GitLab k8s runner - creating namespaces in RBAC

We’re using the k8s runner to try and deploy our application to the same cluster, but we’re getting a permissions error when attempting to create the namespace for the new application:

Error from server (Forbidden): namespaces is forbidden: User "system:serviceaccount:gitlab-runner:default" cannot create resource "namespaces" in API group "" at the cluster scope: Azure does not have opinion for this user.

I’m using RBAC, with the default roles from the yaml file. I’m not sure what other permissions need to be added:

rbac:
  create: true
  rules:
    - apiGroups: ['*']