You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the authorization role that is set up in the template the rules section uses a single rule that applies across multiple api groups ("" and batch). This results in some invalid combinations like requesting "get" on "pods" in api group "batch".
Our build system uses a service account which isn't granted these invalid permissions and this causes the install of the helm chart to fail with log entries such as:
`... is attempting to grant RBAC permissions not currently held:
In the authorization role that is set up in the template the rules section uses a single rule that applies across multiple api groups ("" and batch). This results in some invalid combinations like requesting "get" on "pods" in api group "batch".
Our build system uses a service account which isn't granted these invalid permissions and this causes the install of the helm chart to fail with log entries such as:
`... is attempting to grant RBAC permissions not currently held:
{APIGroups:[""], Resources:["jobs"], Verbs:["get" "list" "watch"]}
{APIGroups:["batch"], Resources:["pods"], Verbs:["get" "list" "watch"]}
{APIGroups:["batch"], Resources:["services"], Verbs:["get" "list" "watch"]}`
Please break this single rule into multiple rules so it will not result in invalid combinations.
The text was updated successfully, but these errors were encountered: