Gitlab k8s integration require to use a kube-system namespace service account with cluster-admin privileges.
A Service Account can be created manually through API calls kubectl apply ... with following yaml :
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab-admin
namespace: kube-system
Once, ServiceAccount created, we have to link it to a an existing role. For this case cluster-admin cluster role exists by default. We can bind it to our ServiceAccount with following configuration :
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: gitlab-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: gitlab-admin
namespace: kube-system
This gist contains gitlab-admin-sa.yaml file that we can use to create above ServiAccount and ClusterRoleBing :
kubectl apply -f https://git.io/Jvbo4