d871b38c8d
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/657 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org> Co-authored-by: Grégoire Bellon-Gervais <gregoire.bellon-gervais@docaposte.fr> Co-committed-by: Grégoire Bellon-Gervais <gregoire.bellon-gervais@docaposte.fr> |
||
|---|---|---|
| .. | ||
| build.yaml | ||
| dind-docker.yaml | ||
| README.md | ||
Kubernetes Docker in Docker Deployment
Registers Kubernetes Pod runners using offline registration, allowing the scaling of runners as needed.
NOTE: Docker in Docker (dind) requires elevated privileges on Kubernetes. The current way to achieve this is to set the pod SecurityContext to privileged. Keep in mind that this is a potential security issue that has the potential for a malicious application to break out of the container context.
dind-docker.yaml creates a Deployment and Secret for Kubernetes to act as a runner. The Docker credentials are re-generated each time the pod connects and does not need to be persisted.
Do not forget to update FORGEJO_INSTANCE_URL value.
Build you first container image
First, you will need to generate an Applications Access token with the permission write:package (see doc), usually from https://your-forgejo.fr/user/settings/applications.
Then, you will create 2 forgejo Actions Secrets:
USERNAME_WRITE_REPOSITORYcontaining Token namePASSWORD_WRITE_REPOSITORYcontaining Token value
And you can then, use the build.yaml file provided as exemple.
This file must be created in your repository under: .forgejo/workflows/build.yaml