Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-55044

azure-disk-csi-driver-node-sa missing node read rbac causing crashloop on AzureStackHub

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Critical Critical
    • None
    • 4.19.0
    • Storage / Operators
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Critical
    • None
    • None
    • None
    • Proposed
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      During AzureStack installs csi-driver falls back on getting zone from node labels causing crashloop due to missing rbac causing storage CO to go fail:

      openshift-cluster-csi-drivers/azure-disk-csi-driver-node-d9fj2:csi-driver
I0415 17:36:16.506709       1 utils.go:105] GRPC call: /csi.v1.Identity/GetPluginInfo
I0415 17:36:16.506737       1 utils.go:106] GRPC request: {}
I0415 17:36:16.506760       1 utils.go:112] GRPC response: {"name":"disk.csi.azure.com","vendor_version":"v1.32.0"}
I0415 17:36:18.195241       1 utils.go:105] GRPC call: /csi.v1.Node/NodeGetInfo
I0415 17:36:18.195268       1 utils.go:106] GRPC request: {}
W0415 17:36:18.195306       1 nodeserver.go:344] get zone(zhsun-ash-9dvtb-master-1) failed with: VMSet is not initialized, fall back to get zone from node labels
E0415 17:36:18.202689       1 utils.go:110] GRPC error: rpc error: code = Internal desc = getNodeInfoFromLabels on node(zhsun-ash-9dvtb-master-1) failed with get node(zhsun-ash-9dvtb-master-1) failed with nodes "zhsun-ash-9dvtb-master-1" is forbidden: User "system:serviceaccount:openshift-cluster-csi-drivers:azure-disk-csi-driver-node-sa" cannot get resource "nodes" in API group "" at the cluster scope

       

              Unassigned Unassigned
              rmanak@redhat.com Radek Manak
              None
              None
              Wei Duan Wei Duan
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: