2026-01-25 19:56:17 -08:00
|
|
|
apiVersion: apps/v1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
|
|
|
|
name: forgejo-runner
|
|
|
|
|
namespace: forgejo-runner
|
|
|
|
|
labels:
|
|
|
|
|
app: forgejo-runner
|
|
|
|
|
spec:
|
|
|
|
|
replicas: 1
|
|
|
|
|
selector:
|
|
|
|
|
matchLabels:
|
|
|
|
|
app: forgejo-runner
|
|
|
|
|
template:
|
|
|
|
|
metadata:
|
|
|
|
|
labels:
|
|
|
|
|
app: forgejo-runner
|
|
|
|
|
spec:
|
2026-03-24 16:19:40 -07:00
|
|
|
securityContext:
|
|
|
|
|
seccompProfile:
|
|
|
|
|
type: RuntimeDefault
|
2026-01-25 19:56:17 -08:00
|
|
|
containers:
|
|
|
|
|
# Forgejo runner daemon
|
|
|
|
|
- name: runner
|
2026-03-06 08:15:06 -08:00
|
|
|
image: code.forgejo.org/forgejo/runner:kustomized
|
2026-01-25 19:56:17 -08:00
|
|
|
env:
|
2026-02-11 16:53:41 -08:00
|
|
|
- name: TZ
|
|
|
|
|
value: America/Los_Angeles
|
2026-01-25 19:56:17 -08:00
|
|
|
- name: DOCKER_HOST
|
|
|
|
|
value: tcp://localhost:2375
|
2026-02-13 10:29:23 -08:00
|
|
|
- name: FORGEJO_URL
|
2026-03-03 10:33:40 -08:00
|
|
|
value: "https://forge.ops.eblu.me"
|
2026-02-13 10:29:23 -08:00
|
|
|
- name: RUNNER_NAME
|
|
|
|
|
value: "k8s-runner"
|
|
|
|
|
- name: RUNNER_LABELS
|
2026-03-06 20:41:02 -08:00
|
|
|
value: "k8s:docker://registry.ops.eblu.me/blumeops/runner-job-image:v0.20.1-24f7512"
|
2026-01-25 19:56:17 -08:00
|
|
|
command:
|
|
|
|
|
- /bin/sh
|
|
|
|
|
- -c
|
|
|
|
|
- |
|
|
|
|
|
# Wait for DinD to be ready
|
|
|
|
|
echo "Waiting for Docker daemon..."
|
|
|
|
|
while ! wget -q -O /dev/null http://localhost:2375/_ping 2>/dev/null; do
|
|
|
|
|
sleep 1
|
|
|
|
|
done
|
|
|
|
|
echo "Docker daemon ready"
|
|
|
|
|
|
|
|
|
|
# Register if not already registered
|
|
|
|
|
if [ ! -f /data/.runner ]; then
|
|
|
|
|
echo "Registering runner..."
|
|
|
|
|
forgejo-runner register \
|
|
|
|
|
--instance "$FORGEJO_URL" \
|
|
|
|
|
--token "$RUNNER_TOKEN" \
|
|
|
|
|
--name "$RUNNER_NAME" \
|
|
|
|
|
--labels "$RUNNER_LABELS" \
|
|
|
|
|
--no-interactive
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Start daemon
|
|
|
|
|
exec forgejo-runner daemon --config /config/config.yaml
|
|
|
|
|
envFrom:
|
|
|
|
|
- secretRef:
|
|
|
|
|
name: forgejo-runner-env
|
|
|
|
|
volumeMounts:
|
|
|
|
|
- name: data
|
|
|
|
|
mountPath: /data
|
|
|
|
|
- name: config
|
|
|
|
|
mountPath: /config
|
2026-02-11 16:57:11 -08:00
|
|
|
- name: zoneinfo
|
|
|
|
|
mountPath: /usr/share/zoneinfo
|
|
|
|
|
readOnly: true
|
2026-01-25 19:56:17 -08:00
|
|
|
|
|
|
|
|
# Docker-in-Docker sidecar
|
|
|
|
|
- name: dind
|
2026-03-06 08:15:06 -08:00
|
|
|
image: docker:kustomized
|
2026-01-25 19:56:17 -08:00
|
|
|
securityContext:
|
|
|
|
|
privileged: true
|
2026-03-29 17:09:57 -07:00
|
|
|
seccompProfile:
|
|
|
|
|
type: Unconfined
|
2026-01-25 19:56:17 -08:00
|
|
|
env:
|
|
|
|
|
- name: DOCKER_TLS_CERTDIR
|
|
|
|
|
value: ""
|
|
|
|
|
volumeMounts:
|
|
|
|
|
- name: dind-storage
|
|
|
|
|
mountPath: /var/lib/docker
|
2026-02-13 12:36:03 -08:00
|
|
|
- name: config
|
|
|
|
|
mountPath: /etc/docker/daemon.json
|
|
|
|
|
subPath: daemon.json
|
|
|
|
|
readOnly: true
|
2026-01-25 19:56:17 -08:00
|
|
|
|
|
|
|
|
volumes:
|
|
|
|
|
- name: data
|
|
|
|
|
emptyDir: {}
|
|
|
|
|
- name: dind-storage
|
|
|
|
|
emptyDir: {}
|
|
|
|
|
- name: config
|
|
|
|
|
configMap:
|
|
|
|
|
name: forgejo-runner-config
|
2026-02-11 16:57:11 -08:00
|
|
|
- name: zoneinfo
|
|
|
|
|
hostPath:
|
|
|
|
|
path: /usr/share/zoneinfo
|
|
|
|
|
type: Directory
|
