Kubernetes : Gitlab cluster-admin ServiceAccount

README.md

title	date	author	cover
Kubernetes : Gitlab cluster-admin ServiceAccount	2020-03-01	mikamboo	https://images.unsplash.com/photo-1502134249126-9f3755a50d78?ixlib=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=crop&w=1350&q=80

Kubernetes : Gitlab cluster-admin ServiceAccount

Gitlab k8s integration require to use a kube-system namespace service account with cluster-admin privileges.

Service account

A Service Account can be created manually through API calls kubectl apply ... with following yaml :

apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab-admin
  namespace: kube-system

Cluster role biding

Once, ServiceAccount created, we have to link it to a an existing role. For this case cluster-admin cluster role exists by default. We can bind it to our ServiceAccount with following configuration :

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: gitlab-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: gitlab-admin
  namespace: kube-system

Single ligne apply

This gist contains gitlab-admin-sa.yaml file that we can use to create above ServiAccount and ClusterRoleBing :

kubectl apply -f https://git.io/Jvbo4

gistsblog.json

{
  "title": "Kubernetes : Gitlab cluster-admin ServiceAccount"
}

gitlab-admin-sa.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab-admin
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: gitlab-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: gitlab-admin
  namespace: kube-system

Shrotened URL	Original URL
https://git.io/Jvbo4	https://gist.githubusercontent.com/mikamboo/b259d309be904acc49c35da88256bda4/raw/99e564766310762f3cb3705e0fc720d896aceb83/gitlab-admin-sa.yaml