Master Node is not creating pods due to error "Unable to create token for CNI kubeconfig error=serviceaccounts "calico-cni-plugin" is forbidden"

Solution Verified - Updated -

Issue

  • calico-node install-cni init container shows next error:
2025-01-07 09:01:25.052 [ERROR][1] cni-installer/token_watch.go 108: Unable to create token for CNI kubeconfig error=serviceaccounts "calico-cni-plugin" is forbidden: User "system:serviceaccount:calico-system:calico-node" cannot create resource "serviceaccounts/token" in API group "" in the namespace "calico-system"
2025-01-07 09:01:25.052 [FATAL][1] cni-installer/install.go 493: Unable to create token for CNI kubeconfig error=serviceaccounts "calico-cni-plugin" is forbidden: User "system:serviceaccount:calico-system:calico-node" cannot create resource "serviceaccounts/token" in API group "" in the namespace "calico-system"
  • cluster operator kube-apiserver is degraded due to next error:
clusteroperator/kube-apiserver is degraded because InstallerPodContainerWaitingDegraded: Pod "<pod_name>" on node "<node_name>" container "installer" is waiting since 2025-01-03 17:36:58 +0000 UTC because ContainerCreating
InstallerPodNetworkingDegraded: Pod "<pod_name>" on node "<node_name>" observed degraded networking: (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_installer-203-domine_openshift-kube-apiserver_1f11f11-22c2-4444-88c8-dc283570fb02_0(394dad79510dc1929dfe9096096e55ab58f4ac81c348931ebcb5f85fc22b73b9): error adding pod openshift-kube-apiserver_installer-203-master2 to CNI network "multus-cni-network": plugin type="multus" name="multus-cni-network" failed (add): [openshift-kube-apiserver/installer-203-domine/1f11f11-22c2-4444-88c8-dc283570fb02:k8s-pod-network]: error adding container to network "k8s-pod-network": error creating calico client: stat /var/run/multus/cni/net.d/calico-kubeconfig: no such file or directory

Environment

  • Openshift Container Platform
    • 4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content