So I’ve been getting this error:
test: services is forbidden: User "system:serviceaccount:drone:default" cannot create services in the namespace "4b9u83gve8xztgrvzlx8dqi9qf35it7u"
Because the drone user didn’t have enough permissions to create services - due to them being on namespaces with random names - so I needed to give more permissions to the drone user and as a result I’m feeling a bit queasy having a service that has an outward facing URL (the webook) with so much permissions on my kubernetes.
Would it make sense to include an option to drone to only use predefined namespaces - e.g. a limited number of them (which would coincidentally also limit the number of concurrent pipelines) with predefined names so that I could only give drone permissions to those namespaces?