-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fail to mount the PV when using Anthos Service Mesh #40
Comments
Hi @ybelleguic , I could not reproduce the error on my end. The error |
I have exactly the same errors from the sidecar. Does this related to the federated workload identity mentioned here? My workload identity pool has federation setup and I think Anthos probably also uses federation, that seems to be common across 3 different issues. |
Hello, workload identity was setup correctly on my side. my problem was related to the outboundTrafficPolicy mode set in the cluster. When the mode is set to So I guess this issue can be closed ? |
Ah I see, thanks @ybelleguic for the troubleshooting step! @zhangluva , could you follow this step and retry on your side? If it helps, please let me know, and I will update the documentation. Thank you! |
Thanks @songjiaxun for your quick reply. I did go though the IAM and permission settings and everything looked good. Following are my steps to verify IAM/permission.
So I don't think it's an IAM permission issue. K8s service account impersonate GCP service account and then access GCS bucket all worked as expected if not using the sidecar. Thanks, |
Hello,
I'm encoutering issue when mounting a bucket as a PV with Anthos Service Mesh. Please find the following yaml at the end of the issue. It works perfectly fine when istio injection is disabled.
The text was updated successfully, but these errors were encountered: