From 25986007023998c8923732907a0a2042c3971b4c Mon Sep 17 00:00:00 2001 From: Philip Haupt <“der.mad.mob@gmail.com”> Date: Sat, 13 Sep 2025 19:06:31 +0200 Subject: [PATCH] gitea runner --- gitea-runner/kustomization.yaml | 6 + gitea-runner/main.yaml | 112 +++++++++++++++ gitea-runner/src/kustomization.yaml | 12 ++ gitea-runner/src/values.yaml | 207 ++++++++++++++++++++++++++++ 4 files changed, 337 insertions(+) create mode 100644 gitea-runner/kustomization.yaml create mode 100644 gitea-runner/main.yaml create mode 100644 gitea-runner/src/kustomization.yaml create mode 100644 gitea-runner/src/values.yaml diff --git a/gitea-runner/kustomization.yaml b/gitea-runner/kustomization.yaml new file mode 100644 index 0000000..4ae436c --- /dev/null +++ b/gitea-runner/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - main.yaml \ No newline at end of file diff --git a/gitea-runner/main.yaml b/gitea-runner/main.yaml new file mode 100644 index 0000000..bdf2ed5 --- /dev/null +++ b/gitea-runner/main.yaml @@ -0,0 +1,112 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: gitea-runner + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: act-runner + app.kubernetes.io/version: 0.2.11 + helm.sh/chart: act-runner-0.2.0 + name: gitea-runner-act-runner + namespace: gitea-runner +--- +apiVersion: v1 +data: + config.yaml: |- + log: + level: info + runner: + labels: + - ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest + - ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04 + - ubuntu-20.04:docker://docker.gitea.com/runner-images:ubuntu-20.04 + - x64 + container: + force_pull: true +kind: ConfigMap +metadata: + annotations: + checksum/config: 47c62c7084284f915799a694bfead1e221df249e7fa9043ed480992271c13cc8 + labels: + app.kubernetes.io/instance: gitea-runner + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: act-runner + app.kubernetes.io/version: 0.2.11 + helm.sh/chart: act-runner-0.2.0 + name: gitea-runner-act-runner-config + namespace: gitea-runner +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/instance: gitea-runner + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: act-runner + app.kubernetes.io/version: 0.2.11 + helm.sh/chart: act-runner-0.2.0 + name: gitea-runner-act-runner + namespace: gitea-runner +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: gitea-runner + app.kubernetes.io/name: act-runner + template: + metadata: + annotations: + checksum/config: 47c62c7084284f915799a694bfead1e221df249e7fa9043ed480992271c13cc8 + checksum/secret: 12ae32cb1ec02d01eda3581b127c1fee3b0dc53572ed6baf239721a03d82e126 + labels: + app.kubernetes.io/instance: gitea-runner + app.kubernetes.io/name: act-runner + spec: + containers: + - env: + - name: GITEA_INSTANCE_URL + value: https://git.borninpain.de + - name: GITEA_RUNNER_REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + key: token + name: gitea-runner + - name: CONFIG_FILE + value: /config/config.yaml + - name: DOCKER_HOST + value: tcp://localhost:2376 + - name: DOCKER_CERT_PATH + value: /certs/client + - name: DOCKER_TLS_VERIFY + value: "1" + image: docker.io/gitea/act_runner:0.2.11-dind-rootless + imagePullPolicy: IfNotPresent + name: act-runner + securityContext: + privileged: true + volumeMounts: + - mountPath: /data + name: data + - mountPath: /config + name: config + restartPolicy: Always + securityContext: + fsGroup: 1000 + serviceAccountName: gitea-runner-act-runner + terminationGracePeriodSeconds: 10 + volumes: + - configMap: + name: gitea-runner-act-runner-config + name: config + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: openebs-3-replicas diff --git a/gitea-runner/src/kustomization.yaml b/gitea-runner/src/kustomization.yaml new file mode 100644 index 0000000..5e78bd1 --- /dev/null +++ b/gitea-runner/src/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +helmCharts: + - name: act-runner + repo: https://gringolito.github.io/helm-charts/ + version: 0.2.0 + releaseName: gitea-runner + includeCRDs: true + namespace: gitea-runner + valuesFile: values.yaml diff --git a/gitea-runner/src/values.yaml b/gitea-runner/src/values.yaml new file mode 100644 index 0000000..f57de1f --- /dev/null +++ b/gitea-runner/src/values.yaml @@ -0,0 +1,207 @@ +# Global values +global: + # -- Override the name of the app. + nameOverride: "" + # -- Override the fully qualified app name. + fullnameOverride: "" + # -- Apply labels to all resources. + commonLabels: {} + # enviornment: production + +image: + # -- Specify the image name to use (relative to `image.repository`). + name: gitea/act_runner + # -- Overrides the image tag whose default is the chart appVersion. + tag: "0.2.11" + # -- Specify the image repository to use. + repository: docker.io + # -- Specify the image pull policy. Valid values are `Always`, `Never`, `IfNotPresent`. + # [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). + pullPolicy: IfNotPresent + # -- Specify the image pull secrets if pulling from private registry + # [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). + pullSecrets: [] + # - name: + +runner: + updateStrategy: + # -- Specify the update strategy used to replace old Pods by new ones valid options are `RollingUpdate`, `OnDelete`. + # [strategy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies) + type: RollingUpdate # @schema enum:[RollingUpdate, OnDelete] + + # Docker in Docker configuration for running Docker commands inside the runner. + dockerDind: + # -- Enable Docker in Docker with root user. + enabled: false + # -- Docker DinD image repository and tag. + image: docker:23.0.6-dind + + # -- Gitea instance URL where the runner will register. + instanceURL: https://git.borninpain.de + + # Runner registration token configuration. + token: + # -- Set the Runner registration token value. If existing secret is specified this value is not used. + value: "" + # Specify an existing secret containing the Runner registration token. + fromSecret: + # -- Specify the secret name containing the Runner registration token. + name: gitea-runner + # -- Specify the key in the secret that contains the Runner registration token. + key: token + + # Runner custom configuration settings. + config: + # -- Enable custom configuration for the runner deployment. + enabled: true + # -- Specify runner's custom configuration in YAML format. + # @default -- See [values.yaml](./values.yaml) for default configuration + data: | + log: + level: info + runner: + labels: + - ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest + - ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04 + - ubuntu-20.04:docker://docker.gitea.com/runner-images:ubuntu-20.04 + - x64 + container: + force_pull: true + +# -- Define environment variables for the runner container. +# @default -- See [values.yaml](./values.yaml) for default configuration +env: + - name: DOCKER_HOST + value: tcp://localhost:2376 + - name: DOCKER_CERT_PATH + value: /certs/client + - name: DOCKER_TLS_VERIFY + value: "1" + # - name: GITEA_RUNNER_LABELS + # value: "" + +# Persistent storage configuration for runner data. +persistence: + # -- Enable persistent storage for runner data. + enabled: true + # -- Storage class name for the PersistentVolumeClaim. + storageClassName: openebs-3-replicas + # -- Access modes for the PersistentVolumeClaim. + accessModes: ReadWriteOnce + # -- Size of the PersistentVolumeClaim. + size: 1Gi + # -- Path inside the container where the volume will be mounted. + mountPath: "/data" + # -- Label selectors for the PersistentVolumeClaim. + selector: {} + +# Service account configuration for the runner pods. +serviceAccount: + # -- Specifies whether a service account should be created. + create: true + # -- Annotations to add to the service account. + annotations: {} + # -- The name of the service account to use. If not set and create is true, a name is generated using the fullname template. + name: "" + +# Horizontal Pod Autoscaler configuration. +autoscaling: + # -- Enable horizontal pod autoscaling. + enabled: false + # -- Minimum number of replicas. + minReplicas: 1 # @schema minimum:1 + # -- Maximum number of replicas. + maxReplicas: 100 # @schema minimum:1 + # -- Target CPU utilization percentage for scaling. + targetCPUUtilizationPercentage: 80 # @schema minimum:0;maximum:100 + # -- Target memory utilization percentage for scaling. + targetMemoryUtilizationPercentage: 80 # @schema minimum:0;maximum:100 + +# -- Define environment variables from existing ConfigMap or Secret data. +envFrom: [] +# - configMapRef: +# name: +# - secretRef: +# name: + +# -- Number of runner replicas. +replicas: 1 # @schema minimum:1 + +# -- Annotations to add to the runner pods. +podAnnotations: {} + +# -- Labels to add to the runner pods. +podLabels: {} + +# -- Priority class name for the runner pods. +# [priorityClassName](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass). +podPriorityClassName: "" + +# -- Pod security context configuration. Only applied when using rootless container. +# [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). +podSecurityContext: + fsGroup: 1000 + +# -- Security context configuration for the runner container. +# [SecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). +securityContext: {} + # privileged: true + +# -- Resource requests and limits for the runner container. +# [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). +resources: {} + # requests: + # cpu: 200m + # memory: 256Mi + # limits: + # cpu: 200m + # memory: 256Mi + +# -- Lifecycle hooks for the runner container. +# [Lifecycle](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/). +lifecycle: {} + # preStop: + # exec: + # command: + # - /bin/sleep + # - "10" + +# -- Termination grace period in seconds for the runner pods. +terminationGracePeriodSeconds: 10 # @schema minimum:0 + +# -- Node selector for scheduling runner pods on specific nodes. +# [nodeSelector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). +nodeSelector: {} + +# -- Tolerations for scheduling runner pods on nodes with taints. +# [Tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/). +tolerations: [] + +# -- Affinity and anti-affinity rules for runner pod scheduling. +# [Affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). +affinity: {} + +# -- Topology spread constraints for distributing runner pods across zones/nodes. +# [TopologySpreadConstraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/). +topologySpreadConstraints: [] + +# -- Additional volumes to attach to the runner pods. +extraVolumes: [] + +# -- Additional volume mounts for the runner container. +extraVolumeMounts: [] + +# -- Init containers to run before the main runner container. +initContainers: [] + +# -- Additional sidecar containers to run alongside the runner container. +extraContainers: [] + +# -- Liveness probe configuration for the runner container. +# [LivenessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes). +livenessProbe: {} + +# -- Readiness probe configuration for the runner container. +# [ReadinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes). +readinessProbe: {} +