Was able to claim volumes when ACL was disabled, but not when I turned it on and used management token or created another token with the following policy, but works for anonymous policy
nomad version - 0.12.1
namespace "*" {
policy = "write"
capabilities = [
"alloc-node-exec",
"list-jobs",
"read-job",
"submit-job",
"dispatch-job",
"read-logs",
"read-fs",
"alloc-exec",
"alloc-lifecycle",
"csi-write-volume",
"csi-mount-volume",
"list-scaling-policies",
"read-scaling-policy",
"read-job-scaling",
"csi-list-volume",
"csi-read-volume",
"scale-job"
]
}
plugin {
policy = "read"
}
agent {
policy = "write"
}
operator {
policy = "write"
}
quota {
policy = "write"
}
node {
policy = "write"
}
Can someone let me know what is wrong if there is something wrong with the policy or config mistake
advertise {
http = "{PRIVATE-IPV4}"
rpc = "{PRIVATE-IPV4}"
serf = "{PRIVATE-IPV4}"
}
data_dir = "/opt/nomad"
region = "{CLOUD}-{REGION}"
datacenter = "{CLOUD}-{ZONE}"
client {
enabled = true
host_volume "run" {
path = "/var/run"
}
}
acl {
enabled = true
}
vault {
enabled = true
address = "http://vault.service.consul:8200"
}
plugin "docker" {
config {
allow_privileged = true
}
}