Leon Kozlowski
02/02/2023, 7:16 PM2.7.10
I've managed to get a flow deployed, but it seems that the agent can't submit flow runs due to a permissions error
(Posting tracebacks in thread)HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"namespaces \"kube-system\" is forbidden: User \"system:serviceaccount:default:prefect-orion-agent\" cannot get resource \"namespaces\" in API group \"\" in the namespace \"kube-system\"","reason":"Forbidden","details":{"name":"kube-system","kind":"namespaces"},"code":403}
apiVersion: <http://rbac.authorization.k8s.io/v1|rbac.authorization.k8s.io/v1>
kind: Role
metadata:
name: {{ include "prefect-orion-agent.fullname" . }}-rbac
namespace: {{ .Release.Namespace }}
rules:
- apiGroups: [""]
resources: ["pods", "pods/log", "pods/status"]
verbs: ["get", "watch", "list"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
kube-system
ns?Zanie
02/02/2023, 7:21 PMWalter Cavinaw
02/02/2023, 7:25 PMZanie
02/02/2023, 7:28 PMLeon Kozlowski
02/02/2023, 7:28 PMNick Coy
02/02/2023, 7:29 PMprefect kubernetes manifest agent
adds a clusterrole which solved that for meZanie
02/02/2023, 7:29 PMLeon Kozlowski
02/02/2023, 7:31 PMZanie
02/02/2023, 7:35 PM