hi! i tried the latest default image for prefect on our self hosted instance running on aws eks. im not able to figure out why it is trying to access resources in some another namespace ("kube-system") while we have correctly mentioned the namespace in agents as well as the job manifest.
attaching the error log in thread
kubernetes 1
Deepanshu Aggarwal
12/15/2022, 8:50 AM
Copy code
kubernetes.client.exceptions.ApiException: (403)
Reason: Forbidden
HTTP response headers: HTTPHeaderDict({'Audit-Id': '77725620-b59d-4425-9cfa-d6073f0c1b6b', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'X-Kubernetes-Pf-Flowschema-Uid': '83345a0d-ffb4-45f8-84bf-b0cee0f55505', 'X-Kubernetes-Pf-Prioritylevel-Uid': 'd25d47ea-b08d-49c0-8b39-d589ce88b7c1', 'Date': 'Thu, 15 Dec 2022 06:37:14 GMT', 'Content-Length': '366'})
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"namespaces \"kube-system\" is forbidden: User \"system:serviceaccount:prod-prefect-self-hosted-ns:prod-agent-sa\" cannot get resource \"namespaces\" in API group \"\" in the namespace \"kube-system\"","reason":"Forbidden","details":{"name":"kube-system","kind":"namespaces"},"code":403}
Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.