I assume this is a bug but I've not had a reply on the forums so I apologize if this is something that can be cured with configuration:
K8S 1.19.2 hosted on OVH, 3 nodes.
Juju Snap 2.8.x
Pods give me a lot of errors like this:
E1206 01:00:22.299362 1 reflector.go:125] <email address hidden>/tools/cache/reflector.go:98: Failed to list *unstructured.Unstructured: pytorchjobs.kubeflow.org is forbidden: User "system:serviceaccount:test3:pytorch-operator" cannot list resource "pytorchjobs" in API group "kubeflow.org" at the cluster scope
E1206 01:00:22.311128 1 reflector.go:125] <email address hidden>/tools/cache/reflector.go:98: Failed to list *v1.Pod: pods is forbidden: User "system:serviceaccount:test3:pytorch-operator" cannot list resource "pods" in API group "" at the cluster scope
E1206 01:00:22.311128 1 reflector.go:125] <email address hidden>/tools/cache/reflector.go:98: Failed to list *v1.Service: services is forbidden: User "system:serviceaccount:test3:pytorch-operator" cannot list resource "services" in API group "" at the cluster scope
E1206 01:00:23.307654 1 reflector.go:125] <email address hidden>/tools/cache/reflector.go:98: Failed to list *unstructured.Unstructured: pytorchjobs.kubeflow.org is forbidden: User "system:serviceaccount:test3:pytorch-operator" cannot list resource "pytorchjobs" in API group "kubeflow.org" at the cluster scope
E1206 01:00:23.316298 1 reflector.go:125] <email address hidden>/tools/cache/reflector.go:98: Failed to list *v1.Pod: pods is forbidden: User "system:serviceaccount:test3:pytorch-operator" cannot list resource "pods" in API group "" at the cluster scope
E1206 01:00:23.318757 1 reflector.go:125] <email address hidden>/tools/cache/reflector.go:98: Failed to list *v1.Service: services is forbidden: User "system:serviceaccount:test3:pytorch-operator" cannot list resource "services" in API group "" at the cluster scope
and it prevents the deployment of Postgresql with this:
2020-12-06 16:54:54,048 INFO: Updating PostgreSQL configuration in /srv/pgconf/12/main/conf.d/juju_charm.conf
Traceback (most recent call last):
File "/usr/local/bin/docker_entrypoint.py", line 23, in <module>
pgcharm.docker_entrypoint()
File "/usr/local/lib/python3.8/dist-packages/pgcharm.py", line 503, in docker_entrypoint
if is_master():
File "/usr/local/lib/python3.8/dist-packages/pgcharm.py", line 412, in is_master
return get_master() == JUJU_POD_NAME
File "/usr/local/lib/python3.8/dist-packages/pgcharm.py", line 421, in get_master
masters = [i.metadata.name for i in api.list_namespaced_pod(NAMESPACE, label_selector=master_selector).items]
File "/usr/local/lib/python3.8/dist-packages/kubernetes/client/api/core_v1_api.py", line 15302, in list_namespaced_pod
return self.list_namespaced_pod_with_http_info(namespace, **kwargs) # noqa: E501
File "/usr/local/lib/python3.8/dist-packages/kubernetes/client/api/core_v1_api.py", line 15413, in list_namespaced_pod_with_http_info
return self.api_client.call_api(
File "/usr/local/lib/python3.8/dist-packages/kubernetes/client/api_client.py", line 348, in call_api
return self.__call_api(resource_path, method,
File "/usr/local/lib/python3.8/dist-packages/kubernetes/client/api_client.py", line 180, in __call_api
response_data = self.request(
File "/usr/local/lib/python3.8/dist-packages/kubernetes/client/api_client.py", line 373, in request
return self.rest_client.GET(url,
File "/usr/local/lib/python3.8/dist-packages/kubernetes/client/rest.py", line 239, in GET
return self.request("GET", url,
File "/usr/local/lib/python3.8/dist-packages/kubernetes/client/rest.py", line 233, in request
raise ApiException(http_resp=r)
and loads of API errors in the pod.
Also raised for discussion here: https://discourse.charmhub.io/t/kubernetes-api-warnings/3927/3
