RealTheory can provide the most accurate cost analysis for persistent volumes when it can access the storage classes in your Kubernetes environment. If you see the "unable to get the storage classes" error in the RealTheory collector log, you must amend the cluster role in the RealTheory deployment to provide the required access.
unable to get the storage classes from the k8s control plane. Please check RBAC permissions on API group storage.k8s.io.: cannot get the kubernetes storage classes from the K8s master: storageclasses.storage.k8s.io is forbidden: User "system:serviceaccount:real-theory-system:real-theory-collector" cannot list resource "storageclasses" in API group "storage.k8s.io" at the cluster scope
To ensure the most accurate cost analysis, you must update the deployment manifest applied to the Kubernetes cluster to provide the required access to the registered storage classes. There are two ways to do this, depending on whether you have access to the original manifest or not.
kubectl auth can-i get storageclass --as=system:serviceaccount:real-theory-system:real-theory-collector --all-namespaceskubectl auth can-i list storageclass --as=system:serviceaccount:real-theory-system:real-theory-collector --all-namespaces,The output from the command will be no if the RealTheory collector cannot access the storage classes.
kind: ClusterRole section of the RealTheory deployment manifest: 1- apiGroups: [storage.k8s.io]2 resources: ["*"]3 verbs: [get, watch, list]
apply -f <filename> where <filename> is the path to the RealTheory Collector configuration document.kubectl auth can-i get storageclass --as=system:serviceaccount:real-theory-system:real-theory-collector --all-namespaceskubectl auth can-i list storageclass --as=system:serviceaccount:real-theory-system:real-theory-collector --all-namespaces The output from the command will be yes.
kubectl auth can-i get storageclass --as=system:serviceaccount:real-theory-system:real-theory-collector --all-namespaceskubectl auth can-i list storageclass --as=system:serviceaccount:real-theory-system:real-theory-collector --all-namespacesThe output from the command will be no if the RealTheory collector cannot access the storage classes.
apply -f <filename> where <filename> is the path to the RealTheory Collector configuration document.kubectl auth can-i get storageclass --as=system:serviceaccount:real-theory-system:real-theory-collector --all-namespaceskubectl auth can-i list storageclass --as=system:serviceaccount:real-theory-system:real-theory-collector --all-namespaces The output from the command will be yes.
Search for a command to run...