diff --git a/infrastructure/external/kustomization.yaml b/infrastructure/external/kustomization.yaml
index a6f6a8b..57b916c 100644
--- a/infrastructure/external/kustomization.yaml
+++ b/infrastructure/external/kustomization.yaml
@@ -9,4 +9,3 @@ resources:
- omv-s3.ingress.yaml
- openmediavault.ingress.yaml
- proxmox.ingress.yaml
- - wireguard.ingress.yaml
\ No newline at end of file
diff --git a/infrastructure/external/wireguard.ingress.yaml b/infrastructure/external/wireguard.ingress.yaml
deleted file mode 100644
index f57b346..0000000
--- a/infrastructure/external/wireguard.ingress.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
- name: wireguard-ingressroute
- namespace: external
-spec:
- entryPoints:
- - websecure
- routes:
- - match: Host(`wireguard.kluster.moll.re`)
- kind: Rule
- services:
- - name: wireguard
- port: 443
- scheme: https
- tls:
- certResolver: default-tls
----
-apiVersion: v1
-kind: Endpoints
-metadata:
- name: wireguard
- namespace: external
-subsets:
- - addresses:
- - ip: 192.168.2.1
- ports:
- - port: 443
----
-apiVersion: v1
-kind: Service
-metadata:
- name: wireguard
- namespace: external
-spec:
- ports:
- - port: 443
- targetPort: 443
\ No newline at end of file
diff --git a/infrastructure/gitea/actions.deployment.yaml b/infrastructure/gitea/actions.deployment.yaml
index 6abe7ec..b8f337e 100644
--- a/infrastructure/gitea/actions.deployment.yaml
+++ b/infrastructure/gitea/actions.deployment.yaml
@@ -1,28 +1,24 @@
apiVersion: apps/v1
kind: Deployment
metadata:
- name: actions-runner
+ labels:
+ app: act-runner
+ name: act-runner
spec:
+ replicas: 1
selector:
matchLabels:
- app: actions-runner
+ app: act-runner
template:
metadata:
labels:
- app: actions-runner
+ app: act-runner
spec:
- hostname: kube-runner
- serviceAccountName: actions-runner
+ restartPolicy: Always
containers:
- - name: actions-runner
- image: actions-runner
- resources:
- requests:
- memory: "128Mi"
- cpu: "500m"
- limits:
- memory: "2Gi"
- cpu: "2"
+ - name: runner
+ image: runner
+ command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"]
env:
- name: DOCKER_HOST
value: tcp://localhost:2376
@@ -37,30 +33,40 @@ spec:
secretKeyRef:
name: actions-runner-secret
key: runner-token
- # - name: GITEA_RUNNER_LABELS
- # value: ubuntu-latest:docker://node:16-bullseye,ubuntu-22.04:docker://node:16-bullseye
- name: ACTIONS_RUNNER_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
- value: "true"
- - name: ACTIONS_RUNNER_CONTAINER_HOOKS
- value: /home/runner/k8s/index.js
- - name: ACTIONS_RUNNER_CLAIM_NAME
- value: runner-workdir
- - name: GITEA_RUNNER_LABELS
- value: k8s
volumeMounts:
- - name: runner-workdir
- mountPath: /home/runner/_work
+ - name: docker-certs
+ mountPath: /certs
- name: runner-data
mountPath: /data
-
+ resources:
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+
+ - name: daemon
+ image: daemon
+ env:
+ - name: DOCKER_TLS_CERTDIR
+ value: /certs
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: docker-certs
+ mountPath: /certs
+ resources:
+ requests:
+ memory: "128Mi"
+ cpu: "500m"
+ limits:
+ memory: "4Gi"
+ cpu: "4"
volumes:
- - name: runner-workdir
- persistentVolumeClaim:
- claimName: runner-workdir
+ - name: docker-certs
+ emptyDir: {}
- name: runner-data
persistentVolumeClaim:
claimName: runner-data
@@ -77,16 +83,3 @@ spec:
volumeMode: Filesystem
accessModes:
- ReadWriteMany
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: runner-workdir
-spec:
- resources:
- requests:
- storage: 5Gi
- storageClassName: "nfs-client"
- volumeMode: Filesystem
- accessModes:
- - ReadWriteMany
diff --git a/infrastructure/gitea/actions.rbac.yaml b/infrastructure/gitea/actions.rbac.yaml
deleted file mode 100644
index 6eeb51c..0000000
--- a/infrastructure/gitea/actions.rbac.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: actions-runner
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: actions-role
-rules:
-- apiGroups: [""]
- resources: ["pods"]
- verbs: ["get", "list", "create", "delete"]
-- apiGroups: [""]
- resources: ["pods/exec"]
- verbs: ["get", "create"]
-- apiGroups: [""]
- resources: ["pods/log"]
- verbs: ["get", "list", "watch",]
-- apiGroups: ["batch"]
- resources: ["jobs"]
- verbs: ["get", "list", "create", "delete"]
-- apiGroups: [""]
- resources: ["secrets"]
- verbs: ["get", "list", "create", "delete"]
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: actions-role-binding
-subjects:
-- kind: ServiceAccount
- name: actions-runner
- apiGroup: ""
-roleRef:
- kind: Role
- name: actions-role
- apiGroup: rbac.authorization.k8s.io
diff --git a/infrastructure/gitea/actions.sealedsecret.yaml b/infrastructure/gitea/actions.sealedsecret.yaml
index 3f6981c..844e95e 100644
--- a/infrastructure/gitea/actions.sealedsecret.yaml
+++ b/infrastructure/gitea/actions.sealedsecret.yaml
@@ -7,7 +7,7 @@ metadata:
namespace: gitea
spec:
encryptedData:
- runner-token: AgBHwek/Aj/0oOnI/bnZ4FgtRoeJw4tIKvcDzBhaPdQ7bMVHyHUKYUNP7lkPgZrIN+7rhMY7C/j13iGWx4iTdhTgipLiJvyZ70pXKLSix4IpcypJTElggWkW0JW79x1HyJfBtn9iJiHnEZXPi7sEnyKhA0asAOR0ae8NS6mxxei0TIImaPaC2RHL6MOi40xsXpHz2ZaVhDQaTSRWjv0U6+WkCGcueqM2HLYfF1gqqkzGCjjhdOTK1CKvIvApZ5n8x6x94IiywCXJraDCwLz+acF2c2vA/Jb/3p7TwyyRZ5uIF5LZufhTJ6+5sFJSReHYxO4CpPA8KvM880vtiEjN7LxVo/Jruj2459OvjviKZS03ZwLHHrjanom1+HA9Sx2ffRLiR5ayGkfj/6kvpIRt5x1F7BbPp+a0LXuxJX+1nGDyEa1D1WzVKvZASav6/v7cXcom/nKGO91Zb8qHlOv7ZTs5guGQ9G9VCOHOG8szwpW3ZmQwWfFoWsShzqbDqszBYOGeIjIiDllLzTZ8A9dv9J2ELngZ1IPGIkfpQNEW8hsbNXTYhdVIrkh7BIFkRWfYDNWxqZd4iE6XllQcT1rqndusgiNEJX2r+P4nT8dPewATXQ79wzvZU3kB+VHzM8cLymlVGADi7v/qTY9RcrhuE0oMLzHRShr6JU05VfLGbMsttrYKmW7smvBp3lRJitO5A8+r8cRniS1+Xr8mIx87vCvnoWSH6BKkl9pCdDeCGylAWfkJN9UpkaKg
+ runner-token: AgCexZDTtbYOdG3XgvmOh9CwxzTT+dhPVCPYv/arp8cM9R45PFIfwDvFCThnTHQYZJIYpsaUvoxdXSYYdhLyBVhmuAdD0NeH47q7qRh4U6WYUF6RMqUV3Dpri00nrROx2MN8Q+uGN+wq2xloSbkDzLiS+0sD8m+ItIKhEjIMcn9PyA2OheUmbCVfyOVzCEEaOt98nweTlOXgQLJBLPhxUJFCMePfGHudAlu2lZO3dH+T8G9cC86akZnAODuI69iScuIVOtGJvj1EhPNg9d7QjmjWZOKlk0ryPdwEoR/+kD069Jp4STX7IsVqKxZcvnY8yUICbmvj2TzJWzUDMit3leBopO+8+ECSng4uANGwp3QyankmyWD8SXN3fTuASoeoWa5mYN/qCih9m5ih7FxsDNqAFumUzX1QtAN3LDmzgcomdC7D6FHc1PIaOjoEF96TaDgBc8ODMRBWDtjCzD5sTLQ3zGLRieFsOxkdb0d9E+E4pestmnbdtwNTpfgtyT0pr2847FyAmS0DhA6bb4i+JohNswo+83koJQWf1UNyKhQ14kPhPiBRp1cnYieswFjSuvBbWAjB+SYrFIns97qJon2UjwcnlJ6/KewKj5KTOWnTel1Sgxgn4y7qXFnLvReIEKc6SCz+aFFEa4qAqJVmS1STMEwcqkiM7gA+he/8mdEB0BmfwdnGK0pA1I+RD4hOhDqIQlGyTtWGQINqFulbNUS2PcLmf5nX/ERRRPLlwmZNwR27pP3iQg29
template:
metadata:
creationTimestamp: null
diff --git a/infrastructure/gitea/kustomization.yaml b/infrastructure/gitea/kustomization.yaml
index cf63840..24d3c0c 100644
--- a/infrastructure/gitea/kustomization.yaml
+++ b/infrastructure/gitea/kustomization.yaml
@@ -10,15 +10,17 @@ resources:
- drone-server.sealedsecret.yaml
- actions.deployment.yaml
- actions.sealedsecret.yaml
- - actions.rbac.yaml
namespace: gitea
images:
- - name: actions-runner
- newName: ghcr.io/christopherhx/gitea-actions-runner
+ - name: runner
+ newName: gitea/act_runner
newTag: nightly
+ - name: daemon
+ newName: docker
+ newTag: 23.0.6-dind
helmCharts: