We recently have started the upgrade to helm3, while doing that we’ve noticed that some jobs we have that use a gitlab managed kubernetes cluster fail. The reason they fail is I believe, is because Helm 3 does a three-way merge, the gitlab user needs more rights.
Error: rendered manifests contain a resource that already exists. Unable to continue with install: could not get information about the resource: roles.rbac.authorization.k8s.io “some_service” is forbidden: User “system:serviceaccount:some_namespace:some_service” cannot get resource “roles” in API group “rbac.authorization.k8s.io” in the namespace “some_service”. To fix this we’ve had to go into the cluster and give the generated service account cluster-admin rights.