Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

missing roles #15

Open
bvv906 opened this issue May 10, 2023 · 3 comments
Open

missing roles #15

bvv906 opened this issue May 10, 2023 · 3 comments
Labels
bug Something isn't working

Comments

@bvv906
Copy link

bvv906 commented May 10, 2023

Describe the bug

Volume migration stuck,

"volumemigrationjob-a8ebd411-ef02-11ed-bff3-0a580a8200cb", "namespace": "cnsmanager", "TraceId": "134452f3-561d-4be3-ad4d-1ab4f8d0fe27", "volume": "6b56ced2-2eaf-4eab-800b-d74b5e8dd63a", "error": "volumemigrationtasks.cnsmanager.cns.vmware.com "volumemigrationtask-cd71f397-ef02-11ed-bff3-0a580a8200cb" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: RBAC: clusterrole.rbac.authorization.k8s.io "psp:vmware-system-privileged" not found, "}

deploy-template.yaml have only binding, not the role

Reproduction steps

  1. start volume migration
  2. see logs of a cns-manager

...

Expected behavior

succesful migration

Additional context

No response

@bvv906 bvv906 added the bug Something isn't working label May 10, 2023
@gohilankit
Copy link
Contributor

gohilankit commented May 12, 2023

@bvv906 Can you provide more details about your environment - like which Kubernetes distribution and version?

The ClusterRole psp:vmware-system-privileged pertains to vSphere with Tanzu deployments, so we will get rid of that RoleBinding in the upcoming release. But storage vMotion doesn't depend on that RoleBinding. Please try removing the RoleBinding from deploy yaml, and see if the migration works.

@gohilankit
Copy link
Contributor

I just tried migrating a volume and it works even without ClusterRole psp:vmware-system-privileged being present in my cluster.

root@k8s-control-540-1683580564:~/manifests# kubectl get RoleBinding -A
NAMESPACE           NAME                                                    ROLE                                                  AGE
cns-manager         cns-manager                                             ClusterRole/psp:vmware-system-privileged              18m   <-----
.
.
.

root@k8s-control-540-1683580564:~/manifests# kubectl get ClusterRole psp:vmware-system-privileged
Error from server (NotFound): clusterroles.rbac.authorization.k8s.io "psp:vmware-system-privileged" not found

@draakuns
Copy link

draakuns commented Jul 9, 2024

@bvv906 Can you provide more details about your environment - like which Kubernetes distribution and version?

The ClusterRole psp:vmware-system-privileged pertains to vSphere with Tanzu deployments, so we will get rid of that RoleBinding in the upcoming release. But storage vMotion doesn't depend on that RoleBinding. Please try removing the RoleBinding from deploy yaml, and see if the migration works.

Hi @gohilankit , latest 0.3.0 version still relies on psp, and for us using Openshift or other kubernetes we just can't install. Can you provide a valid CR for it in the meanwhile that a release fixes it, please?
It's been a year so I hope I can avoid just using an empty CR and filling up the gaps myself with trial-and-error.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants