gitea-runner: integrate buildkit, migrate runner to statefulset

gitea-runner/buildkitd/deployment.yaml

@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: buildkitd
+  namespace: gitea-runner
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 3
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: buildkitd
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: buildkitd
+    spec:
+      containers:
+      - args:
+        - --addr
+        - tcp://0.0.0.0:1234
+        image: moby/buildkit:v0.27.1
+        imagePullPolicy: Always
+        name: buildkitd
+        ports:
+        - containerPort: 1234
+          protocol: TCP
+        securityContext:
+          privileged: true
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      terminationGracePeriodSeconds: 30

gitea-runner/buildkitd/svc.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: buildkitd
+  namespace: gitea-runner
+spec:
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  ports:
+  - port: 1234
+  selector:
+    app: buildkitd

gitea-runner/deployment.yaml

@@ -1,79 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  annotations:
-    deployment.kubernetes.io/revision: "4"
-  labels:
-    app: act-runner
-  name: act-runner
-  namespace: gitea-runner
-spec:
-  progressDeadlineSeconds: 600
-  replicas: 1
-  revisionHistoryLimit: 10
-  selector:
-    matchLabels:
-      app: act-runner
-  strategy:
-    rollingUpdate:
-      maxSurge: 25%
-      maxUnavailable: 25%
-    type: RollingUpdate
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        app: act-runner
-    spec:
-      containers:
-      - command:
-        - sh
-        - -c
-        - while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...';
-          sleep 5; done; /sbin/tini -- run.sh
-        env:
-        - name: DOCKER_HOST
-          value: tcp://localhost:2376
-        - name: DOCKER_CERT_PATH
-          value: /certs/client
-        - name: DOCKER_TLS_VERIFY
-          value: "1"
-        - name: GITEA_INSTANCE_URL
-          value: https://git.dubyatp.xyz
-        - name: GITEA_RUNNER_REGISTRATION_TOKEN
-          valueFrom:
-            secretKeyRef:
-              key: token
-              name: runner-secret
-        image: gitea/act_runner:nightly
-        imagePullPolicy: Always
-        name: runner
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-        volumeMounts:
-        - mountPath: /certs
-          name: docker-certs
-        - mountPath: /data
-          name: runner-data
-      - env:
-        - name: DOCKER_TLS_CERTDIR
-          value: /certs
-        image: docker:23.0.6-dind
-        imagePullPolicy: IfNotPresent
-        name: daemon
-        securityContext:
-          privileged: true
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-        volumeMounts:
-        - mountPath: /certs
-          name: docker-certs
-      dnsPolicy: ClusterFirst
-      restartPolicy: Always
-      schedulerName: default-scheduler
-      terminationGracePeriodSeconds: 30
-      volumes:
-      - name: docker-certs
-      - name: runner-data
-        persistentVolumeClaim:
-          claimName: act-runner-vol

gitea-runner/pvc.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: gitea-runner-pvc
-spec:
-  resources:
-    requests:
-      storage: 1Gi
-  volumeMode: Filesystem
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: weyma-shared

gitea-runner/statefulset.yaml

@@ -0,0 +1,76 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: act-runner
+  namespace: gitea-runner
+  labels:
+    app: act-runner
+spec:
+  serviceName: ""
+  selector:
+    matchLabels:
+      app: act-runner
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        app: act-runner
+    spec:
+      containers:
+      - name: runner
+        command:
+          - sh
+          - -c
+          - while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...';
+            sleep 5; done; /sbin/tini -- run.sh
+        image: gitea/act_runner:nightly
+        imagePullPolicy: Always
+        env:
+          - name: DOCKER_HOST
+            value: tcp://localhost:2376
+          - name: DOCKER_CERT_PATH
+            value: /certs/client
+          - name: DOCKER_TLS_VERIFY
+            value: "1"
+          - name: GITEA_INSTANCE_URL
+            value: https://git.dubyatp.xyz
+          - name: GITEA_RUNNER_REGISTRATION_TOKEN
+            valueFrom:
+              secretKeyRef:
+                key: token
+                name: runner-secret
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - name: docker-certs
+          mountPath: /certs
+        - name: runner-data
+          mountPath: /data
+      - name: daemon
+        env:
+          - name: DOCKER_TLS_CERTDIR
+            value: /certs
+        image: docker:23.0.6-dind
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          privileged: true
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+          - mountPath: /certs
+            name: docker-certs
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - name: docker-certs
+  volumeClaimTemplates:
+  - metadata:
+      name: runner-data
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      storageClassName: weyma-shared
+      resources:
+        requests:
+          storage: 32Gi