apiVersion: apps/v1
kind: Deployment
metadata:
  name: drone-runner
  labels:
    app: drone
    component: runner
    app.kubernetes.io/name: drone-runner
    app.kubernetes.io/instance: drone-runner
  annotations:
    ignore-check.kube-linter.io/run-as-non-root: "Not yet implemented"
spec:
  selector:
    matchLabels:
      app: drone
      component: runner
  template:
    metadata:
      labels:
        app: drone
        component: runner
        app.kubernetes.io/name: drone-runner
        app.kubernetes.io/instance: drone-runner
    spec:
      containers:
      - name: drone-runner
        image: drone/drone-runner-kube:latest
        ports:
        - name: http
          protocol: TCP
          containerPort: 3000
        env:
        - name: DRONE_RPC_HOST
          valueFrom:
            configMapKeyRef:
              name: drone-config
              key: rpc-host
        - name: DRONE_RPC_PROTO
          valueFrom:
            configMapKeyRef:
              name: drone-config
              key: rpc-proto
        - name: DRONE_RPC_SECRET
          valueFrom:
            secretKeyRef:
              name: drone-credentials
              key: rpc-secret
        - name: DRONE_DEBUG
          valueFrom:
            configMapKeyRef:
              name: drone-config
              key: logs-debug
        - name: DRONE_RESOURCE_REQUEST_CPU
          value: "500"
        resources:
          requests:
            memory: 256Mi
            cpu: 500m
          limits:
            memory: 1024Mi
            cpu: 1500m
        securityContext:
          readOnlyRootFilesystem: true