diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..634159a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+drone-runner/deployment.prod.yaml
\ No newline at end of file
diff --git a/drone-runner/deployment.yaml b/drone-runner/deployment.yaml
new file mode 100644
index 0000000..ab4d8c3
--- /dev/null
+++ b/drone-runner/deployment.yaml
@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drone
+  labels:
+    app.kubernetes.io/name: drone
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: drone
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: drone
+    spec:
+      containers:
+      - name: runner
+        image: drone/drone-runner-kube:latest
+        ports:
+        - containerPort: 3000
+        env:
+        - name: DRONE_RPC_HOST
+          value: dci.osa.cubetiqs.com
+        - name: DRONE_RPC_PROTO
+          value: https
+        - name: DRONE_RPC_SECRET
+          value: super-duper-secret
diff --git a/drone-runner/role.yaml b/drone-runner/role.yaml
new file mode 100644
index 0000000..7b9f0ad
--- /dev/null
+++ b/drone-runner/role.yaml
@@ -0,0 +1,40 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: default
+  name: drone
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/log
+  verbs:
+  - get
+  - create
+  - delete
+  - list
+  - watch
+  - update
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: drone
+  namespace: default
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: default
+roleRef:
+  kind: Role
+  name: drone
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file