vertical-pod-autoscaler admission-controller serviceaccount missing permissions #9076
Description
Which component are you using?:
/area vertical-pod-autoscaler
What version of the component are you using?:
helm chart 0.8.0 of vertical-pod-autoscaler
Component version:
What k8s version are you using (kubectl version)?:
kubectl version Output
$ kubectl version Client Version: v1.33.5 Kustomize Version: v5.6.0 Server Version: v1.33.5-eks-3025e55
What environment is this in?:
AWS
What did you expect to happen?:
vertical-pod-autoscaler running without errors
I0119 10:56:43.329614 1 config.go:192] Self registration as MutatingWebhook succeeded.
What happened instead?:
F0119 10:55:33.008699 1 config.go:104] mutatingwebhookconfigurations.admissionregistration.k8s.io "vpa-webhook-config" is forbidden: User "system:serviceaccount:kube-system:vertical-pod-autoscaler-admission-controller" cannot delete resource "mutatingwebhookconfigurations" in API group "admissionregistration.k8s.io" at the cluster scope
please, add delete option in cluster role:
- apiGroups:
- admissionregistration.k8s.io
resources: - mutatingwebhookconfigurations
verbs: - list
- get
- create
- delete
- admissionregistration.k8s.io
Also, 0.8.0 still doesn't have other fixes for cluster role, @omerap12 added to master. Please, provide new chart version. Thank you!