MountVolume.SetUp failed for volume "-token-m4rtn" : failed to sync secret cache: timed out waiting for the condition

Question

I am having an issue on GKE where all this error is being spewed from all name spaces. Not sure what might be the issue or how to troubleshoot this.

message: "MountVolume.SetUp failed for "volume-name-token-m4rtn" : failed to sync secret cache: timed out waiting for the condition"

It occurs for almost all pods in all namespaces. Has anyone come across this or have any ideas on how I can troubleshoot?

just as a kind reminder take a look here https://stackoverflow.com/help/someone-answers, if you find my answer useful, please consider upvoting/accepting it, thank you! — Jose Luis Delgadillo, Sep 17 '21 at 23:00

score 2 · Answer 1 · answered Sep 09 '21 at 22:02

The error you are receiving points to be a problem with RBAC(Role-based access control) permissions, looks like the service account used by the pod does not have enough permissions.

Hence, the default service account within the namespace you are deploying to is not authorized to mount the secret that you are trying to mount into your Pod.

You can get further information on the following link Using RBAC Authorization You also can take a look at the Google’s documentation

For example, the following Role grants read access (get, watch, and list) to all pods in the accounting Namespace:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: accounting
  name: pod-reader
rules:
- apiGroups: [""] # "" indicates the core API group
  resources: ["pods"]
  verbs: ["get", "watch", "list"]

Also you can take a look at the following similar cases Case in Reddit, StackOverflow case

MountVolume.SetUp failed for volume "-token-m4rtn" : failed to sync secret cache: timed out waiting for the condition

1 Answers1