SeanOMik/k3s-cluster
1
0
Fork 0
Code Issues 3 Pull requests 7 Activity

fix(forgejo-runner): switch to official runner after errors with gitea-actions-runner 0.0.14

Browse source
This commit is contained in:
SeanOMik 2024-12-14 21:49:05 -05:00
parent e6d44378dd
commit 11ca47e2a0
9 changed files with 175 additions and 206 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
kubernetes/main/apps/dev/forgejo-runner/kustomization.yaml → kubernetes/main/apps/dev/forgejo-runner/app/kustomization.yaml
View file

@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./reg-token.sops.yaml - ./reg-token.sops.yaml
- ./service-account.yaml #- ./service-account.yaml
- ./service.yaml #- ./service.yaml
- ./runner.yaml #- ./runner.yaml
- ./runner-dep.yaml

70
kubernetes/main/apps/dev/forgejo-runner/app/reg-token.sops.yaml Normal file
View file

@ -0,0 +1,70 @@
apiVersion: v1
kind: Secret
metadata:
name: forgejo-runner-token
stringData:
token: ENC[AES256_GCM,data:UKDiJKpmWSDJlQaq1WN23Ow3PAuVRPNWSk+zrx91zeyarYPgA6LhmQ==,iv:/JUZFaMYXVeItHsNPCs1mJxhidPi2kxbi/57atSSqAE=,tag:t0SwJLLKnTqs5fS+p1SAnQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-12-15T02:37:38Z"
mac: ENC[AES256_GCM,data:lCpKZk88pMXmsBphnNlQWRFWOz0O/ghrMN8AEtQGhckm1M6r25P6GaoBldM7891dZM1ULzthQjZdCL3Js4Q9jCnVzbuUNQW/UE9Blmfnrrf342I2+XhgMwK473Cqe8v6EpwSaxZpOA5+EUxoYmEw/lU5i0iLrsk3DdJ3CPGczo8=,iv:t/EhngcseRSK5ly5/x03tf/dxRqeY/x5ScwDldzyh4M=,tag:OMn9jwJwgCu6RaJZ6ZP17g==,type:str]
pgp:
- created_at: "2024-12-15T02:37:38Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAyqlIeyoxYovARAAywMl2DiEYnQxd7deuFeKpyDdv+iQDy5J94qp9tkS5OYH
HYliIjrzNy++ZduizBu9wS7R6LMn4w0rdrN7FKtZb4Ack+JHjJsjzI7E8YBn9DY8
OsbqShU091mJ8tSPJk2fx3n/1OAk3mil5nUdAobWJnygnQG3fUFI+UDfO39m91Ci
OZtTPSY9NOeCJejN1waDa0Z0F9kuKn2WKlyHoM1l/bbMI4K5HIH1hpO+z7Knvyue
AjcKk1rw7kS6+afv2cj9ZhQDKPaZ0eQoq9h43Csmdwy0uUghd5OzM1a0XeXhD0zL
gPBBNBy30mmEsiehPii/ZeOcGJ1wAPopZOv7k52nWzCb+h1ohRgIWljCfz3AlHE1
DrOOWAGyDXKV0FmR1Ltum8IL5tRgeOOhHe45BsVG+sWWSo9V3aOX+9EEz/9eFOhj
lWSP7aswAQ1ravlkJa1Y4m1CwPqWEhv4M8pkASmuj4q28lrxTpE75Zj1QkzN1no5
Fi7P6LXWYE39QYheCv5orH8sY1SkRN2Bl7fiLPIFFGp3AqoGOaxk8v1K7bJ6obOw
bR3oeGT3yuKBejT/a0wzQJrv60hhOiOj0O/Qo3aAqy7U0UW2OKDqI/SxAcuiA3m3
zD3aD4Ss3yjtqTnLoH6oSX9BTBssLkfl1Z6/enIam+7o+deobB/X59Opk9m0/KCF
AgwDXjg0p2IN1X8BEACPs0fg3Wf9z8hFQrSptKcucMlD/t+sUPZvWTgvy3sbIQIN
c6xHzjtJq7pgnKqFvN7V+guk4F2+AQOxsGmKcC+omH3ZawH9mhNlCBwUlEPcsEaY
LA1/yCVmLX50F4U3p+Z0UYbQcdmWOAJoKTw1Y3uXBdicl/P7WB+4olzTLN+aGcYv
vXCUSv5InZLPQ8znvJrW3gggLyaJbY75xLMaqbIH7wV7EIUy/1kFeV6SjnXoRWm1
u1m0D9A1oF4aOVaOgmXAS0PBC0l2Q6iLQPxx595go7QMyOFZbDSW9I01DRStCVX1
R46Ov1fHxxMeWFTOU64dIIPJH7bSiOVWIOWTY4M6ehgRmc+Nur8P/LsebynX5n93
AFmISit7oybWrRl0qjvcpt1RoLU61uVEb1e1NE6sYriDIaF+JuCqekAGlBa6lJPV
+PWrTk8mR7tTyRU+gWmIDPQO19X26bZBbIoY0/8nMkQP3I/BoBq5Ph/Ufu2nXUNT
S/cTLtzKlFqt6mkWT2agLJulhjlfhVfH8bCinE3dWTFP55UDkp33MQyLVxrqz9Im
fg9FR9WgNCDuPeM/SQ3O/RLsW+qYZtlmB9jgOY1nFJQSzTcvgxRJU30wyxv9O32J
4svXI+3EPHQOAFyylAVueJbj2HhtLLbroi0T4Z/eRTmWUDgOYETmSw/7BSK799Ro
AQkCEPO3ogD0ZIxLdEwiSyeKAWr+1kuci0YqwTO0DrCHZsM4Acz7h9L7MZc0SU7x
0mtW7Bfz1gNtFbjmKoa8jhIzu+CaoVFT80pzzvkqMknnRkHjqhglB3Q4IUp2j6dl
mTUZZeOiV8M=
=3xX0
-----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- created_at: "2024-12-15T02:37:38Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VAQ//XPYtg+p+MPu4XLJ1AEGej7fyUjb23J5U6kl54jX+rbhB
BxvwUpumnpGM0RPhbw/6lYRGAq8GxnHY9VNvHeW6L4ckIN3DOenJTcqOa/KD4SZN
eGsdbGCfs5SbbAOIjuMfGcIBd6zgm/O94E+KTv80j17T6o6gcMSkB59siWIzShOs
vBQdb1OwhXo/po9BIzqUeqU+5bqwsMD/pkWRfQGRUkS/ExrmCVg0AU0AniT/Tkyk
umVE6/nhvLEDq+6TOCvXy3eok/wlroyOFuBqQ6zhxLFfaQVCpShS3ka/g79JG1Ft
FVTL3lDlfaz9Tkm/0mWE70iYJk5wyBO5wRusdO9ArivSlYjyHXj0quYfU201f0ui
zshj/6WCfmMwa6llBj7CP1OmX9wddjgrDN5UvhYiKHyH8c+3B+YK5PkEd4Wq5bhl
mZOmPD5mjwBJsxivSe7qvQq8JTPuHN7BcGhZKcbLxOYDH6WhEjJvDj3PYa301cJR
V2Ae3uJKAXvxmUkMUS6mFYvybE83OdU2CmKPgroTq4cI0O5qap3Eum+paPozqKlS
8+bMD+T4mPdUNfQD9WJ48HE5WWUBRFrEbfvzEzPc221JsQvxdqg2VCCPUHjnpE3K
5fOr4XjbwrBZivsg+vpO150Iwj1+hJy6oUJ69Yg+NvzS+xQYJGWPS7Ibt0U+P9HU
aAEJAhCM2oNnauMhl+YI+2HQQfdiM8PoMFxLwCT1wtePNfhk+1jyJw4omyDb6A8K
R6PbYttywZeGYFV8l+Nb/EDhNg37siKnMm3cAGPBBQMReFaDjM1LLnHvgvzosSBO
Knn2vaTqtosn
=Lio/
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.9.1

75
kubernetes/main/apps/dev/forgejo-runner/app/runner-dep.yaml Normal file
View file

@ -0,0 +1,75 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/deployment.json
apiVersion: apps/v1
kind: Deployment
metadata:
name: forgejo-runner
labels:
app: forgejo-runner
spec:
replicas: 5
selector:
matchLabels:
app: forgejo-runner
strategy: {}
template:
metadata:
labels:
app: forgejo-runner
spec:
restartPolicy: Always
volumes:
- name: docker-certs
emptyDir: {}
- name: runner-data
emptyDir: {}
# Initialise our configuration file using offline registration
# https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
initContainers:
- name: runner-register
image: &runnerImg code.forgejo.org/forgejo/runner:5.0.3
command: ["forgejo-runner", "register", "--no-interactive", "--token", $(RUNNER_SECRET), "--name", $(RUNNER_NAME), "--instance", $(FORGEJO_INSTANCE_URL)]
env:
- name: RUNNER_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: RUNNER_SECRET
valueFrom:
secretKeyRef:
name: forgejo-runner-token
key: token
- name: FORGEJO_INSTANCE_URL
value: https://git.seanomik.net #${SECRET_NEW_DOMAIN}
resources:
limits:
cpu: "0.50"
memory: "64Mi"
volumeMounts:
- name: runner-data
mountPath: /data
containers:
- name: runner
image: *runnerImg
command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon"]
env:
- name: DOCKER_HOST
value: tcp://localhost:2376
- name: DOCKER_CERT_PATH
value: /certs/client
- name: DOCKER_TLS_VERIFY
value: "1"
volumeMounts:
- name: docker-certs
mountPath: /certs
- name: runner-data
mountPath: /data
- name: daemon
image: docker:27.4.0-dind
env:
- name: DOCKER_TLS_CERTDIR
value: /certs
securityContext:
privileged: true
volumeMounts:
- name: docker-certs
mountPath: /certs

25
kubernetes/main/apps/dev/forgejo-runner/ks.yaml Normal file
View file

@ -0,0 +1,25 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: forgejo-runner
namespace: flux-system
spec:
timeout: 5m
interval: 10m
targetNamespace: dev
path: ./kubernetes/main/apps/dev/forgejo-runner/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

71
kubernetes/main/apps/dev/forgejo-runner/reg-token.sops.yaml
View file

@ -1,71 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: forgejo-runner-token
namespace: dev
stringData:
token: ENC[AES256_GCM,data:9jDgV6FWMe0l6AL84CxgJbYQaaHeoFp4YokCaLiemRWp0gWIchi+7w==,iv:TfxHPiwKavl03AOn3O9EUsdeTGTSfhAISG51RB3lAMg=,tag:YbJ1ZrB2GLzQNTHpev5Qog==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-06-14T01:48:50Z"
mac: ENC[AES256_GCM,data:iYIQUl8hcNDgjvusqdA7VctAiqEI9qc9rtRsvlYieQHqm0ZsnZNmp3Am0uiBtRpnKOhgMQVimfVGQSeUp92FudbCLgKGCvnaEyDN9ejCRleGOWsyAmtsQIjJoNlkfYA98als0sKdK3OXtwSejof4hTdX83zHa6oul7Yo5+BAXzg=,iv:sMrCEVEHoe0B7G92XPGzKRIA8YBkguVN/XjiyWjCZGE=,tag:UzqPr464PwfyT7yZ1DbUyQ==,type:str]
pgp:
- created_at: "2024-06-14T01:48:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAyqlIeyoxYovAQ/+NoUJHW5bR2CXAsW8RFEn44duKfCf2zvk8xvvxeTRPFpy
osXhr9dtph9dCO/DiD1fO04qfdpcwUARwT+iUHxhXCMhh3YxK2WX3DrccDswCpVW
wx/8GVhRnVgD16A/joanGyNhE11bXE+pwTN+TletEbXa3o3sktiiSKLfIAD+lfQU
pR66u9SkgZk0hINw3Ubjj/BF2/y6rGPKOOqZniRc4sgJ3c/PWfKjzQBUT/4WwbBx
BwJaAAxkmZJTL944iqaP4lSLgqE5hckmtXSMlZcRSVBLidgWqF6zf+JmXa3Bu96s
r4br8XO2AR9BPLhbpTl5CcbvEiIkho9s+DLQt97t0efOlv/fTs1C+9TT9W8I1HMx
kB8bJQtX5uWV/2FPhgzwwQmRHMU3cRlfdv5b0nQgatMRMsEPsL65RYmQvakeYjb1
4sMAuSmlGSHBnbN4BZX6Bakt47onELADTe+8ECx6JVNMPxltnx3Q0gaEqfWx6tRU
EG8YEN/veEmNl2kGwi5hH1WaQIlioKh82FwxqRMHET3U+ru4osfFh4nEyHfsz0YF
ckG8h5CKCUZJ+BDZXTarHsa/d7U7FxAlfw6WnhekM6hvJghs2OpHBdJCkO4gL+VH
e/uva4MJV+Hq32pRgj5QvH3CvVI/fPe0b9D7kdmSeVBpXrkBeqkqlWDK7CR05auF
AgwDXjg0p2IN1X8BD/49nRK47AEuhvSqblkXFm1f3GJ8/KK3fpiB/OUVmgrkqV6E
iR6SPTufcfGBJIeMZBC99TFZWllZcDGybA5aFinI6c4fOIbfZAAO0JC4IXrYqWKg
5kB5QBjIkXD/7pELwbgiDXU/MuYu/spICY+AwciOowk8JTXV4OU9omTatC85GDFW
R131Ids5n5IYIofxiHr3hCuAg8n/pFzTzn6TITtAdVgDlPCdfY+dw2Nm8s1cu4by
mElpoVljNv6+SX/pGGxDs46ECZ83zLwr7h49fW1OKfb2tVFq1PvFj6YclxfDcVPp
GwSTjy6jELEyGYAWTwyLo3WaZO/iO0UKin1sWHeoPIYgGE2De/KamAr4iqpWXYC6
n1EU9bso2omFgZqmPvRt+z+b8yEttOeRmvIH+pXkJgM+Hva+qHBuU1oeYVA+32hm
nbxwutIHMX2tA+jOcG+MTjCqTtk0/JmD37Ulr1+KvFnlvidY1Lt7oa755kkpOi/h
6il1hpPR0h7pJ1zJceI7GwaUvaX/RCam5pQnPeQ2INUUl3DNiMaC9mjZcqjV5Cgt
s4F2WJsIkkZszMM0VCBzwpXYOLkUtX5OprXohqunq+CxfE8jnbS4OPvrFxzqcn9X
d4a8GQSUoXT9tbGWt23F1zcrihZJKVZQ1DzL6OXVsZBK8hoi5k3ahkxKZaRNRtRm
AQkCEJT2L4bU/KWwQjUQBInUaWWsElNZwy3f5axWXGTpdn3ZoRjjr6cQWCM9Xs1r
02fGSMADhLp+RCUuEvhcp71FKjgq+h2kC+z4QS0JT17M0nnlijnXXE4M3819KpmV
QXawwt7Y
=Bh7C
-----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- created_at: "2024-06-14T01:48:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VARAAp+DJIqWWFMWNaezrX85hHiuHZJjTWjnJIrQ0Bqvvv89d
hZENS3PbSN4gVz6NXmZ7obNcdFew2pcF8+zgZrM77DiPoKzpBrvJuy41fgSGYx3Z
QFE4w/FgzZ19Ad86AgvzALLNWH0bWZBZtkaPcsQBIdVp4xV9FzgnVOrE20OZgaVc
iucedMswCEPXHFbuBkeJZCmUNV06wQWANweZdJ/TC86PN+vKNML5dD7H6Mp6W9cK
97vznkxSgQALVWSkqV9KVQW3OuLn68xc2ewTy5ILDAUGrS+US9yz4EKwb6oBG8nF
EwEEbxV8sUHRfIp73ub4YD8IxDxdXGZFevZXggpTnZ0BcTyxHQmQ+ukKAn4W9ddI
VKq9oHOMgcn4IVvIsybCMoC1ieJSq+ZT+ebRQAgT9Z5f+OMndokBREhVHjBgRl7G
NQK/yGBsUTn04hvOW/6T+R4EC9HJCpASQBHfh+WYjBTRMl2icZburQPKZhDJOdzS
5YEMToYewqYhJ87/e1++vHsUE2PwAjT1R0zC0h4mpXQliyeYJ5jl3AAJR8YYtRui
q1fMgr1a4ZDDJk6abXObzHpEcUanxxD75GedCdmq4JOLdaI2m5c8pdpN3ecx0QbS
39jOJW/eAiWsnjWe2Rq9gucB0qRQmUG3338DtRh5W8JC722G20A5E6Txa40nI0fU
ZgEJAhA9ZwSEEY2K4+aIZb1+s6ZOQ++a6rC6ymIJRs/gmusw0rO5pfDwpq+8kQU3
oGF9VrmwGgSF3zO2Y9iWlPp58sEsNS54PJygBOabgD88W0SqTg490TXxtjIj6HLL
JACfvy57bQ==
=wTij
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.8.1

77
kubernetes/main/apps/dev/forgejo-runner/runner.yaml
View file

@ -1,77 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/statefulset.json
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: forgejo-runner
namespace: dev
spec:
serviceName: forgejo-runner
replicas: 5
revisionHistoryLimit: 0
volumeClaimTemplates:
- metadata:
name: runner-work
spec:
storageClassName: mainpool-hostpath
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
persistentVolumeClaimRetentionPolicy:
whenScaled: Delete
whenDeleted: Delete
selector:
matchLabels:
app: forgejo-runner
template:
metadata:
labels:
app: forgejo-runner
spec:
serviceAccountName: forgejo-runner
containers:
- name: runner
image: ghcr.io/christopherhx/gitea-actions-runner:v0.0.13
imagePullPolicy: Always
env:
- name: ACTIONS_RUNNER_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: ACTIONS_RUNNER_CLAIM_NAME
value: runner-work-$(ACTIONS_RUNNER_POD_NAME)
- name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
value: "true"
- name: ACTIONS_RUNNER_CONTAINER_HOOKS
value: /home/runner/k8s/index.js
- name: GITEA_INSTANCE_URL
value: https://git.${SECRET_NEW_DOMAIN}
- name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: forgejo-runner-token
key: token
- name: GITEA_RUNNER_LABELS
value: docker,cluster
- name: GITEA_RUNNER_NAME
value: cluster-$(ACTIONS_RUNNER_POD_NAME)
volumeMounts:
- mountPath: /home/runner/_work
name: runner-work
resources:
requests:
cpu: "10m"
memory: "500Mi"
limits:
cpu: "1"
memory: "1Gi"

43
kubernetes/main/apps/dev/forgejo-runner/service-account.yaml
View file

@ -1,43 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/role.json
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: forgejo-runner
namespace: dev
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "create", "delete"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["get", "create"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get", "list", "watch",]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["get", "list", "create", "delete"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "create", "delete"]
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/rolebinding.json
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: forgejo-runner
namespace: dev
subjects:
- kind: ServiceAccount
name: forgejo-runner
roleRef:
kind: Role
name: forgejo-runner
apiGroup: rbac.authorization.k8s.io
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/serviceaccount.json
apiVersion: v1
kind: ServiceAccount
metadata:
name: forgejo-runner
namespace: dev

11
kubernetes/main/apps/dev/forgejo-runner/service.yaml
View file

@ -1,11 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/service.json
kind: Service
apiVersion: v1
metadata:
name: forgejo-runner
namespace: dev
spec:
type: ClusterIP
clusterIP: None
selector:
app: forgejo-runner

2
kubernetes/main/apps/dev/kustomization.yaml
View file

@ -3,5 +3,5 @@ kind: Kustomization
resources: resources:
- ./namespace.yaml - ./namespace.yaml
- ./woodpecker - ./woodpecker
- ./forgejo-runner - ./forgejo-runner/ks.yaml
- ./airflow - ./airflow