Erich Blume
ea42362b6f
## Summary - Deploy Forgejo runner to k8s with Docker-in-Docker sidecar - Add job execution image with Node.js and Docker CLI - Retire host-mode runner on indri - All CI jobs now run containerized in k8s ## Components Added - `containers/forgejo-runner/Dockerfile` - Job execution image - `argocd/apps/forgejo-runner.yaml` - ArgoCD Application - `argocd/manifests/forgejo-runner/` - Kubernetes manifests ## Components Removed - `ansible/roles/forgejo_runner/` - No longer needed ## Changes to Existing Files - `.forgejo/workflows/build-container.yaml` - Use `k8s` runner with `DOCKER_HOST` env - `.github/actionlint.yaml` - Only `k8s` label now valid ## Deployment 1. Apply secret: `op inject -i argocd/manifests/forgejo-runner/secret.yaml.tpl | kubectl --context=minikube-indri apply -f -` 2. Sync ArgoCD: `argocd app sync forgejo-runner` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/60
77 lines
2 KiB
YAML
77 lines
2 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: forgejo-runner
|
|
namespace: forgejo-runner
|
|
labels:
|
|
app: forgejo-runner
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: forgejo-runner
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: forgejo-runner
|
|
spec:
|
|
containers:
|
|
# Forgejo runner daemon
|
|
- name: runner
|
|
image: code.forgejo.org/forgejo/runner:6.3.1
|
|
env:
|
|
- name: DOCKER_HOST
|
|
value: tcp://localhost:2375
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
# Wait for DinD to be ready
|
|
echo "Waiting for Docker daemon..."
|
|
while ! wget -q -O /dev/null http://localhost:2375/_ping 2>/dev/null; do
|
|
sleep 1
|
|
done
|
|
echo "Docker daemon ready"
|
|
|
|
# Register if not already registered
|
|
if [ ! -f /data/.runner ]; then
|
|
echo "Registering runner..."
|
|
forgejo-runner register \
|
|
--instance "$FORGEJO_URL" \
|
|
--token "$RUNNER_TOKEN" \
|
|
--name "$RUNNER_NAME" \
|
|
--labels "$RUNNER_LABELS" \
|
|
--no-interactive
|
|
fi
|
|
|
|
# Start daemon
|
|
exec forgejo-runner daemon --config /config/config.yaml
|
|
envFrom:
|
|
- secretRef:
|
|
name: forgejo-runner-env
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /data
|
|
- name: config
|
|
mountPath: /config
|
|
|
|
# Docker-in-Docker sidecar
|
|
- name: dind
|
|
image: docker:27-dind
|
|
securityContext:
|
|
privileged: true
|
|
env:
|
|
- name: DOCKER_TLS_CERTDIR
|
|
value: ""
|
|
volumeMounts:
|
|
- name: dind-storage
|
|
mountPath: /var/lib/docker
|
|
|
|
volumes:
|
|
- name: data
|
|
emptyDir: {}
|
|
- name: dind-storage
|
|
emptyDir: {}
|
|
- name: config
|
|
configMap:
|
|
name: forgejo-runner-config
|