I have set up my drone instance using the kubernetes helm chart and it is exposed to the internet via a subdomain. I see that it authenticates based on my github and gives me access to my repos so I know a rogue user cannot see my builds. But couldn’t a user authenticate with their own repo and start getting a free ride for their builds on my server? How does one prevent this?
You can limit access to individual users or members of organizations:
https://docs.drone.io/server/user/registration/
also you can disable self-registration:
https://docs.drone.io/server/reference/drone-registration-closed/
when you disable registration, new users must be manually added to the system by an administrator, using the command line tools:
https://docs.drone.io/server/user/management/
adding my organization to the ConfigMap worked great, thanks!