---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: woodpecker-agent
  namespace: woodpecker-execution
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: woodpecker-agent
  namespace: woodpecker-execution
rules:
  - apiGroups:
      - ''
    resources:
      - persistentvolumeclaims
    verbs:
      - create
      - delete
  - apiGroups:
      - ''
    resources:
      - services
    verbs:
      - create
      - delete
  - apiGroups:
      - ''
    resources:
      - pods
      - pods/log
    verbs:
      - watch
      - create
      - delete
      - get
      - list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: woodpecker-agent
  namespace: woodpecker-execution
subjects:
  - kind: ServiceAccount
    name: woodpecker-agent
    namespace: woodpecker-execution
roleRef:
  kind: Role
  name: woodpecker-agent
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: woodpecker-agent
  namespace: woodpecker-execution
spec:
  replicas: 2
  selector:
    matchLabels:
      app: woodpecker-agent
  template:
    metadata:
      labels:
        app: woodpecker-agent
    spec:
      serviceAccountName: woodpecker-agent
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
      containers:
        - name: agent
          securityContext:
            readOnlyRootFilesystem: false
          image: woodpeckerci/woodpecker-agent:next@sha256:703480d98991bb80ee86aa081a7a9db7d4346b9d5bdeaa3f92688d195cd36800
          ports:
            - name: http
              containerPort: 3000
              protocol: TCP
          env:
            - name: WOODPECKER_BACKEND
              value: kubernetes
            - name: WOODPECKER_BACKEND_K8S_NAMESPACE
              value: woodpecker-execution
            - name: WOODPECKER_BACKEND_K8S_STORAGE_CLASS
              value: woodpecker
            - name: WOODPECKER_BACKEND_K8S_STORAGE_RWX
              value: "false"
            - name: WOODPECKER_BACKEND_K8S_VOLUME_SIZE
              value: 100Mi
            - name: WOODPECKER_SERVER
              value: "woodpecker-grpc.woodpecker.svc.cluster.local:9000"
            - name: WOODPECKER_AGENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: woodpecker-secret
                  key: WOODPECKER_AGENT_SECRET