Ensure default service account gets namespaces role

[Alex-Welsh]

Error from kubernetes nodepool launcher log:

"Failure", "message":"namespaces is forbidden: User \"system:serviceaccount:zuul:default\" cannot list resource \"namespaces\" in API group \"\" at the cluster scope"

[mnasiadka]

Hmm, why are we trying to deploy anything in the default namespace? Shouldn't that be configured to use some dedicated namespace?

[Alex-Welsh]

Hmm, why are we trying to deploy anything in the default namespace? Shouldn't that be configured to use some dedicated namespace?

https://zuul-ci.org/docs/nodepool/latest/kubernetes.html#attr-providers.[kubernetes].pools.name
Not sure if i'm reading this right, but it sounds like it's creating a new namespace for each pool, which would explain why it's trying to list namespaces

[mnasiadka]

Hmm, why are we trying to deploy anything in the default namespace? Shouldn't that be configured to use some dedicated namespace?

https://zuul-ci.org/docs/nodepool/latest/kubernetes.html#attr-providers.[kubernetes].pools.name Not sure if i'm reading this right, but it sounds like it's creating a new namespace for each pool, which would explain why it's trying to list namespaces

Fine by me - we should move to zuul-launcher soon (that means when I get time to add support for zuul-launcher to zuul-operator) - so that's fine for now.