Adding k8 cluster configuration to an existing group
Summary
We just upgraded our GitLab installation to v11.6 and are testing out group-level cluster configuration. It's unclear to us based on the docs when exactly the namespace and service account are created for a given project.
So far we have been unable to deploy using group-level cluster config, but if we copy the exact same k8 configuration over at the project-level it works fine. Using group-level config we see:
$ helm upgrade $CI_PROJECT_NAME ./chart --install --namespace=$KUBE_NAMESPACE --set=image.tag=$CI_APPLICATION_TAG --set=image.repository=$CI_APPLICATION_REPOSITORY
Error: UPGRADE FAILED: configmaps is forbidden: User "system:serviceaccount:gitlab:default" cannot list configmaps in the namespace "gitlab"
ERROR: Job failed: command terminated with exit code 1
We're not sure where that referenced gitlab
namespace is coming from or why system:serviceaccount:gitlab:default
wouldn't have access since it's configured with the cluster-admin
role binding.
Steps to reproduce
- Find a group containing existing projects with their own k8 configuration
- Spin up a fresh k8 cluster
- Consolidate project-level config up to the group level using the new cluster
- Redeploy projects onto this new cluster
What is the current bug behavior?
We suspect this only occurs when adding group-level k8 configuration to a group with existing projects. It seems like existing projects have no way of "picking up" a new group-level configuration, so namespaces and service accounts for those projects are never created and deployments always fail.
What is the expected correct behavior?
Upon deploying an existing project with new group-level cluster configuration, a corresponding namespace and service account should be created automatically. Alternatively, we should be able to detect invalid configuration and provide UI for remediation (i.e. #54506 (closed)).
Results of GitLab environment info
Expand for output related to GitLab environment info
GitLab 11.6.0-ee (4c09765c) GitLab Shell GitLab Workhorse v7.6.0 GitLab API v4 Ruby 2.4.4p296 Rails 5.0.7 postgresql 9.6.8