Race condition when creating GCP service accounts for Fulcio

[znewman01]

@therealnb reported (in Sigstore Office Hours today) an issue where the Fulcio service account wasn't ready on the initial run. On a re-run it succeeded.

This points to a race condition or need for retries.

@therealnb, please chime in with any details you can provide 🙂

[therealnb]

Error from server (Forbidden): error when creating "STDIN": pods "redis" is forbidden: error looking up service account rekor-system/default: serviceaccount "default" not found

When I looked - it was there. Retry worked.

I think I followed the instructions. This machine never had kind on it before. I did create one default cluster then deleted it before I ran the scaffold scripts. I don't think that would have mattered.

$ kind version
kind v0.18.0 go1.20.3 darwin/amd64