Installation on a specific namespace without cluster wide permission (#90) · Issues · GitLab.org / charts / GitLab Runner

Installation on a specific namespace without cluster wide permission

We use Rancher and I have a user with only access to specific project. I can create namespace and I'm the owner of the project. Thx in advance!! Our `values.yml` ``` imagePullPolicy: IfNotPresent gitlabUrl: https://URLOFOURGITLAB/ runnerRegistrationToken: "OURTOKEN" unregisterRunners: true certsSecretName: 'gitlab-certificate' concurrent: 10 checkInterval: 10 rbac: create: true clusterWideAccess: false metrics: enabled: true runners: image: ubuntu:16.04 privileged: true cache: cacheType: s3 cacheShared: true s3ServerAddress: s3-minio:9000 s3BucketName: cache s3CacheInsecure: true secretName: s3-minio builds: {} services: {} helpers: {} env: DOCKER_HOST: tcp://docker-dind:2375 DOCKER_DRIVER: overlay2 HTTP_PROXY: http://ourproxy:80 HTTPS_PROXY: http://ourproxy:80 NO_PROXY: "docker-dind,s3-minio,localhost,127.0.0.0/8" resources: {} affinity: {} nodeSelector: {} tolerations: [] hostAliases: [] podAnnotations: {} ``` The error message ``` helm template . --values values.yaml --namespace gitlab-ci | kubectl --namespace gitlab-ci apply -f - secret/release-name-gitlab-runner created configmap/release-name-gitlab-runner created serviceaccount/release-name-gitlab-runner created deployment.extensions/release-name-gitlab-runner created Error from server (Forbidden): error when creating "STDIN": roles.rbac.authorization.k8s.io "release-name-gitlab-runner" is forbidden: user "u-px2eduvvj2" (groups=["activedirectory_group://CN=********************EmpM,OU=********** **********,OU=*****************,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********,OU=************** **********,OU=*****************,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=*****,OU=**** Groups,OU=****,OU=**********,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********-GPM,OU=************** **********,OU=*****************,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********,OU=************** **********,OU=*****************,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********,OU=********** **********,OU=*****************,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********,OU=**** Groups,OU=****,OU=**********,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********_DYN,OU=************** **********,OU=*****************,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=************************,OU=************** **********,OU=*****************,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********,OU=**** Groups,OU=****,OU=**********,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********,OU=**** Groups,OU=****,OU=**********,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********,OU=************** **********,OU=*****************,DC=****,DC=****,DC=***,DC=**" "activedirectory_group://CN=**********,OU=**** Groups,OU=****,OU=**********,DC=****,DC=****,DC=***,DC=**" "system:**********"]) is attempting to grant RBAC permissions not currently held: {APIGroups:[""], Resources:["*"], Verbs:["*"]} ```

issue