No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi Folks, Is there any clear documentation on what k8s RBAC permissions are required to run pulumi preview using the v4.Chart resource? Any places to look would be appreciated.

Are you specifically interested in `pulumi preview`?

I assume that you'll need permissions to query the resources in your chart in order for Pulumi to be able to determine the current state.

So if your chart contains a pod and a secret, you'll have to have permissions to "get" pods and secrets in the relevant namespace.

You can see which RBAC permissions the <https://github.com/pulumi/pulumi-kubernetes-operator/tree/master|Kubernetes operator> gets, e.g., <https://github.com/pulumi/pulumi-kubernetes-operator/blob/master/examples/blue-green/operator.ts#L34>

This isn’t the pulumi operator, but the helm chart resource. I figured it out on my own, but its not clearly documented.

I understood that you're not using the k8s operator, it just came to mind as a useful reference to look at, because the operator has to perform the same operations :slightly_smiling_face:

Would you mind sharing what you figured out? I'd be quite interested to learn

I needed to give the provider/role access to do every get operation that the helm chart would be implementing

But `preview` didn't require `list` or `watch`?

I added list, watch in there for good measure as well

Thanks for these details, that's helpful to know :slightly_smiling_face: