Hi 👋

When creating kamaji clusters we sometimes get authorization errors because the following ClusterRoleBindings were not created:

kubeadm:cluster-admins
kubeadm:get-nodes
kubeadm:kubelet-bootstrap
kubeadm:node-autoapprove-bootstrap
kubeadm:node-autoapprove-certificate-rotation
kubeadm:node-proxier

This leads to the kubernetes-admin user not having any permissions whatsoever, e.g. kubectl get po is not possible.

The problem seems to stem from a race condition since it is not easily reproducible. We mainly see this error occur when triggering simultaneous cluster creations. During my last test 4 out of 10 clusters had the issue. Recreating the aforementioned ClusterRoleBindings also resolves the problem.

I could not find any error logs (or other logs) pointing me to towards a specific reason why the ClusterRoleBindings were/could not be created. Our build is based on b68010e (from the 7th of April). The issue from #608 could be related.

Let me know if you need more information or if I can help debug the issue.