Dashboard pod is not allowed to create secrets
Somehow we missed this in testing, but when you run flask cli app install <app>
on a new cluster, you'll get the following error:
kubernetes.utils.create_from_yaml.FailToCreateError: Error from server (Forbidden): {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"secrets is forbidden: User \"system:serviceaccount:stackspin:dashboard\" cannot create resource \"secrets\" in API group \"\" in the namespace \"flux-system\"","reason":"Forbidden","details":{"kind":"secrets"},"code":403}
See also this job.
The reason: we didn't include create
in the following rule for the dashboard clusterrole:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- list
- get
- patch
- delete
The solution: we should include create.