We’re using the k8s runner to try and deploy our application to the same cluster, but we’re getting a permissions error when attempting to create the namespace for the new application:
Error from server (Forbidden): namespaces is forbidden: User "system:serviceaccount:gitlab-runner:default" cannot create resource "namespaces" in API group "" at the cluster scope: Azure does not have opinion for this user.
I’m using RBAC, with the default roles from the yaml file. I’m not sure what other permissions need to be added:
rbac: create: true rules: - apiGroups: ['*']