Allow gitlab to create volumesnapshots when deploying
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Summary
I would like to extend the rights of the service account used to deploy in kubernetes in order to create persistent volume claim from snapshot.
Steps to reproduce
Try to create a pvc from a snaphost
Configuration used
gitlab 12.3.1 deployed with helm on a self hosted k8s
Current behavior
When creating the snapshot :
from server for: "manifests/artifacts/deployments/oaudry-853-20fecaa1.yaml": volumesnapshots.snapshot.storage.k8s.io "postgres-oaudry-853" is forbidden: User "system:serviceaccount:app-1:app-1-service-account" cannot get resource "volumesnapshots" in API group "snapshot.storage.k8s.io" in the namespace "app-1"Expected behavior
User "system:serviceaccount:app-1:app-1-service-account" can create snapshot and pvc from
Versions
- Chart: gitlab-2.3.2
- Platform:
- Self-hosted: yes
- Kubernetes: (
kubectl version)Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.1", GitCommit:"4485c6f18cee9a5d3c3b4e523bd27972b1b53892", GitTreeState:"clean", BuildDate:"2019-07-18T09:18:22Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.0", GitCommit:"e8462b5b5dc2584fdcd18e6bcfe9f1e4d970a529", GitTreeState:"clean", BuildDate:"2019-06-19T16:32:14Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"} - Helm: (
helm version)Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"} Server: &version.Version{SemVer:"v2.14.2", GitCommit:"a8b13cc5ab6a7dbef0a58f5061bcc7c0c61598e7", GitTreeState:"clean"}
Relevant information
I tried to extend the rights of the role "edit" used by gitlab to deploy on k8s but the role is recreated each time. Overriding my modification. Any workaround to allow the user to create snapshots. Perhaps adding the capabilities of gitlab to manage snapshot could be a great feature. We need to get a copy of the production databases when we test the application and as you can imagine the database is quite big and making a copy is not possible.
Many thx for your help