | \ \ \
\/ )| |)| | | | | || (| | ) ) ) )
' || .__|| ||| |_, | / / / /
=========||==============|/=////
:: Spring Boot :: (v1.5.8.RELEASE)
2017-12-06 08:30:15.141 ERROR 5 --- [ main] o.s.boot.SpringApplication : Application startup failed
java.lang.NoSuchMethodError: io.fabric8.kubernetes.client.KubernetesClient.configMaps()Lio/fabric8/kubernetes/client/dsl/MixedOperation;
at io.fabric8.spring.cloud.kubernetes.config.ConfigMapPropertySource.getData(ConfigMapPropertySource.java:68) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na]
at io.fabric8.spring.cloud.kubernetes.config.ConfigMapPropertySource.<init>(ConfigMapPropertySource.java:50) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na]
at io.fabric8.spring.cloud.kubernetes.config.ConfigMapPropertySourceLocator.locate(ConfigMapPropertySourceLocator.java:44) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na]
at io.fabric8.spring.cloud.kubernetes.config.ConfigMapPropertySourceLocator.locate(ConfigMapPropertySourceLocator.java:28) ~[spring-cloud-kubernetes-core-0.1.6.jar!/:na]
at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:93) ~[spring-cloud-context-1.2.2.RELEASE.jar!/:1.2.2.RELEASE]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:567) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:338) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:301) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1118) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1107) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at com.example.demo.PublcserviceApplication.main(PublcserviceApplication.java:33) [classes!/:0.0.1-SNAPSHOT]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_111]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_111]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_111]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_111]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [publicservice.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [publicservice.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [publicservice.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [publ
icservice.jar:0.0.1-SNAPSHOT]

Here is the attached code and pom.xml
code.zip

Here is attached serviceaccount.yml , roles.yml, rolebindings.yml,configmap.yml
configmap_and_roles.zip

deployment.yml and service.yml
deployment_and_service.yml.zip

@malcolmm83
Copy link

I feel like the cleanest thing to do would be to define a role specifically for this. The question is what permissions it needs to have. The docs suggest a view called "cluster-reader" that I don't have on my cluster. I'm using Typhoon.

@luismbarbosa
Copy link

any update ?

@rubenqba
Copy link

FYI
If you use DigitalOcean Kubernetes cluster, setting automountServiceAccountToken in container specs works for me:

    spec:
      automountServiceAccountToken: true <-- this
      containers:

@cristianburca
Copy link

cristianburca commented Mar 10, 2020
edited
Loading

I have the same issue.
btw automountServiceAccountToken is not the real problem (is need of course)
The switch happens when changing into the configmap, but after that in the log I still see

"WARN","loggerName":"org.springframework.cloud.kubernetes.StandardPodUtils","message":"Failed to get pod with name:[test-sss-zt8c9]. You should look into this if things aren't working as you expect. Are you missing serviceaccount permissions?","thrown":{"commonElementCount":0,"localizedMessage":"Operation: [get] for kind: [Pod] with name: [test-sss-zt8c9] in namespace: [test] failed ,"name":"io.fabric8.kubernetes.client.KubernetesClientException","cause":{"commonElementCount":40,"localizedMessage":"connect timed out","message":"connect timed out"

@nidhi5885
Copy link

Hey there,
I am getting this exception when trying to start a Spring Boot microservice (which is Spring Boot Zuul gateway) on Kubernetes - AWS EKS
io.fabric8.kubernetes.client.KubernetesClientException: Operation: [list] for kind: [Service] with name: [null] in namespace: [null] failed. at io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:64) ~[kubernetes-client-4.4.1.jar!/:na] at io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:72) ~[kubernetes-client-4.4.1.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.BaseOperation.listRequestHelper(BaseOperation.java:149) ~[kubernetes-client-4.4.1.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:612) ~[kubernetes-client-4.4.1.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:63) ~[kubernetes-client-4.4.1.jar!/:na] at org.springframework.cloud.kubernetes.discovery.KubernetesDiscoveryClient.getServices(KubernetesDiscoveryClient.java:278) ~[spring-cloud-kubernetes-discovery-1.1.2.RELEASE.jar!/:1.1.2.RELEASE] at org.springframework.cloud.kubernetes.discovery.KubernetesDiscoveryClient.getServices(KubernetesDiscoveryClient.java:274) ~[spring-cloud-kubernetes-discovery-1.1.2.RELEASE.jar!/:1.1.2.RELEASE] at org.springframework.cloud.client.discovery.composite.CompositeDiscoveryClient.getServices(CompositeDiscoveryClient.java:67) ~[spring-cloud-commons-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.cloud.netflix.zuul.filters.discovery.DiscoveryClientRouteLocator.locateRoutes(DiscoveryClientRouteLocator.java:121) ~[spring-cloud-netflix-zuul-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.cloud.netflix.zuul.filters.discovery.DiscoveryClientRouteLocator.locateRoutes(DiscoveryClientRouteLocator.java:44) ~[spring-cloud-netflix-zuul-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.cloud.netflix.zuul.filters.SimpleRouteLocator.doRefresh(SimpleRouteLocator.java:186) ~[spring-cloud-netflix-zuul-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.cloud.netflix.zuul.filters.discovery.DiscoveryClientRouteLocator.refresh(DiscoveryClientRouteLocator.java:171) ~[spring-cloud-netflix-zuul-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.cloud.netflix.zuul.filters.CompositeRouteLocator.refresh(CompositeRouteLocator.java:78) ~[spring-cloud-netflix-zuul-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.cloud.netflix.zuul.web.ZuulHandlerMapping.setDirty(ZuulHandlerMapping.java:79) ~[spring-cloud-netflix-zuul-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.cloud.netflix.zuul.ZuulServerAutoConfiguration$ZuulRefreshListener.reset(ZuulServerAutoConfiguration.java:315) ~[spring-cloud-netflix-zuul-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.cloud.netflix.zuul.ZuulServerAutoConfiguration$ZuulRefreshListener.onApplicationEvent(ZuulServerAutoConfiguration.java:296) ~[spring-cloud-netflix-zuul-2.2.2.RELEASE.jar!/:2.2.2.RELEASE] at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE] at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE] at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE] at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:403) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE] at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:360) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE] at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:897) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE] at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:162) ~[spring-boot-2.2.7.RELEASE.jar!/:2.2.7.RELEASE] at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:553) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE] at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141) ~[spring-boot-2.2.7.RELEASE.jar!/:2.2.7.RELEASE] at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747) ~[spring-boot-2.2.7.RELEASE.jar!/:2.2.7.RELEASE] at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) ~[spring-boot-2.2.7.RELEASE.jar!/:2.2.7.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) ~[spring-boot-2.2.7.RELEASE.jar!/:2.2.7.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) ~[spring-boot-2.2.7.RELEASE.jar!/:2.2.7.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1215) ~[spring-boot-2.2.7.RELEASE.jar!/:2.2.7.RELEASE] at com.vr20.coreAuth.CoreAuthApplication.main(CoreAuthApplication.java:43) ~[classes!/:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na] at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na] at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) ~[core-auth-0.0.1-SNAPSHOT.jar:na] at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) ~[core-auth-0.0.1-SNAPSHOT.jar:na] at org.springframework.boot.loader.Launcher.launch(Launcher.java:51) ~[core-auth-0.0.1-SNAPSHOT.jar:na] at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:52) ~[core-auth-0.0.1-SNAPSHOT.jar:na] Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na] at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326) ~[na:na] at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:269) ~[na:na] at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264) ~[na:na] at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:645) ~[na:na] at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464) ~[na:na] at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360) ~[na:na] at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) ~[na:na] at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) ~[na:na] at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) ~[na:na] at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:183) ~[na:na] at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:168) ~[na:na] at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1148) ~[na:na] at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1057) ~[na:na] at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:395) ~[na:na] at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:319) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:283) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:168) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:257) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:126) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[okhttp-3.12.0.jar!/:na] at io.fabric8.kubernetes.client.utils.BackwardsCompatibilityInterceptor.intercept(BackwardsCompatibilityInterceptor.java:119) ~[kubernetes-client-4.4.1.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[okhttp-3.12.0.jar!/:na] at io.fabric8.kubernetes.client.utils.ImpersonatorInterceptor.intercept(ImpersonatorInterceptor.java:68) ~[kubernetes-client-4.4.1.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[okhttp-3.12.0.jar!/:na] at io.fabric8.kubernetes.client.utils.HttpClientUtils.lambda$createHttpClient$3(HttpClientUtils.java:112) ~[kubernetes-client-4.4.1.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[okhttp-3.12.0.jar!/:na] at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[okhttp-3.12.0.jar!/:na] at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:254) ~[okhttp-3.12.0.jar!/:na] at okhttp3.RealCall.execute(RealCall.java:92) ~[okhttp-3.12.0.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:404) ~[kubernetes-client-4.4.1.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:365) ~[kubernetes-client-4.4.1.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:347) ~[kubernetes-client-4.4.1.jar!/:na] at io.fabric8.kubernetes.client.dsl.base.BaseOperation.listRequestHelper(BaseOperation.java:145) ~[kubernetes-client-4.4.1.jar!/:na] ... 36 common frames omitted Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[na:na] at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[na:na] at java.base/sun.security.validator.Validator.validate(Validator.java:264) ~[na:na] at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) ~[na:na] at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222) ~[na:na] at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) ~[na:na] at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:629) ~[na:na] ... 78 common frames omitted Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:na] at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:na] at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[na:na] at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[na:na] ... 84 common frames omitted

Any help would be appreciated

@tiarebalbi
Copy link

Fixes with https://docs.spring.io/spring-cloud-kubernetes/docs/current/reference/html/index.html#service-account

@jiahaolinTHG
Copy link

Hello, just want to check if there's a way to not fail app start up if the service account doesn't work? Thanks!

@manali14
Copy link

I am facing a similar issue where a spring boot application isn't able to read from configmap intermittently. SA, Role & RoleBinding are correct and it generally works post I delete my replicaSet.

Would appreciate any help in how to debug that further, probably some debug logs?

@manusa
Copy link
Member

manusa commented Oct 31, 2023

This project was migrated to https://github.com/spring-cloud/spring-cloud-kubernetes and is no longer maintained.

You should try asking in that repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests