Hi, I came up to this error when trying to deploy my application to my Kubernetes cluster (Amazon EKS). The problem arises by the fact that the user being used to execute the commands during the deployment is the `default` user on the namespace (each namespace has one afak), and this user doesn't have rights to list pods in kube-system. I fixed the problem by granting the permissions using the RoleBinding as below: ```yml apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: read-pods namespace: kube-system subjects: - kind: ServiceAccount name: default namespace: gitlab-managed-apps roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io ``` Save this to a file, like `rbac-default-read.yaml` and from your terminal execute: `kubectl create -f bot-rbac.yaml` What I can't understand is why the default user needs to list pods in `kube-system` namespace, when itself is in `gitlab-managed-apps` namespace and I am also calling Helm to create pods into another namespace as below: `helm upgrade --install --namespace=my-namespace --set image=my-image MY_RELEASE ./chart-repo` The pods at the end are created correctly in `my-namespace`. Anyone has an idea why it needs to list the pods in `kube-system`? **GitLab** GitLab Enterprise Edition 11.6.2-ee **GitLab Runner** Running in Kubernetes cluster (AWS EKS)