GitLab k8s runner - creating namespaces in RBAC

We’re using the k8s runner to try and deploy our application to the same cluster, but we’re getting a permissions error when attempting to create the namespace for the new application:

Error from server (Forbidden): namespaces is forbidden: User "system:serviceaccount:gitlab-runner:default" cannot create resource "namespaces" in API group "" at the cluster scope: Azure does not have opinion for this user.

I’m using RBAC, with the default roles from the yaml file. I’m not sure what other permissions need to be added:

rbac:
  create: true
  rules:
    - apiGroups: ['*']
1 Like

The error message is telling you that you do not have the create permission for the namespaces resource,

To assign permissions you need to append the necessary rules in your config:

 rbac:
   create: true
   rules:
     - apiGroups: [""]
       resources: ["namespaces"]
       verbs: ["create"]

Please note that depending on your scenario, you probably will need more permissions for other resources as well.