podSecurityContext:
  fsGroup: 2000

securityContext:
  capabilities:
    drop:
    - ALL
  readOnlyRootFilesystem: true
  runAsNonRoot: true
  runAsUser: 1000

extraSecretNamesForEnvFrom:
  - drone-secrets-env

rbac:
  secretNamespace: drone-runner
  restrictToSecrets:
    - drone-secrets

env:
  KUBERNETES_NAMESPACE: drone-runner