VMware Modern Apps Community
varun_lv
Contributor
Contributor
‎06-04-2023 12:49 PM

pvc creation failures

Env:

ESXi 7.0 U3l

vcenter 7.0 U3l

tkgm 1.56

configured the storagepolicu with tag based 

Manifests:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
volume.beta.kubernetes.io/storage-provisioner: csi.vsphere.vmware.com
finalizers:
- kubernetes.io/pvc-protection
name: claim1
namespace: default
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
storageClassName: default
volumeMode: Filesystem

*************************************

allowVolumeExpansion: true
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
storageclass.kubernetes.io/is-default-class: "true"
creationTimestamp: "2022-09-19T18:42:06Z"
name: default
resourceVersion: "85"
uid: c40fe130-e219-45fe-97ab-24065f0184f0
provisioner: csi.vsphere.vmware.com
reclaimPolicy: Delete
volumeBindingMode: Immediate

*****************************************

Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Provisioning 13s (x5 over 28s) csi.vsphere.vmware.com_vsphere-csi-controller-7b9b7f6bfb-p478d_7a4ef963-b72c-429d-9c1c-e6821798705f External provisioner is provisioning volume for claim "default/claim1"
Warning ProvisioningFailed 13s (x5 over 28s) csi.vsphere.vmware.com_vsphere-csi-controller-7b9b7f6bfb-p478d_7a4ef963-b72c-429d-9c1c-e6821798705f failed to provision volume with StorageClass "default": rpc error: code = Internal desc = failed to create volume. Error: ServerFaultCode: NoPermission
Normal ExternalProvisioning 3s (x3 over 28s) persistentvolume-controller waiting for a volume to be created, either by external provisioner "csi.vsphere.vmware.com" or manually created by system administrator

Labels (1)
Labels
0 Kudos
1 Reply
outofm3mory
VMware Employee
VMware Employee
‎06-07-2023 11:40 AM

@varun_lv 

Error: ServerFaultCode: NoPermission usually refers to problems with permissions assigned to the user leveraged by CSI.

Here are a few resources that will help you narrow this down and add the right permission

- Volume attach failures due to permissions - https://kb.vmware.com/s/article/90348

- List of permissions required for CSI - https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/2.0/vmware-vsphere-csp-getting-s... 

0 Kudos