Ah okay,
Looks like you were correct.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
name: default-operator
namespace: training
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- patch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: role-test-account-binding
namespace: training
subjects:
- kind: ServiceAccount
name: default
namespace: training
roleRef:
kind: Role
name: default-operator
apiGroup: rbac.authorization.k8s.io
I had to create this role and role binding and apply it whilst the charm was deploying because over here Kubernetes API warnings I can’t tell whether its the charm developers issue or juju’s issue but its using the default service account and it hasn’t got enough permissions to do what your charm asks. That said right at the end it does a patch apparantly and the postgres operator doesn’t have permissions for that either, so I guess it doesn’t make much difference.
Up and running since I chucked that serviceaccount role in though.
Thanks!