diff --git a/cluster/apps/drone/drone-pvc.yml b/cluster/apps/drone/drone-pvc.yml
new file mode 100644
index 0000000..2071a81
--- /dev/null
+++ b/cluster/apps/drone/drone-pvc.yml
@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: longhorn-drone
+  namespace: default
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 1Gi
\ No newline at end of file
diff --git a/cluster/apps/drone/drone-rbac.yml b/cluster/apps/drone/drone-rbac.yml
new file mode 100644
index 0000000..3f9002f
--- /dev/null
+++ b/cluster/apps/drone/drone-rbac.yml
@@ -0,0 +1,40 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: default
+  name: drone
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/log
+  verbs:
+  - get
+  - create
+  - delete
+  - list
+  - watch
+  - update
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: drone
+  namespace: default
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: default
+roleRef:
+  kind: Role
+  name: drone
+  apiGroup: rbac.authorization.k8s.io
diff --git a/cluster/apps/drone/drone-svc.yml b/cluster/apps/drone/drone-svc.yml
new file mode 100644
index 0000000..529f014
--- /dev/null
+++ b/cluster/apps/drone/drone-svc.yml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: drone-server-service
+  namespace: default
+spec:
+  selector:
+    app.kubernetes.io/name: drone
+  type: LoadBalancer
+  ports:
+  - port: 4338
+    targetPort: 443
+    protocol: TCP
diff --git a/cluster/apps/drone/drone.yml b/cluster/apps/drone/drone.yml
new file mode 100644
index 0000000..b2c7224
--- /dev/null
+++ b/cluster/apps/drone/drone.yml
@@ -0,0 +1,78 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drone
+  labels:
+    app.kubernetes.io/name: drone
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: drone
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: drone
+    spec:
+      initContainers:
+        - name: wait-for-gitea
+          image: busybox
+          command:
+          - sh
+          - -c
+          - |
+            while ! nc -z gitea-int-service 3000; do
+              echo "Waiting for Gitea to be ready..."
+              sleep 5
+            done
+            echo "Gitea is ready!"
+        - name: drone-server
+          image: drone/drone:2
+          restartPolicy: Always
+          env:
+          - name: DRONE_GITEA_SERVER
+            value: "https://gitea-int-service:3000"
+          - name: DRONE_GITEA_CLIENT_ID
+            valueFrom:
+              secretKeyRef:
+                name: drone-gitea-secrets
+                key: client_id
+          - name: DRONE_GITEA_CLIENT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: drone-gitea-secrets
+                key: client_secret
+          - name: DRONE_RPC_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: drone-gitea-secrets
+                key: rpc_secret
+          - name: DRONE_SERVER_HOST
+            value: "drone-server-service:4338"
+          - name: DRONE_SERVER_PROTO
+            value: "http"
+          volumeMounts:
+          - name: drone-data
+            mountPath: /data
+      containers:
+      - name: drone-runner
+        image: drone/drone-runner-kube:latest
+        env:
+        - name: DRONE_RPC_SERVER
+          value: "http://drone-server-service:4338"
+        - name: DRONE_RPC_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: drone-gitea-secrets
+              key: rpc_secret
+        - name: DRONE_RPC_HOST
+          value: "drone-server-service:4338"
+        - name: DRONE_RPC_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: drone-gitea-secrets
+              key: rpc_secret
+      volumes:
+      - name: drone-data
+        persistentVolumeClaim:
+          claimName: longhorn-drone
diff --git a/cluster/config/secrets/drone-secrets-sealed.yml b/cluster/config/secrets/drone-secrets-sealed.yml
new file mode 100644
index 0000000..98b8ba7
--- /dev/null
+++ b/cluster/config/secrets/drone-secrets-sealed.yml
@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: drone-gitea-secret
+  namespace: default
+spec:
+  encryptedData:
+    client_id: AgCjjXzE9hPk0Vlw6f533kN2HbN0YIiL7RPNk8ZT0sXo6QaOamLA8lvRraiYjYkI2Y+hKIgry9mjA/60Q8kdnyn/Vjz6NRZleHzXPUqWI1qUh1BuFyfnJ/adYiqyWsK3JUqmU611Ul9jdHzwlCSlXl9mBMs3ldujlQtlWkRN4rYCm8sFKI6JSkc9Zv0QVFNktPxqnAA+sdxpF583XsB8AfTfUCl/uw9s8C7bzxjSOvH3hyYuv74AfyyjDmO2XeoQQjghpjnay8nhX8lWhcFN9rXlT0oH8c1KySOdWEvMrPV8AWMLz0mf0kUDyp3MDegO1FESmnfwAj0GGCDKtEaUca8FgLObOSwKeAL0tC7LweXTMJC9UyTPLw1L3cVUlEPM5GQkV66QhMjB6Xdvl1RZQQeBNpor+/C+78prszsG0nJqo+lYZLp+u+dYZnkPCQzMa7P+9AZ+iqYTA1puPyKKFLHIPVNlOsXT7+XTv7/8vD3ECnmBq9Gsoa1NJ6p+WNZtaB/SUn8wzLy/aoFShrJm1B6809D7vKVVf6SGTu7nbg1yzeDyQiasZJwsHzPVxFhsl7MgL2nNFAX2rJInmrF/z/QwKJ08v24q7T3GzVY3nUa1Jzm+sGN/fTtgqXhyc+Jf3gfdsd4rRX/z53GtYOTKL56bgfXuzrJ/e7FBNCYxFGRGsFAS5xvP5A233X7AmX6nVVtuq12+0kZwnk00EcSrbi1PYNbKVV0972TYQS1OWaCT5F2FHg0=
+    client_secret: AgC1ZZx/9zYONU3RkTFlbGip8zQ7fczjdPwpzjmDarxcUWYQAY+87KHs9EmxoaRG9vUwtJiAWKJwbJqLpH6Iep5W354rH0CNe3xGP9eaQl2grZhe5+65cLPeMl05Oy4szSpCDzGl0VztWTD0CDHGAv+DXU37boqClcKKiCbNvKDyF/POp0ea226bGkNR+D2d1wcn+WBMEkolCcm2E6jyL0eC6Wqhz39lPmHhwm6jthMrjpr4Pz4dZ89LwMbtMT4OzP+X3xofqqeTPlf576HQDqsTXynjShNvTFZDIQswfNG3AlrJoF8HylqHyeYsOfDwAN0cQgcXjwGt+GwkhPJbq3Y1k+L0WqOdeov18XYX/c1NUaiATxxYeH1flgCgP8HgeXFcMefEtvxx0rxAoRw6wk0EFqByfTGggVxLJsN7GZYib1pgMDd/5/gr+jjrJRzuqEcljWpk31PeCiDDEVQcMXDFja1sh0ZA4TrDK10534Us0QUeq2HK7Zzhv9Cu++tjvBWDfw95TQ1wzqBnQ9oeJ1YhePU8Q4JZobmpBSg7bfnZzeFXPyvJocqLAyF6u235xYSpFjydDzf6kBamWdMmuP+UXfj/rlL0FUfxqvT7O0a0vmsD5MjDm0tfqTapmDmWcVXnzZrEYt04eQs6XqQgPfCcvZjmj6U9UDrQu65W6zVQKoYSPdGvs77p0YORfJO3tYcj0dOhsLJAYMd9XpeKc0Eh2b12RTu1vxCAs0oMQnp1Yy5k5cIp58w9N8R4StYGioX3h4a3Ne90WA==
+    rpc_secret: AgBXG8wLcDVxexL01Z/yS3eDvvo76c6Mfhv0tqwIVGgcZgIEi7MDhf3kMDQLEAP49Jz1jKyEebQJL48udHERKXTUBFgZgYeUHjDkaRP1fJiKqf++w2M6TCSGao26obICZhh11Qtzk9Bg+/J08Hp40eRk2Kagp5ckfshiTcdYWLkZ8SXYYdlS5cPamiQ7A1Jj9NDfYhr+W3Curf3qWbXZqdSkCobsrjzWiruWnXCd2V4ufpuv3sRzjHyPaWj+rlSDkeYkoZUR/NOkOHJH+eHRf6tP+3pK8lICsJSIOhu/KQcstlgIw+h6z7rmwt04wnb1ZVF1nIh+Yjk7HsNjGV4jdz5qOGRsQFGgDoxAEfxSOzZLE8XLk1PJ1KcMWX6s3RKnl9PS0bDpurBwi4CylBY28K6bHphrjqt1uN9jqmpTWsLRMBKaeDgRc5zuj8DPXFMryIh6knub3sDH14YdOHo6J2J54Kc2xjHbwIcZ7nRvvIE9nyakqELaTvVlwoq2bzvcb0j2lWofsewTgm2EcHtVNjhRbPus2nvNsKbUKRrH8KusmtyXjdShJFDKJ9MwdQaKyD2aoPIMSmqlGeGGsdcdpKtzB0af4yuD/4raARRPPPGf5aNvUnbWLMfGN567u3tA32KhOJeXYWGhJp32cnBj6Axx63UGnc5ZKmrNYE4Ic5s1nuq7AhRDYdb78IbhdaQuS1ywBq2HoeuHy1YNdVl4+N+PXm7g6r/JyZj42CJQT8/Pzw==
+  template:
+    metadata:
+      name: drone-gitea-secret
+      namespace: default
+    type: Opaque