Gitlab-agent requiring cluster-level permissions
Background
Similar to the gitlab-workspaces-proxy issue here, a customer found that functionality within the gitlab-agent was requiring cluster-level permissions. When they inspected the code, they found that the agent is creating informers for Deployments and Secrets resources causing attempts to list and watch these across the cluster (something their admin cluster role doesn’t support). There could be other cluster level permissions needs, but they couldn’t confirm since the gitlab-agent build process is a quite a bit more involved than the proxy and they couldn’t get a rebuild with namespacing modifications made.
Zendesk Ticket (Internal Link)
Edited by Timo Furrer