Bumping up Kubernetes (and Stork Scheduler) to 1.21 makes linstor-stork-scheduler fail scheduling pods (some pods indefinitely remain in pending state) ; it indeed complains of missing authorizations :
E0410 22:26:05.985354 1 reflector.go:138] k8s.io/client-go/informers/factory.go:134: Failed to watch *v1beta1.CSIStorageCapacity: failed to list *v1beta1.CSIStorageCapacity: csistoragecapacities.storage.k8s.io is forbidden: User "system:serviceaccount:linstor:linstor-stork-scheduler" cannot list resource "csistoragecapacities" in API group "storage.k8s.io" at the cluster scope
and
E0410 22:37:57.775468 1 reflector.go:138] k8s.io/client-go/informers/factory.go:134: Failed to watch *v1.CSIDriver: failed to list *v1.CSIDriver: csidrivers.storage.k8s.io is forbidden: User "system:serviceaccount:linstor:linstor-stork-scheduler" cannot list resource "csidrivers" in API group "storage.k8s.io" at the cluster scope
Merely adding csistoragecapacities and csidrivers to existing rule group storage.k8s.io of linstor-stork-scheduler cluster role makes it back to work.
kvaps
commented
3 years ago
Hello,
Bumping up Kubernetes (and Stork Scheduler) to 1.21 makes linstor-stork-scheduler fail scheduling pods (some pods indefinitely remain in pending state) ; it indeed complains of missing authorizations :
and
Merely adding
csistoragecapacitiesandcsidriversto existing rule groupstorage.k8s.ioof linstor-stork-scheduler cluster role makes it back to work.Cheers!