Open braghettos opened 2 years ago
I know that this was a while ago...
You probably need to bind the provider service account to a ClusterRole with privileges or use a ControllerConfig to assign a ServiceAccount bound to an appropriate ClusterRole.
Here is what I've started with:
---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: provider-helm
spec:
package: xpkg.upbound.io/crossplane-contrib/provider-helm:v0.12.0
controllerConfigRef:
name: provider-helm
---
apiVersion: pkg.crossplane.io/v1alpha1
kind: ControllerConfig
metadata:
name: provider-helm
spec:
serviceAccountName: provider-helm
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: provider-helm
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: provider-helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: provider-helm
namespace: crossplane-system
If you know the namespace exists, you can set skipCreateNamespace to true.
What happened?
I'm trying to use provider-helm to install argocd helm chart but I'm getting the following issue:
Failed to create namespace for release: namespaces is forbidden: User "system:serviceaccount:crossplane-system:provider-helm-b9e90b3c7ff8" cannot create resource "namespaces" in API group "" at the cluster scope
How can we reproduce it?
This is how I'm configuring my managed resource in my composition:
What environment did it happen in?
kubectl version
):