diff --git a/argocd/apps/forgejo-runner.yaml b/argocd/apps/forgejo-runner.yaml new file mode 100644 index 0000000..5bca762 --- /dev/null +++ b/argocd/apps/forgejo-runner.yaml @@ -0,0 +1,17 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: forgejo-runner + namespace: argocd +spec: + project: default + source: + repoURL: https://forge.ops.eblu.me/eblume/blumeops.git + targetRevision: main + path: argocd/manifests/forgejo-runner + destination: + server: https://kubernetes.default.svc + namespace: forgejo-runner + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/argocd/manifests/forgejo-runner/configmap.yaml b/argocd/manifests/forgejo-runner/configmap.yaml new file mode 100644 index 0000000..aa035b1 --- /dev/null +++ b/argocd/manifests/forgejo-runner/configmap.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: forgejo-runner-config + namespace: forgejo-runner +data: + config.yaml: | + log: + level: info + + runner: + file: /data/.runner + capacity: 2 + timeout: 3h + + container: + # Use our custom job execution image with Node.js + Docker CLI + # Jobs requesting "docker" label will use this image + network: "host" + # DinD doesn't need socket mount - it uses DOCKER_HOST env var diff --git a/argocd/manifests/forgejo-runner/deployment.yaml b/argocd/manifests/forgejo-runner/deployment.yaml new file mode 100644 index 0000000..28d2c65 --- /dev/null +++ b/argocd/manifests/forgejo-runner/deployment.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: forgejo-runner + namespace: forgejo-runner + labels: + app: forgejo-runner +spec: + replicas: 1 + selector: + matchLabels: + app: forgejo-runner + template: + metadata: + labels: + app: forgejo-runner + spec: + containers: + # Forgejo runner daemon + - name: runner + image: code.forgejo.org/forgejo/runner:6.3.1 + env: + - name: DOCKER_HOST + value: tcp://localhost:2375 + command: + - /bin/sh + - -c + - | + # Wait for DinD to be ready + echo "Waiting for Docker daemon..." + while ! wget -q -O /dev/null http://localhost:2375/_ping 2>/dev/null; do + sleep 1 + done + echo "Docker daemon ready" + + # Register if not already registered + if [ ! -f /data/.runner ]; then + echo "Registering runner..." + forgejo-runner register \ + --instance "$FORGEJO_URL" \ + --token "$RUNNER_TOKEN" \ + --name "$RUNNER_NAME" \ + --labels "$RUNNER_LABELS" \ + --no-interactive + fi + + # Start daemon + exec forgejo-runner daemon --config /config/config.yaml + envFrom: + - secretRef: + name: forgejo-runner-env + volumeMounts: + - name: data + mountPath: /data + - name: config + mountPath: /config + + # Docker-in-Docker sidecar + - name: dind + image: docker:27-dind + securityContext: + privileged: true + env: + - name: DOCKER_TLS_CERTDIR + value: "" + volumeMounts: + - name: dind-storage + mountPath: /var/lib/docker + + volumes: + - name: data + emptyDir: {} + - name: dind-storage + emptyDir: {} + - name: config + configMap: + name: forgejo-runner-config diff --git a/argocd/manifests/forgejo-runner/namespace.yaml b/argocd/manifests/forgejo-runner/namespace.yaml new file mode 100644 index 0000000..19441b1 --- /dev/null +++ b/argocd/manifests/forgejo-runner/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: forgejo-runner diff --git a/argocd/manifests/forgejo-runner/secret.yaml.tpl b/argocd/manifests/forgejo-runner/secret.yaml.tpl new file mode 100644 index 0000000..d1a61fd --- /dev/null +++ b/argocd/manifests/forgejo-runner/secret.yaml.tpl @@ -0,0 +1,17 @@ +# Forgejo Runner Environment Secret +# This template is processed by `op inject` to resolve 1Password references. +# +# Usage: +# op inject -i secret.yaml.tpl | kubectl --context=minikube-indri apply -f - +# +apiVersion: v1 +kind: Secret +metadata: + name: forgejo-runner-env + namespace: forgejo-runner +type: Opaque +stringData: + FORGEJO_URL: "https://forge.ops.eblu.me" + RUNNER_NAME: "k8s-runner" + RUNNER_LABELS: "docker:docker://registry.ops.eblu.me/blumeops/forgejo-runner:v2.1.3" + RUNNER_TOKEN: "{{ op://vg6xf6vvfmoh5hqjjhlhbeoaie/w3663ffnvkewbftncqxtcpeavy/runner_reg }}"