tobru/gitops-zurrli
1
1
Fork 0
Code Issues 1 Pull requests 10 Activity

install forgejo runner

Browse source
This commit is contained in:
Tobias Brunner 2024-02-08 21:24:11 +01:00
parent 0cd084d9dd
commit 92c31e5295
Signed by: tobru
SSH key fingerprint: SHA256:kywVhvCA+MIxL6eBgoQa+BfC/ROJqcfD2bpy1PR6Ebk
9 changed files with 271 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
apps/zurrli/forgejo-runner/README.md Normal file
View file

@ -0,0 +1,33 @@
# Forgejo Runner
## Create Kubeconfig
```
server=https://zurrli.tbrnt.ch:6443
name=buildx-sa-token
ca=$(kubectl -n forgejo-runner get secret/$name -o jsonpath='{.data.ca\.crt}')
token=$(kubectl -n forgejo-runner get secret/$name -o jsonpath='{.data.token}' | base64 --decode)
namespace=$(kubectl -n forgejo-runner get secret/$name -o jsonpath='{.data.namespace}' | base64 --decode)
echo "
apiVersion: v1
kind: Config
clusters:
- name: default-cluster
cluster:
certificate-authority-data: ${ca}
server: ${server}
contexts:
- name: default-context
context:
cluster: default-cluster
namespace: default
user: default-user
current-context: default-context
users:
- name: default-user
user:
token: ${token}
" > sa.kubeconfig
```

49
apps/zurrli/forgejo-runner/configmap.yaml Normal file
View file

@ -0,0 +1,49 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: runner-config
data:
config.yaml: |
log:
level: info
runner:
capacity: 1
# envs:
# A_TEST_ENV_NAME_1: a_test_env_value_1
# A_TEST_ENV_NAME_2: a_test_env_value_2
# env_file: .env
# The timeout for a job to be finished.
# Please note that the Forgejo instance also has a timeout (3h by default) for the job.
# So the job could be stopped by the Forgejo instance if it's timeout is shorter than this.
timeout: 3h
# Whether skip verifying the TLS certificate of the Forgejo instance.
insecure: false
# The timeout for fetching the job from the Forgejo instance.
fetch_timeout: 30s
# The interval for fetching the job from the Forgejo instance.
fetch_interval: 2s
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
# Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"]
# If it's empty when registering, it will ask for inputting labels.
# If it's empty when execute `deamon`, will use labels in `.runner` file.
labels:
- "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
- "ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04"
- "ubuntu-20.04:docker://ghcr.io/catthehacker/ubuntu:act-20.04"
- "cth-ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
- "docker:docker://node:20-bookworm"
cache:
# Enable cache server to use actions/cache.
enabled: true
# The directory to store the cache data.
# If it's empty, the cache data will be stored in $HOME/.cache/actcache.
dir: "/data/cache"
# The host of the cache server.
# It's not for the address to listen, but the address to connect from job containers.
# So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
host: ""
# The port of the cache server.
# 0 means to use a random available port.
port: 0

80
apps/zurrli/forgejo-runner/deployment.yaml Normal file
View file

@ -0,0 +1,80 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: forgejo-runner
name: forgejo-runner
spec:
replicas: 1
selector:
matchLabels:
app: forgejo-runner
strategy: {}
template:
metadata:
labels:
app: forgejo-runner
spec:
restartPolicy: Always
containers:
- name: runner
image: code.forgejo.org/forgejo/runner:3.3.0
command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"]
env:
- name: DOCKER_HOST
value: tcp://localhost:2376
- name: DOCKER_CERT_PATH
value: /certs/client
- name: DOCKER_TLS_VERIFY
value: "1"
- name: GITEA_INSTANCE_URL
value: https://git.tbrnt.ch/
- name: GITEA_RUNNER_NAME
value: zurrli-runner
- name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: runner-secret
key: token
volumeMounts:
- name: docker-certs
mountPath: /certs
- name: runner-data
mountPath: /data
- name: runner-config
mountPath: /config
resources:
limits:
cpu: "1"
memory: "1024Mi"
- name: daemon
image: docker:24.0.8-dind
env:
- name: DOCKER_TLS_CERTDIR
value: /certs
securityContext:
privileged: true
volumeMounts:
- name: docker-certs
mountPath: /certs
- name: docker-data
mountPath: /var/lib/docker
resources:
limits:
cpu: "2"
memory: "4096Mi"
volumes:
- name: docker-certs
emptyDir: {}
- name: runner-data
persistentVolumeClaim:
claimName: forgejo-runner-vol
- name: docker-data
persistentVolumeClaim:
claimName: docker
- name: runner-config
configMap:
name: runner-config
items:
- key: config.yaml
path: config.yaml

9
apps/zurrli/forgejo-runner/kustomization.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- pvc.yaml
- configmap.yaml
- deployment.yaml
- rbac-buildx.yaml
generators:
- secret-generator.yaml

23
apps/zurrli/forgejo-runner/pvc.yaml Normal file
View file

@ -0,0 +1,23 @@
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: forgejo-runner-vol
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: local-path
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: docker
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: local-path

25
apps/zurrli/forgejo-runner/rbac-buildx.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: buildx
---
apiVersion: v1
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: buildx
name: buildx-sa-token
type: kubernetes.io/service-account-token
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- kind: ServiceAccount
name: buildx
namespace: forgejo-runner

6
apps/zurrli/forgejo-runner/secret-generator.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: secret-generator
files:
- secret.sops.yaml

27
apps/zurrli/forgejo-runner/secret.sops.yaml Normal file
View file

@ -0,0 +1,27 @@
kind: Secret
apiVersion: v1
metadata:
name: runner-secret
type: Opaque
stringData:
token: ENC[AES256_GCM,data:ng+g1FDKTlqwXt+AHyvYjwF7yZlu0+A2EMjsJfSKY0/SSv6ZuvfrDg==,iv:P8qdyjgHf9rapO+LQdSTahgvUsiZV90Llex8NuOBDjY=,tag:gUWJEyb5EF6kjqA6hcNryA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZWlPUUxWVEdDMzAwVlY2
d3RISlJsMkhtUXZCaWhFUUY0SHQzV3A3bFVZCjQ1bkVJeWtPZ1hUaCtnM0l3aU5N
RnZiRzRseUJONkh4M1JsbEJobW1hMjQKLS0tIFIrNXk2N0xDT2xUWUFWU0RYb29o
eU1PR3poellaYUNrTlAvekVzMkgzMG8K98esBYHqoB6sjwGsW75nvG1dni5tMQ3F
KqULsPMNCbJWUd74PVVtMTwSwda7Emxe1Xa0e1EXBQ535yGbjDEXmQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-08T20:20:41Z"
mac: ENC[AES256_GCM,data:MxoploRD/RDbAwcWjfy6zBkcuS8YwqLegFQQ70odsjFa5KZm0ml2+wUuXk7/AEH2ZkTpa5bH7741jgpSJPsWZRcYGkn6ZLCjUSHC71zlRZi3caGMyqI7nP72XeYhE6mJRZwhIJkX86QauY+Coojz9XcBWl79tn3ZtPVS3ACUk5w=,iv:Nu2kXawA9lVDwQTX6I245Mokd5C9PMlSE9hIIP6Tplg=,tag:ZaoM2gUzBA0lph6ENc2lCw==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.8.1

19
argoapps/zurrli/forgejo-runner.yaml Normal file
View file

@ -0,0 +1,19 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: forgejo-runner
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: apps
source:
path: apps/zurrli/forgejo-runner
repoURL: https://git.tbrnt.ch/tobru/gitops-zurrli.git
targetRevision: HEAD
destination:
namespace: forgejo-runner
server: https://kubernetes.default.svc
syncPolicy:
syncOptions:
- CreateNamespace=true