Controller requires list permission over secrets in the watched namespace when deleting ephemeralrunner resources.
When not granted ephemeralrunner resources cannot be deleted by the controller printing next error:
2024-05-09T09:54:33Z ERROR Reconciler error {"controller": "ephemeral-runner-controller", "controllerGroup": "actions.github.com", "controllerKind": "EphemeralRunner", "EphemeralRunner": {"name":"<POD_NAME>","namespace":"<NAMESPACE_NAME>"}, "namespace": "<NAMESPACE_NAME>", "name": "<POD_NAME>", "reconcileID": "44cd28a5-ecd0-4334-9c9c-4decde0a39d8", "error": "failed to list runner-linked secrets: secrets is forbidden: User \"system:serviceaccount:<NAMESPACE_NAME>:arc-gha-rs-controller\" cannot list resource \"secrets\" in API group \"\" in the namespace \"<NAMESPACE_NAME>\""}
Controller requires
list
permission over secrets in the watched namespace when deletingephemeralrunner
resources. When not grantedephemeralrunner
resources cannot be deleted by the controller printing next error: