--- apiVersion: apps/v1 kind: Deployment metadata: name: act-runner-amd64 spec: selector: matchLabels: app.kubernetes.io/name: act-runner app.kubernetes.io/instance: amd64 replicas: 1 revisionHistoryLimit: 3 strategy: type: Recreate template: metadata: labels: app.kubernetes.io/name: act-runner app.kubernetes.io/instance: amd64 spec: restartPolicy: Always # Initialise our configuration file using offline registration # https://forgejo.org/docs/v1.21/admin/actions/#offline-registration initContainers: - name: runner-register image: act_runner command: ["forgejo-runner"] args: - "register" - "--no-interactive" - "--token" - $(RUNNER_SECRET) - "--name" - $(RUNNER_NAME) - "--instance" - $(FORGEJO_INSTANCE_URL) - "--labels" - "docker:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-latest-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-22.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:amd64,ubuntu-20.04-amd64:docker://code.icb4dc0.de/infrastructure/images/act_runtime:20.04-amd64" env: - name: RUNNER_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: RUNNER_SECRET valueFrom: secretKeyRef: name: forgejo-runner-secret key: token - name: FORGEJO_INSTANCE_URL value: http://forgejo-http.forgejo.svc.cluster.local:3000 resources: limits: cpu: "0.50" memory: "64Mi" volumeMounts: - name: runner-data mountPath: /data containers: - name: runner image: act_runner imagePullPolicy: Always command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon --config /etc/act/config.yaml"] env: - name: DOCKER_HOST value: tcp://localhost:2376 - name: DOCKER_CERT_PATH value: /certs/client - name: DOCKER_TLS_VERIFY value: "1" volumeMounts: - name: runner-data mountPath: /data - name: docker-certs mountPath: /certs - name: runner-config mountPath: /etc/act securityContext: privileged: true resources: requests: memory: "250Mi" cpu: "250m" limits: memory: "384Mi" cpu: "750m" - name: daemon image: dind env: - name: DOCKER_TLS_CERTDIR value: /certs securityContext: privileged: true volumeMounts: - name: docker-certs mountPath: /certs - name: runner-data mountPath: /data - name: docker-config mountPath: /etc/docker resources: requests: memory: "256Mi" cpu: "100m" limits: memory: "512Mi" cpu: "1200m" securityContext: fsGroup: 1000 nodeSelector: kubernetes.io/arch: amd64 affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - topologyKey: kubernetes.io/hostname labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - act-runner volumes: - name: runner-data emptyDir: sizeLimit: 500Mi - name: docker-certs emptyDir: sizeLimit: 5Mi - name: runner-config configMap: name: act-runner-config-amd64 items: - key: config.yaml path: config.yaml - name: docker-config configMap: name: act-runner-config-amd64 items: - key: daemon.json path: daemon.json