Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't create pods/portforward resource #310

Open
quoctri1 opened this issue Jul 11, 2024 · 3 comments
Open

Can't create pods/portforward resource #310

quoctri1 opened this issue Jul 11, 2024 · 3 comments

Comments

@quoctri1
Copy link

Describe the bug
pv-migrate can't create pods/portforward even used cluster owner user in Rancher.

To Reproduce
Steps to reproduce the behavior:

  1. Make sure kubeconfig that have context with cluser owner user and check with auth cli
kubectl --kubeconfig ~/.kube/config --context pal-vsphere-mgt-01 -n keaun-workaround auth can-i create pods/portforward
yes
pv-migrate --source-kubeconfig /home/keanuphan/.kube/config --source-context pal-vsphere-mgt-01 --source-namespace keaun-workaround --source www-web-source-0 --dest-kubeconfig /home/keanuphan/.kube/config --dest-context aws-ireland-merito-mgt-01 --dest-namespace tom-test --dest www-web-destination-0 --ignore-mounted --log-level DEBUG --strategies local
Jul 11 15:15:21.347 INF 🚀 Starting migration
Jul 11 15:15:24.196 INF 💡 PVC is mounted to a node, but --ignore-mounted is requested, ignoring... source=keaun-workaround/www-web-source-0 dest=tom-test/www-web-destination-0 pvc=keaun-workaround/www-web-source-0 mounted_node=palk8smgt08
Jul 11 15:15:24.196 INF 💡 PVC is mounted to a node, but --ignore-mounted is requested, ignoring... source=keaun-workaround/www-web-source-0 dest=tom-test/www-web-destination-0 pvc=tom-test/www-web-destination-0 mounted_node=ip-10-100-41-184.eu-west-1.compute.internal
Jul 11 15:15:24.196 INF 💭 Attempting migration source=keaun-workaround/www-web-source-0 dest=tom-test/www-web-destination-0 strategies=local
Jul 11 15:15:24.196 INF 🚁 Attempt using strategy source=keaun-workaround/www-web-source-0 dest=tom-test/www-web-destination-0 attempt_id=adeee strategy=local
Jul 11 15:15:24.197 INF 🔑 Generating SSH key pair source=keaun-workaround/www-web-source-0 dest=tom-test/www-web-destination-0 attempt_id=adeee strategy=local
Jul 11 15:15:46.519 DBG creating 4 resource(s) source=keaun-workaround/www-web-source-0 dest=tom-test/www-web-destination-0 attempt_id=adeee strategy=local
Jul 11 15:15:49.461 DBG beginning wait for 4 resources with timeout of 2m0s source=keaun-workaround/www-web-source-0 dest=tom-test/www-web-destination-0 attempt_id=adeee strategy=local
Jul 11 15:16:03.286 DBG creating 4 resource(s) source=keaun-workaround/www-web-source-0 dest=tom-test/www-web-destination-0 attempt_id=adeee strategy=local
Jul 11 15:16:04.425 DBG beginning wait for 4 resources with timeout of 2m0s source=keaun-workaround/www-web-source-0 dest=tom-test/www-web-destination-0 attempt_id=adeee strategy=local
Jul 11 15:16:05.312 DBG Deployment is not ready: tom-test/pv-migrate-adeee-dest-sshd. 0 out of 1 expected pods are ready source=keaun-workaround/www-web-source-0 dest=tom-test/www-web-destination-0 attempt_id=adeee strategy=local
Jul 11 15:16:10.799 ERR ❌ Error on port-forward source=keaun-workaround/www-web-source-0 dest=tom-test/www-web-destination-0 attempt_id=adeee strategy=local ns=keaun-workaround name=pv-migrate-adeee-src-sshd-7c57595cc4-8cmwq port=44737 error="failed to forward ports: error upgrading connection: pods \"pv-migrate-adeee-src-sshd-7c57595cc4-8cmwq\" is forbidden: User \"u-z2pmtfcv6o\" cannot create resource \"pods/portforward\" in API group \"\" in the namespace \"keaun-workaround\""

Expected behavior
With cluster-owner I can migrate with local strategies

Version

  • Source and destination Kubernetes versions - v1.27.12+rke2r1, v1.29.4-eks-036c24b
  • Source and destination container runtimes containerd://1.7.11-k3s2, containerd://1.7.11
  • pv-migrate version and architecture v2.0.1 - linux_x86_64
  • Installation method by binary download
  • Source and destination PVC type, size and accessModes ReadWriteOnce, 1G, rbd -> ReadWriteOnce, 1G, aws ebs
@utkuozdemir
Copy link
Owner

Hi, the local strategy needs a big overhaul, it is currently not in the best shape. Until I get to it, I recommend trying other strategies, if possible.

@quoctri1
Copy link
Author

thank you very much @utkuozdemir. BTW, any recommand for migrate from on-premises Rancher using metallb (using private ip) to EKS.

@utkuozdemir
Copy link
Owner

If they are not routable to each other, you don't have any options other than the local strategy.

By the way, it seems your issue is related to RBAC - the user you are hitting the cluster with, u-z2pmtfcv6o, is not authorized to forward ports. I'd recommend looking into that. This issue is not caused by a bug in the local strategy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants