eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Migrate Forgejo runner to Kubernetes with DinD #60

Merged
eblume merged 15 commits from feature/containerized-runner into main 2026-01-25 19:56:17 -08:00
Conversation 0 Commits 15 Files changed 14 +135
5 changed files with 135 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 24e7df02df - Show all commits

Add k8s forgejo-runner deployment (Phase 2 ratcheting)
Some checks failed
Build Container / build (push) Failing after 26s
Details

Prev Next 
- Deployment with forgejo-runner daemon + DinD sidecar
- ConfigMap for runner configuration
- Secret template for runner token (op inject)
- ArgoCD Application definition

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Erich Blume 2026-01-25 18:57:20 -08:00
commit 24e7df02df

17
argocd/apps/forgejo-runner.yaml Normal file
View file

@ -0,0 +1,17 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: forgejo-runner
namespace: argocd
spec:
project: default
source:
repoURL: https://forge.ops.eblu.me/eblume/blumeops.git
targetRevision: main
path: argocd/manifests/forgejo-runner
destination:
server: https://kubernetes.default.svc
namespace: forgejo-runner
syncPolicy:
syncOptions:
- CreateNamespace=true

20
argocd/manifests/forgejo-runner/configmap.yaml Normal file
View file

@ -0,0 +1,20 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: forgejo-runner-config
namespace: forgejo-runner
data:
config.yaml: |
log:
level: info
runner:
file: /data/.runner
capacity: 2
timeout: 3h
container:
# Use our custom job execution image with Node.js + Docker CLI
# Jobs requesting "docker" label will use this image
network: "host"
# DinD doesn't need socket mount - it uses DOCKER_HOST env var

77
argocd/manifests/forgejo-runner/deployment.yaml Normal file
View file

@ -0,0 +1,77 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: forgejo-runner
namespace: forgejo-runner
labels:
app: forgejo-runner
spec:
replicas: 1
selector:
matchLabels:
app: forgejo-runner
template:
metadata:
labels:
app: forgejo-runner
spec:
containers:
# Forgejo runner daemon
- name: runner
image: code.forgejo.org/forgejo/runner:6.3.1
env:
- name: DOCKER_HOST
value: tcp://localhost:2375
command:
- /bin/sh
- -c
- |
# Wait for DinD to be ready
echo "Waiting for Docker daemon..."
while ! wget -q -O /dev/null http://localhost:2375/_ping 2>/dev/null; do
sleep 1
done
echo "Docker daemon ready"
# Register if not already registered
if [ ! -f /data/.runner ]; then
echo "Registering runner..."
forgejo-runner register \
--instance "$FORGEJO_URL" \
--token "$RUNNER_TOKEN" \
--name "$RUNNER_NAME" \
--labels "$RUNNER_LABELS" \
--no-interactive
fi
# Start daemon
exec forgejo-runner daemon --config /config/config.yaml
envFrom:
- secretRef:
name: forgejo-runner-env
volumeMounts:
- name: data
mountPath: /data
- name: config
mountPath: /config
# Docker-in-Docker sidecar
- name: dind
image: docker:27-dind
securityContext:
privileged: true
env:
- name: DOCKER_TLS_CERTDIR
value: ""
volumeMounts:
- name: dind-storage
mountPath: /var/lib/docker
volumes:
- name: data
emptyDir: {}
- name: dind-storage
emptyDir: {}
- name: config
configMap:
name: forgejo-runner-config

4
argocd/manifests/forgejo-runner/namespace.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: forgejo-runner

17
argocd/manifests/forgejo-runner/secret.yaml.tpl Normal file
View file

@ -0,0 +1,17 @@
# Forgejo Runner Environment Secret
# This template is processed by `op inject` to resolve 1Password references.
#
# Usage:
# op inject -i secret.yaml.tpl | kubectl --context=minikube-indri apply -f -
#
apiVersion: v1
kind: Secret
metadata:
name: forgejo-runner-env
namespace: forgejo-runner
type: Opaque
stringData:
FORGEJO_URL: "https://forge.ops.eblu.me"
RUNNER_NAME: "k8s-runner"
RUNNER_LABELS: "docker:docker://registry.ops.eblu.me/blumeops/forgejo-runner:v2.1.3"
RUNNER_TOKEN: "{{ op://vg6xf6vvfmoh5hqjjhlhbeoaie/w3663ffnvkewbftncqxtcpeavy/runner_reg }}"