mirror of
https://code.forgejo.org/forgejo/runner.git
synced 2025-07-27 17:28:35 +00:00
d871b38c8d
Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/657 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org> Co-authored-by: Grégoire Bellon-Gervais <gregoire.bellon-gervais@docaposte.fr> Co-committed-by: Grégoire Bellon-Gervais <gregoire.bellon-gervais@docaposte.fr>
20 lines
1.4 KiB
Markdown
20 lines
1.4 KiB
Markdown
# Kubernetes Docker in Docker Deployment
|
|
|
|
Registers Kubernetes Pod runners using [offline registration](https://forgejo.org/docs/latest/admin/runner-installation/#offline-registration), allowing the scaling of runners as needed.
|
|
|
|
NOTE: Docker in Docker (dind) requires elevated privileges on Kubernetes. The current way to achieve this is to set the pod `SecurityContext` to `privileged`. Keep in mind that this is a potential security issue that has the potential for a malicious application to break out of the container context.
|
|
|
|
[`dind-docker.yaml`](dind-docker.yaml) creates a Deployment and Secret for Kubernetes to act as a runner. The Docker credentials are re-generated each time the pod connects and does not need to be persisted.
|
|
|
|
Do not forget to update `FORGEJO_INSTANCE_URL` value.
|
|
|
|
# Build you first container image
|
|
First, you will need to generate an Applications Access token with the permission `write:package` (see [doc](https://forgejo.org/docs/latest/user/token-scope/)), usually from https://your-forgejo.fr/user/settings/applications.
|
|
|
|
Then, you will create 2 forgejo Actions [Secrets](https://forgejo.org/docs/latest/user/actions/#secrets):
|
|
- `USERNAME_WRITE_REPOSITORY` containing Token name
|
|
- `PASSWORD_WRITE_REPOSITORY` containing Token value
|
|
|
|
And you can then, use the [`build.yaml`](build.yaml) file provided as exemple.
|
|
|
|
This file must be created in your repository under: `.forgejo/workflows/build.yaml`
|