I have 3 stages in my pipeline for deploying to AKS.
but I got this error in Kubectl apply:
2022-12-14T08:01:54.5561492Z [command]/usr/local/bin/kubectl delete secret qa-aks-acr-secret --namespace qa 2022-12-14T08:01:54.5578604Z [command]/usr/local/bin/kubectl create secret docker-registry qa-aks-acr-secret --docker-username *** --docker-password *** --docker-server *** --docker-email ServicePrincipal@AzureRM --namespace qa 2022-12-14T08:01:54.6674447Z error: failed to create secret secrets is forbidden: User "system:serviceaccount:dev:" cannot create resource "secrets" in API group "" in the namespace "qa" 2022-12-14T08:01:54.6716716Z ##[error]error: failed to create secret secrets is forbidden: User "system:serviceaccount:dev:" cannot create resource "secrets" in API group "" in the namespace "qa"
From the error it seems RBAC has been added in your namespace and the system:serviceaccount:dev does not have permission to resources: secrets in QA namespace. In order to resolve the issue you need to allow secret api group allowed in existing role attached to serviceaccount:dev. Here is the sample verbs that you need to allow.
- verbs:
- patch
- update
- create
- deletecollection
- delete
- watch
- get
- list
apiGroups:
- ''
resources:
- secrets