Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Service account cannot list resource "mutatingwebhookconfigurations" after installing in karpenter namespace #6820

Closed
denniszag opened this issue Aug 21, 2024 · 2 comments
Closed

Service account cannot list resource "mutatingwebhookconfigurations" after installing in karpenter namespace #6820

denniszag opened this issue Aug 21, 2024 · 2 comments
Assignees
@jmdeal
Labels
lifecycle/closed lifecycle/stale question Further information is requested

Comments

@denniszag
Copy link

denniszag commented Aug 21, 2024
edited
Loading

Description

Observed Behavior:

{"level":"INFO","time":"2024-08-21T11:51:07.719Z","logger":"controller","message":"k8s.io/[email protected]/tools/cache/reflector.go:232: failed to list *v1.MutatingWebhookConfiguration: mutatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User \"system:serviceaccount:karpenter:karpenter\" cannot list resource \"mutatingwebhookconfigurations\" in API group \"admissionregistration.k8s.io\" at the cluster scope","commit":"490ef94"}

{"level":"ERROR","time":"2024-08-21T11:51:07.719Z","logger":"controller","message":"k8s.io/[email protected]/tools/cache/reflector.go:232: Failed to watch *v1.MutatingWebhookConfiguration: failed to list *v1.MutatingWebhookConfiguration: mutatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User \"system:serviceaccount:karpenter:karpenter\" cannot list resource \"mutatingwebhookconfigurations\" in API group \"admissionregistration.k8s.io\" at the cluster scope","commit":"490ef94"}
{"level":"ERROR","time":"2024-08-21T11:51:07.926Z","logger":"webhook","message":"http: TLS handshake error from 172.33.20.216:47284: tls: no certificates configured\n","commit":"490ef94"}

Karpenter is installed in karpenter namespace, not kube-system.
Expected Behavior:
The role should have those actions.

Reproduction Steps (Please include YAML):
Default values with the following overrides:

settings:
  clusterName: XXXX
  featureGates:
    drift: true
    spotToSpotConsolidation: true

Versions:

  • Chart Version: v1.0.0
  • Kubernetes Version (kubectl version): v1.30.2-eks-db838b0
  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
@denniszag denniszag added bug Something isn't working needs-triage Issues that need to be triaged labels Aug 21, 2024
@jmdeal
Copy link
Contributor

jmdeal commented Aug 26, 2024

Based on the commit in the log messages, you're running Karpenter v0.37.0, not v1.0.0. How did you go about installing the chart? If you referenced the chart in the repo at the tag, see #5415. The OCI repo should be used as a source for the chart.

@jmdeal jmdeal self-assigned this Aug 26, 2024
@jmdeal jmdeal added question Further information is requested and removed bug Something isn't working needs-triage Issues that need to be triaged labels Sep 6, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue has been inactive for 14 days. StaleBot will close this stale issue after 14 more days of inactivity.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Oct 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmdeal jmdeal

Labels
lifecycle/closed lifecycle/stale question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@denniszag @jmdeal