Erich Blume
1425bf1f5c
## Summary - consolidate forgejo-runner how-to docs into current cards - upgrade the k8s forgejo-runner deployment to the latest v12.8.x runner image - switch the k8s runner from first-boot register flow to declarative server.connections config - keep the runner image on the native Dagger build path and update the surrounding manifests/secrets ## Notes - PR opened early for C1 review - implementation and deployment verification will follow in subsequent commits Reviewed-on: #338
27 lines
670 B
YAML
27 lines
670 B
YAML
# ExternalSecret for Forgejo Runner credentials
|
|
#
|
|
# 1Password item: "Forgejo Secrets" in blumeops vault
|
|
# Fields: runner_k8s_uuid, runner_k8s_token
|
|
#
|
|
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: forgejo-runner-env
|
|
namespace: forgejo-runner
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: onepassword-blumeops
|
|
target:
|
|
name: forgejo-runner-env
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: FORGEJO_RUNNER_UUID
|
|
remoteRef:
|
|
key: Forgejo Secrets
|
|
property: runner_k8s_uuid
|
|
- secretKey: FORGEJO_RUNNER_TOKEN
|
|
remoteRef:
|
|
key: Forgejo Secrets
|
|
property: runner_k8s_token
|