Hi Drone team. I have been using drone on Gitea to make deployments to k8s. However I have been struggling recently to implement successful drone build when the trigger is a Pull Request. When I trigger the same build with a push no problems… puzzling.
For example this drone config
- name: deploy-staging image: sinlead/drone-kubectl settings: kubernetes_server: from_secret: k8s_server_staging kubernetes_cert: from_secret: k8s_cert_staging kubernetes_token: from_secret: k8s_token_staging commands: - kubectl delete deployment cpmgeo-coop-obs-deployment -n cpm-geo when: event: - push - pull_request branch: - staging
would give this error
+ kubectl delete deployment cpmgeo-coop-obs-deployment -n cpm-geo User "default" set. WARNING: Using insecure connection to cluster Cluster "default" set. Context "default" created. Switched to context "default". Error from server (Forbidden): deployments.apps "xxxxxt" is forbidden: User "system:serviceaccount:drone:default" cannot delete resource "deployments" in API group "apps" in the namespace "cpm-geo"
it looks like it is using the wrong service account whereas it works perfeclty when the trigger is comming from a push. (edited)
I am doing it wrong here?