apiVersion: apps/v1 kind: Deployment metadata: name: drone-runner labels: app: drone component: runner app.kubernetes.io/name: drone-runner app.kubernetes.io/instance: drone-runner annotations: ignore-check.kube-linter.io/run-as-non-root: "Not yet implemented" spec: selector: matchLabels: app: drone component: runner template: metadata: labels: app: drone component: runner app.kubernetes.io/name: drone-runner app.kubernetes.io/instance: drone-runner spec: containers: - name: drone-runner image: drone/drone-runner-kube:latest ports: - name: http protocol: TCP containerPort: 3000 env: - name: DRONE_RPC_HOST valueFrom: configMapKeyRef: name: drone-config key: rpc-host - name: DRONE_RPC_PROTO valueFrom: configMapKeyRef: name: drone-config key: rpc-proto - name: DRONE_RPC_SECRET valueFrom: secretKeyRef: name: drone-credentials key: rpc-secret - name: DRONE_DEBUG valueFrom: configMapKeyRef: name: drone-config key: logs-debug - name: DRONE_RESOURCE_REQUEST_CPU value: "500" resources: requests: memory: 256Mi cpu: 500m limits: memory: 1024Mi cpu: 1500m securityContext: readOnlyRootFilesystem: true