Unable to List Secrets in Cluster Scope with Go Reconciler

[fntkg]

Type of question

General operator-related help

Question

I am using the Operator SDK with the Go option to develop a Kubernetes operator. In my Reconciler, I have implemented logic to read a secret from the cluster. However, I encounter the following error:

W0522 08:28:54.653471       1 reflector.go:535] pkg/mod/k8s.io/client-go@v0.28.3/tools/cache/reflector.go:229: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:k8s-operator-system:k8s-operator-controller-manager" cannot list resource "secrets" in API group "" at the cluster scope
E0522 08:28:54.653654       1 reflector.go:147] pkg/mod/k8s.io/client-go@v0.28.3/tools/cache/reflector.go:229: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:k8s-operator-system:k8s-operator-controller-manager" cannot list resource "secrets" in API group "" at the cluster scope

Steps to Reproduce:

1. Set up a new operator using the Operator SDK with the Go option.
2. Implement a Reconciler that attempts to read a secret from the cluster.
3. Deploy the operator to a Kubernetes cluster.
4. Observe the logs for the aforementioned error.

Expected Result:

The operator should be able to list and read secrets from the cluster without encountering permission issues.

Actual Result:

The operator fails to list secrets, resulting in a permissions error.

Additional Information:

• Operator SDK version: operator-sdk version: "v1.34.2"
• Kubernetes version: minikube version: v1.33.1
• Go version: go version go1.21.10 darwin/arm64

It appears that the system:serviceaccount:k8s-operator-system:k8s-operator-controller-manager lacks the necessary permissions to list secrets. Any guidance on resolving this issue would be greatly appreciated.

Thank you!

[fntkg]

I just added //+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch and it worked!