Skip to content
This repository was archived by the owner on Aug 12, 2025. It is now read-only.

Commit db490c9

Browse files
author
Gianluca Arbezzano
committed
fix: error retrieving bootstrap secret from kube api
The manager has to be able to retrieve secrets because that's how it lookup bootstrap information. We didn't set the right permission ``` $ kubectl logs -f cluster-api-provider-packet-controller-manager-89c9f95b8-49hlq -n cluster-api-provider-packet-system -c manager -f E0526 15:16:07.696352 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope E0526 15:16:08.698025 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope E0526 15:16:09.699755 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope E0526 15:16:10.700982 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope E0526 15:16:11.702393 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope E0526 15:16:12.704717 1 reflector.go:153] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:105: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:cluster-api-provider-packet-system:default" cannot list resource "secrets" in API group "" at the cluster scope ```
1 parent 527b484 commit db490c9

File tree

2 files changed

+9
-0
lines changed

2 files changed

+9
-0
lines changed

config/rbac/role.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,14 @@ metadata:
66
creationTimestamp: null
77
name: manager-role
88
rules:
9+
- apiGroups:
10+
- ""
11+
resources:
12+
- secrets
13+
verbs:
14+
- get
15+
- list
16+
- watch
917
- apiGroups:
1018
- cluster.x-k8s.io
1119
resources:

controllers/packetmachine_controller.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,7 @@ type PacketMachineReconciler struct {
6161
// +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=packetmachines,verbs=get;list;watch;create;update;patch;delete
6262
// +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=packetmachines/status,verbs=get;update;patch
6363
// +kubebuilder:rbac:groups=cluster.x-k8s.io,resources=machines;machines/status,verbs=get;list;watch
64+
// +kubebuilder:rbac:groups="",resources=secrets;,verbs=get;list;watch
6465

6566
func (r *PacketMachineReconciler) Reconcile(req ctrl.Request) (_ ctrl.Result, reterr error) {
6667
ctx := context.Background()

0 commit comments

Comments
 (0)