Comments (14)
I will try to reproduce it in my own environment and it may take a while. If you have any new progress, please feel free to communicate here.
from kubeedge.
my edgecore logs also Appear logs
May 21 00:15:56 edge1 edgecore[6586]: E0521 00:15:56.484334 6586 authentication.go:73] "Unable to authenticate the request" err="tokenData not found when authenticating"
from kubeedge.
my edgecore logs also Appear logs
May 21 00:15:56 edge1 edgecore[6586]: E0521 00:15:56.484334 6586 authentication.go:73] "Unable to authenticate the request" err="tokenData not found when authenticating"
Does the problem also occur when multiple edge nodes are connected?
from kubeedge.
my edgecore logs also Appear logs
May 21 00:15:56 edge1 edgecore[6586]: E0521 00:15:56.484334 6586 authentication.go:73] "Unable to authenticate the request" err="tokenData not found when authenticating"
Does the problem also occur when multiple edge nodes are connecte
my edgecore logs also Appear logs
May 21 00:15:56 edge1 edgecore[6586]: E0521 00:15:56.484334 6586 authentication.go:73] "Unable to authenticate the request" err="tokenData not found when authenticating"
I have the exact same error. I have only one edge node is connected.
from kubeedge.
after I add the token to the edgecore.yaml
according to https://kubeedge.io/docs/setup/config/#create-and-set-edgecore-config-file 6-7,
the token Data not found when authenticating
seems to be fixed but
there occurs new error at edge side:
edgecore[10242]: E0626 11:23:24.927904 10242 fieldmanager.go:155] "[SHOULD NOT HAPPEN] failed to update managedFields" err="failed to convert new object (/; authentication.k8s.io/v1, Kind=TokenReview) to smd type
edgecore[10242]: E0626 11:23:24.944409 10242 storage.go:234] [metaserver/reststorage] failed to create obj: tokenreviews.authentication.k8s.io is forbidden: User "system:serviceaccount:kubeedge:cloudcore" cannot create resource "tokenreviews" in API group "authentication.k8s.io" at the cluster scope
edgecore[10242]: E0626 11:23:24.944561 10242 key.go:21] failed to parse key from an obj:object does not implement the Object interfaces
edgecore[10242]: E0626 11:23:24.944618 10242 storage.go:246] [metaserver/reststorage] failed to create ()
edgecore[10242]: E0626 11:23:25.610920 10242 storage.go:234] [metaserver/reststorage] failed to create obj: tokenreviews.authentication.k8s.io is forbidden: User "system:serviceaccount:kubeedge:cloudcore" cannot create resource "tokenreviews" in API group "authentication.k8s.io" at the cluster scope
edgecore[10242]: E0626 11:23:25.611066 10242 key.go:21] failed to parse key from an obj:object does not implement the Object interfaces
and similar at cloud side:
I0626 13:09:40.600988 1 application.go:60] [metaserver/ApplicationCenter] get a Application (NodeName=raspberrypi;Key=/authentication.k8s.io/v1/tokenreviews/null/null;Verb=create;Status=InApplying;Reason=)
E0626 13:09:40.603674 1 application.go:76] [metaserver/applicationCenter]failed to process Application((NodeName=raspberrypi;Key=/authentication.k8s.io/v1/tokenreviews/null/null;Verb=create;Status=Rejected;Reason=)), tokenreviews.authentication.k8s.io is forbidden: User "system:serviceaccount:kubeedge:cloudcore" cannot create resource "tokenreviews" in API group "authentication.k8s.io" at the cluster scope
from kubeedge.
@Mengxue12 you can ref to https://kubeedge.io/docs/advanced/inclusterconfig#deploy-your-edge-pods
from kubeedge.
I am having a similar issue, but it isn't RBAC related. I have added the token
in the edgecore.yaml
per the directions, but I keep receving authentication.go:73] "Unable to authenticate the request" err="invalid bearer token"
.
If I turn off requireAuthorization
it will work over http. As soon as I enable this, even when I curl https://127.0.0.1:10550/api/v1
with the token in the header with -H Authorization: Bearer xxx
I receive Unauthorized
. The same API token will work when I curl the kube api server on the cloud side.
Any ideas?
from kubeedge.
@WillieWookiee Have you ever ref to this guide https://kubeedge.io/docs/advanced/inclusterconfig?
from kubeedge.
@WillieWookiee Have you ever ref to this guide https://kubeedge.io/docs/advanced/inclusterconfig?
Yes, I followed everything word for word. I ended up figuring out my problem. Since my master node was in GKE, the token it generated included a different iss
and aud
from the JWT that the metaserver was expecting. Once I added the correct ones to the edgecore.yaml
config, it worked.
Another issue though is that I was trying to install something that required an Ingress
type. Part of this is it lists all the types when it queries the metaserver and it is saying that Ingress is not a type that is supported by metaserver. Is this correct? I thought the metaserver was a proxy to the kube-apiserver.
from kubeedge.
@Shelley-BaoYue Any ideas? I would love to use Kubeedge, but it seems the Metaserver is limited. Unless you can help me address the above issue.
from kubeedge.
@WillieWookiee Ingress
type is supported by metaserver. It's recommended that you can submit a new issue and describe the problem in detail.
from kubeedge.
It may support Ingress
for a certain type of call, but being that it is not a pass through to the api server, it will be very hard to support the types of calls certain applications might make to the api. I would suggest adopting a model that OpenYurt uses, where it can cache, but outside of that, it passes the call directly to the apiserver and just acts as a proxy.
from kubeedge.
@WillieWookiee The problem you've mentioned does indeed exist, and we've also considered using more native approaches in our subsequent plans. Would you like to submit an issue and share your requirements with the community? If you're able to participate in the community's design and development, that would be even better.
from kubeedge.
Unfortunately, I recheck this issue and the problem still exists in v1.18.0. The secondly added node still has this error: authentication.go:73] "Unable to authenticate the request" err="serviceaccount ns1/sa1 not found"
from kubeedge.
Related Issues (20)
- Integrate KubeEdge, Sedna, and Volcano for High-Performance Training Task Scheduling HOT 3
- edgecore error Error: failed to get CA certificate, err: Get "https://xx/ca.crt": remote error: tls: bad certificate HOT 22
- Design and Implementation of Mobile Ad-hoc Network Edge Computing Architecture Based on KubeEdge HOT 1
- Request for feedback: Whether to Upgrading Kubernetes dependency in KubeEdge v1.19
- Edge节点加入后云端一直显示其状态Unavailable HOT 2
- kubeedge join failed: RunPodSandbox from runtime service failed" err="rpc error: code = DeadlineExceeded desc = context deadline exceeded HOT 3
- kubectl logs pod-on-edge failed when running multiple cloudcore HOT 8
- Integrate with Tekton and Tekton Chains to achieve SLSA level 2 compliance
- edgestream cannot auto reconnect when server.cert is expire HOT 1
- Conformance test in CI always failed in recent PRs
- 使用keadm正常安装CloudCore和EdgeCore后使用keadm reset卸载CloudCore换另一个advertise-address再次init CloudCore,出现问题 HOT 3
- when deployed kubeedge in aarch64 board, mosquitto installed failed HOT 1
- Container runtime e2e test often fails to run HOT 2
- Improve kubeedge api migration feature HOT 1
- unable to authenticate when serviceaccounttoken expired
- kubekey扩展kubeedge HOT 1
- kubeedge 1.18在k8s 1.28.7上创建devicemodel版本不对 HOT 2
- cloudcore cloudn't provide vaild token for edgenode to join cluster HOT 1
- Any quick path of delpoy KubeEdge for development and bug reproduction? HOT 3
- Get pod logs failed HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubeedge.