deletecollection kubernetes (tekton) resources - specific RBAC needed?

Given two namespaces my-namespace and my-account the default service account in the my-account namespace is correctly granted permissions to the deletecollection verb on pipelines in my-namespace.

You can verify this using kubectl auth can-i like this after applying:

$ kubectl -n my-namespace --as="system:serviceaccount:my-account:default" auth can-i deletecollection pipelines.tekton.deyes

Verify that you have actually applied your RBAC manifests.

Change the RBAC as below

apiVersion: rbac.authorization.k8s.io/v1kind: Rolemetadata:  name: my-role  namespace: my-namespacerules:- apiGroups: ["tekton.dev"]  resources: ["pipelines", "pipelineruns", "tasks", "taskruns"]  verbs: ["get", "watch", "list", "delete", "deletecollection"]---apiVersion: rbac.authorization.k8s.io/v1kind: RoleBindingmetadata:  name: my-rolebinding  namespace: my-namespacesubjects:- kind: ServiceAccount  name: default  namespace: my-accountroleRef:  kind: Role  name: my-role  apiGroup: rbac.authorization.k8s.io

Few things to note:

1. Fixed subjects to use ServiceAccount from User. This is actually the cause of the failure because the service account was not granted the RBAC.
2. I assumed that you want to delete the Tekton resources in my-namespace by the default service account of my-account namespace . If it's different then changes in Role and RoleBinding need to be done accordingly.