K
Q

Problem deploying K8s with gitlab runner get an error

4/8/2020

I changed something and deployed on a new cluster then I got this error even though I didn't change anything in the code. Has anybody seen it before?

from server for:

"/builds/dropcunt/nettmoster.com/deployment/webapp.yml": ingresses.extensions "nettmoster.comn-273414" is forbidden: User "system:serviceaccount:gitlab-managed-apps:default" cannot get resource "ingresses" in API group "extensions" in the namespace "nettmoster-com-9777808"
59 Error from server (Forbidden): error when retrieving current configuration of:

As suggested I runkubectl auth can-i --list --as=system:serviceaccount:gitlab-managed-apps:default

It returns: enter image description here

-- user9468014
gitlab
google-cloud-platform
kubernetes

Similar Questions

Persistence in Grafana
GKE - HPA using custom metrics - unable to fetch metrics
Could two cluster IP services be connected in Kubernetes?
How to patch ImageStream tag in openshift

1 Answer

4/8/2020

This is a RBAC problem. The service account system:serviceaccount:gitlab-managed-apps:default does not have permission to get ingress resource in the new cluster.

You can compare what permission a service account have by running below command in both the cluster

kubectl auth can-i --list --as=system:serviceaccount:gitlab-managed-apps:default

Run below commands to get permission via RBAC

kubectl create role ingress-reader --verb=get,list,watch,update --resource=ingress    
kubectl create rolebinding ingress-reader-role --role=ingress-reader --serviceaccount=gitlab-managed-apps:default
-- Arghya Sadhu
Source: StackOverflow