Problem with provisioner

Question

Problem with provisioner

anebi opened this issue 6 years ago · 5 comments

Hello,

First i want to thank you for your job. It really push forward hetzner cloud :)

I tried to setup the provisioner and driver with Rancher 2.1, but I see following problem:

I1120 14:28:01.622098 1 leaderelection.go:187] attempting to acquire leader lease default/stevenklar-hetzner-storage-provisioner...
E1120 14:28:01.626206 1 leaderelection.go:252] error retrieving resource lock default/stevenklar-hetzner-storage-provisioner: endpoints "stevenklar-hetzner-storage-provisioner" is forbidden: User "system:serviceaccount:default:default" cannot get endpoints in the namespace "default"

I followed the commands and installed RBAC and auth stuff. How can i get this fixed?

Thank you in advance!

Regards,
Ali Nebi

Answer 1 · 2018-11-20T15:19:49.000Z

Hi @anebi

As the clusterrole need to be created for a specific namespace in my case, it is created in kubernetes namespace "hcloud"

Undeploy the auth/rbac stuff first (errors are okay)

kubectl delete -f cmd/provisioner/deploy/auth

Please have a look in

cmd/provisioner/deploy/auth/clusterrole.yaml
cmd/provisioner/deploy/auth/clusterrolebinding.yaml

and change namespace to "default" instead of "hcloud"

kubectl apply -f cmd/provisioner/deploy/auth

After that the provisioner should be able to read the endpoint information.

Answer 2 · 2018-11-20T15:57:21.000Z

Hi Steven,

Thank you very much for your fast reply. I am going to change the namespace to "default" as you said and continue my tests.

Regards,
Ali

Answer 3 · 2018-11-20T18:55:40.000Z

I still get the error no matter that namespace is changed. In order to get provisioner working I changed in rolebinding file the name of service account to "default". I need to check the documentation how to make it working with custom service account.

Now when i try to claim a volume in provisioner i get following:

E1120 18:52:32.270641 1 provision.go:21] Failed to provision volume {Delete pvc-6877cb51-ecf5-11e8-9349-96000014798a [] &PersistentVolumeClaim{ObjectMeta:k8s_io_apimachinery_pkg_apis_meta_v1.ObjectMeta{Name:hetzner-cloud-pvc,GenerateName:,Namespace:default,SelfLink:/api/v1/namespaces/default/persistentvolumeclaims/hetzner-cloud-pvc,UID:6877cb51-ecf5-11e8-9349-96000014798a,ResourceVersion:4223,Generation:0,CreationTimestamp:2018-11-20 18:52:19 +0000 UTC,DeletionTimestamp:<nil>,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{volume.beta.kubernetes.io/storage-class: hetzner-cloud-default,volume.beta.kubernetes.io/storage-provisioner: stevenklar/hetzner-storage-provisioner,},OwnerReferences:[],Finalizers:[kubernetes.io/pvc-protection],ClusterName:,Initializers:nil,},Spec:PersistentVolumeClaimSpec{AccessModes:[ReadWriteOnce],Resources:ResourceRequirements{Limits:ResourceList{},Requests:ResourceList{storage: {{10737418240 0} {<nil>} 10Gi BinarySI},},},VolumeName:,Selector:nil,StorageClassName:nil,VolumeMode:nil,DataSource:nil,},Status:PersistentVolumeClaimStatus{Phase:Pending,AccessModes:[],Capacity:ResourceList{},Conditions:[],},} map[] nil []}, error: Post https://api.hetzner.cloud/v1/volumes: net/http: invalid header field value "Bearer xxxxxxx" for key Authorization W1120 18:52:32.271506 1 controller.go:686] Retrying syncing claim "def

Answer 4 · 2018-11-20T18:59:31.000Z

It appeared that the problem was in token :) Everything works.

Thank you once again!

Best regards,
Ali Nebi

Answer 5 · 2018-11-20T19:00:40.000Z

Awesome that it works for you. Thank you for feedback!