pod-reaper icon indicating copy to clipboard operation
pod-reaper copied to clipboard

Published 20 hours ago verified publisher icon target

cannot create resource \"pods/eviction\" in API group

Open fentonfentonfenton opened this issue 1 year ago • 2 comments

actually just followed this PR in an unrelated kubernetes repo: https://github.com/kubernetes-sigs/descheduler/pull/64/files

was getting an error:

{"error":"pods \"{REDACTED}\" is forbidden: User \"system:serviceaccount:{REDACTED}:pod-reaper-service-account\" cannot create resource \"pods/eviction\" in API group \"\" in the namespace \"uat-nucleus\"","message":"unable to delete podpods \"{REDACTED}\" is forbidden: User \"system:serviceaccount:{REDACTED}pod-reaper-service-account\" cannot create resource \"pods/eviction\" in API group \"\" in the namespace \"{REDACTED}s\"","pod":"{REDACTED}","severity":"warn","time":"2023-08-23T00:05:01.423715449Z"}", "logtag":"F", "stream":"stderr", "tag":"{REDACTED}T"}

fentonfentonfenton avatar Aug 23 '23 09:08 fentonfentonfenton

Is your use case specifying the EVICT configuration? If not, it feels really odd that this permission would be needed. If it is using the EVICT configuration this would make perfect sense and I should update the readme to make it easier to understand!

brianberzins avatar Aug 23 '23 12:08 brianberzins

Is your use case specifying the EVICT configuration? If not, it feels really odd that this permission would be needed. If it is using the EVICT configuration this would make perfect sense and I should update the readme to make it easier to understand!

yep. using evict :)

fentonfentonfenton avatar Dec 21 '23 10:12 fentonfentonfenton