Giuliano Mega
01/19/2023, 1:09 PMkube-system
namespace).
As per the workaround in the bug, I've updated my existing staging agent role so that it can read namespaces:
ā ~ kubectl describe role prefect-staging-agent
Name: prefect-staging-agent
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
jobs.batch [] [] [list watch create update patch get delete]
namespaces [] [] [list watch get]
pods/log [] [] [list watch get]
pods/status [] [] [list watch get]
pods [] [] [list watch get]
to no avail. Still getting "Failure","message":"namespaces \"kube-system\" is forbidden: User \"system:serviceaccount:default:default\" cannot get resource \"namespaces\" in API group \"\" in the namespace \"kube-system\"","reason":"Forbidden"
Any ideas of what might I be missing? Guess my main concern is that kube-system might be off limits for autopilot but couldn't find anything saying you can't read stuff from it.data "kubernetes_namespace" "kube_system" {
metadata {
name = "kube-system"
}
}
# To access the UID:
data.kubernetes_namespace.kube_system.metadata[0].uid