Skip to content

Helm chart RBAC missing kagent.dev/agents permissions #325

New issue
New issue
Closed
Bug
#329
Closed
Helm chart RBAC missing kagent.dev/agents permissions#325
Bug
#329
Assignees
timflannagan
@timflannagan

Description

@timflannagan
timflannagan
opened on Mar 12, 2026

When deploying the new helm charts locally, installing kagent, etc., I see the following logs in the registry server container:

$ k logs deploy/agentregistry | tail -n 5
{"time":"2026-03-12T18:42:04.646272278Z","level":"INFO","msg":"Warning: failed to list kubernetes remote MCP servers for discovery: failed to list remote MCP servers: remotemcpservers.kagent.dev is forbidden: User \"system:serviceaccount:agentregistry:agentregistry\" cannot list resource \"remotemcpservers\" in API group \"kagent.dev\" at the cluster scope"}
{"time":"2026-03-12T18:42:20.298658637Z","level":"INFO","msg":"Warning: failed to list kubernetes agents for discovery: failed to list agents: agents.kagent.dev is forbidden: User \"system:serviceaccount:agentregistry:agentregistry\" cannot list resource \"agents\" in API group \"kagent.dev\" at the cluster scope"}
{"time":"2026-03-12T18:42:20.303989193Z","level":"INFO","msg":"Warning: failed to list kubernetes remote MCP servers for discovery: failed to list remote MCP servers: remotemcpservers.kagent.dev is forbidden: User \"system:serviceaccount:agentregistry:agentregistry\" cannot list resource \"remotemcpservers\" in API group \"kagent.dev\" at the cluster scope"}
{"time":"2026-03-12T18:42:20.308019204Z","level":"INFO","msg":"Warning: failed to list kubernetes agents for discovery: failed to list agents: agents.kagent.dev is forbidden: User \"system:serviceaccount:agentregistry:agentregistry\" cannot list resource \"agents\" in API group \"kagent.dev\" at the cluster scope"}
{"time":"2026-03-12T18:42:20.3123743Z","level":"INFO","msg":"Warning: failed to list kubernetes remote MCP servers for discovery: failed to list remote MCP servers: remotemcpservers.kagent.dev is forbidden: User \"system:serviceaccount:agentregistry:agentregistry\" cannot list resource \"remotemcpservers\" in API group \"kagent.dev\" at the cluster scope"}

Looks like a simple fix; we only had RBAC access for kagent MCP servers:

rules:
  - apiGroups:
      - kagent.dev
    resources:
      - mcpservers
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

Bug

Projects

agentregistry kanban

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions