I have some feedback on some aspects of the new kubernetes support. let me know if you want me to create actual issues ( and which repos they should be created in ).
pipeline jobs are created with the default namespace serviceaccount - this means that I have to give the clusteradmin clusterrole (or just a bunch of heightened perms ) to that default serviceaccount. Ideally I’d like to be able to provide an alternative service account that I would have created with the correct permissions that would be used to run the jobs (you would do this in the job’s pod template
spec.serviceAccountName. That way I can reduce the footprint of things that get clusteradmin permissions.
the name of the steps in the drone.yaml file become the name of the pods that run those steps, which means the step name needs to match the tight rescriptions k8s has around pod names ( i had a step named “test java” which failed because k8s names can’t have spaces. Ideally you’d name them with a random uuid and put the name of the step in metadata.
Kubernetes runtime options aren’t documented here https://docs.drone.io/reference/server/, only in the few install guides that include kubernetes instructions like github. obvious cantidates are
DRONE_KUBERNETES_NAMESPACEbut I’d like to know what other kubernetes options [if any] are configurable.