Unexpected output when popeye cannot list RBAC resources

[matheusfm]

Describe the bug
Popeye prints errors about metrics-server when cannot list RBAC resources (clusterrole, role, clusterrolebinding, rolebinding)

To Reproduce

To reproduce this behavior, run popeye without permissions to list RBAC resources

popeye --kubeconfig popeye-kubeconfig.yml

then the unexpected output is printed:

Generating a kubeconfig file without RBAC permissions

1. Create a ServiceAccount:

kubectl create serviceaccount popeye -n default

2. Create a ClusterRole:

cat << EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: popeye
rules:
  - apiGroups: [ "" ]
    resources:
      - configmaps
      - endpoints
      - limitranges
#      - namespaces
#      - nodes
      - persistentvolumes
      - persistentvolumeclaims
      - pods
      - replicationcontrollers
      - secrets
      - serviceaccounts
      - services
    verbs: [ "get", "list" ]
  - apiGroups: [ "apps" ]
    resources:
      - daemonsets
      - deployments
      - statefulsets
      - replicasets
    verbs: [ "get", "list" ]
  - apiGroups: [ "autoscaling" ]
    resources:
      - horizontalpodautoscalers
    verbs: [ "get", "list" ]
  - apiGroups: [ "networking.k8s.io" ]
    resources:
      - ingresses
      - networkpolicies
    verbs: [ "get", "list" ]
  - apiGroups: [ "policy" ]
    resources:
      - poddisruptionbudgets
      - podsecuritypolicies
    verbs: [ "get", "list" ]
#  - apiGroups: [ "rbac.authorization.k8s.io" ]       # <---- SEE THESE COMMENTED LINES.
#    resources:
#      - clusterroles
#      - clusterrolebindings
#      - roles
#      - rolebindings
#    verbs: [ "get", "list" ]
  - apiGroups: [ "metrics.k8s.io" ]
    resources:
      - pods
      - nodes
    verbs: [ "get", "list" ]
  - apiGroups: [ batch ]
    resources:
      - jobs
      - cronjobs
    verbs: [ "get", "list" ]
EOF

3. Create a ClusterRoleBinding:

kubectl create clusterrolebinding popeye --clusterrole=popeye --serviceaccount=default:popeye

4. Create a Secret for ServiceAccount token (Kubernetes 1.24 or later):

cat << EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
    name: popeye-token
    namespace: "default"
    annotations:
        kubernetes.io/service-account.name: "popeye"
type: kubernetes.io/service-account-token
EOF

5. Export environment variables:

export TOKEN_VALUE=$(kubectl -n default get secret popeye-token -o=jsonpath='{.data.token}' | base64 --decode)
export CURRENT_CONTEXT=$(kubectl config current-context)
export CURRENT_CLUSTER=$(kubectl config view --raw -o=go-template='{{range .contexts}}{{if eq .name "'''${CURRENT_CONTEXT}'''"}}{{ index .context "cluster" }}{{end}}{{end}}')
export CLUSTER_CA=$(kubectl config view --raw -o=go-template='{{range .clusters}}{{if eq .name "'''${CURRENT_CLUSTER}'''"}}"{{with index .cluster "certificate-authority-data" }}{{.}}{{end}}"{{ end }}{{ end }}')
export CLUSTER_SERVER=$(kubectl config view --raw -o=go-template='{{range .clusters}}{{if eq .name "'''${CURRENT_CLUSTER}'''"}}{{ .cluster.server }}{{end}}{{ end }}')

6. Generate kubeconfig file:

cat << EOF > popeye-kubeconfig.yml
apiVersion: v1
kind: Config
current-context: ${CURRENT_CONTEXT}
contexts:
- name: ${CURRENT_CONTEXT}
  context:
    cluster: ${CURRENT_CONTEXT}
    user: popeye
clusters:
- name: ${CURRENT_CONTEXT}
  cluster:
    certificate-authority-data: ${CLUSTER_CA}
    server: ${CLUSTER_SERVER}
users:
- name: popeye
  user:
    token: ${TOKEN_VALUE}
EOF

Expected behavior
I just expected the forbidden error. And nothing about metrics-server in the RBAC section:

Versions (please complete the following information):

• OS: linux x86 64
• Popeye: 0.11.1
• K8s: v1.25.3