pods is forbidden: User "system:serviceaccount:kube-system:default" cannot list resource "pods" in API group "" at the cluster scope (Kubeclient::HttpError)
--- apiVersion: v1 kind: ServiceAccount metadata: name: fluentd namespace: system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: fluentd namespace: system rules: - apiGroups: - "" resources: - pods verbs: - get - list - watch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: fluentd roleRef: kind: ClusterRole name: fluentd apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: fluentd namespace: system --- apiVersion: v1 kind: ConfigMap metadata: name: fluentd namespace: system data: fluent.conf: | @include kubernetes.conf <match **> type elasticsearch log_level info include_tag_key true host elastic.system.svc.cluster.local port 9200 user elastic password <...> logstash_format true buffer_chunk_limit 2M buffer_queue_limit 32 flush_interval 5s max_retry_wait 30 disable_retry_limit num_threads 8 </match> --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: fluentd namespace: system labels: k8s-app: fluentd-logging version: v1 kubernetes.io/cluster-service: "true" spec: template: metadata: labels: k8s-app: fluentd-logging version: v1 kubernetes.io/cluster-service: "true" spec: serviceAccount: fluentd serviceAccountName: fluentd containers: - name: fluentd image: fluent/fluentd-kubernetes-daemonset:elasticsearch volumeMounts: - name: varlog mountPath: /var/log - name: varlibdockercontainers mountPath: /var/lib/docker/containers - name: config mountPath: /fluentd/etc/fluent.conf subPath: fluent.conf volumes: - name: varlog hostPath: path: /var/log - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers - name: config configMap: name: fluentd