Open batchamalick opened 1 year ago
same issue
2023-01-05 09:04:46,549 ERROR: failed to update leader lock
2023-01-05 09:04:46,550 INFO: not promoting because failed to update leader lock in DCS
2023-01-05 09:04:56,536 INFO: Lock owner: ccr-postgres-cluster-0; I am ccr-postgres-cluster-0
2023-01-05 09:04:56,548 ERROR: Permission denied
Traceback (most recent call last):
File "/usr/local/lib/python3.10/dist-packages/patroni/dcs/kubernetes.py", line 975, in _update_leader_with_retry
return self._patch_or_create(self.leader_path, annotations, resource_version, ips=ips, retry=_retry)
File "/usr/local/lib/python3.10/dist-packages/patroni/dcs/kubernetes.py", line 921, in _patch_or_create
ret = retry(func, self._namespace, body) if retry else func(self._namespace, body)
File "/usr/local/lib/python3.10/dist-packages/patroni/dcs/kubernetes.py", line 972, in _retry
return retry(*args, **kwargs)
File "/usr/local/lib/python3.10/dist-packages/patroni/utils.py", line 334, in __call__
return func(*args, **kwargs)
File "/usr/local/lib/python3.10/dist-packages/patroni/dcs/kubernetes.py", line 483, in wrapper
return getattr(self._core_v1_api, func)(*args, **kwargs)
File "/usr/local/lib/python3.10/dist-packages/patroni/dcs/kubernetes.py", line 419, in wrapper
return self._api_client.call_api(method, path, headers, body, **kwargs)
File "/usr/local/lib/python3.10/dist-packages/patroni/dcs/kubernetes.py", line 388, in call_api
return self._handle_server_response(response, _preload_content)
File "/usr/local/lib/python3.10/dist-packages/patroni/dcs/kubernetes.py", line 218, in _handle_server_response
raise k8s_client.rest.ApiException(http_resp=response)
patroni.dcs.kubernetes.K8sClient.rest.ApiException: (403)
Reason: Forbidden
HTTP response headers: HTTPHeaderDict({'Audit-Id': 'b1fb4eb5-8e25-4a35-83c8-fddae0510d61', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Kubernetes-Pf-Flowschema-Uid': '415f970c-6a42-4b9e-8066-271cd048f096', 'X-Kubernetes-Pf-Prioritylevel-Uid': '3fb00e9b-6c7f-499a-8bb0-e72fa577bc84', 'Date': 'Thu, 05 Jan 2023 09:04:56 GMT', 'Content-Length': '268'})
HTTP response body: b'{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"endpoints \\"ccr-postgres-cluster\\" is forbidden: endpoint address 10.128.3.135 is not allowed","reason":"Forbidden","details":{"name":"ccr-postgres-cluster","kind":"endpoints"},"code":403}\n'
We had troubles with permissions in Openshift.
We ended up adding permissions to make "endpoints mechanism" work in Openshift (instead of using "ConfigMap" mechanisms/mode). Following permissions were needed for endpoints "mode" to work:
endpoints/restricted endpointslices/restricted
Please, answer some short questions which should help us to understand your problem / question better?
Some general remarks when posting a bug report: My OC version
My config
I'm seeing permission denied error
I also have this clusterrole created