0

I'm trying to setup some efs volumes under kubernetes but I get some errors when trying to do so, when going back to check my efs csi controller logs, specifically the efs-provisioner container, I find this error repeating infinitly:

error retrieving resource lock kube-system/efs-csi-aws-com: leases.coordination.k8s.io "efs-csi-aws-com" is forbidden: User "system:serviceaccount:kube-system:efs-csi-controller-sa" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-system"

Any idea about this error message or how to fix it ?

Improve this question

1 Answer 1

Reset to default
0

The service account efs-csi-controller-sa in the kube-system namespace doesn't have the necessary permissions to perform the requested operation, specifically retrieving a resource (leases) in the coordination.k8s.io API group within the kube-system namespace.

You need to grant the appropriate RBAC (Role-Based Access Control) permissions to the service account. You can do this by creating or modifying the RBAC roles and role bindings.

You might need to create a ClusterRole and bind it to the service account in the kube-system namespace, see this document.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.