Hello,
I am trying to submit a Nomad Job to a cluster with ACLs and Nomad is refusing my job with the message “Your ACL token does not grant permission to submit jobs.”.
After some troubleshooting ( deleting one section of the job at a time until the cluster accepted it ). I found that the issue was my csi volume.
job "volume-acl" {
group "volume-acl" {
volume "data" {
type = "csi"
read_only = false
source = "fffff"
attachment_mode = "file-system"
access_mode = "single-node-writer"
per_alloc = false
}
task "volume-acl" {
driver = "docker"
config {
image = "bash"
entrypoint=["sleep","234234"]
}
}
}
}
My token has the following ACL policy:
namespace "*" {
policy = "write"
capabilities = [
"submit-job",
"dispatch-job",
"read-job",
"csi-mount-volume",
"scale-job",
"parse-job",
"read-logs",
"alloc-exec",
"alloc-lifecycle",
"csi-read-volume",
"csi-list-volume",
"read-fs"
]
}
node {
policy = "write"
}
agent {
policy = "write"
}
operator {
policy = "write"
}
quota {
policy = "write"
}
host_volume "*" {
policy = "write"
}
plugin {
policy = "write"
}
csi-plugin {
policy = "write"
}
acl {
policy = "write"
}
job {
policy = "write"
}
deployment {
policy = "write"
}
event_stream {
policy = "write"
}
csi_volume "*" {
policy = "write"
}
Why won’t nomad accept my job? csi_volume has policy=“write”
Thanks,
David