forgejo-runner - dind-docker.yaml

 1# Secret data.
 2# You will need to retrive this from the web UI, and your Forgejo instance must be running v1.21+
 3# Alternatively, create this with
 4# kubectl create secret generic runner-secret --from-literal=token=your_offline_token_here
 5apiVersion: v1
 6stringData:
 7  token: your_offline_secret_here
 8kind: Secret
 9metadata:
10  name: runner-secret
11---
12apiVersion: apps/v1
13kind: Deployment
14metadata:
15  labels:
16    app: forgejo-runner
17  name: forgejo-runner
18spec:
19  # Two replicas means that if one is busy, the other can pick up jobs.
20  replicas: 2
21  selector:
22    matchLabels:
23      app: forgejo-runner
24  strategy: {}
25  template:
26    metadata:
27      creationTimestamp: null
28      labels:
29        app: forgejo-runner
30    spec:
31      restartPolicy: Always
32      volumes:
33      - name: docker-certs
34        emptyDir: {}
35      - name: runner-data
36        emptyDir: {}
37      # Initialise our configuration file using offline registration
38      # https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
39      initContainers:
40        - name: runner-register
41          image: code.forgejo.org/forgejo/runner:3.2.0
42          command: ["forgejo-runner", "register", "--no-interactive", "--token", $(RUNNER_SECRET), "--name", $(RUNNER_NAME), "--instance", $(FORGEJO_INSTANCE_URL)]
43          env:
44            - name: RUNNER_NAME
45              valueFrom:
46                fieldRef:
47                  fieldPath: metadata.name
48            - name: RUNNER_SECRET
49              valueFrom:
50                secretKeyRef:
51                  name: runner-secret
52                  key: token
53            - name: FORGEJO_INSTANCE_URL
54              value: http://forgejo-http.forgejo.svc.cluster.local:3000
55          resources:
56            limits:
57              cpu: "0.50"
58              memory: "64Mi"
59          volumeMounts:
60            - name: runner-data
61              mountPath: /data
62      containers:
63      - name: runner
64        image: code.forgejo.org/forgejo/runner:3.0.0
65        command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon"]
66        env:
67        - name: DOCKER_HOST
68          value: tcp://localhost:2376
69        - name: DOCKER_CERT_PATH
70          value: /certs/client
71        - name: DOCKER_TLS_VERIFY
72          value: "1"
73        volumeMounts:
74        - name: docker-certs
75          mountPath: /certs
76        - name: runner-data
77          mountPath: /data
78      - name: daemon
79        image: docker:23.0.6-dind
80        env:
81        - name: DOCKER_TLS_CERTDIR
82          value: /certs
83        securityContext:
84          privileged: true
85        volumeMounts:
86        - name: docker-certs
87          mountPath: /certs