From bbd8eed2f5e2c59f63d3dad5cca8494410da516e Mon Sep 17 00:00:00 2001
From: djpbessems <danny@bessems.eu>
Date: Wed, 28 Feb 2024 11:07:24 +1100
Subject: [PATCH] Added Gitea action runner deployments

---
 ...espace-Gitea.yml => _namespace-gitea.yaml} |  0
 services/Gitea/configmap-runner-config.yaml   | 14 ++++
 .../deployment-act-runner-dind-rootless.yaml  | 65 ++++++++++++++++
 .../Gitea/deployment-act-runner-dind.yaml     | 75 +++++++++++++++++++
 ...oyment-Gitea.yml => deployment-gitea.yaml} |  0
 ...oute-Gitea.yml => ingressroute-gitea.yaml} |  0
 .../Gitea/persistentVolumeClaim-Gitea.yml     | 25 -------
 ...rsistentvolume-flexvolsmb-gitea-data.yaml} | 19 -----
 ...sistentvolume-flexvolsmb-gitea-runner.yaml | 18 +++++
 ...persistentvolume-flexvolsmb-gitea-ssh.yaml | 18 +++++
 ...tvolumeclaim-act-runner-dind-rootless.yaml | 12 +++
 ...persistentvolumeclaim-act-runner-dind.yaml | 12 +++
 ...tentvolumeclaim-flexvolsmb-gitea-data.yaml | 12 +++
 ...stentvolumeclaim-flexvolsmb-gitea-ssh.yaml | 12 +++
 services/Gitea/secret-runner-secret.yaml      |  8 ++
 .../{service-Gitea.yml => service-gitea.yaml} |  0
 16 files changed, 246 insertions(+), 44 deletions(-)
 rename services/Gitea/{_namespace-Gitea.yml => _namespace-gitea.yaml} (100%)
 create mode 100644 services/Gitea/configmap-runner-config.yaml
 create mode 100644 services/Gitea/deployment-act-runner-dind-rootless.yaml
 create mode 100644 services/Gitea/deployment-act-runner-dind.yaml
 rename services/Gitea/{deployment-Gitea.yml => deployment-gitea.yaml} (100%)
 rename services/Gitea/{ingressRoute-Gitea.yml => ingressroute-gitea.yaml} (100%)
 delete mode 100644 services/Gitea/persistentVolumeClaim-Gitea.yml
 rename services/Gitea/{persistentVolume-Gitea.yml => persistentvolume-flexvolsmb-gitea-data.yaml} (51%)
 create mode 100644 services/Gitea/persistentvolume-flexvolsmb-gitea-runner.yaml
 create mode 100644 services/Gitea/persistentvolume-flexvolsmb-gitea-ssh.yaml
 create mode 100644 services/Gitea/persistentvolumeclaim-act-runner-dind-rootless.yaml
 create mode 100644 services/Gitea/persistentvolumeclaim-act-runner-dind.yaml
 create mode 100644 services/Gitea/persistentvolumeclaim-flexvolsmb-gitea-data.yaml
 create mode 100644 services/Gitea/persistentvolumeclaim-flexvolsmb-gitea-ssh.yaml
 create mode 100644 services/Gitea/secret-runner-secret.yaml
 rename services/Gitea/{service-Gitea.yml => service-gitea.yaml} (100%)

diff --git a/services/Gitea/_namespace-Gitea.yml b/services/Gitea/_namespace-gitea.yaml
similarity index 100%
rename from services/Gitea/_namespace-Gitea.yml
rename to services/Gitea/_namespace-gitea.yaml
diff --git a/services/Gitea/configmap-runner-config.yaml b/services/Gitea/configmap-runner-config.yaml
new file mode 100644
index 0000000..58b3e71
--- /dev/null
+++ b/services/Gitea/configmap-runner-config.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: runner-config
+  namespace: gitea
+data:
+  dind-config.yml: |
+    runner:
+      capacity: 2
+      labels: [dind:docker://node:21-bullseye]
+  dind-rootless-config.yml: |
+    runner:
+      capacity: 2
+      labels: [dind-rootless:docker://node:21-bullseye]
diff --git a/services/Gitea/deployment-act-runner-dind-rootless.yaml b/services/Gitea/deployment-act-runner-dind-rootless.yaml
new file mode 100644
index 0000000..fd889ec
--- /dev/null
+++ b/services/Gitea/deployment-act-runner-dind-rootless.yaml
@@ -0,0 +1,65 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: act-runner-dind-rootless
+  name: act-runner-dind-rootless
+  namespace: gitea
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: act-runner-dind-rootless
+  strategy: {}
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: act-runner-dind-rootless
+    spec:
+      hostname: act-runner-dind-rootless
+      restartPolicy: Always
+      volumes:
+      - name: runner-config
+        configMap:
+          name: runner-config
+          items:
+          - key: dind-rootless-config.yml
+            path: dind-rootless-config.yml
+      - name: docker-certs
+        emptyDir: {}
+      - name: runner-data
+        persistentVolumeClaim:
+          claimName: act-runner-dind-rootless
+      securityContext:
+        fsGroup: 1000
+      containers:
+      - name: runner
+        image: gitea/act_runner:nightly-dind-rootless
+        imagePullPolicy: Always
+        env:
+        - name: CONFIG_FILE
+          value: /opt/act/config.yml
+        - name: DOCKER_HOST
+          value: tcp://localhost:2376
+        - name: DOCKER_CERT_PATH
+          value: /certs/client
+        - name: DOCKER_TLS_VERIFY
+          value: "1"
+        - name: GITEA_INSTANCE_URL
+          value: http://gitea.gitea.svc.cluster.local:3000
+        - name: GITEA_RUNNER_LABELS
+          value: dind-rootless:docker://node:16-bullseye
+        - name: GITEA_RUNNER_REGISTRATION_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: runner-secret
+              key: token
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: runner-data
+          mountPath: /data
+        - name: runner-config
+          mountPath: /opt/act/config.yml
+          subPath: dind-rootless-config.yml
diff --git a/services/Gitea/deployment-act-runner-dind.yaml b/services/Gitea/deployment-act-runner-dind.yaml
new file mode 100644
index 0000000..1e105c7
--- /dev/null
+++ b/services/Gitea/deployment-act-runner-dind.yaml
@@ -0,0 +1,75 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: act-runner-dind
+  name: act-runner-dind
+  namespace: gitea
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: act-runner-dind
+  strategy: {}
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: act-runner-dind
+    spec:
+      hostname: act-runner-dind
+      restartPolicy: Always
+      volumes:
+      - name: runner-config
+        configMap:
+          name: runner-config
+          items:
+          - key: dind-config.yml
+            path: dind-config.yml
+      - name: docker-certs
+        emptyDir: {}
+      - name: runner-data
+        persistentVolumeClaim:
+          claimName: act-runner-dind
+      containers:
+      - name: runner
+        image: gitea/act_runner:nightly
+        command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"]
+        env:
+        - name: CONFIG_FILE
+          value: /opt/act/config.yml
+        - name: DOCKER_HOST
+          value: tcp://localhost:2376
+        - name: DOCKER_CERT_PATH
+          value: /certs/client
+        - name: DOCKER_TLS_VERIFY
+          value: "1"
+        - name: GITEA_INSTANCE_URL
+          value: http://gitea.gitea.svc.cluster.local:3000
+        - name: GITEA_RUNNER_LABELS
+          value: dind:docker://node:16-bullseye
+        - name: GITEA_RUNNER_REGISTRATION_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: runner-secret
+              key: token
+        volumeMounts:
+        - name: runner-config
+          mountPath: /opt/act/config.yml
+          subPath: dind-config.yml
+        - name: docker-certs
+          mountPath: /certs
+        - name: runner-data
+          mountPath: /data
+      - name: daemon
+        image: docker:23.0.6-dind
+        args:
+          - --mtu=1400
+        env:
+        - name: DOCKER_TLS_CERTDIR
+          value: /certs
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: docker-certs
+          mountPath: /certs
diff --git a/services/Gitea/deployment-Gitea.yml b/services/Gitea/deployment-gitea.yaml
similarity index 100%
rename from services/Gitea/deployment-Gitea.yml
rename to services/Gitea/deployment-gitea.yaml
diff --git a/services/Gitea/ingressRoute-Gitea.yml b/services/Gitea/ingressroute-gitea.yaml
similarity index 100%
rename from services/Gitea/ingressRoute-Gitea.yml
rename to services/Gitea/ingressroute-gitea.yaml
diff --git a/services/Gitea/persistentVolumeClaim-Gitea.yml b/services/Gitea/persistentVolumeClaim-Gitea.yml
deleted file mode 100644
index a40eff5..0000000
--- a/services/Gitea/persistentVolumeClaim-Gitea.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-gitea-data
-  namespace: gitea
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-gitea-data
-  resources:
-    requests:
-      storage: 1Gi
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-gitea-ssh
-  namespace: gitea
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-gitea-ssh
-  resources:
-    requests:
-      storage: 1Gi
diff --git a/services/Gitea/persistentVolume-Gitea.yml b/services/Gitea/persistentvolume-flexvolsmb-gitea-data.yaml
similarity index 51%
rename from services/Gitea/persistentVolume-Gitea.yml
rename to services/Gitea/persistentvolume-flexvolsmb-gitea-data.yaml
index 9d9bce3..4e47721 100644
--- a/services/Gitea/persistentVolume-Gitea.yml
+++ b/services/Gitea/persistentvolume-flexvolsmb-gitea-data.yaml
@@ -16,22 +16,3 @@ spec:
       opts: file_mode=0777,dir_mode=0777,uid=1000,gid=1000,iocharset=utf8,nobrl
       server: 192.168.154.225
       share: /K3s.Volumes/gitea/data
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-gitea-ssh
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-gitea-ssh
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0600,dir_mode=0600,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/gitea/ssh
diff --git a/services/Gitea/persistentvolume-flexvolsmb-gitea-runner.yaml b/services/Gitea/persistentvolume-flexvolsmb-gitea-runner.yaml
new file mode 100644
index 0000000..59431cb
--- /dev/null
+++ b/services/Gitea/persistentvolume-flexvolsmb-gitea-runner.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-gitea-runner
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-gitea-runner
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,uid=1000,gid=1000,iocharset=utf8
+      server: 192.168.154.225
+      share: /K3s.Volumes/gitea/runner
diff --git a/services/Gitea/persistentvolume-flexvolsmb-gitea-ssh.yaml b/services/Gitea/persistentvolume-flexvolsmb-gitea-ssh.yaml
new file mode 100644
index 0000000..5978a99
--- /dev/null
+++ b/services/Gitea/persistentvolume-flexvolsmb-gitea-ssh.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-gitea-ssh
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-gitea-ssh
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0600,dir_mode=0600,iocharset=utf8
+      server: 192.168.154.225
+      share: /K3s.Volumes/gitea/ssh
diff --git a/services/Gitea/persistentvolumeclaim-act-runner-dind-rootless.yaml b/services/Gitea/persistentvolumeclaim-act-runner-dind-rootless.yaml
new file mode 100644
index 0000000..1e0ec96
--- /dev/null
+++ b/services/Gitea/persistentvolumeclaim-act-runner-dind-rootless.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: act-runner-dind-rootless
+  namespace: gitea
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 1Gi
diff --git a/services/Gitea/persistentvolumeclaim-act-runner-dind.yaml b/services/Gitea/persistentvolumeclaim-act-runner-dind.yaml
new file mode 100644
index 0000000..9dcfdde
--- /dev/null
+++ b/services/Gitea/persistentvolumeclaim-act-runner-dind.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: act-runner-dind
+  namespace: gitea
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 1Gi
diff --git a/services/Gitea/persistentvolumeclaim-flexvolsmb-gitea-data.yaml b/services/Gitea/persistentvolumeclaim-flexvolsmb-gitea-data.yaml
new file mode 100644
index 0000000..732f506
--- /dev/null
+++ b/services/Gitea/persistentvolumeclaim-flexvolsmb-gitea-data.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-gitea-data
+  namespace: gitea
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-gitea-data
+  resources:
+    requests:
+      storage: 1Gi
diff --git a/services/Gitea/persistentvolumeclaim-flexvolsmb-gitea-ssh.yaml b/services/Gitea/persistentvolumeclaim-flexvolsmb-gitea-ssh.yaml
new file mode 100644
index 0000000..c4951bc
--- /dev/null
+++ b/services/Gitea/persistentvolumeclaim-flexvolsmb-gitea-ssh.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-gitea-ssh
+  namespace: gitea
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-gitea-ssh
+  resources:
+    requests:
+      storage: 1Gi
diff --git a/services/Gitea/secret-runner-secret.yaml b/services/Gitea/secret-runner-secret.yaml
new file mode 100644
index 0000000..3e8e301
--- /dev/null
+++ b/services/Gitea/secret-runner-secret.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  token: bjF2R1hHZXVjRVlyaU95aXZaREhrVDlFNVJ0MHptMTJ6Z1kzcTE1TQ==
+kind: Secret
+metadata:
+  name: runner-secret
+  namespace: gitea
+type: Opaque
diff --git a/services/Gitea/service-Gitea.yml b/services/Gitea/service-gitea.yaml
similarity index 100%
rename from services/Gitea/service-Gitea.yml
rename to services/Gitea/service-gitea.yaml