dron runner SA lacks required credentials

[kamilgregorczyk]

after installing drone runners by

helm upgrade drone-runner drone/drone-runner-kube --install --create-namespace --namespace drone --values runner.yaml

with values:

replicaCount: 2
env:
  DRONE_RPC_SECRET: aaaa
  DRONE_NAMESPACE_DEFAULT: drone

I'm getting

default: secrets is forbidden: User "system:serviceaccount:drone:drone-runner-drone-runner-kube" cannot create resource "secrets" in API group "" in the namespace "drone"

when running a pipeline

[jimsheldon]

Thank you for reporting this, what version of the kube runner helm chart are you using? Thanks

[kamilgregorczyk]

I stopped using drone but it was the latest one from the day this bug was reported

[loeffel-io]

Same here (!)

current version

[loeffel-io]

workaround (like mentioned in the values: https://github.com/drone/charts/blob/master/charts/drone-runner-kube/values.yaml#L95):

resource "helm_release" "drone-runner-kube" {
  ...
  set {
    name  = "env.DRONE_NAMESPACE_DEFAULT"
    value = "drone"
  }

  set {
    name  = "rbac.buildNamespaces"
    value = "{drone}"
  }
}