2023-08-17 10:26:35 +01:00
|
|
|
# Secret data.
|
2025-06-01 15:03:22 +00:00
|
|
|
# You will need to retrieve this from the web UI, and your Forgejo instance must be running v1.21+
|
2023-08-17 10:26:35 +01:00
|
|
|
# Alternatively, create this with
|
|
|
|
|
# kubectl create secret generic runner-secret --from-literal=token=your_offline_token_here
|
2023-06-05 08:46:15 +00:00
|
|
|
apiVersion: v1
|
|
|
|
|
kind: Secret
|
|
|
|
|
metadata:
|
|
|
|
|
name: runner-secret
|
2025-07-03 15:22:24 +00:00
|
|
|
stringData:
|
|
|
|
|
token: your_offline_secret_here # Replace with your Forgejo offline registration token
|
2023-06-05 08:46:15 +00:00
|
|
|
---
|
|
|
|
|
apiVersion: apps/v1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
2025-07-03 15:22:24 +00:00
|
|
|
name: forgejo-runner
|
2023-06-05 08:46:15 +00:00
|
|
|
labels:
|
2023-08-26 12:19:06 +02:00
|
|
|
app: forgejo-runner
|
2025-07-03 15:22:24 +00:00
|
|
|
app.kubernetes.io/component: forgejo-runner
|
|
|
|
|
app.kubernetes.io/instance: forgejo-runner
|
|
|
|
|
app.kubernetes.io/managed-by: Kustomize
|
|
|
|
|
app.kubernetes.io/name: forgejo-runner
|
|
|
|
|
annotations:
|
|
|
|
|
argocd.argoproj.io/sync-wave: '1'
|
2023-06-05 08:46:15 +00:00
|
|
|
spec:
|
2023-08-17 10:26:35 +01:00
|
|
|
replicas: 2
|
2023-06-05 08:46:15 +00:00
|
|
|
selector:
|
|
|
|
|
matchLabels:
|
2023-08-26 12:19:06 +02:00
|
|
|
app: forgejo-runner
|
2023-06-05 08:46:15 +00:00
|
|
|
template:
|
|
|
|
|
metadata:
|
2025-07-03 15:22:24 +00:00
|
|
|
name: forgejo-runner
|
2023-06-05 08:46:15 +00:00
|
|
|
labels:
|
2023-08-26 12:19:06 +02:00
|
|
|
app: forgejo-runner
|
2025-07-03 15:22:24 +00:00
|
|
|
app.kubernetes.io/component: forgejo-runner
|
|
|
|
|
app.kubernetes.io/instance: forgejo-runner
|
|
|
|
|
app.kubernetes.io/managed-by: Kustomize
|
|
|
|
|
app.kubernetes.io/name: forgejo-runner
|
2023-06-05 08:46:15 +00:00
|
|
|
spec:
|
2025-07-03 15:22:24 +00:00
|
|
|
automountServiceAccountToken: false
|
2023-06-05 08:46:15 +00:00
|
|
|
restartPolicy: Always
|
2023-08-17 10:26:35 +01:00
|
|
|
initContainers:
|
2023-11-27 16:41:09 -05:00
|
|
|
- name: runner-register
|
2025-07-03 15:22:24 +00:00
|
|
|
image: code.forgejo.org/forgejo/runner:6.4.0
|
|
|
|
|
command:
|
|
|
|
|
- /bin/bash
|
|
|
|
|
- -c
|
|
|
|
|
args:
|
|
|
|
|
- |
|
|
|
|
|
while : ; do
|
|
|
|
|
forgejo-runner register --no-interactive --token $(RUNNER_SECRET) --name $(RUNNER_NAME) --instance $(FORGEJO_INSTANCE_URL) && break ;
|
|
|
|
|
sleep 1 ;
|
|
|
|
|
done ;
|
|
|
|
|
forgejo-runner generate-config > /data/config.yml ;
|
|
|
|
|
sed -i -e "s|network: .*|network: host|" config.yml ;
|
|
|
|
|
sed -i -e "s|^ envs:$$| envs:\n DOCKER_HOST: tcp://localhost:2376\n DOCKER_TLS_VERIFY: 1\n DOCKER_CERT_PATH: /certs/client|" config.yml ;
|
|
|
|
|
sed -i -e "s|^ options:| options: -v /certs/client:/certs/client|" config.yml ;
|
|
|
|
|
sed -i -e "s| valid_volumes: \[\]$$| valid_volumes:\n - /certs/client|" config.yml
|
2023-11-27 16:41:09 -05:00
|
|
|
env:
|
2023-11-28 01:08:54 +00:00
|
|
|
- name: RUNNER_NAME
|
|
|
|
|
valueFrom:
|
|
|
|
|
fieldRef:
|
|
|
|
|
fieldPath: metadata.name
|
2023-11-27 16:41:09 -05:00
|
|
|
- name: RUNNER_SECRET
|
|
|
|
|
valueFrom:
|
|
|
|
|
secretKeyRef:
|
2024-03-29 22:30:30 +00:00
|
|
|
name: runner-secret
|
2023-11-27 16:41:09 -05:00
|
|
|
key: token
|
|
|
|
|
- name: FORGEJO_INSTANCE_URL
|
2025-07-03 15:22:24 +00:00
|
|
|
value: https://my-forgejo.fr # Replace with your Forgejo instance URL
|
2023-11-27 16:41:09 -05:00
|
|
|
resources:
|
|
|
|
|
limits:
|
2025-07-03 15:22:24 +00:00
|
|
|
cpu: '0.5'
|
|
|
|
|
ephemeral-storage: 100Mi
|
|
|
|
|
memory: 64Mi
|
|
|
|
|
requests:
|
|
|
|
|
cpu: 100m
|
|
|
|
|
ephemeral-storage: '0'
|
|
|
|
|
memory: 64Mi
|
2023-11-27 16:41:09 -05:00
|
|
|
volumeMounts:
|
|
|
|
|
- name: runner-data
|
|
|
|
|
mountPath: /data
|
2025-07-03 15:22:24 +00:00
|
|
|
securityContext:
|
|
|
|
|
allowPrivilegeEscalation: false
|
|
|
|
|
capabilities:
|
|
|
|
|
drop:
|
|
|
|
|
- ALL
|
|
|
|
|
privileged: false
|
|
|
|
|
readOnlyRootFilesystem: true
|
|
|
|
|
runAsNonRoot: true
|
|
|
|
|
seccompProfile:
|
|
|
|
|
type: RuntimeDefault
|
2023-06-05 08:46:15 +00:00
|
|
|
containers:
|
2025-07-03 15:22:24 +00:00
|
|
|
- name: runner
|
|
|
|
|
image: code.forgejo.org/forgejo/runner:6.4.0
|
|
|
|
|
command:
|
|
|
|
|
- /bin/bash
|
|
|
|
|
- -c
|
|
|
|
|
args:
|
|
|
|
|
- |
|
|
|
|
|
while ! nc -z localhost 2376 </dev/null ; do
|
|
|
|
|
echo 'waiting for docker daemon...' ;
|
|
|
|
|
sleep 5 ;
|
|
|
|
|
done ;
|
|
|
|
|
forgejo-runner --config config.yml daemon
|
|
|
|
|
env:
|
|
|
|
|
- name: DOCKER_HOST
|
|
|
|
|
value: tcp://localhost:2376
|
|
|
|
|
- name: DOCKER_CERT_PATH
|
|
|
|
|
value: /certs/client
|
|
|
|
|
- name: DOCKER_TLS_VERIFY
|
|
|
|
|
value: '1'
|
|
|
|
|
resources:
|
|
|
|
|
limits:
|
|
|
|
|
cpu: '1'
|
|
|
|
|
ephemeral-storage: 3Gi
|
|
|
|
|
memory: 4Gi
|
|
|
|
|
requests:
|
|
|
|
|
cpu: 100m
|
|
|
|
|
ephemeral-storage: '0'
|
|
|
|
|
memory: 64Mi
|
|
|
|
|
volumeMounts:
|
|
|
|
|
- name: docker-certs
|
|
|
|
|
mountPath: /certs
|
|
|
|
|
- name: runner-data
|
|
|
|
|
mountPath: /data
|
|
|
|
|
- name: tmp
|
|
|
|
|
mountPath: /tmp
|
|
|
|
|
securityContext:
|
|
|
|
|
allowPrivilegeEscalation: false
|
|
|
|
|
capabilities:
|
|
|
|
|
drop:
|
|
|
|
|
- ALL
|
|
|
|
|
privileged: false
|
|
|
|
|
readOnlyRootFilesystem: true
|
|
|
|
|
runAsNonRoot: true
|
|
|
|
|
seccompProfile:
|
|
|
|
|
type: RuntimeDefault
|
|
|
|
|
- name: daemon
|
|
|
|
|
image: docker.io/docker:28.3.0-dind
|
|
|
|
|
env:
|
|
|
|
|
- name: DOCKER_TLS_CERTDIR
|
|
|
|
|
value: /certs
|
|
|
|
|
resources:
|
|
|
|
|
limits:
|
|
|
|
|
cpu: '1'
|
|
|
|
|
ephemeral-storage: 3Gi
|
|
|
|
|
memory: 4Gi
|
|
|
|
|
requests:
|
|
|
|
|
cpu: 100m
|
|
|
|
|
ephemeral-storage: '0'
|
|
|
|
|
memory: 64Mi
|
|
|
|
|
securityContext:
|
|
|
|
|
privileged: true
|
|
|
|
|
volumeMounts:
|
|
|
|
|
- name: docker-certs
|
|
|
|
|
mountPath: /certs
|
|
|
|
|
volumes:
|
2023-06-05 08:46:15 +00:00
|
|
|
- name: docker-certs
|
2025-07-03 15:22:24 +00:00
|
|
|
emptyDir: {}
|
2023-06-05 08:46:15 +00:00
|
|
|
- name: runner-data
|
2025-07-03 15:22:24 +00:00
|
|
|
emptyDir: {}
|
|
|
|
|
- name: tmp
|
|
|
|
|
emptyDir: {}
|
