kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: drone
  name: drone-runner
rules:
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - create
  - delete
- apiGroups:
  - ""
  resources:
  - pods
  - pods/log
  verbs:
  - get
  - create
  - delete
  - list
  - watch
  - update
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: drone-runner
  namespace: drone
subjects:
- kind: ServiceAccount
  name: default
  namespace: drone
roleRef:
  kind: Role
  name: drone-runner
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: drone-runner
  labels:
    app.kubernetes.io/name: drone-runner
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: drone-runner
  template:
    metadata:
      labels:
        app.kubernetes.io/name: drone-runner
    spec:
      containers:
      - name: runner
        image: drone/drone-runner-kube:1.0.0-beta.9
        ports:
        - containerPort: 3000
        env:
        - name: DRONE_RPC_HOST
          value: drone.tbrnt.ch
        - name: DRONE_RPC_PROTO
          value: https
        - name: DRONE_NAMESPACE_DEFAULT
          value: drone
        - name: DRONE_RUNNER_NAME
          value: knurrli
        envFrom:
        - secretRef:
            name: drone