Node Authorizer: No Object name found

[ambis]

Version: k3s version v1.17.4+k3s1 (3eee8ac3)

K3s arguments:

export INSTALL_K3S_VERSION="v1.17.4+k3s1"
export INSTALL_K3S_EXEC="server \
  --token=***** \
  --node-taint=k3s-controlplane=true:NoExecute \
  --flannel-backend=none \
  --no-deploy=traefik,servicelb \
  --disable-network-policy \
  --disable-cloud-controller \
"

And for the agent (values filled by ansible):

export INSTALL_K3S_EXEC="agent \
  --server=https://{{ kubemaster01_ip }}:6443 \
  --token=***** \
"

(I install weave as CNI network provider (IPALLOC_RANGE=10.42.0.0/16 + ipsec), which seems to work just fine.)

Describe the bug When installing eg.

kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/master/deploy/longhorn.yaml

I get a ton of (which is the main issue here):

E0505 19:36:04.393163   18164 reflector.go:153] object-"longhorn-system"/"": Failed to list *v1.Secret: secrets is forbidden: User "system:node:(my fqdn node name)" cannot list resource "secrets" in API group "" in the namespace "longhorn-system": No Object name found

Error is thrown here: https://github.com/kubernetes/kubernetes/blob/a441f869d93f0722a1be87a4ae84f5e4d28bfadd/plugin/pkg/auth/authorizer/node/node_authorizer.go#L191

I tried but couldn't figure out what is that getName() in this case.

To Reproduce I guess with any k3s version v1.17.4+k3s1 where workloads don't run on the master?

Expected behavior Just to not have these errors.

Actual behavior I get mentioned (No Object name found) errors. The pods themselves seem to work OK, but the agent log is filled with those errors.

Additional context / logs My environment is Debian 10 VPS servers on Hetzner Cloud.

This could be a k8s bug, but then again it could be a k3s bug I guess.

[ambis]

Waait, this looks suspicious: object-"longhorn-system"/"": <- the empty ""

Maybe a longhorn bug?

I installed just randomly a ton of apps with helm, and no other software gives me this error, so I think this is just a longhorn deployment bug.