apiVersion: apps/v1
kind: Deployment
metadata:
  name: drone-runner
  labels:
    app.kubernetes.io/name: drone
    app.kubernetes.io/component: runner
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: drone
      app.kubernetes.io/component: runner
  template:
    metadata:
      labels:
        app.kubernetes.io/name: drone
        app.kubernetes.io/component: runner
    spec:
      containers:
        - name: drone
          image: drone/drone-runner-kube
          env:
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: DRONE_RPC_HOST
              value: drone.$(NAMESPACE).svc.cluster.local
            - name: DRONE_RPC_PROTO
              value: http
            - name: DRONE_RPC_SECRET
              valueFrom:
                secretKeyRef:
                  name: drone-secret
                  key: rpc_secret
          ports:
            - name: http
              containerPort: 3000
          resources:
            requests:
              cpu: 1000m
              memory: 1Gi
            limits:
              cpu: 2000m
              memory: 2Gi
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: drone-runner-role
rules:
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - create
  - delete
- apiGroups:
  - ""
  resources:
  - pods
  - pods/log
  verbs:
  - get
  - create
  - delete
  - list
  - watch
  - update
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: drone-runner-rolebinding
subjects:
- kind: ServiceAccount
  name: default
roleRef:
  kind: Role
  name: drone-runner-role
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: Service
metadata:
  name: drone-runner
  labels:
    app.kubernetes.io/name: drone
    app.kubernetes.io/component: runner
    # monitor: prometheus
spec:
  selector:
    app.kubernetes.io/name: drone
    app.kubernetes.io/component: runner
  ports:
    - name: http
      port: 3000
      targetPort: http