after successful deploys, logs show 403 error
sylver opened this issue · comments
Deploying the chart does not work out of the box, logs show that the service account created in the templates is having issues.
{"time":"2019-06-16T19:22:24Z","severity":"info","app":"estafette-gke-preemptible-killer","version":"1.0.49","branch":"master","revision":"c6cc13efd2d76ec9c41645496251d492cfc72a2e","buildDate":"2019-01-24T14:29:23Z","goVersion":"go1.11.5","message":"Starting estafette-gke-preemptible-killer..."}
{"time":"2019-06-16T19:22:24Z","severity":"info","app":"estafette-gke-preemptible-killer","version":"1.0.49","message":"Listing all preemptible nodes for cluster..."}
{"time":"2019-06-16T19:22:24Z","severity":"info","app":"estafette-gke-preemptible-killer","version":"1.0.49","port":":9001","path":"/metrics","message":"Serving Prometheus metrics..."}
{"time":"2019-06-16T19:22:24Z","severity":"error","app":"estafette-gke-preemptible-killer","version":"1.0.49","error":"kubernetes api: Failure 403 nodes is forbidden: User \"system:serviceaccount:default:context-pvmtest-pvm-manager-gke-pvm-killer\" cannot list resource \"nodes\" in API group \"\" at the cluster scope","message":"Error while getting the list of preemptible nodes"}
{"time":"2019-06-16T19:22:24Z","severity":"info","app":"estafette-gke-preemptible-killer","version":"1.0.49","message":"Sleeping for 518 seconds..."}
After some investigations, it turns out that providing a namespace during creation was locking it out, so I had to remove it. Maybe the doc should be updated about that.