Hi,

At the moment I am using gitlab ci and deploying to my kubernetes cluster without the gitlab kubernetes integration.
I have an image with my credentials and running kubeclt commands to update my images, for example:

kubectl --namespace live set image deployment.v1.apps/my-app my-app=$CONTAINER_IMAGE:$CI_BUILD_REF

Once the integration activated the CI was creating namespace, something like {my-app-name}-{random-number}-{environment}

And my job did not have the right to deploy on my live namespace

Error from server (Forbidden): deployments.apps "my-app" is forbidden: User "system:serviceaccount:my-app-13-production:my-app-13-production-service-account" cannot get resource "deployments" in API group "apps" in the namespace "live"

I can not find a documentation to explain how the deployment works when kubernetes is pluged with gitlab.

Hi,
Sounds like you’re having GitLab manage the cluster because it’s creating the namespace for you. Given this, I’m a little surprised it’s not working since GitLab should be using the service accounts it created in the namespace that have the privileges to deploy to those namespaces. This is discussed briefly at Environment Specif Resources.
You might try echoing (in your .gitlab-ci.yml) some of the Deploy Variables to see what they are. $KUBECONFIG should be a path to a file that should be used by your kubectl commands. Checking $KUBE_TOKEN and KUBE_NAMESPACE might also helpful.
Sharing those variables, the cloud provider you’re using and your deploy job would maybe let me diagnose more.

~Steevo