[jira] [Commented] (YUNIKORN-435) Admission-Controller pod goes into pending state because of default serviceAccount

Mon, 05 Oct 2020 04:41:18 -0700 


    [ 
https://issues.apache.org/jira/browse/YUNIKORN-435?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17208023#comment-17208023
 ] 

Kinga Marton commented on YUNIKORN-435:
---------------------------------------

[~vbm] can you please add some context to this failure?(like how did you 
installed it, versions, anything that can be relevant in reproducing this bug)

I installed YK multiple times and I haven't seen this issue.

> Admission-Controller pod goes into pending state because of default 
> serviceAccount
> ----------------------------------------------------------------------------------
>
>                 Key: YUNIKORN-435
>                 URL: https://issues.apache.org/jira/browse/YUNIKORN-435
>             Project: Apache YuniKorn
>          Issue Type: Bug
>          Components: deployment, shim - kubernetes
>            Reporter: Vishwas
>            Assignee: Vishwas
>            Priority: Major
>              Labels: pull-request-available
>
> The admission controller pod which is created inside the scheduler pod uses 
> the wrong service account.
> The admission controller pod is launched with default service account. This 
> causes the admission controller pod to be in pending state because of 
> insufficient privileges.
>  
> Error message indicating pod in pending state:
> {code:java}
> NAME                                            READY   UP-TO-DATE   
> AVAILABLE   AGE
> deployment.apps/yunikorn-admission-controller   0/1     0            0        
>    8m14s
> deployment.apps/yunikorn-scheduler              1/1     1            1        
>    8m20sNAME                                                       DESIRED   
> CURRENT   READY   AGE
> replicaset.apps/yunikorn-admission-controller-854f64bcbf   1         0        
>  0       8m14s
> replicaset.apps/yunikorn-scheduler-585fcfbb46              1         1        
>  1       8m20s
> {code}
> {code:java}
> [root@vm5 vbm]# kubectl describe 
> replicaset.apps/yunikorn-admission-controller-854f64bcbf -n yunikorn
> Name:           yunikorn-admission-controller-854f64bcbf
> Namespace:      yunikorn
> Selector:       app=yunikorn,pod-template-hash=854f64bcbf
> Labels:         app=yunikorn
>                 pod-template-hash=854f64bcbf
> Annotations:    deployment.kubernetes.io/desired-replicas: 1
>                 deployment.kubernetes.io/max-replicas: 2
>                 deployment.kubernetes.io/revision: 1
> Controlled By:  Deployment/yunikorn-admission-controller
> Events:
>   Type     Reason        Age                 From                   Message
>   ----     ------        ----                ----                   -------
>   Warning  FailedCreate  19s (x13 over 40s)  replicaset-controller  Error 
> creating: pods "yunikorn-admission-controller-854f64bcbf-" is forbidden: 
> unable to validate against any pod security policy: 
> [spec.securityContext.hostNetwork: Invalid value: true: Host network is not 
> allowed to be used spec.containers[0].hostPort: Invalid value: 8443: Host 
> port 8443 is not allowed to be used. Allowed ports: []]
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@yunikorn.apache.org
For additional commands, e-mail: issues-h...@yunikorn.apache.org

Reply via email to