Deploy to K8S with helm failed

Hi all,

I try to deploy something on my Kubernetes (AKS) cluster with GitLab.
I connected my K8S cluster with GitLab without any issue.
I follow this article add-existing-cluster to do this connection.
In GitLab and my K8S cluster, I open the Tab “Applications” and install “GitLab Runner” with success.

But when I try to deploy a home application from GitLab and choose my K8S runner, I have each time error messages.

  1. Test 1:

My .gitlab-ci.yml file:

SO this is run the helm command:
- helm install myapps-php7-df ./helm-chart

I have the error message:
"Error: rendered manifests contain a resource that already exists. Unable to continue with install: could not get information about the resource: deployments.apps is forbidden: User “system:serviceaccount:gitlab-managed-apps:default” cannot get resource “deployments” in API group “apps” in the namespace

  1. Test 2:

My .gitlab-ci.yml file:

SO this is run the helm command:
- helm upgrade --install --force myapps-php7-df ./helm-chart

I have the error message:
Error: query: failed to query with labels: secrets is forbidden: User “system:serviceaccount:gitlab-managed-apps:default” cannot list resource “secrets” in API group “” in the namespace “gitlab-managed-apps”

Note : the command “helm template myapps-php7-df ./helm-chart” works well, this is the install or upgrade who didn’t work

I read lot of articles since yesterday and make lot of tests but each time failed. I am totally lost.

Thanks for your help.

“system:serviceaccount:gitlab-managed-apps:default” doesnt have sufficient rights to list secrets in the namespace gitlab-managed-apps
somthing to read: Using RBAC Authorization | Kubernetes

Many thanks Ludurr. I found the article on GitLab forum:

So I add:

kind: ClusterRoleBinding
  name: read-pods
  namespace: kube-system
  - kind: ServiceAccount
    name: default
    namespace: gitlab-managed-apps
  kind: ClusterRole
  name: cluster-admin

And after the deployment work well.
One more time, thanks a lot Ludurr