ryan/lunarfront-charts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0737bf0e69625625e9c38682176411a9cd95314c
lunarfront-charts/runner/deployment.yaml
Ryan Moon 0737bf0e69 fix: add haproxy sidecar to prepend PROXY protocol for registry pushes 
Routes git.lunarfront.tech:443 through a local haproxy that adds the
PROXY protocol header nginx requires, bypassing the DO LB hairpin.
2026-04-03 07:59:25 -05:00

97 lines
2.8 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea-runner
namespace: runner
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: gitea-runner
template:
metadata:
labels:
app: gitea-runner
spec:
nodeSelector:
role: system
hostAliases:
- ip: 127.0.0.1
hostnames:
- git.lunarfront.tech
containers:
- name: runner
image: gitea/act_runner:latest
workingDir: /data
command: ["sh", "-c", "until nc -z localhost 2375 2>/dev/null; do echo 'waiting for dind...'; sleep 2; done && if [ ! -f /data/.runner ]; then /usr/local/bin/act_runner register --no-interactive --instance \"$GITEA_INSTANCE_URL\" --token \"$GITEA_RUNNER_REGISTRATION_TOKEN\" --name \"$GITEA_RUNNER_NAME\" --config \"$CONFIG_FILE\"; fi && exec /usr/local/bin/act_runner daemon --config \"$CONFIG_FILE\""]
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 2000m
memory: 2Gi
env:
- name: GITEA_INSTANCE_URL
value: http://gitea-http.gitea.svc.cluster.local:3000
- name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: gitea-runner-token
key: token
- name: GITEA_RUNNER_NAME
value: k8s-runner
- name: DOCKER_HOST
value: tcp://localhost:2375
- name: DOCKER_TLS_VERIFY
value: "0"
- name: CONFIG_FILE
value: /etc/runner/config.yaml
volumeMounts:
- name: runner-config
mountPath: /etc/runner
- name: runner-data
mountPath: /data
- name: registry-proxy
image: haproxy:alpine
resources:
requests:
cpu: 10m
memory: 16Mi
limits:
cpu: 100m
memory: 64Mi
volumeMounts:
- name: haproxy-config
mountPath: /usr/local/etc/haproxy
- name: dind
image: docker:dind
securityContext:
privileged: true
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 2000m
memory: 4Gi
env:
- name: DOCKER_TLS_CERTDIR
value: ""
args: ["--host=tcp://0.0.0.0:2375"]
volumes:
- name: runner-config
configMap:
name: gitea-runner-config
- name: runner-data
persistentVolumeClaim:
claimName: gitea-runner-data
- name: haproxy-config
configMap:
name: runner-haproxy-config
Reference in New Issue View Git Blame Copy Permalink