Add missing rbac when debugging services (!442) · Merge requests · GitLab.org / charts / GitLab Runner

Ismael Posada Trobo requested to merge iposadat/gitlab-runner:495-add-missing-rbac-when-debugging-services into main Oct 16, 2023

What does this MR do?

This MR adds the missing rbac to the service account.

Why was this MR needed?

When CI_DEBUG_SERVICES environment variable to show services log, if this rbac is not set, pod will show a warning as follows:

WARNING: failed to open log stream for container svc-0: pods "runner-z4vcqxfw-project-57748-concurrent-31-me7hno3f" is forbidden: User "system:serviceaccount:gitlab:X" cannot get resource "pods/log" in API group "" in the namespace "Y"

What's the best way to test this MR?

Setup a job as follows:

job:
  variables:
    CI_DEBUG_SERVICES: "true"
  script:
  - echo "do something"

If this portion of the rbac is not set, a warning is shown in the job logs.

See #495 (closed)

What are the relevant issue numbers?

Closes #495 (closed)

Add missing rbac when debugging services

What does this MR do?

Why was this MR needed?

What's the best way to test this MR?

What are the relevant issue numbers?

Merge request reports