I have 3 stages in my pipeline for deploying to AKS.
- Create Secret
- Kubectl apply
- Deploy to AKS
but I got this error in Kubectl apply:
2022-12-14T08:01:54.5561492Z [command]/usr/local/bin/kubectl delete secret qa-aks-acr-secret --namespace qa 2022-12-14T08:01:54.5578604Z [command]/usr/local/bin/kubectl create secret docker-registry qa-aks-acr-secret --docker-username *** --docker-password *** --docker-server *** --docker-email ServicePrincipal@AzureRM --namespace qa 2022-12-14T08:01:54.6674447Z error: failed to create secret secrets is forbidden: User "system:serviceaccount:dev:" cannot create resource "secrets" in API group "" in the namespace "qa" 2022-12-14T08:01:54.6716716Z ##[error]error: failed to create secret secrets is forbidden: User "system:serviceaccount:dev:" cannot create resource "secrets" in API group "" in the namespace "qa"
From the error it seems RBAC has been added in your namespace and the system:serviceaccount:dev does not have permission to resources: secrets in QA namespace. In order to resolve the issue you need to allow secret api group allowed in existing role attached to serviceaccount:dev. Here is the sample verbs that you need to allow.