Hi folks,
Reaching out with an issue that I’m having trouble getting to the root of, hoping that somebody has some insight.
Running AWX-Operator 0.21.0 and AWX latest in GKE. Installed both with helm charts. First installing Operator using a helm chart, then installing AWX with Istio using a separate helm chart after AWX-Operator is running.
I’m able to log in and sync projects just fine. The problem I’m encountering comes when I’m trying to sync a dynamic inventory source.
Using ansible I’ve added an inventory, with a dynamic source pointing to a bitbucket project. When attempting to synchronise the dynamic inventory source, AWX returns an error when attempting to create a pod for awx-ee:latest
“Error creating pod: Post “https://x.x.x.x:443/api/v1/namespaces/awx/pods”: Forbidden”
Now I understand this is a permissions issue, but I’m having trouble understanding where the permissions have been denied. I’ve annotated the service accounts with a GCE service account that has permission to create/destroy any resource I should need to, and I’ve been able to create a pod using this image myself manually.
Has anyone encountered anything like this or have advise on where I should look?
Regards,
Seán