try once more

2024-05-25 13:11:24 +02:00
parent 7e3f8a2764
commit 4f18adf1da
4 changed files with 10 additions and 89 deletions
--- a/infrastructure/gitea/actions.deployment.yaml
+++ b/infrastructure/gitea/actions.deployment.yaml
@@ -17,15 +17,8 @@ spec:
      restartPolicy: Always
      containers:
      - name: runner
-        image: runner
-        command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"]
+        image: vegardit/gitea-act-runner:dind-latest
        env:
-        - name: DOCKER_HOST
-          value: tcp://localhost:2376
-        - name: DOCKER_CERT_PATH
-          value: /certs/client
-        - name: DOCKER_TLS_VERIFY
-          value: "1"
        - name: GITEA_INSTANCE_URL
          value: "https://git.kluster.moll.re"
        - name: GITEA_RUNNER_REGISTRATION_TOKEN
@@ -37,36 +30,18 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
-        volumeMounts:
-        - name: docker-certs
-          mountPath: /certs
-        - name: runner-data
-          mountPath: /data
-        resources:
-          limits:
-            memory: "1Gi"
-            cpu: "1"
-
-      - name: daemon
-        image: daemon
-        env:
-        - name: DOCKER_TLS_CERTDIR
-          value: /certs
+        - name: GITEA_RUNNER_UID
+          value: '1000'
+        - name: GITEA_RUNNER_GID
+          value: '1000'
+        - name: GITEA_RUNNER_JOB_CONTAINER_PRIVILEGED
+          value: 'true'
        securityContext:
          privileged: true
        volumeMounts:
-        - name: docker-certs
-          mountPath: /certs
-        resources:
-          requests:
-            memory: "128Mi"
-            cpu: "500m"
-          limits:
-            memory: "4Gi"
-            cpu: "4"    
+        - name: runner-data
+          mountPath: /data
      volumes:
-      - name: docker-certs
-        emptyDir: {}
      - name: runner-data
        persistentVolumeClaim:
          claimName: runner-data
--- a/infrastructure/gitea/actions.rbac.yaml
+++ b/infrastructure/gitea/actions.rbac.yaml
@@ -1,27 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: builder-service-account
-  namespace: gitea
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: builder-rolebinding
-  namespace: target
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: edit
-subjects:
- namespace: gitea
-  kind: ServiceAccount
-  name: builder-service-account
---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: builder-service-account-secret
-  annotations:
-    kubernetes.io/service-account.name: builder-service-account
-type: kubernetes.io/service-account-token
--- a/infrastructure/gitea/kubeconf.yaml
+++ b/infrastructure/gitea/kubeconf.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Config
-clusters:     
- name: default-cluster
-  cluster:
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTVRFME9ESXhNak13SGhjTk1qUXdNekkyTVRrME1qQXpXaGNOTXpRd016STBNVGswTWpBegpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTVRFME9ESXhNak13V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFSaU9Pbi9VbTdjODFrN3ZuVmg4L2djaHk4blpFdTBCQkFiSjdZLzluVE8KMGJEV2ZYYU9TaTgrU1FHM09pYjBlYXNvWGVwSU8zWmNJTHhjNFRsRk9LQWpvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVW43TDJHblhVOFNMUHhHMkpxazlsClZ2SXFRbzh3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUpuVEhaYlRXcWw0NzVvNWZCczYwV0dwRXQ5TytnM2wKTnVucE5GUGR2Qld1QWlCSDhhRFZhMlI3YklkaWxRUlVlVG9Lb1VsaSsya0tJZGNqdWVjVVNmZHFodz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
-
-    server: https://192.168.1.201:6443
-contexts:                            
- name: default-context
-  context:
-    cluster: default-cluster
-    namespace: gitea
-    user: default-user
-current-context: default-context
-users:                
- name: default-user            
-  user:
-    token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjdvVVZLWkRwWERHTEl0RWV0S0hZYVlGRy1tQWF5T01BcVp6OXdmTml4QmcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJnaXRlYSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJidWlsZGVyLXNlcnZpY2UtYWNjb3VudC1zZWNyZXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiYnVpbGRlci1zZXJ2aWNlLWFjY291bnQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2MjliYTA5Yy03ZDZlLTQxNTctOGYxYS01ZjRmM2NiYTc0MDQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6Z2l0ZWE6YnVpbGRlci1zZXJ2aWNlLWFjY291bnQifQ.DW-GQVhZfY4YPzPDcXVHVzQZu-kT3ryVy2NHdk2sIP-G4hBurcLQduCTILJxr1xMwaUKhQ-yp9xjaGb4kTcKvSA7oLmAMeOhoWWsxE7c
--- a/infrastructure/gitea/kustomization.yaml
+++ b/infrastructure/gitea/kustomization.yaml
@@ -7,19 +7,11 @@ resources:
  - gitea.servicemonitor.yaml
  - actions.deployment.yaml
  - actions.sealedsecret.yaml
-  - actions.rbac.yaml
+  # - actions.rbac.yaml


 namespace: gitea

-images:
-  - name: runner
-    newName: gitea/act_runner
-    newTag: nightly
-  - name: daemon
-    newName: docker
-    newTag: 23.0.6-dind
-

 helmCharts:
  - name: gitea