Failed to create SubnetManager: error retrieving pod spec for 'kube-system/kube-flannel-ds-sb3k4': the server does not allow access to the requested resource^C

[hustljl]

Failed to create SubnetManager: error retrieving pod spec for 'kube-system/kube-flannel-ds-sb3k4': the server does not allow access to the requested resource

[tomdee]

@hustljl What kubernetes version are you using? What flannel version are you using? Which manifest(s) did you use? Did you try the RBAC one?

[ajayapte]

Am having same issue.
Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.1", GitCommit:"b0b7a323cc5a4a2019b2e9520c21c7830b7f708e", GitTreeState:"clean", BuildDate:"2017-04-03T20:44:38Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.0", GitCommit:"fff5156092b56e6bd60fff75aad4dc9de6b6ef37", GitTreeState:"clean", BuildDate:"2017-03-28T16:24:30Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}

I am using flannel. My first issue was /run/flannel/subnet.env not found which is reported in other issue. This stopped dns pods from coming up. I manually created one like following from older 1.5 working environment -
FLANNEL_NETWORK=172.10.0.0/16
FLANNEL_SUBNET=172.10.0.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true
That got past dns pod issue and dns pods are running. Now the flannel pod is in error with same message as this mentioned in this issue -

root@2kub-0:/tmp# kubectl logs kube-flannel-ds-gc73b -c kube-flannel --namespace kube-system --tail=20
E0421 21:14:14.129572 1 main.go:127] Failed to create SubnetManager: error retrieving pod spec for 'kube-system/kube-flannel-ds-gc73b': the server does not allow access to the requested resource (get pods kube-flannel-ds-gc73b)

[ajayapte]

And yes I did specify necessary inputs on my kubeadm init like this -
kubeadm init --pod-network-cidr 172.10.0.0/16 --service-cidr 172.16.0.0/12

[igortin]

I had the same problem~

Solution:
kubectl apply -f https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel-rbac.yml
kubectl apply -f https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yaml

[igortin]

please point out the correct namespace

[ylhyh]

same issue here.
ebtables 2.0.10.4-3
kubernetes-cni 0.5.1-00
socat 1.7.3.1-1
kubelet 1.6.2-00
kubectl 1.6.2-00
kubeadm 1.6.2-00
flannel 0.7.1-amd64

See @igortin 's solution

[igortin]

Are you using RBAC?
How to check:
[kube@kube-master ~]$ kubectl exec kube-apiserver-kube-master.example.com -c kube-apiserver -n kube-system ps
In the output find:
--authorization-mode=RBAC

If RBAC enabled:

1. check sa
   [kube@kube-master ~]$ kubectl get sa flannel -n kube-system
   NAME SECRETS AGE
   flannel 1 5d

2. check cluster role
   kubectl get clusterrole flannel -n kube-system

3. check
   kubectl get ClusterRoleBinding flannel

If not exeist 1,2,3
create ServiceAccount flannel and exec yamls

[ylhyh]

@igortin , the link to yml files should change to https://raw.githubusercontent.com/...
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel-rbac.yml
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

[vnalla]

Hi,
Running in to the same issues on Ubuntu 16.04, Kubernetes via hyperkube v1.6.8_coreos.0 and flannel v0.7.1 & v0.8.0-amd64. appreciate your help and time.

{"log":"E0822 14:22:39.379922 1 config.go:265] Expected to load root CA config from /var/run/secrets/kubernetes.io/serviceaccount/ca.crt, but got err: open /var/run/secrets/kubernetes.io/serviceaccount/ca.crt: no such file or directory\n","stream":"stderr","time":"2017-08-22T14:22:39.380327935Z"}
{"log":"E0822 14:22:39.405061 1 main.go:127] Failed to create SubnetManager: error retrieving pod spec for 'kube-system/kube-flannel-ds-14xmd': Get https://192.168.56.20:6443/api/v1/namespaces/kube-system/pods/kube-flannel-ds-14xmd: x509: failed to load system roots and no roots provided\n","stream":"stderr","time":"2017-08-22T14:22:39.405436407Z"}

thanks,
Venkat

[spopoiu1]

This link is not available : https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel-rbac.yml

[igortin]

https://github.com/coreos/flannel/blob/master/Documentation/k8s-manifests/kube-flannel-rbac.yml Отправлено с iPhone

…

27 окт. 2017 г., в 19:08, Sanda ***@***.***> написал(а): This link is not available : https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel-rbac.yml — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[zakiournani]

I have a similaire problem:

get pods --all-namespaces

kube-system kube-flannel-ds-bdcxj 0/1 CrashLoopBackOff 6 10m
kube-system kube-flannel-ds-llstg 0/1 CrashLoopBackOff 6 10m

kubectl exec kube-apiserver-master.domain.local -c kube-apiserver -n kube-system ps
--authorization-mode=Node,RBAC

kubectl get sa flannel -n kube-system
NAME SECRETS AGE
flannel 1 19m

when i try : kubectl create -f https://github.com/coreos/flannel/blob/master/Documentation/k8s-manifests/kube-flannel-rbac.yml
error: error converting YAML to JSON: yaml: line 376: mapping values are not allowed in this context

and my kubectl logs:

Error adding network: open /run/flannel/subnet.env: no such file or directory
Error while adding to cni network: open /run/flannel/subnet.env: no such file or directory

[ylhyh]

@zakiournani please use thr "raw" link instead of github link in kubectl create command

[zakiournani]

Solved my issue, it was related to a mistake in interface name when configuring flannel.
BTW i think raw link ain't working (404).
Cheers

[YuZongYangHi]

I have encountered this problem at present, the version of kubernetes cluster is unified to v1.19.0

[heldigard]

I have a similar problema and was solved editing the file kube-flannel.yml and adding the two enviroment variables:
KUBERNETES_SERVICE_HOST, KUBERNETES_SERVICE_PORT

like:

           - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: KUBERNETES_SERVICE_HOST
              value: '<IP Master/DNS Master>' #ip address or dns of the host where kube-apiservice is running
            - name: KUBERNETES_SERVICE_PORT
              value: '6443'

Source: https://stackoverflow.com/questions/58194119/kubeadm-failed-to-create-subnetmanager-error-retrieving-pod-spec-for-kube-syste/60097567#60097567

[ValeriyTen]

https://github.com/coreos/flannel/blob/master/Documentation/k8s-manifests/kube-flannel-rbac.yml Отправлено с iPhone
…
27 окт. 2017 г., в 19:08, Sanda @.***> написал(а): This link is not available : https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel-rbac.yml — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

Worked for me with kube-flannel-ds-windows being in CrashLoopBackOff state with the same error that is in the topic