I’m trying to implement auto devops with istio ingress using a gateway and a virtual service. I’m trying to override the helm chart by adding it to our repo. I have removed the current ingress.yaml and all seems well. At this point I have created a gateway.yaml under the templates directory and added a generic gateway to test it. However, my testing seems to show that the gitlab user cannot create a gateway:
Error: release dast-default failed: gateways.networking.istio.io is forbidden: User "system:serviceaccount:devops-test-nodejs-21-dast-default:devops-test-nodejs-21-dast-default-service-account" cannot create resource "gateways" in API group "networking.istio.io" in the namespace "devops-test-nodejs-21-dast-default"
Error: release dast-default failed: gateways.networking.istio.io is forbidden: User "system:serviceaccount:devops-test-nodejs-21-dast-default:devops-test-nodejs-21-dast-default-service-account" cannot create resource "gateways" in API group "networking.istio.io" in the namespace "devops-test-nodejs-21-dast-default"
I can get past this by making the repo a cluster management project, however, this being the pattern that we are trying to use, we would need to add all of the repos as a management project. This seems insecure (and not possible at the moment anyway as it seems I can only select one). I would say that it at least shows that gitlab can create this type of resource. Is there a way to work with this? I’ve already added a cluster role that gives full permission (when adding the cluster to gitlab) but it doesn’t appear to be using this role, as I assume it would be able to do it otherwise.
I’m on gitlab 13.9 self-managed
Any help with this would be apreciated.
Thanks