近期在研究kubernetes集群，搭建过程中也中有这样那样的错误，接下来会将我这边遇到的坑一一列出来，给各位先探探路。

执行测试创建docker：

kubectl run nginxexample --image=nginx

kubectl get pods -l run=nginxexample
NAME                            READY     STATUS              RESTARTS   AGE
nginxexample-2412748312-8grvr   0/1       ContainerCreating   0          1m

日志中有很多报错：

Mar  6 11:54:01 sudops-vm04 kube-controller-manager: E0306 11:54:01.936464    3206 replica_set.go:505] unable to create pods: No API token found for service account "default", retry after the token is automatically created and added to the service account
Mar  6 11:54:01 sudops-vm04 kube-controller-manager: I0306 11:54:01.936540    3206 event.go:217] Event(api.ObjectReference{Kind:"ReplicaSet", Namespace:"default", Name:"nginxexample-2412748312", UID:"26cc3dec-0220-11e7-8463-52540017b78a", APIVersion:"extensions", ResourceVersion:"4633", FieldPath:""}): type: 'Warning' reason: 'FailedCreate' Error creating: No API token found for service account "default", retry after the token is automatically created and added to the service account
Mar  6 11:54:31 sudops-vm04 kube-controller-manager: E0306 11:54:31.937162    3206 replica_set.go:505] unable to create pods: No API token found for service account "default", retry after the token is automatically created and added to the service account
Mar  6 11:54:31 sudops-vm04 kube-controller-manager: I0306 11:54:31.937634    3206 event.go:217] Event(api.ObjectReference{Kind:"ReplicaSet", Namespace:"default", Name:"nginxexample-2412748312", UID:"26cc3dec-0220-11e7-8463-52540017b78a", APIVersion:"extensions", ResourceVersion:"4633", FieldPath:""}): type: 'Warning' reason: 'FailedCreate' Error creating: No API token found for service account "default", retry after the token is automatically created and added to the service account
Mar  6 11:55:01 sudops-vm04 systemd: Created slice user-995.slice.
Mar  6 11:55:01 sudops-vm04 systemd: Starting user-995.slice.
Mar  6 11:55:01 sudops-vm04 systemd: Started Session 1271 of user pcp.
Mar  6 11:55:01 sudops-vm04 systemd: Starting Session 1271 of user pcp.
Mar  6 11:55:01 sudops-vm04 systemd: Removed slice user-995.slice.
Mar  6 11:55:01 sudops-vm04 systemd: Stopping user-995.slice.
Mar  6 11:55:01 sudops-vm04 kube-controller-manager: E0306 11:55:01.936908    3206 replica_set.go:505] unable to create pods: No API token found for service account "default", retry after the token is automatically created and added to the service account
Mar  6 11:55:01 sudops-vm04 kube-controller-manager: I0306 11:55:01.937365    3206 event.go:217] Event(api.ObjectReference{Kind:"ReplicaSet", Namespace:"default", Name:"nginxexample-2412748312", UID:"26cc3dec-0220-11e7-8463-52540017b78a", APIVersion:"extensions", ResourceVersion:"4633", FieldPath:""}): type: 'Warning' reason: 'FailedCreate' Error creating: No API token found for service account "default", retry after the token is automatically created and added to the service account

下面是解决办法：

# cat /etc/kubernetes/apiserver
去掉SecurityContextDeny,ServiceAccount
编辑如下行：
#KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
改成：
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"

重启kube-apiserver服务
# systemctl restart kube-apiserver.service

稍后可以再次看下，pod状态：

# kubectl get pods -l run=nginxexample
NAME                            READY     STATUS    RESTARTS   AGE
nginxexample-2412748312-8grvr   1/1       Running   0          1h