install forgejo runner
This commit is contained in:
parent
0cd084d9dd
commit
92c31e5295
33
apps/zurrli/forgejo-runner/README.md
Normal file
33
apps/zurrli/forgejo-runner/README.md
Normal file
|
@ -0,0 +1,33 @@
|
|||
# Forgejo Runner
|
||||
|
||||
## Create Kubeconfig
|
||||
|
||||
```
|
||||
server=https://zurrli.tbrnt.ch:6443
|
||||
name=buildx-sa-token
|
||||
|
||||
ca=$(kubectl -n forgejo-runner get secret/$name -o jsonpath='{.data.ca\.crt}')
|
||||
token=$(kubectl -n forgejo-runner get secret/$name -o jsonpath='{.data.token}' | base64 --decode)
|
||||
namespace=$(kubectl -n forgejo-runner get secret/$name -o jsonpath='{.data.namespace}' | base64 --decode)
|
||||
|
||||
echo "
|
||||
apiVersion: v1
|
||||
kind: Config
|
||||
clusters:
|
||||
- name: default-cluster
|
||||
cluster:
|
||||
certificate-authority-data: ${ca}
|
||||
server: ${server}
|
||||
contexts:
|
||||
- name: default-context
|
||||
context:
|
||||
cluster: default-cluster
|
||||
namespace: default
|
||||
user: default-user
|
||||
current-context: default-context
|
||||
users:
|
||||
- name: default-user
|
||||
user:
|
||||
token: ${token}
|
||||
" > sa.kubeconfig
|
||||
```
|
49
apps/zurrli/forgejo-runner/configmap.yaml
Normal file
49
apps/zurrli/forgejo-runner/configmap.yaml
Normal file
|
@ -0,0 +1,49 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: runner-config
|
||||
data:
|
||||
config.yaml: |
|
||||
log:
|
||||
level: info
|
||||
|
||||
runner:
|
||||
capacity: 1
|
||||
# envs:
|
||||
# A_TEST_ENV_NAME_1: a_test_env_value_1
|
||||
# A_TEST_ENV_NAME_2: a_test_env_value_2
|
||||
# env_file: .env
|
||||
# The timeout for a job to be finished.
|
||||
# Please note that the Forgejo instance also has a timeout (3h by default) for the job.
|
||||
# So the job could be stopped by the Forgejo instance if it's timeout is shorter than this.
|
||||
timeout: 3h
|
||||
# Whether skip verifying the TLS certificate of the Forgejo instance.
|
||||
insecure: false
|
||||
# The timeout for fetching the job from the Forgejo instance.
|
||||
fetch_timeout: 30s
|
||||
# The interval for fetching the job from the Forgejo instance.
|
||||
fetch_interval: 2s
|
||||
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
|
||||
# Like: ["macos-arm64:host", "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye"]
|
||||
# If it's empty when registering, it will ask for inputting labels.
|
||||
# If it's empty when execute `deamon`, will use labels in `.runner` file.
|
||||
labels:
|
||||
- "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
|
||||
- "ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04"
|
||||
- "ubuntu-20.04:docker://ghcr.io/catthehacker/ubuntu:act-20.04"
|
||||
- "cth-ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
|
||||
- "docker:docker://node:20-bookworm"
|
||||
|
||||
cache:
|
||||
# Enable cache server to use actions/cache.
|
||||
enabled: true
|
||||
# The directory to store the cache data.
|
||||
# If it's empty, the cache data will be stored in $HOME/.cache/actcache.
|
||||
dir: "/data/cache"
|
||||
# The host of the cache server.
|
||||
# It's not for the address to listen, but the address to connect from job containers.
|
||||
# So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
|
||||
host: ""
|
||||
# The port of the cache server.
|
||||
# 0 means to use a random available port.
|
||||
port: 0
|
80
apps/zurrli/forgejo-runner/deployment.yaml
Normal file
80
apps/zurrli/forgejo-runner/deployment.yaml
Normal file
|
@ -0,0 +1,80 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: forgejo-runner
|
||||
name: forgejo-runner
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: forgejo-runner
|
||||
strategy: {}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: forgejo-runner
|
||||
spec:
|
||||
restartPolicy: Always
|
||||
containers:
|
||||
- name: runner
|
||||
image: code.forgejo.org/forgejo/runner:3.3.0
|
||||
command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"]
|
||||
env:
|
||||
- name: DOCKER_HOST
|
||||
value: tcp://localhost:2376
|
||||
- name: DOCKER_CERT_PATH
|
||||
value: /certs/client
|
||||
- name: DOCKER_TLS_VERIFY
|
||||
value: "1"
|
||||
- name: GITEA_INSTANCE_URL
|
||||
value: https://git.tbrnt.ch/
|
||||
- name: GITEA_RUNNER_NAME
|
||||
value: zurrli-runner
|
||||
- name: GITEA_RUNNER_REGISTRATION_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: runner-secret
|
||||
key: token
|
||||
volumeMounts:
|
||||
- name: docker-certs
|
||||
mountPath: /certs
|
||||
- name: runner-data
|
||||
mountPath: /data
|
||||
- name: runner-config
|
||||
mountPath: /config
|
||||
resources:
|
||||
limits:
|
||||
cpu: "1"
|
||||
memory: "1024Mi"
|
||||
- name: daemon
|
||||
image: docker:24.0.8-dind
|
||||
env:
|
||||
- name: DOCKER_TLS_CERTDIR
|
||||
value: /certs
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- name: docker-certs
|
||||
mountPath: /certs
|
||||
- name: docker-data
|
||||
mountPath: /var/lib/docker
|
||||
resources:
|
||||
limits:
|
||||
cpu: "2"
|
||||
memory: "4096Mi"
|
||||
volumes:
|
||||
- name: docker-certs
|
||||
emptyDir: {}
|
||||
- name: runner-data
|
||||
persistentVolumeClaim:
|
||||
claimName: forgejo-runner-vol
|
||||
- name: docker-data
|
||||
persistentVolumeClaim:
|
||||
claimName: docker
|
||||
- name: runner-config
|
||||
configMap:
|
||||
name: runner-config
|
||||
items:
|
||||
- key: config.yaml
|
||||
path: config.yaml
|
9
apps/zurrli/forgejo-runner/kustomization.yaml
Normal file
9
apps/zurrli/forgejo-runner/kustomization.yaml
Normal file
|
@ -0,0 +1,9 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- pvc.yaml
|
||||
- configmap.yaml
|
||||
- deployment.yaml
|
||||
- rbac-buildx.yaml
|
||||
generators:
|
||||
- secret-generator.yaml
|
23
apps/zurrli/forgejo-runner/pvc.yaml
Normal file
23
apps/zurrli/forgejo-runner/pvc.yaml
Normal file
|
@ -0,0 +1,23 @@
|
|||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: forgejo-runner-vol
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: local-path
|
||||
---
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: docker
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
storageClassName: local-path
|
25
apps/zurrli/forgejo-runner/rbac-buildx.yaml
Normal file
25
apps/zurrli/forgejo-runner/rbac-buildx.yaml
Normal file
|
@ -0,0 +1,25 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: buildx
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
annotations:
|
||||
kubernetes.io/service-account.name: buildx
|
||||
name: buildx-sa-token
|
||||
type: kubernetes.io/service-account-token
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: admin
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: buildx
|
||||
namespace: forgejo-runner
|
6
apps/zurrli/forgejo-runner/secret-generator.yaml
Normal file
6
apps/zurrli/forgejo-runner/secret-generator.yaml
Normal file
|
@ -0,0 +1,6 @@
|
|||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
name: secret-generator
|
||||
files:
|
||||
- secret.sops.yaml
|
27
apps/zurrli/forgejo-runner/secret.sops.yaml
Normal file
27
apps/zurrli/forgejo-runner/secret.sops.yaml
Normal file
|
@ -0,0 +1,27 @@
|
|||
kind: Secret
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: runner-secret
|
||||
type: Opaque
|
||||
stringData:
|
||||
token: ENC[AES256_GCM,data:ng+g1FDKTlqwXt+AHyvYjwF7yZlu0+A2EMjsJfSKY0/SSv6ZuvfrDg==,iv:P8qdyjgHf9rapO+LQdSTahgvUsiZV90Llex8NuOBDjY=,tag:gUWJEyb5EF6kjqA6hcNryA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZWlPUUxWVEdDMzAwVlY2
|
||||
d3RISlJsMkhtUXZCaWhFUUY0SHQzV3A3bFVZCjQ1bkVJeWtPZ1hUaCtnM0l3aU5N
|
||||
RnZiRzRseUJONkh4M1JsbEJobW1hMjQKLS0tIFIrNXk2N0xDT2xUWUFWU0RYb29o
|
||||
eU1PR3poellaYUNrTlAvekVzMkgzMG8K98esBYHqoB6sjwGsW75nvG1dni5tMQ3F
|
||||
KqULsPMNCbJWUd74PVVtMTwSwda7Emxe1Xa0e1EXBQ535yGbjDEXmQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-02-08T20:20:41Z"
|
||||
mac: ENC[AES256_GCM,data:MxoploRD/RDbAwcWjfy6zBkcuS8YwqLegFQQ70odsjFa5KZm0ml2+wUuXk7/AEH2ZkTpa5bH7741jgpSJPsWZRcYGkn6ZLCjUSHC71zlRZi3caGMyqI7nP72XeYhE6mJRZwhIJkX86QauY+Coojz9XcBWl79tn3ZtPVS3ACUk5w=,iv:Nu2kXawA9lVDwQTX6I245Mokd5C9PMlSE9hIIP6Tplg=,tag:ZaoM2gUzBA0lph6ENc2lCw==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.8.1
|
19
argoapps/zurrli/forgejo-runner.yaml
Normal file
19
argoapps/zurrli/forgejo-runner.yaml
Normal file
|
@ -0,0 +1,19 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: forgejo-runner
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: apps
|
||||
source:
|
||||
path: apps/zurrli/forgejo-runner
|
||||
repoURL: https://git.tbrnt.ch/tobru/gitops-zurrli.git
|
||||
targetRevision: HEAD
|
||||
destination:
|
||||
namespace: forgejo-runner
|
||||
server: https://kubernetes.default.svc
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
Loading…
Reference in a new issue