shahab/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b776cb1ca2abcaa1662ec0f0326b6ef962bedac8
homelab/gitea/actions/runner.yaml

103 lines
2.1 KiB
YAML
Raw Blame History

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: action-runner
namespace: homelab
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
storageClassName: longhorn-crypto
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: action-runner
name: action-runner
namespace: homelab
spec:
replicas: 9
selector:
matchLabels:
app: action-runner
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: action-runner
spec:
restartPolicy: Always
volumes:
- name: runner-data
persistentVolumeClaim:
claimName: action-runner
securityContext:
fsGroup: 1000
containers:
- name: runner
image: gitea/act_runner:nightly-dind-rootless
imagePullPolicy: Always
env:
- name: DOCKER_HOST
value: tcp://localhost:2376
- name: DOCKER_CERT_PATH
value: /certs/client
- name: DOCKER_TLS_VERIFY
value: "1"
- name: GITEA_INSTANCE_URL
value: https://git.dogar.dev
- name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: runner-secret
key: runner-token
securityContext:
privileged: true
volumeMounts:
- name: runner-data
mountPath: /data
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: action-runner-pdb
namespace: homelab
spec:
minAvailable: 6
selector:
matchLabels:
app: action-runner
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: action-runner-netpol
namespace: homelab
spec:
podSelector:
matchLabels:
app: action-runner
policyTypes:
- Egress
egress:
- to: []
ports:
- protocol: TCP
port: 443
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- protocol: TCP
port: 53
- protocol: UDP
port: 53
Reference in New Issue View Git Blame Copy Permalink