Unable to create secrets error
Hello, I am using Gitlab runner 1.10.0 provided by gitlab in openshift v4.10 Here gitlab-runner-sa is created by the gitlab runner operator and associated with the gitlab-runner-app-role via the rolebinding.
I am still getting the below error... inspite of gitlab-runner-sa
serviceaccount associated with the gitlab-runner-app-role
which has the required perms (see below) to create a secret. Any idea why it still fails with unable to create secret error ?
Error
Running with gitlab-runner 15.2.1 (32fc1585)
on dpk-x86-default-runner-f96575f8b-k2rgt j5bavwzc
Preparing the "kubernetes" executor
00:00
Using Kubernetes namespace: openshift-operators
Using Kubernetes executor with image quay.io/containers/buildah ...
Using attach strategy to execute scripts...
Preparing environment
00:00
ERROR: Job failed (system failure): prepare environment: setting up credentials: secrets is forbidden: User "system:serviceaccount:openshift-operators:gitlab-runner-sa" cannot create resource "secrets" in API group "" in the namespace "openshift-operators". Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information
gitlab runner app role perms
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: gitlab-runner-app-role
namespace: openshift-operators
uid: 835d7ee6-5a3d-45ef-9ad6-b73f7451ff2f
resourceVersion: '14935613'
creationTimestamp: '2022-09-23T15:29:12Z'
managedFields:
- manager: Mozilla
operation: Update
apiVersion: rbac.authorization.k8s.io/v1
time: '2022-09-30T06:44:47Z'
fieldsType: FieldsV1
fieldsV1:
'f:rules': {}
rules:
- verbs:
- create
- get
- list
- watch
- delete
- patch
- update
apiGroups:
- ''
resources:
- secrets
- pods
- services
- services/status
- services/proxy
- services/finalizers
- pods/attach
- pods/exec
- pods/log
- persistentvolumeclaims
- configmaps
Role binding snip