Bug 1224636
| Summary: | [origin_infrastructure_265] Caught 'Insufficient Permission' error mounting gcePersistentDisk | ||
|---|---|---|---|
| Product: | OKD | Reporter: | Jianwei Hou <jhou> |
| Component: | Storage | Assignee: | Mark Turansky <mturansk> |
| Status: | CLOSED NOTABUG | QA Contact: | Liang Xia <lxia> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.x | CC: | libra-bugs |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-05-26 10:12:01 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Sorry, after investigation, it was format of pod.yaml that made this operation unsuccessful.
The correct format for a volume should be:
-----
volumes:
- name: mypd
source:
persistentVolumeClaim:
accessMode: ReadWriteOnce
claimRef:
name: myclaim-1
-----
|
Description of problem: 'Insufficient Permission' error is caught from events when a pod mounts gce persistent disk Version-Release number of selected component (if applicable): Client Version: version.Info{Major:"0", Minor:"17+", GitVersion:"v0.17.1-738-gcf7b0bdc2a41d3", GitCommit:"cf7b0bdc2a41d38613ac7f8eeea91cae23553fa2", GitTreeState:"clean"} Server Version: version.Info{Major:"0", Minor:"17+", GitVersion:"v0.17.1-738-gcf7b0bdc2a41d3", GitCommit:"cf7b0bdc2a41d38613ac7f8eeea91cae23553fa2", GitTreeState:"clean"} How reproducible: Always Steps to Reproduce: 1. Launch a CentOS 7.1 instance GCE, start Kubernetes on the instance 2. Create a GCE PD: gcloud compute disks create --size=10GB --zone=us-central1-a gcepd 3. Create a pv cluster/kubectl.sh create -f pv.yaml ``` kind: PersistentVolume apiVersion: v1beta3 metadata: name: gce labels: type: gcepd spec: capacity: storage: 10Gi accessModes: - ReadWriteOnce gcePersistentDisk: pdName: "gcepd" fsType: "ext4" 4. Create a pvc cluster/kubectl.sh create -f claim.yaml ``` kind: PersistentVolumeClaim apiVersion: v1beta3 metadata: name: myclaim-1 spec: accessModes: - ReadWriteOnce resources: requests: storage: 3Gi ``` 5. Create a pod that mounts the pv cluster/kubectl.sh create -f pod.yaml ``` kind: Pod apiVersion: v1beta3 metadata: name: mypod labels: name: frontendhttp spec: containers: - name: myfrontend image: nginx ports: - containerPort: 80 name: "http-server" volumeMounts: - mountPath: "/usr/share/nginx/html" name: gcepd volumes: - name: gcepd persistentVolumeClaim: claimName: myclaim-1 ``` Actual results: After step 2: $ gcloud compute disks list NAME ZONE SIZE_GB TYPE STATUS gcepd us-central1-a 10 pd-standard READY After step 3 and 4: the pv and pvc are created successfully [hjw@10 kubernetes]$ cluster/kubectl.sh get pv NAME LABELS CAPACITY ACCESSMODES STATUS CLAIM gce type=gcepd 10737418240 RWO Bound default/myclaim-1 [hjw@10 kubernetes]$ cluster/kubectl.sh get pvc NAME LABELS STATUS VOLUME myclaim-1 map[] Bound gce After step 5: Pod is pending, the events suggest an error of insufficient permission Mon, 25 May 2015 08:02:36 +0000 Mon, 25 May 2015 08:02:36 +0000 1 mypod Pod scheduled {scheduler } Successfully assigned mypod to 127.0.0.1 Mon, 25 May 2015 08:02:36 +0000 Mon, 25 May 2015 08:14:57 +0000 75 mypod Pod failedMount {kubelet 127.0.0.1} Unable to mount volumes for pod "mypod_default": googleapi: Error 403: Insufficient Permission, insufficientPermissions Mon, 25 May 2015 08:02:36 +0000 Mon, 25 May 2015 08:14:57 +0000 75 mypod Pod failedSync {kubelet 127.0.0.1} Error syncing pod, skipping: googleapi: Error 403: Insufficient Permission, insufficientPermissions Expected results: The pod should be running, there is no such error in the events. Additional info: