search

k8snetworkplumbingwg / multus-cni

A CNI meta-plugin for multi-homed pods in Kubernetes
Apache License 2.0
2.27k stars 577 forks source link

cannot get resource "pods" in API group #1256

Closed ghost closed 3 months ago

ghost commented 3 months ago

Hello,

Everytime I start a pod i get this error:

error waiting for pod: pods "grafana-6f8574dccf-9d2w9" is forbidden: User "system:serviceaccount:kube-system:multus" 
cannot get resource "pods" in API group "" in the namespace "default"`

I can solve it by running:

kubectl apply -f multus-cni/deployments/multus-daemonset.yml

Result:

customresourcedefinition.apiextensions.k8s.io/network-attachment-definitions.k8s.cni.cncf.io unchanged
clusterrole.rbac.authorization.k8s.io/multus unchanged
clusterrolebinding.rbac.authorization.k8s.io/multus configured
serviceaccount/multus unchanged
configmap/multus-cni-config unchanged
daemonset.apps/kube-multus-ds unchanged

That causes clusterrolebinding.rbac.authorization.k8s.io/multus to be reconfigured.

Then one pod will start fine. So If I want to start 15 pods, I have to run kubectl apply -f multus-cni/deployments/multus-daemonset.yml fifteen times. Any idea what might be wrong, or how to debug this?

Kubernetes version: rke2 v1.27.12+rke2r1 CNI: Calico Multus from master, also tried 4.0.2 but It made no difference.

ghost commented 3 months ago

I saw that the nodes weren't running the same minor version of rke2 as the master, I upgraded all nodes and now its working.