Deploying Charmed Kuberenetes 1.26/stable (control plane charm 1.26.1, worker 1.25.6).
When trying to deploy metallb-speaker and metallb-controller after a long wait both fail with the following log in the agent:
application-metallb-speaker: 23:37:57 INFO unit.metallb-speaker/0.juju-log Running legacy hooks/install.
application-metallb-speaker: 23:38:02 INFO unit.metallb-speaker/0.juju-log Determine if k8s api supports PolicyV1/beta
application-metallb-speaker: 23:38:02 INFO unit.metallb-speaker/0.juju-log Not creating PSP, doesn't support policy_v1_beta
application-metallb-speaker: 23:38:02 INFO unit.metallb-speaker/0.juju-log Creating namespaced role with K8s API
application-metallb-speaker: 23:38:02 ERROR unit.metallb-speaker/0.juju-log Exception when calling RbacAuthorizationV1Api->create_namespaced_role.
Traceback (most recent call last):
File "/var/lib/juju/agents/unit-metallb-speaker-0/charm/src/utils.py", line 156, in create_namespaced_role_with_api
api_instance.create_namespaced_role(namespace, body, pretty=True)
File "/var/lib/juju/agents/unit-metallb-speaker-0/charm/venv/kubernetes/client/api/rbac_authorization_v1_api.py", line 274, in create_namespaced_role
(data) = self.create_namespaced_role_with_http_info(namespace, body, **kwargs) # noqa: E501
File "/var/lib/juju/agents/unit-metallb-speaker-0/charm/venv/kubernetes/client/api/rbac_authorization_v1_api.py", line 351, in create_namespaced_role_with_http_info
return self.api_client.call_api(
File "/var/lib/juju/agents/unit-metallb-speaker-0/charm/venv/kubernetes/client/api_client.py", line 340, in call_api
return self.__call_api(resource_path, method,
File "/var/lib/juju/agents/unit-metallb-speaker-0/charm/venv/kubernetes/client/api_client.py", line 172, in __call_api
response_data = self.request(
File "/var/lib/juju/agents/unit-metallb-speaker-0/charm/venv/kubernetes/client/api_client.py", line 382, in request
return self.rest_client.POST(url,
File "/var/lib/juju/agents/unit-metallb-speaker-0/charm/venv/kubernetes/client/rest.py", line 272, in POST
return self.request("POST", url,
File "/var/lib/juju/agents/unit-metallb-speaker-0/charm/venv/kubernetes/client/rest.py", line 231, in request
raise ApiException(http_resp=r)
kubernetes.client.rest.ApiException: (403)
Reason: Forbidden
HTTP response headers: HTTPHeaderDict({'Audit-Id': '09a32a51-f0e6-48b5-b918-0d493f5f3fb4', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'X-Kubernetes-Pf-Flowschema-Uid': '644c20cf-1845-4581-ab1a-9adde3bdc6fa', 'X-Kubernetes-Pf-Prioritylevel-Uid': 'd57ec4a9-5a2c-446b-94c6-338588739ca2', 'Date': 'Sat, 28 Jan 2023 23:38:02 GMT', 'Content-Length': '452'})
HTTP response body: {
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "roles.rbac.authorization.k8s.io is forbidden: User \"system:serviceaccount:metallb-system:metallb-speaker-operator\" cannot create resource \"roles\" in API group \"rbac.authorization.k8s.io\" in the namespace \"metallb-system\"",
"reason": "Forbidden",
"details": {
"group": "rbac.authorization.k8s.io",
"kind": "roles"
},
"code": 403
}
Please disregard - didn't apply the RBAC manifest following the procedure on https:/ /ubuntu. com/kubernetes/ docs/metallb# rbac-note