I’m using GitLab’s Kubernetes integration. To make sure we’re on the same page, here’s what I mean by that:
I add credentials (an admin token and the cluster certificate) for a Kubernetes cluster to a GitLab group or project. Whenever a job with an environment runs for that project, GitLab creates a namespace and a service account for the project and sets an environment variable in that job that allows kubectl to deploy to that namespace.
Since the “certificate way” is deprecated, I wanted to try out the new “agent way”. So I deployed the agent using the helm command provided by GitLab and ran a job.
It seems that when I now run kubectl in the job’s script, it will always try to use the service account of the runner?