Add missing rbac when debugging services
What does this MR do?
This MR adds the missing rbac to the service account.
Why was this MR needed?
When CI_DEBUG_SERVICES
environment variable to show services log, if this rbac is not set, pod will show a warning as follows:
WARNING: failed to open log stream for container svc-0: pods "runner-z4vcqxfw-project-57748-concurrent-31-me7hno3f" is forbidden: User "system:serviceaccount:gitlab:X" cannot get resource "pods/log" in API group "" in the namespace "Y"
What's the best way to test this MR?
Setup a job as follows:
job:
variables:
CI_DEBUG_SERVICES: "true"
script:
- echo "do something"
If this portion of the rbac is not set, a warning is shown in the job logs.
See #495 (closed)
What are the relevant issue numbers?
Closes #495 (closed)