Trident - Kyverno Policy Blocking Trident PV Creation Due to Restricted StorageClass

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 41

Visibility:: Public

Votes:: 0

Category:: trident-kubernetes

Specialty:: SNAPX

Last Updated:

Applies to

Trident
Kubernetes - k8s

Issue

Trident fails to create PersistentVolumes (PVs) in Kubernetes when a Kyverno policy restricts the allowed storageClass. This results in PersistentVolumeClaims (PVCs) remaining in a Pending state, even though the volume is successfully created in Azure NetApp Files (ANF).

Trident logs:

1 request.go:1212] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"admission webhook \"validate.kyverno.svc-fail\" denied the request: \n\nresource PersistentVolume//pvc-946f4b1c-fe5f-418f-b178-f066cf73b0b1 was blocked due to the following policies \n\nrestrict-allowed-storageclasses:\n  restrict-pv-storageclass: 'validation error: PVs must use storageClassName ''<sc name>''\n    or ''<sc name>''. rule restrict-pv-storageclass failed at path /spec/storageClassName/'\n","code":400}

1 volume_store.go:144] error saving volume pvc-946f4b1c-fe5f-418f-b178-f066cf73b0b1: admission webhook "validate.kyverno.svc-fail" denied the request: