Switch Forgejo runner to Kubernetes backend

- Use k8s pods instead of Docker containers for job execution - Add RBAC for runner to create/manage job pods - Add ConfigMap with runner config for kubernetes backend - Remove Docker socket mount (no longer needed) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-23 16:28:34 -08:00 · 2026-01-23 16:28:34 -08:00 · 460449326e
commit 460449326e
parent 266f5944b9
4 changed files with 62 additions and 8 deletions
--- a/argocd/manifests/forgejo-runner/configmap.yaml
+++ b/argocd/manifests/forgejo-runner/configmap.yaml
@ -0,0 +1,26 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: forgejo-runner-config
+  namespace: forgejo-runner
+data:
+  config.yaml: |
+    log:
+      level: info
+    runner:
+      file: /data/.runner
+      capacity: 1
+      timeout: 3h
+    container:
+      # Use Kubernetes to run job pods
+      backend: kubernetes
+      kubernetes:
+        namespace: forgejo-runner
+        # Job pods use these resource limits
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "256Mi"
+          limits:
+            cpu: "1000m"
+            memory: "1Gi"
--- a/argocd/manifests/forgejo-runner/deployment.yaml
+++ b/argocd/manifests/forgejo-runner/deployment.yaml
@ -41,13 +41,13 @@ spec:
                  --labels "ubuntu-latest:docker://node:20-bookworm,ubuntu-22.04:docker://ubuntu:22.04" \
                  --no-interactive
              fi
-              # Start the runner daemon
-              forgejo-runner daemon
+              # Start the runner daemon with config
+              forgejo-runner daemon --config /config/config.yaml
          volumeMounts:
            - name: runner-data
              mountPath: /data
-            - name: docker-sock
-              mountPath: /var/run/docker.sock
+            - name: runner-config
+              mountPath: /config
          resources:
            requests:
              memory: "256Mi"
@ -58,7 +58,6 @@ spec:
      volumes:
        - name: runner-data
          emptyDir: {}
-        - name: docker-sock
-          hostPath:
-            path: /var/run/docker.sock
-            type: Socket
+        - name: runner-config
+          configMap:
+            name: forgejo-runner-config
--- a/argocd/manifests/forgejo-runner/kustomization.yaml
+++ b/argocd/manifests/forgejo-runner/kustomization.yaml
@ -4,4 +4,6 @@ namespace: forgejo-runner
 resources:
  - namespace.yaml
  - serviceaccount.yaml
+  - rbac.yaml
+  - configmap.yaml
  - deployment.yaml
--- a/argocd/manifests/forgejo-runner/rbac.yaml
+++ b/argocd/manifests/forgejo-runner/rbac.yaml
@ -0,0 +1,27 @@
+# RBAC for Forgejo runner to create job pods
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: forgejo-runner
+  namespace: forgejo-runner
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "create", "delete", "watch"]
+  - apiGroups: [""]
+    resources: ["pods/log"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: forgejo-runner
+  namespace: forgejo-runner
+subjects:
+  - kind: ServiceAccount
+    name: forgejo-runner
+    namespace: forgejo-runner
+roleRef:
+  kind: Role
+  name: forgejo-runner
+  apiGroup: rbac.authorization.k8s.io