fix(forgejo-runner): switch to official runner after errors with gitea-actions-runner 0.0.14
This commit is contained in:
parent
e6d44378dd
commit
11ca47e2a0
9 changed files with 175 additions and 206 deletions
|
@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||
kind: Kustomization
|
||||
resources:
|
||||
- ./reg-token.sops.yaml
|
||||
- ./service-account.yaml
|
||||
- ./service.yaml
|
||||
- ./runner.yaml
|
||||
#- ./service-account.yaml
|
||||
#- ./service.yaml
|
||||
#- ./runner.yaml
|
||||
- ./runner-dep.yaml
|
|
@ -0,0 +1,70 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: forgejo-runner-token
|
||||
stringData:
|
||||
token: ENC[AES256_GCM,data:UKDiJKpmWSDJlQaq1WN23Ow3PAuVRPNWSk+zrx91zeyarYPgA6LhmQ==,iv:/JUZFaMYXVeItHsNPCs1mJxhidPi2kxbi/57atSSqAE=,tag:t0SwJLLKnTqs5fS+p1SAnQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2024-12-15T02:37:38Z"
|
||||
mac: ENC[AES256_GCM,data:lCpKZk88pMXmsBphnNlQWRFWOz0O/ghrMN8AEtQGhckm1M6r25P6GaoBldM7891dZM1ULzthQjZdCL3Js4Q9jCnVzbuUNQW/UE9Blmfnrrf342I2+XhgMwK473Cqe8v6EpwSaxZpOA5+EUxoYmEw/lU5i0iLrsk3DdJ3CPGczo8=,iv:t/EhngcseRSK5ly5/x03tf/dxRqeY/x5ScwDldzyh4M=,tag:OMn9jwJwgCu6RaJZ6ZP17g==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-12-15T02:37:38Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAyqlIeyoxYovARAAywMl2DiEYnQxd7deuFeKpyDdv+iQDy5J94qp9tkS5OYH
|
||||
HYliIjrzNy++ZduizBu9wS7R6LMn4w0rdrN7FKtZb4Ack+JHjJsjzI7E8YBn9DY8
|
||||
OsbqShU091mJ8tSPJk2fx3n/1OAk3mil5nUdAobWJnygnQG3fUFI+UDfO39m91Ci
|
||||
OZtTPSY9NOeCJejN1waDa0Z0F9kuKn2WKlyHoM1l/bbMI4K5HIH1hpO+z7Knvyue
|
||||
AjcKk1rw7kS6+afv2cj9ZhQDKPaZ0eQoq9h43Csmdwy0uUghd5OzM1a0XeXhD0zL
|
||||
gPBBNBy30mmEsiehPii/ZeOcGJ1wAPopZOv7k52nWzCb+h1ohRgIWljCfz3AlHE1
|
||||
DrOOWAGyDXKV0FmR1Ltum8IL5tRgeOOhHe45BsVG+sWWSo9V3aOX+9EEz/9eFOhj
|
||||
lWSP7aswAQ1ravlkJa1Y4m1CwPqWEhv4M8pkASmuj4q28lrxTpE75Zj1QkzN1no5
|
||||
Fi7P6LXWYE39QYheCv5orH8sY1SkRN2Bl7fiLPIFFGp3AqoGOaxk8v1K7bJ6obOw
|
||||
bR3oeGT3yuKBejT/a0wzQJrv60hhOiOj0O/Qo3aAqy7U0UW2OKDqI/SxAcuiA3m3
|
||||
zD3aD4Ss3yjtqTnLoH6oSX9BTBssLkfl1Z6/enIam+7o+deobB/X59Opk9m0/KCF
|
||||
AgwDXjg0p2IN1X8BEACPs0fg3Wf9z8hFQrSptKcucMlD/t+sUPZvWTgvy3sbIQIN
|
||||
c6xHzjtJq7pgnKqFvN7V+guk4F2+AQOxsGmKcC+omH3ZawH9mhNlCBwUlEPcsEaY
|
||||
LA1/yCVmLX50F4U3p+Z0UYbQcdmWOAJoKTw1Y3uXBdicl/P7WB+4olzTLN+aGcYv
|
||||
vXCUSv5InZLPQ8znvJrW3gggLyaJbY75xLMaqbIH7wV7EIUy/1kFeV6SjnXoRWm1
|
||||
u1m0D9A1oF4aOVaOgmXAS0PBC0l2Q6iLQPxx595go7QMyOFZbDSW9I01DRStCVX1
|
||||
R46Ov1fHxxMeWFTOU64dIIPJH7bSiOVWIOWTY4M6ehgRmc+Nur8P/LsebynX5n93
|
||||
AFmISit7oybWrRl0qjvcpt1RoLU61uVEb1e1NE6sYriDIaF+JuCqekAGlBa6lJPV
|
||||
+PWrTk8mR7tTyRU+gWmIDPQO19X26bZBbIoY0/8nMkQP3I/BoBq5Ph/Ufu2nXUNT
|
||||
S/cTLtzKlFqt6mkWT2agLJulhjlfhVfH8bCinE3dWTFP55UDkp33MQyLVxrqz9Im
|
||||
fg9FR9WgNCDuPeM/SQ3O/RLsW+qYZtlmB9jgOY1nFJQSzTcvgxRJU30wyxv9O32J
|
||||
4svXI+3EPHQOAFyylAVueJbj2HhtLLbroi0T4Z/eRTmWUDgOYETmSw/7BSK799Ro
|
||||
AQkCEPO3ogD0ZIxLdEwiSyeKAWr+1kuci0YqwTO0DrCHZsM4Acz7h9L7MZc0SU7x
|
||||
0mtW7Bfz1gNtFbjmKoa8jhIzu+CaoVFT80pzzvkqMknnRkHjqhglB3Q4IUp2j6dl
|
||||
mTUZZeOiV8M=
|
||||
=3xX0
|
||||
-----END PGP MESSAGE-----
|
||||
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
|
||||
- created_at: "2024-12-15T02:37:38Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAy5t8IMoPu4VAQ//XPYtg+p+MPu4XLJ1AEGej7fyUjb23J5U6kl54jX+rbhB
|
||||
BxvwUpumnpGM0RPhbw/6lYRGAq8GxnHY9VNvHeW6L4ckIN3DOenJTcqOa/KD4SZN
|
||||
eGsdbGCfs5SbbAOIjuMfGcIBd6zgm/O94E+KTv80j17T6o6gcMSkB59siWIzShOs
|
||||
vBQdb1OwhXo/po9BIzqUeqU+5bqwsMD/pkWRfQGRUkS/ExrmCVg0AU0AniT/Tkyk
|
||||
umVE6/nhvLEDq+6TOCvXy3eok/wlroyOFuBqQ6zhxLFfaQVCpShS3ka/g79JG1Ft
|
||||
FVTL3lDlfaz9Tkm/0mWE70iYJk5wyBO5wRusdO9ArivSlYjyHXj0quYfU201f0ui
|
||||
zshj/6WCfmMwa6llBj7CP1OmX9wddjgrDN5UvhYiKHyH8c+3B+YK5PkEd4Wq5bhl
|
||||
mZOmPD5mjwBJsxivSe7qvQq8JTPuHN7BcGhZKcbLxOYDH6WhEjJvDj3PYa301cJR
|
||||
V2Ae3uJKAXvxmUkMUS6mFYvybE83OdU2CmKPgroTq4cI0O5qap3Eum+paPozqKlS
|
||||
8+bMD+T4mPdUNfQD9WJ48HE5WWUBRFrEbfvzEzPc221JsQvxdqg2VCCPUHjnpE3K
|
||||
5fOr4XjbwrBZivsg+vpO150Iwj1+hJy6oUJ69Yg+NvzS+xQYJGWPS7Ibt0U+P9HU
|
||||
aAEJAhCM2oNnauMhl+YI+2HQQfdiM8PoMFxLwCT1wtePNfhk+1jyJw4omyDb6A8K
|
||||
R6PbYttywZeGYFV8l+Nb/EDhNg37siKnMm3cAGPBBQMReFaDjM1LLnHvgvzosSBO
|
||||
Knn2vaTqtosn
|
||||
=Lio/
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.9.1
|
75
kubernetes/main/apps/dev/forgejo-runner/app/runner-dep.yaml
Normal file
75
kubernetes/main/apps/dev/forgejo-runner/app/runner-dep.yaml
Normal file
|
@ -0,0 +1,75 @@
|
|||
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/deployment.json
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: forgejo-runner
|
||||
labels:
|
||||
app: forgejo-runner
|
||||
spec:
|
||||
replicas: 5
|
||||
selector:
|
||||
matchLabels:
|
||||
app: forgejo-runner
|
||||
strategy: {}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: forgejo-runner
|
||||
spec:
|
||||
restartPolicy: Always
|
||||
volumes:
|
||||
- name: docker-certs
|
||||
emptyDir: {}
|
||||
- name: runner-data
|
||||
emptyDir: {}
|
||||
# Initialise our configuration file using offline registration
|
||||
# https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
|
||||
initContainers:
|
||||
- name: runner-register
|
||||
image: &runnerImg code.forgejo.org/forgejo/runner:5.0.3
|
||||
command: ["forgejo-runner", "register", "--no-interactive", "--token", $(RUNNER_SECRET), "--name", $(RUNNER_NAME), "--instance", $(FORGEJO_INSTANCE_URL)]
|
||||
env:
|
||||
- name: RUNNER_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: RUNNER_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: forgejo-runner-token
|
||||
key: token
|
||||
- name: FORGEJO_INSTANCE_URL
|
||||
value: https://git.seanomik.net #${SECRET_NEW_DOMAIN}
|
||||
resources:
|
||||
limits:
|
||||
cpu: "0.50"
|
||||
memory: "64Mi"
|
||||
volumeMounts:
|
||||
- name: runner-data
|
||||
mountPath: /data
|
||||
containers:
|
||||
- name: runner
|
||||
image: *runnerImg
|
||||
command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon"]
|
||||
env:
|
||||
- name: DOCKER_HOST
|
||||
value: tcp://localhost:2376
|
||||
- name: DOCKER_CERT_PATH
|
||||
value: /certs/client
|
||||
- name: DOCKER_TLS_VERIFY
|
||||
value: "1"
|
||||
volumeMounts:
|
||||
- name: docker-certs
|
||||
mountPath: /certs
|
||||
- name: runner-data
|
||||
mountPath: /data
|
||||
- name: daemon
|
||||
image: docker:27.4.0-dind
|
||||
env:
|
||||
- name: DOCKER_TLS_CERTDIR
|
||||
value: /certs
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- name: docker-certs
|
||||
mountPath: /certs
|
25
kubernetes/main/apps/dev/forgejo-runner/ks.yaml
Normal file
25
kubernetes/main/apps/dev/forgejo-runner/ks.yaml
Normal file
|
@ -0,0 +1,25 @@
|
|||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: forgejo-runner
|
||||
namespace: flux-system
|
||||
spec:
|
||||
timeout: 5m
|
||||
interval: 10m
|
||||
targetNamespace: dev
|
||||
path: ./kubernetes/main/apps/dev/forgejo-runner/app
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: home-cluster
|
||||
decryption:
|
||||
provider: sops
|
||||
secretRef:
|
||||
name: sops-gpg
|
||||
postBuild:
|
||||
substituteFrom:
|
||||
- kind: ConfigMap
|
||||
name: cluster-settings
|
||||
- kind: Secret
|
||||
name: cluster-secrets
|
|
@ -1,71 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: forgejo-runner-token
|
||||
namespace: dev
|
||||
stringData:
|
||||
token: ENC[AES256_GCM,data:9jDgV6FWMe0l6AL84CxgJbYQaaHeoFp4YokCaLiemRWp0gWIchi+7w==,iv:TfxHPiwKavl03AOn3O9EUsdeTGTSfhAISG51RB3lAMg=,tag:YbJ1ZrB2GLzQNTHpev5Qog==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2024-06-14T01:48:50Z"
|
||||
mac: ENC[AES256_GCM,data:iYIQUl8hcNDgjvusqdA7VctAiqEI9qc9rtRsvlYieQHqm0ZsnZNmp3Am0uiBtRpnKOhgMQVimfVGQSeUp92FudbCLgKGCvnaEyDN9ejCRleGOWsyAmtsQIjJoNlkfYA98als0sKdK3OXtwSejof4hTdX83zHa6oul7Yo5+BAXzg=,iv:sMrCEVEHoe0B7G92XPGzKRIA8YBkguVN/XjiyWjCZGE=,tag:UzqPr464PwfyT7yZ1DbUyQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-06-14T01:48:50Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAyqlIeyoxYovAQ/+NoUJHW5bR2CXAsW8RFEn44duKfCf2zvk8xvvxeTRPFpy
|
||||
osXhr9dtph9dCO/DiD1fO04qfdpcwUARwT+iUHxhXCMhh3YxK2WX3DrccDswCpVW
|
||||
wx/8GVhRnVgD16A/joanGyNhE11bXE+pwTN+TletEbXa3o3sktiiSKLfIAD+lfQU
|
||||
pR66u9SkgZk0hINw3Ubjj/BF2/y6rGPKOOqZniRc4sgJ3c/PWfKjzQBUT/4WwbBx
|
||||
BwJaAAxkmZJTL944iqaP4lSLgqE5hckmtXSMlZcRSVBLidgWqF6zf+JmXa3Bu96s
|
||||
r4br8XO2AR9BPLhbpTl5CcbvEiIkho9s+DLQt97t0efOlv/fTs1C+9TT9W8I1HMx
|
||||
kB8bJQtX5uWV/2FPhgzwwQmRHMU3cRlfdv5b0nQgatMRMsEPsL65RYmQvakeYjb1
|
||||
4sMAuSmlGSHBnbN4BZX6Bakt47onELADTe+8ECx6JVNMPxltnx3Q0gaEqfWx6tRU
|
||||
EG8YEN/veEmNl2kGwi5hH1WaQIlioKh82FwxqRMHET3U+ru4osfFh4nEyHfsz0YF
|
||||
ckG8h5CKCUZJ+BDZXTarHsa/d7U7FxAlfw6WnhekM6hvJghs2OpHBdJCkO4gL+VH
|
||||
e/uva4MJV+Hq32pRgj5QvH3CvVI/fPe0b9D7kdmSeVBpXrkBeqkqlWDK7CR05auF
|
||||
AgwDXjg0p2IN1X8BD/49nRK47AEuhvSqblkXFm1f3GJ8/KK3fpiB/OUVmgrkqV6E
|
||||
iR6SPTufcfGBJIeMZBC99TFZWllZcDGybA5aFinI6c4fOIbfZAAO0JC4IXrYqWKg
|
||||
5kB5QBjIkXD/7pELwbgiDXU/MuYu/spICY+AwciOowk8JTXV4OU9omTatC85GDFW
|
||||
R131Ids5n5IYIofxiHr3hCuAg8n/pFzTzn6TITtAdVgDlPCdfY+dw2Nm8s1cu4by
|
||||
mElpoVljNv6+SX/pGGxDs46ECZ83zLwr7h49fW1OKfb2tVFq1PvFj6YclxfDcVPp
|
||||
GwSTjy6jELEyGYAWTwyLo3WaZO/iO0UKin1sWHeoPIYgGE2De/KamAr4iqpWXYC6
|
||||
n1EU9bso2omFgZqmPvRt+z+b8yEttOeRmvIH+pXkJgM+Hva+qHBuU1oeYVA+32hm
|
||||
nbxwutIHMX2tA+jOcG+MTjCqTtk0/JmD37Ulr1+KvFnlvidY1Lt7oa755kkpOi/h
|
||||
6il1hpPR0h7pJ1zJceI7GwaUvaX/RCam5pQnPeQ2INUUl3DNiMaC9mjZcqjV5Cgt
|
||||
s4F2WJsIkkZszMM0VCBzwpXYOLkUtX5OprXohqunq+CxfE8jnbS4OPvrFxzqcn9X
|
||||
d4a8GQSUoXT9tbGWt23F1zcrihZJKVZQ1DzL6OXVsZBK8hoi5k3ahkxKZaRNRtRm
|
||||
AQkCEJT2L4bU/KWwQjUQBInUaWWsElNZwy3f5axWXGTpdn3ZoRjjr6cQWCM9Xs1r
|
||||
02fGSMADhLp+RCUuEvhcp71FKjgq+h2kC+z4QS0JT17M0nnlijnXXE4M3819KpmV
|
||||
QXawwt7Y
|
||||
=Bh7C
|
||||
-----END PGP MESSAGE-----
|
||||
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
|
||||
- created_at: "2024-06-14T01:48:50Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMAy5t8IMoPu4VARAAp+DJIqWWFMWNaezrX85hHiuHZJjTWjnJIrQ0Bqvvv89d
|
||||
hZENS3PbSN4gVz6NXmZ7obNcdFew2pcF8+zgZrM77DiPoKzpBrvJuy41fgSGYx3Z
|
||||
QFE4w/FgzZ19Ad86AgvzALLNWH0bWZBZtkaPcsQBIdVp4xV9FzgnVOrE20OZgaVc
|
||||
iucedMswCEPXHFbuBkeJZCmUNV06wQWANweZdJ/TC86PN+vKNML5dD7H6Mp6W9cK
|
||||
97vznkxSgQALVWSkqV9KVQW3OuLn68xc2ewTy5ILDAUGrS+US9yz4EKwb6oBG8nF
|
||||
EwEEbxV8sUHRfIp73ub4YD8IxDxdXGZFevZXggpTnZ0BcTyxHQmQ+ukKAn4W9ddI
|
||||
VKq9oHOMgcn4IVvIsybCMoC1ieJSq+ZT+ebRQAgT9Z5f+OMndokBREhVHjBgRl7G
|
||||
NQK/yGBsUTn04hvOW/6T+R4EC9HJCpASQBHfh+WYjBTRMl2icZburQPKZhDJOdzS
|
||||
5YEMToYewqYhJ87/e1++vHsUE2PwAjT1R0zC0h4mpXQliyeYJ5jl3AAJR8YYtRui
|
||||
q1fMgr1a4ZDDJk6abXObzHpEcUanxxD75GedCdmq4JOLdaI2m5c8pdpN3ecx0QbS
|
||||
39jOJW/eAiWsnjWe2Rq9gucB0qRQmUG3338DtRh5W8JC722G20A5E6Txa40nI0fU
|
||||
ZgEJAhA9ZwSEEY2K4+aIZb1+s6ZOQ++a6rC6ymIJRs/gmusw0rO5pfDwpq+8kQU3
|
||||
oGF9VrmwGgSF3zO2Y9iWlPp58sEsNS54PJygBOabgD88W0SqTg490TXxtjIj6HLL
|
||||
JACfvy57bQ==
|
||||
=wTij
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.8.1
|
|
@ -1,77 +0,0 @@
|
|||
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/statefulset.json
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: forgejo-runner
|
||||
namespace: dev
|
||||
spec:
|
||||
serviceName: forgejo-runner
|
||||
replicas: 5
|
||||
revisionHistoryLimit: 0
|
||||
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: runner-work
|
||||
spec:
|
||||
storageClassName: mainpool-hostpath
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
|
||||
persistentVolumeClaimRetentionPolicy:
|
||||
whenScaled: Delete
|
||||
whenDeleted: Delete
|
||||
|
||||
selector:
|
||||
matchLabels:
|
||||
app: forgejo-runner
|
||||
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: forgejo-runner
|
||||
|
||||
spec:
|
||||
serviceAccountName: forgejo-runner
|
||||
|
||||
containers:
|
||||
- name: runner
|
||||
image: ghcr.io/christopherhx/gitea-actions-runner:v0.0.13
|
||||
imagePullPolicy: Always
|
||||
|
||||
env:
|
||||
- name: ACTIONS_RUNNER_POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: ACTIONS_RUNNER_CLAIM_NAME
|
||||
value: runner-work-$(ACTIONS_RUNNER_POD_NAME)
|
||||
- name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
|
||||
value: "true"
|
||||
- name: ACTIONS_RUNNER_CONTAINER_HOOKS
|
||||
value: /home/runner/k8s/index.js
|
||||
- name: GITEA_INSTANCE_URL
|
||||
value: https://git.${SECRET_NEW_DOMAIN}
|
||||
- name: GITEA_RUNNER_REGISTRATION_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: forgejo-runner-token
|
||||
key: token
|
||||
- name: GITEA_RUNNER_LABELS
|
||||
value: docker,cluster
|
||||
- name: GITEA_RUNNER_NAME
|
||||
value: cluster-$(ACTIONS_RUNNER_POD_NAME)
|
||||
|
||||
volumeMounts:
|
||||
- mountPath: /home/runner/_work
|
||||
name: runner-work
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: "10m"
|
||||
memory: "500Mi"
|
||||
limits:
|
||||
cpu: "1"
|
||||
memory: "1Gi"
|
|
@ -1,43 +0,0 @@
|
|||
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/role.json
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: forgejo-runner
|
||||
namespace: dev
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["pods"]
|
||||
verbs: ["get", "list", "create", "delete"]
|
||||
- apiGroups: [""]
|
||||
resources: ["pods/exec"]
|
||||
verbs: ["get", "create"]
|
||||
- apiGroups: [""]
|
||||
resources: ["pods/log"]
|
||||
verbs: ["get", "list", "watch",]
|
||||
- apiGroups: ["batch"]
|
||||
resources: ["jobs"]
|
||||
verbs: ["get", "list", "create", "delete"]
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
verbs: ["get", "list", "create", "delete"]
|
||||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/rolebinding.json
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: forgejo-runner
|
||||
namespace: dev
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: forgejo-runner
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: forgejo-runner
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/serviceaccount.json
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: forgejo-runner
|
||||
namespace: dev
|
|
@ -1,11 +0,0 @@
|
|||
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/service.json
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: forgejo-runner
|
||||
namespace: dev
|
||||
spec:
|
||||
type: ClusterIP
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: forgejo-runner
|
|
@ -3,5 +3,5 @@ kind: Kustomization
|
|||
resources:
|
||||
- ./namespace.yaml
|
||||
- ./woodpecker
|
||||
- ./forgejo-runner
|
||||
- ./forgejo-runner/ks.yaml
|
||||
- ./airflow
|
Loading…
Reference in a new issue