It appears to be that service account called calico-policy-controller in kube-system namespace does not have proper permissions to list (and maybe do other actions after listing) for pods, namespaces and networkpolicies.
E0220 19:43:16.246620 1 reflector.go:201] github.com/projectcalico/kube-controllers/pkg/controllers/namespace/namespace_controller.go:151: Failed to list *v1.Namespace: namespaces is forbidden: User "system:serviceaccount:kube-system:calico-policy-controller" cannot list resource "namespaces" in API group "" at the cluster scope: RBAC: [clusterrole.rbac.authorization.k8s.io "system:basic-user" not found, clusterrole.rbac.authorization.k8s.io "calico-policy-controller" not found, clusterrole.rbac.authorization.k8s.io "system:discovery" not found]
E0220 19:43:16.253464 1 reflector.go:201] github.com/projectcalico/kube-controllers/pkg/controllers/pod/pod_controller.go:201: Failed to list *v1.Pod: pods is forbidden: User "system:serviceaccount:kube-system:calico-policy-controller" cannot list resource "pods" in API group "" at the cluster scope: RBAC: [clusterrole.rbac.authorization.k8s.io "system:basic-user" not found, clusterrole.rbac.authorization.k8s.io "calico-policy-controller" not found, clusterrole.rbac.authorization.k8s.io "system:discovery" not found]
E0220 19:53:03.880187 1 reflector.go:201] github.com/projectcalico/kube-controllers/pkg/controllers/networkpolicy/policy_controller.go:192: Failed to list *extensions.NetworkPolicy: networkpolicies.extensions is forbidden: User "system:serviceaccount:kube-system:calico-policy-controller" cannot list resource "networkpolicies" in API group "extensions" at the cluster scope
It appears to be that service account called calico- policy- controller in kube-system namespace does not have proper permissions to list (and maybe do other actions after listing) for pods, namespaces and networkpolicies.
juju status: http:// paste.ubuntu. com/p/ZMXbYYRVT m/ paste.ubuntu. com/p/N8YvFGQ9V Y/
bundle: http://
kubectl logs -n kube-system calico- policy- controller- 675499888b- 6sxsb | grep cannot
http:// paste.ubuntu. com/p/c2KMw74rx r/
E0220 19:43:16.246620 1 reflector.go:201] github. com/projectcali co/kube- controllers/ pkg/controllers /namespace/ namespace_ controller. go:151: Failed to list *v1.Namespace: namespaces is forbidden: User "system: serviceaccount: kube-system: calico- policy- controller" cannot list resource "namespaces" in API group "" at the cluster scope: RBAC: [clusterrole. rbac.authorizat ion.k8s. io "system:basic-user" not found, clusterrole. rbac.authorizat ion.k8s. io "calico- policy- controller" not found, clusterrole. rbac.authorizat ion.k8s. io "system:discovery" not found]
E0220 19:43:16.253464 1 reflector.go:201] github. com/projectcali co/kube- controllers/ pkg/controllers /pod/pod_ controller. go:201: Failed to list *v1.Pod: pods is forbidden: User "system: serviceaccount: kube-system: calico- policy- controller" cannot list resource "pods" in API group "" at the cluster scope: RBAC: [clusterrole. rbac.authorizat ion.k8s. io "system:basic-user" not found, clusterrole. rbac.authorizat ion.k8s. io "calico- policy- controller" not found, clusterrole. rbac.authorizat ion.k8s. io "system:discovery" not found]
E0220 19:53:03.880187 1 reflector.go:201] github. com/projectcali co/kube- controllers/ pkg/controllers /networkpolicy/ policy_ controller. go:192: Failed to list *extensions. NetworkPolicy: networkpolicies .extensions is forbidden: User "system: serviceaccount: kube-system: calico- policy- controller" cannot list resource "networkpolicies" in API group "extensions" at the cluster scope