Allow service account to do operations on namespaces that do not exist yet

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

I have a azure pipeline agent running on my Kubernetes cluster that I use to run my integration tests. Some context: First thing in the pipeline the agent creates a new namespace and then deploys all the services on it using a helm task. Then it runs the integration tests, and one of the test involves the use of the dotnet Kubernetes client to patch some deployments. The Kubernetes Client is initialized with KubernetesClientConfiguration.InClusterConfig(); The problem is when trying to do the patch operation I get a Forbidden error. I guess the Kubernetes and Helm tasks use a different service account that is allowed to do all operations. So I thought of creating a specific service account with a role binding for the agent itself, but the problem is that I cannot specify any namespace in advance, as a different namespace is created at every build (testing-{buildNumber} like testing-2344). So my question is: Is there a way to do something like this? apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: vsts-agent-role-binding namespace: testing-* <—————–THIS roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: pipeline-executor subjects: – kind: ServiceAccount name: vsts-agent-service-account namespace: default submitted by /u/ImGioGio [link] [comments]

X ITM Cloud News

Patricia

Leave a Reply

Next Post

How can we claim ownership of existing Docker ID?

Wed Sep 16 , 2020
Spread the love          Someone at our company created a Docker ID (user) using our company name and is no longer with the company. We do not know who this employee was, but we have unsuccessfully surveyed the current users at the company and also attempted to recover the password with many […]
X- ITM

Cloud Computing – Consultancy – Development – Hosting – APIs – Legacy Systems

X-ITM Technology helps our customers across the entire enterprise technology stack with differentiated industry solutions. We modernize IT, optimize data architectures, and make everything secure, scalable and orchestrated across public, private and hybrid clouds.

This image has an empty alt attribute; its file name is x-itmdc.jpg

The enterprise technology stack includes ITO; Cloud and Security Services; Applications and Industry IP; Data, Analytics and Engineering Services; and Advisory.

Watch an animation of  X-ITM‘s Enterprise Technology Stack

We combine years of experience running mission-critical systems with the latest digital innovations to deliver better business outcomes and new levels of performance, competitiveness and experiences for our customers and their stakeholders.

X-ITM invests in three key drivers of growth: People, Customers and Operational Execution.

The company’s global scale, talent and innovation platforms serve 6,000 private and public-sector clients in 70 countries.

X-ITM’s extensive partner network helps drive collaboration and leverage technology independence. The company has established more than 200 industry-leading global Partner Network relationships, including 15 strategic partners: Amazon Web Services, AT&T, Dell Technologies, Google Cloud, HCL, HP, HPE, IBM, Micro Focus, Microsoft, Oracle, PwC, SAP, ServiceNow and VMware

.

X ITM