I'm trying to use helm from my github actions runner to deploy to my GKE cluster but I'm running into a permissions error.
Using a google cloud service account for authentication
GitHub Actions CI step
- name: Install gcloud cli
uses: google-github-actions/setup-gcloud@master
with:
version: latest
project_id: ${{ secrets.GCLOUD_PROJECT_ID }}
service_account_email: ${{ secrets.GCLOUD_SA_EMAIL }}
service_account_key: ${{ secrets.GCLOUD_SA_KEY }}
export_default_credentials: true
- name: gcloud configure
run: |
gcloud config set project ${{secrets.GCLOUD_PROJECT_ID}};
gcloud config set compute/zone ${{secrets.GCLOUD_COMPUTE_ZONE}};
gcloud container clusters get-credentials ${{secrets.GCLOUD_CLUSTER_NAME}};
- name: Deploy
run: |
***
helm upgrade *** ./helm \
--install \
--debug \
--reuse-values \
--set-string "$overrides"The error
history.go:56: [debug] getting history for release blog
Error: query: failed to query with labels: secrets is forbidden: User "***" cannot list resource "secrets" in API group "" in the namespace "default": requires one of ["container.secrets.list"] permission(s).
helm.go:88: [debug] secrets is forbidden: User "***" cannot list resource "secrets" in API group "" in the namespace "default": requires one of ["container.secrets.list"] permission(s).It seems you're trying to deploy code by using the GKE viewer role , hence your getting the permission issue. You can create the required IAM policies and role based access control (RBAC) as per your requirement.
You can also check kubernetes engine roles and responsibilities by using this reference.