Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows volumes cannot be provisioned using Azure cloud provider because of missing RBAC role #38

Open
sowmyav27 opened this issue May 9, 2019 · 5 comments
Open

Windows volumes cannot be provisioned using Azure cloud provider because of missing RBAC role #38

sowmyav27 opened this issue May 9, 2019 · 5 comments
Assignees
@phillipsj @sowmyav27
Labels
area/windows bug Something isn't working team/area4

Comments

@sowmyav27
Copy link

What kind of request is this (question/bug/enhancement/feature request): bug

Steps to reproduce (least amount of steps as possible):

  1. Create a cluster with Azure cloud provider set. (1 etcd, control plane linux node, 1 linux worker node, 2 windows worker nodes)
  2. On execution of these commands on kubectl for the cluster - the rolebindings related to -system:azure-cloud-provider are not available
> k get sa persistent-volume-binder -n kube-system
> k get clusterrole system:azure-cloud-provider -n kube-system
> k get clusterrolebinding system:azure-cloud-provider -n kube-system

On creation of a Volume, it fails and the Volume is still stuck in Pending state.

Other details that may be helpful:

Environment information

  • Rancher version (rancher/rancher/rancher/server image tag or shown bottom left in the UI): rancher:master
  • Installation option (single install/HA): single install

Cluster information

  • Cluster type (Hosted/Infrastructure Provider/Custom/Imported): custom
  • Kubernetes version (use kubectl version):
1.14.1
@alena1108
Copy link

@sowmyav27 : @sangeethah said that there are steps to workaround. Can you please add them as a comment to the issue?

@sowmyav27
Copy link
Author

Workaround for the issue --

  1. Import YAML from Workloads page of System project:
  2. choose Cluster as Import Mode
  3. import as below:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: system:azure-cloud-provider
rules:
- apiGroups: ['']
  resources: ['secrets']
  verbs:     ['get','create']
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: system:azure-cloud-provider
roleRef:
  kind: ClusterRole
  apiGroup: rbac.authorization.k8s.io
  name: system:azure-cloud-provider
subjects:
- kind: ServiceAccount
  name: persistent-volume-binder
  namespace: kube-system

@loganhz
Copy link

loganhz commented May 13, 2019

https://docs.microsoft.com/en-us/azure/aks/azure-files-dynamic-pv

The RBAC is required in Microsoft's doc. Should we make the step automatically for it?

@cjellick cjellick changed the title Missing rbac resources while creating an Azure cluster with cloud provider set Windows volumes cannot be provisioned using Azure cloud provider because of missing RBAC role May 14, 2019
@sirredbeard sirredbeard transferred this issue from rancher/rancher Apr 19, 2021
@sirredbeard
Copy link
Contributor

@phillipsj Can you please look and see if this could be something fixed with an Azure node driver? We could add that as an enhancement.

@phillipsj
Copy link
Contributor

Sure thing!

@sirredbeard sirredbeard added area/windows bug Something isn't working and removed triage labels Sep 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@phillipsj phillipsj

@sowmyav27 sowmyav27

Labels
area/windows bug Something isn't working team/area4
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@alena1108 @phillipsj @thxCode @deniseschannon @loganhz @sowmyav27 @sirredbeard @Jono-SUSE-Rancher