Error: pods is forbidden: User "system:serviceaccount:gitlab-managed-apps:default" cannot list pods in the namespace "kube-system"

Hi, I came up to this error when trying to deploy my application to my Kubernetes cluster (Amazon EKS). The problem arises by the fact that the user being used to execute the commands during the deployment is the default user on the namespace (each namespace has one afak), and this user doesn't have rights to list pods in kube-system. I fixed the problem by granting the permissions using the RoleBinding as below:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: read-pods
  namespace: kube-system
subjects:
  - kind: ServiceAccount
    name: default
    namespace: gitlab-managed-apps
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

Save this to a file, like rbac-default-read.yaml and from your terminal execute: kubectl create -f bot-rbac.yaml

What I can't understand is why the default user needs to list pods in kube-system namespace, when itself is in gitlab-managed-apps namespace and I am also calling Helm to create pods into another namespace as below:

helm upgrade --install --namespace=my-namespace --set image=my-image MY_RELEASE ./chart-repo

The pods at the end are created correctly in my-namespace. Anyone has an idea why it needs to list the pods in kube-system?

GitLab GitLab Enterprise Edition 11.6.2-ee

GitLab Runner Running in Kubernetes cluster (AWS EKS)