apiVersion: apps/v1
kind: Deployment
metadata:
  name: drone-runner
  labels:
    app: drone
    component: runner
spec:
  selector:
    matchLabels:
      app: drone
      component: runner
  template:
    metadata:
      labels:
        app: drone
        component: runner
    spec:
      containers:
        - name: drone
          image: drone/drone-runner-kube
          env:
            - name: DRONE_RPC_HOST
              value: drone.gitea.svc
            - name: DRONE_RPC_PROTO
              value: http
            - name: DRONE_RPC_SECRET
              valueFrom:
                secretKeyRef:
                  name: drone-secret
                  key: rpc_secret
          ports:
            - name: http
              containerPort: 80
          resources:
            requests:
              cpu: 2000m
              memory: 4Gi
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: drone-runner-role
rules:
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - create
  - delete
- apiGroups:
  - ""
  resources:
  - pods
  - pods/log
  verbs:
  - get
  - create
  - delete
  - list
  - watch
  - update
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: drone-runner-rolebinding
subjects:
- kind: ServiceAccount
  name: default
roleRef:
  kind: Role
  name: drone-runner-role
  apiGroup: rbac.authorization.k8s.io