affine/Sunnypup-Helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Sunnypup-Helm/templates/forge.yaml

315 lines
7.7 KiB
YAML
Raw Permalink Normal View History

initial commit Signed-off-by: Ava Affine <ava@sunnypup.io>
2025-07-18 11:27:07 -07:00
apiVersion: v1
stringData:
token: {{ .Values.forge.secret }}
kind: Secret
metadata:
name: runner-secret
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: forge
labels:
app: forge
spec:
replicas: 1
selector:
matchLabels:
app: forge
template:
metadata:
labels:
app: forge
spec:
containers:
- name: forgejo
image: codeberg.org/forgejo/forgejo:11
ports:
- name: http-port
containerPort: 3000
- name: ssh-port
containerPort: 22222
volumeMounts:
- name: local-tz
mountPath: /etc/timezone
readOnly: true
- name: local-lt
mountPath: /etc/localtime
readOnly: true
- name: persistence
mountPath: /data
env:
- name: USER_UID
value: "1000"
- name: USER_GID
value: "1000"
- name: FORGEJO__database__DB_TYPE
value: "postgres"
- name: FORGEJO__database__HOST
value: "postgres:5432"
- name: FORGEJO__database__NAME
value: "forgejo"
- name: FORGEJO__database__USER
value: {{ .Values.pg.user }}
- name: FORGEJO__database__PASSWD
value: {{ .Values.pg.pass }}
volumes:
- name: local-tz
persistentVolumeClaim:
claimName: forge-tz-pvc
- name: local-lt
persistentVolumeClaim:
claimName: forge-lt-pvc
- name: persistence
persistentVolumeClaim:
claimName: forge-persistence-pvc
---
apiVersion: v1
kind: Service
metadata:
name: forge
labels:
app: forge
spec:
clusterIP: None
ports:
- name: http-port
port: 3000
targetPort: http-port
protocol: TCP
- name: ssh-port
port: 22222
targetPort: 22222
selector:
app: forge
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: forge-tz
labels:
pvc_type: forge-tz
spec:
capacity:
storage: 10Mi
accessModes:
- ReadOnlyMany
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /etc/timezone
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: forge-lt
labels:
pvc_type: forge-lt
spec:
capacity:
storage: 10Mi
accessModes:
- ReadOnlyMany
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /etc/localtime
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: forge-tz-pvc
spec:
accessModes:
- ReadOnlyMany
volumeMode: Filesystem
storageClassName: ""
volumeName: forge-tz
resources:
requests:
storage: 10Mi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: forge-lt-pvc
spec:
accessModes:
- ReadOnlyMany
volumeMode: Filesystem
storageClassName: ""
volumeName: forge-lt
resources:
requests:
storage: 10Mi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: forge-persistence-pv
labels:
pvc_type: forge-persistence-pv
spec:
capacity:
storage: 1000Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: {{ .Values.forge.path }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: forge-persistence-pvc
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
storageClassName: ""
volumeName: forge-persistence-pv
resources:
requests:
storage: 1000Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: forgejo-runner
labels:
app: forgejo-runner
spec:
replicas: 2
selector:
matchLabels:
app: forgejo-runner
template:
metadata:
name: forgejo-runner
labels:
app: forgejo-runner
spec:
automountServiceAccountToken: false
restartPolicy: Always
initContainers:
- name: runner-register
image: code.forgejo.org/forgejo/runner:6.4.0
command:
- /bin/bash
- -c
args:
- |
while : ; do
forgejo-runner register --no-interactive --token $(RUNNER_SECRET) --name $(RUNNER_NAME) --instance $(FORGEJO_INSTANCE_URL) && break ;
sleep 1 ;
done ;
forgejo-runner generate-config > /data/config.yml ;
sed -i -e "s|network: .*|network: host|" config.yml ;
sed -i -e "s|^ envs:$$| envs:\n DOCKER_HOST: tcp://localhost:2376\n DOCKER_TLS_VERIFY: 1\n DOCKER_CERT_PATH: /certs/client|" config.yml ;
sed -i -e "s|^ options:| options: -v /certs/client:/certs/client|" config.yml ;
sed -i -e "s| valid_volumes: \[\]$$| valid_volumes:\n - /certs/client|" config.yml
env:
- name: RUNNER_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: RUNNER_SECRET
valueFrom:
secretKeyRef:
name: runner-secret
key: token
- name: FORGEJO_INSTANCE_URL
value: http://forge:3000
resources:
limits:
cpu: '0.5'
ephemeral-storage: 100Mi
memory: 64Mi
requests:
cpu: 100m
ephemeral-storage: '0'
memory: 64Mi
volumeMounts:
- name: runner-data
mountPath: /data
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: runner
image: code.forgejo.org/forgejo/runner:6.4.0
command:
- /bin/bash
- -c
args:
- |
while ! nc -z localhost 2376 </dev/null ; do
echo 'waiting for docker daemon...' ;
sleep 5 ;
done ;
forgejo-runner --config config.yml daemon
env:
- name: DOCKER_HOST
value: tcp://localhost:2376
- name: DOCKER_CERT_PATH
value: /certs/client
- name: DOCKER_TLS_VERIFY
value: '1'
resources:
limits:
cpu: '4'
ephemeral-storage: 5Gi
memory: 8Gi
requests:
cpu: 100m
ephemeral-storage: '0'
memory: 64Mi
volumeMounts:
- name: docker-certs
mountPath: /certs
- name: runner-data
mountPath: /data
- name: tmp
mountPath: /tmp
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
- name: daemon
image: docker.io/docker:28.3.0-dind
env:
- name: DOCKER_TLS_CERTDIR
value: /certs
resources:
limits:
cpu: '1'
ephemeral-storage: 3Gi
memory: 4Gi
requests:
cpu: 100m
ephemeral-storage: '0'
memory: 64Mi
securityContext:
privileged: true
volumeMounts:
- name: docker-certs
mountPath: /certs
volumes:
- name: docker-certs
emptyDir: {}
- name: runner-data
emptyDir: {}
- name: tmp
emptyDir: {}
Reference in a new issue Copy permalink