Create Kubernetes service account with role admin
Problem to solve
The service account created by the Kubernetes integration should be able to create further service accounts, roles and role bindings to deploy applications that need to communicate with Kubernetes.
Currently service accounts are created with the cluster role
edit, which is automatically maintained and contains access all normal objects.
It does however not include access to roles and role bindings.
This means that deploying and testing permission changes, even within this one namespace, can't be done via the Kubernetes integration.
This can be fixed by applying the
admin cluster role, which includes access to those objects.
Permissions and Security
Update "Environment namespace" row in https://docs.gitlab.com/ee/user/project/clusters/add_remove_clusters.html#rbac-cluster-resources