Add K8S api group to Service Account when deploying

I’m using Gitlab CI/CD to deploy a review app to my Kubernetes cluster.

We are using ambassador as API Gateway, so I wanted to integrate it into the review app process. Using the Gitlab Kubernetes integration, I’m able to deploy the pods successfully, but the Mapping and Host deployment fail with this error:

Error from server (Forbidden): error when retrieving current configuration of:

Resource: ", Resource=hosts", GroupVersionKind: ", Kind=Host"

Name: "<deploy_environment>", Namespace: "<deploy_namespace>"

from server for: "STDIN": "<deploy_environment>" is forbidden: User "system:serviceaccount:<deploy_namespace>:<deploy_namespace>-service-account" cannot get resource "hosts" in API group "" in the namespace "<delpoy_namespace>"

The same for the Mapping resource.

Is there any way to add this resources to the generated service account? Or, maybe, the only would be using a global kubeconfig with admin role?

Did you find a workaround for this? I am stuck on it too.

Yes, I wrote about it in my blog and medium