MIssing permission on Role to get leases
nsurleraux-railnova opened this issue · 3 comments
Describe the bug
When upgrading registry-creds using kubectl, the controller throws an error:
E0125 08:06:38.503340 1 leaderelection.go:330] error retrieving resource lock registry-creds-system/8bdecb1a.alexellis.io: leases.coordination.k8s.io "8bdecb1a.alexellis.io" is forbidden: User "system:serviceaccount:registry-creds-system:default" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "registry-creds-system"
To Reproduce
Steps to reproduce the behavior:
kubectl apply -f https://raw.githubusercontent.com/alexellis/registry-creds/master/manifest.yaml- Get the log from the controller
Expected behavior
The error should not happen and the leases should be updated.
Are you a GitHub Sponsor (Yes/No?)
Issues from sponsors get prioritised and a quicker response.
Check at: https://github.com/sponsors/alexellis
- Yes
- No
Screenshots or console output
E0125 08:06:38.503340 1 leaderelection.go:330] error retrieving resource lock registry-creds-system/8bdecb1a.alexellis.io: leases.coordination.k8s.io "8bdecb1a.alexellis.io" is forbidden: User "system:serviceaccount:registry-creds-system:default" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "registry-creds-system"
Operating system and version:
EKS running Kubernetes 1.21
List all possible solutions, and your suggested option
Add the required rule to the Role:
- verbs:
- get
- create
- update
- patch
apiGroups:
- coordination.k8s.io
resources:
- leasesAdditional context
N/A
Hey thanks for your interest in this project.
Tested PRs are always welcome, would you prefer to do that or to set up a sponsorship and I'll carve out some time for this?
Alex
Closed by #43