145 lines
3.7 KiB
TypeScript
145 lines
3.7 KiB
TypeScript
import { Construct } from "constructs";
|
|
import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
|
|
|
|
import { OnePasswordSecret, LonghornPvc } from "../../utils";
|
|
import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1";
|
|
import { PodDisruptionBudgetV1 } from "@cdktf/provider-kubernetes/lib/pod-disruption-budget-v1";
|
|
|
|
type GiteaRunnerOptions = {
|
|
provider: KubernetesProvider;
|
|
name: string;
|
|
namespace: string;
|
|
replicas?: number;
|
|
};
|
|
|
|
export class GiteaRunner extends Construct {
|
|
constructor(scope: Construct, id: string, options: GiteaRunnerOptions) {
|
|
super(scope, id);
|
|
|
|
const { provider, name, namespace } = options;
|
|
const replicas = options.replicas?.toString() ?? "1";
|
|
|
|
const pvc = new LonghornPvc(this, "data-pvc", {
|
|
provider,
|
|
name: `${name}-data`,
|
|
namespace: namespace,
|
|
size: "10Gi",
|
|
accessModes: ["ReadWriteMany"],
|
|
});
|
|
|
|
new OnePasswordSecret(this, "runner-secret", {
|
|
provider,
|
|
name: "runner-secret",
|
|
namespace: namespace,
|
|
itemPath: "vaults/Lab/items/Gitea",
|
|
});
|
|
|
|
new PodDisruptionBudgetV1(this, "pdb", {
|
|
provider,
|
|
metadata: {
|
|
name,
|
|
namespace,
|
|
},
|
|
spec: {
|
|
minAvailable: replicas,
|
|
selector: {
|
|
matchLabels: {
|
|
app: name,
|
|
},
|
|
},
|
|
},
|
|
});
|
|
|
|
new DeploymentV1(this, "gitea-runner", {
|
|
provider,
|
|
metadata: {
|
|
name: name,
|
|
namespace: namespace,
|
|
labels: {
|
|
app: name,
|
|
},
|
|
},
|
|
spec: {
|
|
replicas,
|
|
selector: {
|
|
matchLabels: {
|
|
app: name,
|
|
},
|
|
},
|
|
template: {
|
|
metadata: {
|
|
labels: {
|
|
app: name,
|
|
},
|
|
},
|
|
spec: {
|
|
nodeSelector: {
|
|
nodepool: "worker",
|
|
},
|
|
topologySpreadConstraint: [
|
|
{
|
|
maxSkew: 1,
|
|
topologyKey: "kubernetes.io/hostname",
|
|
whenUnsatisfiable: "DoNotSchedule",
|
|
labelSelector: [
|
|
{
|
|
matchLabels: {
|
|
app: name,
|
|
},
|
|
},
|
|
],
|
|
},
|
|
],
|
|
restartPolicy: "Always",
|
|
securityContext: {
|
|
fsGroup: "1000",
|
|
},
|
|
container: [
|
|
{
|
|
name: "gitea-runner",
|
|
image: "gitea/act_runner:nightly-dind-rootless",
|
|
env: [
|
|
{
|
|
name: "DOCKER_HOST",
|
|
value: "unix:///run/user/1000/docker.sock",
|
|
},
|
|
{
|
|
name: "GITEA_INSTANCE_URL",
|
|
value: "https://git.dogar.dev",
|
|
},
|
|
{
|
|
name: "GITEA_RUNNER_REGISTRATION_TOKEN",
|
|
valueFrom: {
|
|
secretKeyRef: {
|
|
name: "runner-secret",
|
|
key: "runner-token",
|
|
},
|
|
},
|
|
},
|
|
],
|
|
securityContext: {
|
|
privileged: true,
|
|
},
|
|
volumeMount: [
|
|
{
|
|
name: "runner-data",
|
|
mountPath: "/data",
|
|
},
|
|
],
|
|
},
|
|
],
|
|
volume: [
|
|
{
|
|
name: "runner-data",
|
|
persistentVolumeClaim: {
|
|
claimName: pvc.name,
|
|
},
|
|
},
|
|
],
|
|
},
|
|
},
|
|
},
|
|
});
|
|
}
|
|
}
|