From 64c4087bc440cb31e9273e855a1b63f55766cd75 Mon Sep 17 00:00:00 2001
From: networkop <mmkashin@gmail.com>
Date: Fri, 14 Jan 2022 10:02:09 +0000
Subject: [PATCH] gracefully handling RBAC failures for GatewayAPI

---
 kubernetes.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/kubernetes.go b/kubernetes.go
index 15d8385..6f3cd78 100644
--- a/kubernetes.go
+++ b/kubernetes.go
@@ -9,6 +9,7 @@ import (
 	core "k8s.io/api/core/v1"
 	networking "k8s.io/api/networking/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	meta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -163,6 +164,10 @@ func existGatewayCRDs(ctx context.Context, c *gatewayClient.Clientset) bool {
 		log.Infof("GatewayAPI CRDs are not found. Not syncing GatewayAPI resources.")
 		return false
 	}
+	if apierrors.IsForbidden(err) {
+		log.Infof("access to `gateway.networking.k8s.io` is forbidden, please check RBAC. Not syncing GatewayAPI resources.")
+		return false
+	}
 	if err == nil {
 		return true
 	}