Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sync.hoststorageclasses requires access to clusterroles #2279

Open
cpockrandt opened this issue Nov 13, 2024 · 1 comment
Open

sync.hoststorageclasses requires access to clusterroles #2279

cpockrandt opened this issue Nov 13, 2024 · 1 comment
Labels
kind/bug

Comments

@cpockrandt
Copy link
Contributor

What happened?

We use the official Helm-Chart v0.19.7 with k0s (k0s:v1.29.1-k0s.0) and the following config:

sync:
  ingresses:
    enabled: true
  ingressclasses:
    enabled: false
  secrets:
    enabled: true
    all: true
  hoststorageclasses:
    enabled: true

In the hostcluster, I can run kubectl get storageclasses.storage.k8s.io, so I would expect to be able to turn on hoststorageclasses. But instead I get the following error message:

Error: rendered manifests contain a resource that already exists. Unable to continue with install: could not get information about the resource ClusterRole "vc-vc-v-test" in namespace "": clusterroles.rbac.authorization.k8s.io "vc-vc-v-test" is forbidden: User "system:serviceaccount:test:cmx-..." cannot get resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope

What did you expect to happen?

Since I am able to list the storageclasses in the host-cluster, I would expect it not to require further access to clusterroles. Is this expected behavior or is there a workaround (since I will not get granted clusterroles in our cluster)?

How can we reproduce it (as minimally and precisely as possible)?

Anything else we need to know?

No response

Host cluster Kubernetes version

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"26", GitVersion:"v1.26.3", GitCommit:"9e644106593f3f4aa98f8a84b23db5fa378900bd", GitTreeState:"clean", BuildDate:"2023-03-15T13:40:17Z", GoVersion:"go1.19.7", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v4.5.7
Server Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.13+vmware.1", GitCommit:"d82693b8117731e1d506b786bacec4cc7b94fae2", GitTreeState:"clean", BuildDate:"2024-04-24T08:07:19Z", GoVersion:"go1.21.9", Compiler:"gc", Platform:"linux/amd64"}

vcluster version

$ vcluster --version
vcluster version 0.19.7

VCluster Config

sync:
  ingresses:
    enabled: true
  ingressclasses:
    enabled: false
  secrets:
    enabled: true
    all: true
  hoststorageclasses:
    enabled: true
@deniseschannon Linear
Copy link
Contributor

I would recommend migrating to v0.20+ in order to better support you. Also, is there a specific reason you are using k0s? We are recommending users use the vanilla k8s distro.

Try looking at this yaml for either v0.20 or v0.21 and try it out:

https://www.vcluster.com/docs/vcluster/configure/vcluster-yaml/sync/from-host/storage-classes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cpockrandt @deniseschannon