K
Q

I have an error while running jobs with GItLab CI/CD kubernetes executor within the cluster

2/27/2020

ERROR: Job failed (system failure): pods is forbidden: User "system:serviceaccount:gitlab:gitlab-admin" cannot create resource "pods" in API group "" in the namespace "gitlab"

-- Aditya Babu Mallisetti
gitlab
gitlab-ci
gitlab-ci-runner
kubernetes
rbac

Similar Questions

failed to update node lease, error: Operation cannot be fulfilled on leases.coordination.k8s.io "yang"
Recommendation for testing microservices
java.lang.UnsupportedOperationException: no known implementation of interface jenkins.tasks.SimpleBuildStep is named Publisher
Why does ingress on my Kubernates cluster doesn't respond on specified host, using nginx-ingress-controller?

1 Answer

2/27/2020

From the looks of it, because you did not provided enough information I would say that your RBAC is incorrectly configure. I would advice to read following Kubernetes documentation regarding Managing Service Accounts and Configure Service Accounts for Pods.

If I'm not mistaken this command should fix it:

kubectl create clusterrolebinding gitlab-cluster-admin --clusterrole=cluster-admin --group=system:serviceaccounts --namespace=gitlab

If not then you will need to edit your Role and ClusterRole with something like the following:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: gitlab
  name: gitlab-admin
rules:
- apiGroups: [""] # "" indicates the core API group
  resources: ["pods"]
  verbs: ["create", "get", "watch", "list"]

This is an example and you should make changes to better suit your needs.

If you provide more details I'll try to help you further.

-- Crou
Source: StackOverflow