Create RBAC resources in the namespace the runner will deploy job pods in
Description
The .Values.runners.namespace
value makes gitlab-runner deploy CI/job pods in the specified namespace.
When this value is not specified the .Release.Namespace is used.
When .Values.rbac.create
is set to true
the relevant RBAC resources are created (SA, Cluster/Role, Cluster/RoleBinding).
The rbac resources lack the namespace
configuration and always are created in .Release.Namespace
.
When .Values.runners.namespace
is set and .Values.rbac.create
is true
the GitLab Runner ends up not being allowed to do anything in the target namespace because the role/binding are created in the .Release.Namespace
.
Proposal
Add the needed configuration so that:
- when
.Values.runners.namespace
is not provided and.Values.rbac.create
istrue
, the gitlab runner deploys CI/job pods to the .Release.Namespace and the RBAC resources are also created there - when
.Values.runners.namespace
is provided and.Values.rbac.create
istrue
, th gitlab runner deploys CI/job pods to the specified namespace and the Role and RoleBinding is created there also - when
.Values.rbac.clusterWideAccess
is set totrue
then thenamespace
option for the ClusteRole/Binding resources is omitted