---
apiVersion: apps/v1
kind: Deployment
metadata:
name: act-runner-amd64
spec:
selector:
matchLabels:
app.kubernetes.io/name: act-runner
app.kubernetes.io/instance: amd64
replicas: 1
revisionHistoryLimit: 3
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: act-runner
app.kubernetes.io/instance: amd64
spec:
restartPolicy: Always
# Initialise our configuration file using offline registration
# https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
initContainers:
- name: runner-register
image: act_runner
command: ["forgejo-runner"]
args:
- "register"
- "--no-interactive"
- "--token"
- $(RUNNER_SECRET)
- "--name"
- $(RUNNER_NAME)
- "--instance"
- $(FORGEJO_INSTANCE_URL)
- "--labels"
- "docker:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-latest-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-22.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-20.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:20.04-amd64"
env:
- name: RUNNER_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: RUNNER_SECRET
valueFrom:
secretKeyRef:
name: forgejo-runner-secret
key: token
- name: FORGEJO_INSTANCE_URL
value: http://forgejo-http.forgejo.svc.cluster.local:3000
resources:
limits:
cpu: "0.50"
memory: "64Mi"
volumeMounts:
- name: runner-data
mountPath: /data
containers:
- name: runner
image: act_runner
imagePullPolicy: Always
command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon --config /etc/act/config.yaml"]
env:
- name: DOCKER_HOST
value: tcp://localhost:2376
- name: DOCKER_CERT_PATH
value: /certs/client
- name: DOCKER_TLS_VERIFY
value: "1"
volumeMounts:
- name: runner-data
mountPath: /data
- name: docker-certs
mountPath: /certs
- name: runner-config
mountPath: /etc/act
securityContext:
privileged: true
resources:
requests:
memory: "250Mi"
cpu: "250m"
limits:
memory: "384Mi"
cpu: "750m"
- name: daemon
image: dind
env:
- name: DOCKER_TLS_CERTDIR
value: /certs
securityContext:
privileged: true
volumeMounts:
- name: docker-certs
mountPath: /certs
- name: runner-data
mountPath: /data
- name: docker-config
mountPath: /etc/docker
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "1200m"
securityContext:
fsGroup: 1000
nodeSelector:
kubernetes.io/arch: amd64
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- act-runner
volumes:
- name: runner-data
emptyDir:
sizeLimit: 500Mi
- name: docker-certs
emptyDir:
sizeLimit: 5Mi
- name: runner-config
configMap:
name: act-runner-config-amd64
items:
- key: config.yaml
path: config.yaml
- name: docker-config
configMap:
name: act-runner-config-amd64
items:
- key: daemon.json
path: daemon.json