Hello folks,
I am trying to validate the full e2e testing framework locally but am I having an issue with Smoke and AWS test.
Once the pods are up and running the following error appears in the POD log:
E1230 07:34:13.075110 1 reflector.go:127] pkg/mod/k8s.io/client-go@v0.19.2/tools/cache/reflector.go:156: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:e2e-smoke-c8f7e541-1805-4065-8d2f-8a7433cb1a73:secret-manager-smoke" cannot list resource "secrets" in API group "" at the cluster scope
In order to let it work I had to add the brand new serviceaccounts (secret-manager-smoke and secret-manager-aws), created at namespace level, into permissive-binding clusterrolebinding as they lack cluster-wide permissions.
I am not sure to understand where/how the service accounts are created and I'm wondering why the automatic build on this repo does not get affected by this issue.
Can you please give me any hint?
Hello folks,
I am trying to validate the full e2e testing framework locally but am I having an issue with Smoke and AWS test.
Once the pods are up and running the following error appears in the POD log:
E1230 07:34:13.075110 1 reflector.go:127] pkg/mod/k8s.io/client-go@v0.19.2/tools/cache/reflector.go:156: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:e2e-smoke-c8f7e541-1805-4065-8d2f-8a7433cb1a73:secret-manager-smoke" cannot list resource "secrets" in API group "" at the cluster scope
In order to let it work I had to add the brand new serviceaccounts (secret-manager-smoke and secret-manager-aws), created at namespace level, into permissive-binding clusterrolebinding as they lack cluster-wide permissions.
I am not sure to understand where/how the service accounts are created and I'm wondering why the automatic build on this repo does not get affected by this issue.
Can you please give me any hint?