railiance-apps/manifests/forgejo-runner.yaml

142 lines
4 KiB
YAML
Raw Normal View History

# In-cluster Forgejo Actions runner (ADR-004).
# DinD sidecar + forgejo-runner; registration via init container on first boot.
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: forgejo-runner-data
namespace: forgejo
labels:
app.kubernetes.io/name: forgejo-runner
app.kubernetes.io/part-of: railiance-apps
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: local-path
---
apiVersion: v1
kind: ConfigMap
metadata:
name: forgejo-runner-init
namespace: forgejo
labels:
app.kubernetes.io/name: forgejo-runner
data:
register.sh: |
#!/bin/sh
set -eu
cd /data
if [ ! -f config.yaml ]; then
forgejo-runner generate-config > config.yaml
fi
if [ ! -f .runner ]; then
forgejo-runner register --no-interactive \
--config /data/config.yaml \
--instance "${FORGEJO_INSTANCE}" \
--token "${REGISTRATION_TOKEN}" \
--name "${RUNNER_NAME}" \
--labels "${RUNNER_LABELS}"
fi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: forgejo-runner
namespace: forgejo
labels:
app.kubernetes.io/name: forgejo-runner
app.kubernetes.io/part-of: railiance-apps
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: forgejo-runner
template:
metadata:
labels:
app.kubernetes.io/name: forgejo-runner
spec:
securityContext:
fsGroup: 1000
initContainers:
- name: register
image: code.forgejo.org/forgejo/runner:6.3.1
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "/scripts/register.sh"]
env:
- name: FORGEJO_INSTANCE
value: "https://forgejo.coulomb.social/"
- name: RUNNER_NAME
value: "railiance01-build-01"
- name: RUNNER_LABELS
value: "self-hosted:host,linux:host,linux_amd64:host,container-build:host,registry-publish:host,railiance01:host,ubuntu-latest:docker://node:20-bookworm,docker:docker://node:20-bookworm"
- name: REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: forgejo-runner-registration
key: token
volumeMounts:
- name: data
mountPath: /data
- name: init-scripts
mountPath: /scripts
readOnly: true
containers:
- name: dind
image: docker:27-dind
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
env:
- name: DOCKER_TLS_CERTDIR
value: ""
args:
- dockerd
- -H
- tcp://0.0.0.0:2375
- --tls=false
readinessProbe:
tcpSocket:
port: 2375
initialDelaySeconds: 10
periodSeconds: 10
- name: runner
image: code.forgejo.org/forgejo/runner:6.3.1
imagePullPolicy: IfNotPresent
env:
- name: DOCKER_HOST
value: tcp://127.0.0.1:2375
command: ["/bin/sh", "-c"]
args:
- |
set -eu
echo "waiting for DinD..."
for i in $(seq 1 90); do
if wget -q -O- http://127.0.0.1:2375/_ping 2>/dev/null | grep -q OK; then
echo "DinD ready"
break
fi
sleep 2
done
exec forgejo-runner daemon --config /data/config.yaml
volumeMounts:
- name: data
mountPath: /data
readinessProbe:
exec:
command: ["/bin/sh", "-c", "wget -q -O- http://127.0.0.1:2375/_ping | grep -q OK"]
initialDelaySeconds: 15
periodSeconds: 30
volumes:
- name: data
persistentVolumeClaim:
claimName: forgejo-runner-data
- name: init-scripts
configMap:
name: forgejo-runner-init
defaultMode: 0555