TannerBragg
commented
4 years ago I had this same error. It's a permission problem for the Service Account you created. I temporarily worked around the issue by created a new role with wildcard privileges and the binding the role to the Service Account in the iscsi-provisioner project. Hope this helps you get by this error temporarily. I've been roadblocked getting it to actually provision a PVC for a few hours now...
kind: Role
metadata:
name: choose-a-role-name-here
namespace: iscsi-provisioner
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
nikhita
Followed instructions (https://github.com/kubernetes-incubator/external-storage/tree/master/iscsi/targetd/kubernetes), applied RBAC yaml. But getting this in the iscsi-targetd logs:
time="2020-05-06T12:36:46Z" level=debug msg="targed URL http://admin:ciao@192.168.1.190:18700/targetrpc" time="2020-05-06T12:36:46Z" level=debug msg="iscsi provisioner created" time="2020-05-06T12:36:46Z" level=debug msg="iscsi controller created, running forever..." ERROR: logging before flag.Parse: I0506 12:36:46.974668 1 leaderelection.go:187] attempting to acquire leader lease default/iscsi-targetd... ERROR: logging before flag.Parse: E0506 12:36:46.975808 1 leaderelection.go:252] error retrieving resource lock default/iscsi-targetd: endpoints "iscsi-targetd" is forbidden: User "system:serviceaccount:default:iscsi-provisioner" cannot get resource "endpoints" in API group "" in the namespace "default" ERROR: logging before flag.Parse: E0506 12:36:50.428116 1 leaderelection.go:252] error retrieving resource lock default/iscsi-targetd: endpoints "iscsi-targetd" is forbidden: User "system:serviceaccount:default:iscsi-provisioner" cannot get resource "endpoints" in API group "" in the namespace "default"
Deployed into default namespace.
Any help is much appreciated!