Dear Ceph community, I am trying to deploy csi on a k8s cluster to be able to create/mount ceph rbd volumes. The installation is based in helm and it fails deploying the rbd plugin pods: Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled <unknown> default-scheduler Successfully assigned naret-csi-rbd/naret-csi-rbd-ceph-csi-rbd-nodeplugin-2jf9n to nid020100 Warning FailedMount 0s (x7 over 32s) kubelet, nid020100 MountVolume.SetUp failed for volume "oidc-token" : failed to fetch token: the API server does not have TokenRequest endpoints enabled I checked the kubelet in nid020100 and seems TokenRequest is enabled nid020100:~ # ps aux | grep kubelet | grep --color feature-gates root 94103 5.0 0.0 581832 419508 ? Ssl 11:33 0:34 kube-apiserver --advertise-address=10.100.201.189 --allow-privileged=true --anonymous-auth=True --apiserver-count=3 --authorization-mode=Node,RBAC --bind-address=0.0.0.0 --client-ca-file=/etc/kubernetes/ssl/ca.crt --enable-admission-plugins=NodeRestriction --enable-aggregator-routing=False --enable-bootstrap-token-auth=true --endpoint-reconciler-type=lease --etcd-cafile=/etc/ssl/etcd/ssl/ca.pem --etcd-certfile=/etc/ssl/etcd/ssl/node-nid020100.pem --etcd-keyfile=/etc/ssl/etcd/ssl/node-nid020100-key.pem --etcd-servers=https://10.100.200.208:2379<https://10.100.200.208:2379/>,https://10.100.200.178:2379<https://10.100.200.178:2379/>,https://10.100.201.189:2379<https://10.100.201.189:2379/> --insecure-port=0 --kubelet-client-certificate=/etc/kubernetes/ssl/apiserver-kubelet-client.crt --kubelet-client-key=/etc/kubernetes/ssl/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalDNS,InternalIP,Hostname,Exte rnalDNS,ExternalIP --profiling=False --proxy-client-cert-file=/etc/kubernetes/ssl/front-proxy-client.crt --proxy-client-key-file=/etc/kubernetes/ssl/front-proxy-client.key --request-timeout=1m0s --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/etc/kubernetes/ssl/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --runtime-config= --secure-port=6443 --service-account-key-file=/etc/kubernetes/ssl/sa.pub --service-cluster-ip-range=10.233.0.0/18 --service-node-port-range=30000-32767 --storage-backend=etcd3 --tls-cert-file=/etc/kubernetes/ssl/apiserver.crt --tls-private-key-file=/etc/kubernetes/ssl/apiserver.key --feature-gates=TokenRequest=True root 112749 2.5 0.0 8601512 140484 ? Ssl Jun02 27:31 /usr/local/bin/kubelet --logtostderr=true --v=2 --node-ip=10.100.201.189 --hostname-override=nid020100 --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --config=/etc/kubernetes/kubelet-config.yaml --kubeconfig=/etc/kubernetes/kubelet.conf --pod-infra-container-image=registry.local/k8s.gcr.io/pause:3.1 --container-runtime=remote --container-runtime-endpoint=/var/run/containerd/containerd.sock --runtime-cgroups=/systemd/system.slice --feature-gates=TokenRequest=True --feature-gates=DevicePlugins=true --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin Any advice? _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |