# In-cluster Forgejo Actions runner (ADR-004). # DinD sidecar + forgejo-runner; registration via init container on first boot. --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: forgejo-runner-data namespace: forgejo labels: app.kubernetes.io/name: forgejo-runner app.kubernetes.io/part-of: railiance-apps spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi storageClassName: local-path --- apiVersion: v1 kind: ConfigMap metadata: name: forgejo-runner-init namespace: forgejo labels: app.kubernetes.io/name: forgejo-runner data: register.sh: | #!/bin/sh set -eu cd /data if [ ! -f config.yaml ]; then forgejo-runner generate-config > config.yaml fi if [ ! -f .runner ]; then forgejo-runner register --no-interactive \ --config /data/config.yaml \ --instance "${FORGEJO_INSTANCE}" \ --token "${REGISTRATION_TOKEN}" \ --name "${RUNNER_NAME}" \ --labels "${RUNNER_LABELS}" fi --- apiVersion: apps/v1 kind: Deployment metadata: name: forgejo-runner namespace: forgejo labels: app.kubernetes.io/name: forgejo-runner app.kubernetes.io/part-of: railiance-apps spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/name: forgejo-runner template: metadata: labels: app.kubernetes.io/name: forgejo-runner spec: securityContext: fsGroup: 1000 initContainers: - name: register image: code.forgejo.org/forgejo/runner:6.3.1 imagePullPolicy: IfNotPresent command: ["/bin/sh", "/scripts/register.sh"] env: - name: FORGEJO_INSTANCE value: "https://forgejo.coulomb.social/" - name: RUNNER_NAME value: "railiance01-build-01" - name: RUNNER_LABELS value: "self-hosted:host,linux:host,linux_amd64:host,container-build:host,registry-publish:host,railiance01:host,ubuntu-latest:docker://node:20-bookworm,docker:docker://node:20-bookworm" - name: REGISTRATION_TOKEN valueFrom: secretKeyRef: name: forgejo-runner-registration key: token volumeMounts: - name: data mountPath: /data - name: init-scripts mountPath: /scripts readOnly: true containers: - name: dind image: docker:27-dind imagePullPolicy: IfNotPresent securityContext: privileged: true env: - name: DOCKER_TLS_CERTDIR value: "" args: - dockerd - -H - tcp://0.0.0.0:2375 - --tls=false readinessProbe: exec: command: [docker, info] initialDelaySeconds: 5 periodSeconds: 10 - name: runner image: code.forgejo.org/forgejo/runner:6.3.1 imagePullPolicy: IfNotPresent env: - name: DOCKER_HOST value: tcp://127.0.0.1:2375 command: - forgejo-runner - daemon - --config - /data/config.yaml volumeMounts: - name: data mountPath: /data readinessProbe: exec: command: [forgejo-runner, -v] initialDelaySeconds: 10 periodSeconds: 30 volumes: - name: data persistentVolumeClaim: claimName: forgejo-runner-data - name: init-scripts configMap: name: forgejo-runner-init defaultMode: 0555