cannot list resource "pools" at the cluster scope #274
Description
What steps did you take and what happened?
I am in the process of deploying a garm-operator configuration in an AKS cluster, using ArgoCD.
I had to tweak a bit the sync waves to be able to create the admission webhook and its service first, and I could get rid of healthy check issues.
My Garm server seems to be responding fine and is running in another namespace in the same cluster.
I deployed an Organization, an Image and a Pool. All 3 custom resources are properly created in k8s, and reconciliation works for org and image (it seems). But an issue arises about the pools listing, which I can't understand properly:
garm-operator-controller-manager-7689ffcc46-dbzls manager E0605 13:42:06.703409 1 reflector.go:147] pkg/mod/k8s.io/client-go@v0.29.13/tools/cache/reflector.go:229: Failed to watch *v1beta1.Pool: failed to list *v1beta1.Pool: pools.garm-operator.mercedes-benz.com is forbidden: User "system:serviceaccount:garm-operator-system:garm-operator-controller-manager" cannot list resource "pools" in API group "garm-operator.mercedes-benz.com" at the cluster scope: Azure does not have opinion for this user.
What bothers me is the 'at the cluster scope'. Why does garm-operator need to list pool resources at the cluster scope, whereas they are declared in the proper garm-operator-system namespace? And the corresponding RoleBinding is not a ClusterRoleBinding...
What did you expect to happen?
I expect Pool list to be reconciled properly. One step at a time.
garm version
garm server: v0.1.5
garm-operator version
v0.4.1
Kubernetes version
Server Version: v1.30.11
Anything else you would like to add?
No response