Cannot get resource "persistentvolumeclaims" in API group

[petertulala]

Describe the bug Problem when migrating a PV between two Google Cloud projects.

To Reproduce Steps to reproduce the behavior:

I login at first project and save the config file into kube_src:

gcloud login auth gcloud container clusters get-credentials cluster-1 --zone europe-west4-a --project project-1 cat ~/.kube/config > ./kube_src

I login at second project and save the kube config file into kube_dst:

gcloud login auth gcloud container clusters get-credentials cluster-1 --zone europe-west4-a --project project-2 cat ~/.kube/config > ./kube_dst

I run the pv-migrate:

pv-migrate --log-level trace migrate
--source-kubeconfig ./kube_src
--source-namespace ef-backend
--dest-kubeconfig ./kube_dst
--dest-namespace ef-backend
--strategies lbsvc
--ignore-mounted
ef-backend ef-backend

Expected behavior I expect that the PVC ef-backend is migrated from project-1 to project-2. The user I'm using has an Owner role in GCP, so all permissions should be assigned.

Console output ❌ Error: persistentvolumeclaims "ef-backend" is forbidden: User "<user name >" cannot get resource "persistentvolumeclaims" in API group "" in the namespace "ef-backend": requires one of ["container.persistentVolumeClaims.get"] permission(s).

Version

• Kubectl client version: v1.24.3
• Kubectl server version: v1.22.8-gke.202
• pv-migrate version 1.0.0

[utkuozdemir]

This looks like an RBAC issue. Can you try to do kubectl --kubeconfig ./kube_src get pvc -n ef-backend ef-backend and see what happens?

You can also try to get the kubeconfigs like the following to have them fresh, not merged to your existing kubeconfig:

KUBECONFIG=./source-kubeconfig gcloud container clusters get-credentials cluster-1 --zone europe-west4-a --project project-1
KUBECONFIG=./dest-kubeconfig gcloud container clusters get-credentials cluster-1 --zone europe-west4-a --project project-1

[utkuozdemir]

Closing, please open a new issue if you have any new findings in the future.