108 lines
3.2 KiB
YAML
108 lines
3.2 KiB
YAML
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/deployment.json
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: forgejo-runner
|
|
labels:
|
|
app: forgejo-runner
|
|
spec:
|
|
replicas: 5
|
|
selector:
|
|
matchLabels:
|
|
app: forgejo-runner
|
|
strategy: {}
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: forgejo-runner
|
|
spec:
|
|
restartPolicy: Always
|
|
volumes:
|
|
- name: docker-certs
|
|
emptyDir: {}
|
|
- name: runner-data
|
|
emptyDir: {}
|
|
- name: runner-config
|
|
configMap:
|
|
name: runner-config
|
|
# Initialise our configuration file using offline registration
|
|
# https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
|
|
initContainers:
|
|
- name: runner-register
|
|
image: &runnerImg code.forgejo.org/forgejo/runner:6.0.1
|
|
command: ["forgejo-runner", "register", "--no-interactive", "--token", $(RUNNER_SECRET), "--name", $(RUNNER_NAME), "--instance", $(FORGEJO_INSTANCE_URL)]
|
|
env:
|
|
- name: RUNNER_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: RUNNER_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: forgejo-runner-token
|
|
key: token
|
|
- name: FORGEJO_INSTANCE_URL
|
|
value: https://git.seanomik.net #${SECRET_NEW_DOMAIN}
|
|
resources:
|
|
limits:
|
|
cpu: "0.50"
|
|
memory: "64Mi"
|
|
volumeMounts:
|
|
- name: runner-data
|
|
mountPath: /data
|
|
# fix permissions of cache pvc
|
|
- command:
|
|
- "sh"
|
|
- "-c"
|
|
- |
|
|
find /cache -type d -exec chmod 775 {} +
|
|
find /cache -type f -exec chmod 664 {} +
|
|
chown -R 1000:1000 /cache
|
|
image: busybox
|
|
volumeMounts:
|
|
- mountPath: /cache
|
|
name: forgejo-runner-cache
|
|
name: fix-permissions
|
|
containers:
|
|
- name: runner
|
|
image: *runnerImg
|
|
command:
|
|
- "sh"
|
|
- "-c"
|
|
- "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon --config /data/config.yml"
|
|
env:
|
|
- name: DOCKER_HOST
|
|
value: tcp://localhost:2376
|
|
- name: DOCKER_CERT_PATH
|
|
value: /certs/client
|
|
- name: DOCKER_TLS_VERIFY
|
|
value: "1"
|
|
volumeMounts:
|
|
- name: docker-certs
|
|
mountPath: /certs
|
|
- name: runner-data
|
|
mountPath: /data
|
|
- name: runner-config
|
|
mountPath: /data/config.yml
|
|
subPath: config.yml
|
|
- name: forgejo-runner-cache
|
|
mountPath: /cache
|
|
- name: daemon
|
|
image: docker:27.5.0-dind
|
|
env:
|
|
- name: DOCKER_TLS_CERTDIR
|
|
value: /certs
|
|
securityContext:
|
|
privileged: true
|
|
volumeMounts:
|
|
- name: docker-certs
|
|
mountPath: /certs
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: forgejo-runner-cache
|
|
spec:
|
|
accessModes: ["ReadWriteOnce"]
|
|
resources:
|
|
requests:
|
|
storage: 10Gi
|
|
storageClassName: openebs-zfs-mainpool
|