diff --git a/deploy/drone/drone-rbac.yaml b/deploy/drone/drone-rbac.yaml
new file mode 100644
index 0000000..a30e3f7
--- /dev/null
+++ b/deploy/drone/drone-rbac.yaml
@@ -0,0 +1,26 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: drone
+  name: drone
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["create", "delete"]
+- apiGroups: [""]
+  resources: ["pods", "pods/log"]
+  verbs: ["get", "create", "delete", "list", "watch", "update"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: drone
+  namespace: drone
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: drone
+roleRef:
+  kind: Role
+  name: drone
+
diff --git a/deploy/drone/drone-runner-deploy.yaml b/deploy/drone/drone-runner-deploy.yaml
new file mode 100644
index 0000000..8433a87
--- /dev/null
+++ b/deploy/drone/drone-runner-deploy.yaml
@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drone-runner
+  namespace: drone
+spec:
+  replicas: 4
+  selector:
+    matchLabels:
+      app: drone-runner
+  template:
+    metadata:
+      labels:
+        app: drone-runner
+    spec:
+#      nodeSelector:
+#        kubernetes.io/arch: "amd64"
+      containers:
+        - name: drone-runner
+          image: drone/drone-runner-kube:latest
+          imagePullPolicy: Always
+          env:
+            - name: DRONE_RPC_HOST
+              value: "drone.prod.panic.haus"
+            - name: DRONE_RPC_PROTO
+              value: "https"
+            - name: DRONE_RPC_SECRET
+              value: "H8ndv3um34VWcixdrE3caViLViRnYDcy"
+            - name: DRONE_RUNNER_CAPACITY
+              value: "3"
+            - name: DRONE_DEBUG
+              value: "true"
+            - name: DRONE_NAMESPACE_DEFAULT
+              value: "drone"
+#            - name: DRONE_NODE_SELECTOR_DEFAULT
+#              value: "kubernetes.io/arch:amd64"
diff --git a/deploy/drone/kustomization.yaml b/deploy/drone/kustomization.yaml
index 044a570..9bd489a 100644
--- a/deploy/drone/kustomization.yaml
+++ b/deploy/drone/kustomization.yaml
@@ -2,7 +2,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
+  - drone-rbac.yaml
   - drone-ingress.yaml
   - drone-server-pvc.yaml
   - drone-server-svc.yaml
   - drone-server-deploy.yaml
+  - drone-runner-deploy.yaml