Problem

I'm not able to allow couchbase service account in particular namespace of K8S to get storageclass information.

My Trail and Error

Firstly, I try to provisioning Couchbase by using Couchbase operator and the following error was throw.

kubectl apply -f cma/couchbase/deployment/06-couchbase-cluster.yaml
secret/cb-auth unchanged
Error from server: error when creating "cma/couchbase/deployment/06-couchbase-cluster.yaml": admission webhook "couchbase-operator-admission.couchbase-dev.svc" denied the request: validation failure list:
storage class "cpt-vshpere-with-tanzu-storage-policy" must exist
storage class "cpt-vshpere-with-tanzu-storage-policy" must exist
storage class "cpt-vshpere-with-tanzu-storage-policy" must exist
storage class "cpt-vshpere-with-tanzu-storage-policy" must exist

Look like there is some issue with storageclass so I check with this command

kubectl get storageclass

NAME                                    PROVISIONER              RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
cpt-vsphere-with-tanzu-storage-policy   csi.vsphere.vmware.com   Delete          Immediate           true                   39d

there is storageclass in the k8s, so I try another command to check service account authorization

kubectl auth can-i get storageclasses --as=system:serviceaccount:couchbase-dev:couchbase-operator-admission -n couchbase-dev
Warning: resource 'storageclasses' is not namespace scoped in group 'storage.k8s.io'
yes

it says yes.. what was the problem here.

CodePudding user response：

Try check the spelling.

Error from server: error when creating ...

storage class "cpt-vshpere-with-tanzu-storage-policy" must exist

...

Your actual StorageClass name:

NAME PROVISIONER

cpt-vsphere-with-tanzu-storage-policy csi.vsphere.vmware.com