search

linode / linode-blockstorage-csi-driver

Container Storage Interface (CSI) Driver for Linode Block Storage
Apache License 2.0
66 stars 55 forks source link

error installing 0.4.0 #66

Closed dunn closed 3 years ago

dunn commented 3 years ago

on a newly created mini cluster in the Dallas DC (3 2gb linodes, k8s 1.18), I get these errors when installing the latest CSI driver:

$ kubectl apply -f https://raw.githubusercontent.com/linode/linode-blockstorage-csi-driver/master/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver-v0.4.0.yaml
storageclass.storage.k8s.io/linode-block-storage configured
storageclass.storage.k8s.io/linode-block-storage-retain configured
serviceaccount/csi-controller-sa configured
serviceaccount/csi-node-sa configured
clusterrole.rbac.authorization.k8s.io/linode-csi-role configured
clusterrole.rbac.authorization.k8s.io/external-attacher-role configured
clusterrole.rbac.authorization.k8s.io/external-provisioner-role configured
clusterrole.rbac.authorization.k8s.io/external-resizer-role configured
clusterrolebinding.rbac.authorization.k8s.io/linode-csi-binding configured
configmap/get-linode-id configured
statefulset.apps/csi-linode-controller configured
daemonset.apps/csi-linode-node configured
csidriver.storage.k8s.io/linodebs.csi.linode.com configured
Error from server (Invalid): error when applying patch:
{"metadata":{"annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"csi-controller-attacher-binding\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"external-attacher-runner\"},\"subjects\":[{\"kind\":\"ServiceAccount\",\"name\":\"csi-controller-sa\",\"namespace\":\"kube-system\"}]}\n","lke.linode.com/caplke-version":null}},"roleRef":{"name":"external-attacher-runner"}}
to:
Resource: "rbac.authorization.k8s.io/v1, Resource=clusterrolebindings", GroupVersionKind: "rbac.authorization.k8s.io/v1, Kind=ClusterRoleBinding"
Name: "csi-controller-attacher-binding", Namespace: ""
for: "https://raw.githubusercontent.com/linode/linode-blockstorage-csi-driver/master/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver-v0.4.0.yaml": ClusterRoleBinding.rbac.authorization.k8s.io "csi-controller-attacher-binding" is invalid: roleRef: Invalid value: rbac.RoleRef{APIGroup:"rbac.authorization.k8s.io", Kind:"ClusterRole", Name:"external-attacher-runner"}: cannot change roleRef
Error from server (Invalid): error when applying patch:
{"metadata":{"annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"csi-controller-provisioner-binding\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"external-provisioner-runner\"},\"subjects\":[{\"kind\":\"ServiceAccount\",\"name\":\"csi-controller-sa\",\"namespace\":\"kube-system\"}]}\n","lke.linode.com/caplke-version":null}},"roleRef":{"name":"external-provisioner-runner"}}
to:
Resource: "rbac.authorization.k8s.io/v1, Resource=clusterrolebindings", GroupVersionKind: "rbac.authorization.k8s.io/v1, Kind=ClusterRoleBinding"
Name: "csi-controller-provisioner-binding", Namespace: ""
for: "https://raw.githubusercontent.com/linode/linode-blockstorage-csi-driver/master/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver-v0.4.0.yaml": ClusterRoleBinding.rbac.authorization.k8s.io "csi-controller-provisioner-binding" is invalid: roleRef: Invalid value: rbac.RoleRef{APIGroup:"rbac.authorization.k8s.io", Kind:"ClusterRole", Name:"external-provisioner-runner"}: cannot change roleRef
Error from server (Invalid): error when applying patch:
{"metadata":{"annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"csi-controller-resizer-binding\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"external-resizer-runner\"},\"subjects\":[{\"kind\":\"ServiceAccount\",\"name\":\"csi-controller-sa\",\"namespace\":\"kube-system\"}]}\n","lke.linode.com/caplke-version":null}},"roleRef":{"name":"external-resizer-runner"}}
to:
Resource: "rbac.authorization.k8s.io/v1, Resource=clusterrolebindings", GroupVersionKind: "rbac.authorization.k8s.io/v1, Kind=ClusterRoleBinding"
Name: "csi-controller-resizer-binding", Namespace: ""
for: "https://raw.githubusercontent.com/linode/linode-blockstorage-csi-driver/master/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver-v0.4.0.yaml": ClusterRoleBinding.rbac.authorization.k8s.io "csi-controller-resizer-binding" is invalid: roleRef: Invalid value: rbac.RoleRef{APIGroup:"rbac.authorization.k8s.io", Kind:"ClusterRole", Name:"external-resizer-runner"}: cannot change roleRef
phillc commented 3 years ago

Hello,

Are you using Linode kubernetes engine? I see a caplke annotation and wanted to confirm.

dunn commented 3 years ago

Yes, this is LKE.

phillc commented 3 years ago

I highly recommend you do not do that. LKE periodically syncs the CSI (and CCM) and will clobber any changes you have made to it. Additionally, they may do some massaging of the cluster roles to handle migrations between manifest versions, which may require more under the hood knowledge than I am able to provide.

Is there a specific reason you are trying to manually update the CSI?

dunn commented 3 years ago

Oh, I had no idea LKE is supposed to manage the CSI; I've always had to install it manually.

phillc commented 3 years ago

It should be installed in the kube-system namespace iirc. If you create a fresh LKE cluster, and then make a PVC, it should work without you having to install anything extra.

dunn commented 3 years ago

OK, I do see that now. When did that start happening? The last time I set up a cluster in LKE I remember getting PVC errors until I set up the CSI driver myself.