Skip to content

fix: allow scheduler SA to access resource.k8s.io API group#963

Merged
k8s-ci-robot merged 1 commit intokubernetes-sigs:masterfrom
Huang-Wei:fix-rbac
Apr 19, 2026
Merged

fix: allow scheduler SA to access resource.k8s.io API group#963
k8s-ci-robot merged 1 commit intokubernetes-sigs:masterfrom
Huang-Wei:fix-rbac

Conversation

@Huang-Wei
Copy link
Copy Markdown
Contributor

@Huang-Wei Huang-Wei commented Apr 18, 2026

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

K8s v1.34 needs RBAC permissions on DRA related APIs; otherwise scheduler-plugin would fail running in-cluster:

E0418 19:09:58.214778       1 reflector.go:205] "Failed to watch" err="failed to list *v1.DeviceClass: deviceclasses.resource.k8s.io is forbidden: User
\"system:serviceaccount:scheduler-plugins:scheduler-plugins-scheduler\" cannot list resource \"deviceclasses\" in API group \"resource.k8s.io\" at the cluster
scope" logger="UnhandledError" reflector="pkg/mod/k8s.io/client-go@v0.34.7/tools/cache/reflector.go:290" type="*v1.DeviceClass"
E0418 19:10:02.693224       1 reflector.go:205] "Failed to watch" err="failed to list *v1.ResourceSlice: resourceslices.resource.k8s.io is forbidden: User
\"system:serviceaccount:scheduler-plugins:scheduler-plugins-scheduler\" cannot list resource \"resourceslices\" in API group \"resource.k8s.io\" at the cluster
scope" logger="UnhandledError" reflector="pkg/mod/k8s.io/client-go@v0.34.7/tools/cache/reflector.go:290" type="*v1.ResourceSlice"
E0418 19:10:05.989873       1 reflector.go:205] "Failed to watch" err="failed to list *v1.ResourceClaim: resourceclaims.resource.k8s.io is forbidden: User
\"system:serviceaccount:scheduler-plugins:scheduler-plugins-scheduler\" cannot list resource \"resourceclaims\" in API group \"resource.k8s.io\" at the cluster
scope" logger="UnhandledError" reflector="pkg/mod/k8s.io/client-go@v0.34.7/tools/cache/reflector.go:290" type="*v1.ResourceClaim"

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

rbac fix: allow scheduler SA to access resource.k8s.io API group

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. labels Apr 18, 2026
@netlify
Copy link
Copy Markdown

netlify bot commented Apr 18, 2026
edited
Loading

Deploy Preview for kubernetes-sigs-scheduler-plugins canceled.

Name Link
🔨 Latest commit 8d57866
🔍 Latest deploy log https://app.netlify.com/projects/kubernetes-sigs-scheduler-plugins/deploys/69e3d99458a90400084234cc

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. approved Indicates a PR has been approved by an approver from all required OWNERS files. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Apr 18, 2026
@Huang-Wei
Copy link
Copy Markdown
Contributor Author

Huang-Wei commented Apr 18, 2026

cc @tenzen-y

Could you help /lgtm? TIA!

tenzen-y
tenzen-y reviewed Apr 19, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@tenzen-y tenzen-y left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!
/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 19, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Apr 19, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Huang-Wei, tenzen-y

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 466af61 into kubernetes-sigs:master Apr 19, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@seanmalloy seanmalloy Awaiting requested review from seanmalloy

@swatisehgal swatisehgal Awaiting requested review from swatisehgal

1 more reviewer

@tenzen-y tenzen-y tenzen-y left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@tenzen-y tenzen-y

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Huang-Wei @k8s-ci-robot @tenzen-y