What happened?
Provider doesn't get delete verb in RBAC for ProviderConfigUsage resource. As provider creates and deletes ProviderConfigUsage, whenever deletion is needed it ends up with:
Warning UsageAccounting 32m (x114812 over 8d)
providerconfig/clusterproviderconfig.kubernetes.m.crossplane.io cannot delete
ProviderConfigUsage: providerconfigusages.kubernetes.m.crossplane.io
"49aa044d-5c35-45d9-b352-1e4a85f56048" is forbidden:
User "system:serviceaccount:crossplane:provider-kubernetes" cannot delete resource "providerconfigusages"
in API group "kubernetes.m.crossplane.io" in the namespace "example"
How can we reproduce it?
Create any object using provider-kubernetes, and then try to delete it. Deletions of ProviderConfigUsage should fail then.
What environment did it happen in?
Crossplane version: v2.2.0
Provider version: v1.2.1
Kubernetes version: v1.33.7
Workaround
I solved it by giving this single permission in custom RBAC rule, but as it seems like inherent part of operations conducted by the provider it should be handled out of the box.
What happened?
Provider doesn't get
deleteverb in RBAC for ProviderConfigUsage resource. As provider creates and deletes ProviderConfigUsage, whenever deletion is needed it ends up with:How can we reproduce it?
Create any object using provider-kubernetes, and then try to delete it. Deletions of ProviderConfigUsage should fail then.
What environment did it happen in?
Crossplane version: v2.2.0
Provider version: v1.2.1
Kubernetes version: v1.33.7
Workaround
I solved it by giving this single permission in custom RBAC rule, but as it seems like inherent part of operations conducted by the provider it should be handled out of the box.