From b667757f5a098ed41c9e268848f9cc0ebb880719 Mon Sep 17 00:00:00 2001 From: Nik Afiq Date: Sat, 21 Mar 2026 15:17:57 +0900 Subject: [PATCH] removed gitea runner setting since runner are running as systemd --- manifests/core/gitea-runner-ca-sealed.yaml | 27 ----- .../core/gitea-runner-secret-sealed.yaml | 14 --- manifests/gitea/gitea-runner.yaml | 106 ------------------ 3 files changed, 147 deletions(-) delete mode 100644 manifests/core/gitea-runner-ca-sealed.yaml delete mode 100644 manifests/core/gitea-runner-secret-sealed.yaml delete mode 100644 manifests/gitea/gitea-runner.yaml diff --git a/manifests/core/gitea-runner-ca-sealed.yaml b/manifests/core/gitea-runner-ca-sealed.yaml deleted file mode 100644 index 779f82d..0000000 --- a/manifests/core/gitea-runner-ca-sealed.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: internal-ca-cert - namespace: gitea-runner -spec: - encryptedData: - ca.crt: AgAVMzIi2tg93APNkBEA+YgEKHRC3f6uonVmYa1hBNWdfBuGMbRBPejeJ5F5g36rlRr1dPJCqXXV30mIqkJ7ipDKrPIv7BcxGaXcmXXnUc3SBuudGch4FeEH+EU11n8CxQx3n/YB/EFpIb0jqePPWBlZW6k9jw3tgHEkT6/+yiphqPCPqgMeqzuu5JwmaMBIQP4DjwPl+TT/l3S15eXYar3WR9Cxl3bmPWn/UPlpXxfKPB703QsrOg8yHKQv1r7C2ig0JH5WlZgpJkrtI7/Er4gEzaUiFYC0nvsu70eqQPmOmvdDUxRzBz0Utp7qQKgk6aroGo5iV1zB4M1daK00W9qnbXsipBFt3hNThhzj6ufE8nulLxDOaJ2XZaAdQjB97pmI2OmK1mT176gEoJ23OwBInJxfWP/258tEX7bgMyZx34kfJIgGlGLkgwiGTzDvp9ZY3J0btzCBFhGTFkLpbYsJ16L0MvKKzJC1mttyEHbBeQrdAPxU2ss45kRW8oe+DCbYta2zI4ZMg+E2byfxDIV2HJrHvoIjg05Ud195f2xLzkEJ0M4M/BF4VtJcBEHFRwS4AowLwFJyJqYh91UQAku0lzskU/SHlhzOQ7t1nq3VTKkmPLKezS6AjT/5u15+bXufTvWcRDdOf+RFamNJ/7c81JJp6CAAvygJzhsqbPcX13ane6L9IJ27aoJSBF7Nc4YHH2m4OJu/RpIp/aHExGq185SCk14aNFJO1x1m9Dnxmy/TwS8n1elRYhAc98H0R5xxfJV/2NZZnv6MRrAj+hUJBE2Dza2rNvi28NwSFAIf/Z3Mh33ngiJJ6mlb3Em3rLDriwztcl1SOTq/6TYCB0f9FUdONhnT3JLyECBh3OEI/m5rLLl/qj/F2CsRp06S63CcvTMzEHyvcF62r7zrDTqW19skEzUjrwzuGDt66/ns3q9rfyScOjQCh1boCA7s0nrIqLsYrS87VvTP0OfqMlU1yTy7YTbkgUzel0hGXlPKE/8D0yMbGEAninbxLNgmeZ2YHXVyfPHW7QzWF6cgQ6ePe+JrOLspDVWtg/uT77Dur7Cz3iK7usRFaihEXgylrGuhEY2zTiDhWN7CYrVdg5+nQe6nLagB06hNiiffXXzvDT5y2hzTbZreznq4Szra/jyCpgpGd1Uc+3id72geTXWuesOwCLwwOKNc3i/35IuJso9fpp1mYk0hb5xuyJSGy5syNcNC0Gv6hKwwVn7kL1+lxhUmSpOmP0n0F0rU+obFImUC7Omwkq7NMMorMnyrGe83bOFK4Nj8fX8Kw0NL7LLZvceQusinYzAhv708FskImdOzy0skHQxz10ep0bdwnbfrqPsIjWm2d52m7qloxaZ+bTfJF+ROnkyaiptMkhTRoGFBxfY9IfvB7Y7na4WAlm0/ZUhUkBd2p2HOVdfeUNDaJ2iVaUrd3BE5ywI/vNLP0aIg4wCIfbd9R9ulDU3ghdGpB/U= - tls.crt: AgB4n33c0IjCoYVQXxMPdbjmVVW/KI9wkQBpmjia1wyiT60wASnTkBtMQxkIUAADC2nyd+KQTiOqtjGomzy1c9ax8z5jJQZGHcxZbPTRFwC6fum3vV6D0i/t4tiOYS7QY18efC7KlEMT8pOACP+HES3u4Z8MUXq+9Pa4sJDa6sa2h9eyI9QmMhQ7Lj/wY6UNKoZZ4y90HCaTD0oHyiQ1bwoUNuIRGLOA/Zug/BE2+DNjK4fOU2A0x6KSGGDK96K1n5c0GmNaHq3+5/N8yIMKXcmQURZ8NAjdikTg1rRMlWXv4un6M3aRImIh9BxrwWfgecx+X0mV981dW60Mxtwd1eyiVFZenlKxYw6DzFYIsj+7lPoATAoZcGBoXPUvil+8cYfSxdh0m7+/uqP4M8p9ypu4jCfooaMy84ojlv990M9Pn0/FedPxXjzjFKWwZjD73vYCKnO+PRmqgbFWmKSb0x/vrrxkyISGWk4o7qzf+5xqgjTG9NJdwLFBAmvqlUE6nZek/rzL++NXLwNqU3h1at//1bT4xoJ1muo7Kk2ASjrOPdwAaiU5WfTHtWIjYq1GjfvFhr7v1gCKHihIKMj0F0AxFIEmBsfVOkJ2jgRFE+S7HpNvs/tKGER3IpSiJITqIpkDCxi15XpnwILzaabW/pAEE7UFbO1NJxXTA75QUhpQoZkWHEMIe90ntdPWO47ZVzQg4ytzhWqWnmGdPSitnixI9+OusIIE+7yAhdiskUD4RBSzKbjyl6Sz6taFQ1t80F0c2WNmdJr2dlbxZXx6Nsm+ILHVOhle7D6T1BtPw98W+AACPZHZkFv7EB5NqD5b6Ea9X5pGPQQdGN/iknpu66sfsMHQVfQFs62Pk+vUOB1Iy7ZtvTCq3fhO3HN998fY+z83BOUNq/eCCTa7ub6kwJtKMVbecpf3V8DeOLAWeSRxGtOAyB+VGt09SoGZjLyCrSHx7bl37Kq/xeMatBqP7I9ENfJxmIb7hTre4B539sAMIjLHH6dIlu0y6TG+XAH3rFS075e79NAcz9fnTsfQ5yd2hNeXTNrdr/Ct4EGBR+lRWTAhRhBwipeXh6OXPBuhU5u2KSPlOcv+uabMeBibCyabWxUp+78lTOHxY5qlRdlhbej6RFtjAvzVmJQ06T1P2ClCrgptNLVrKcCPnmkqss9uUmdkHIKpmCgT7qBh3kfC5P4Z5DnvfmfqHpZNnDbrRYxwkW8aZx1kFFd+1TVokaalAUkRT4QJhUkEzHagHw/PtM1SjXFE2YKHGw7/cdvXoxAMOUWuENgga7IFRwEfexMEQSKQ99Iz/t5ixxd3WDOtkvZRBz602E7Nvvn3rk1X0OSFlh4qmpcHre9NdanKHjUpuNykDQX8QSyMEehCce07hmT6pPL5LgpQng6gqIac9yr/tsH2HchxtFE7TOM4i+PrQdOo73dXfal78YSBFciRX95WF87+SuBztwK+j2PSD6T1q5o= - tls.key: AgB6r7b50sgYU/Ulgk6j98lK5ZqNO/cMVbSsh2prKc1/HX5ZdqSmJ+pI/skVSv0ghSk4Tr6HOXgrr3w2mByc241J2dU4IOf8CqwrUramYQEqmxjyhn/WTunS5/oBEmMY2IwMjHh8RY2F1s7/zGFZcq6vAVkLxzs/wytsYGj1rj/dARCqf+ilkgPYFPwV6+GMsm4usrPBVwcqnRbEisK3A3OOHvKNtUdUwiyhzIupl2wlX/D7UfC6QyGrKoEK6LYUTT0gDGCuD2j6GbkZ+UzfyOE0uEn2raeoeK7lhXcDE45Gkqh9jx8dGFajMQxiI2SE0pp1RHp3VvOSb3R/L5zIFFLlAy6ziWEl09ThFI1rd30W2kUdr68nTv9b4of8WFp5R4YHHw7HBoNOKAxODSIGOxG24oRSMxpSlRQWDK17B/ho4DFLaxDqBKRe9OR3cn0VlnEtrJEpAkjK7D7NrZ7oonH/JUR2wE6dhBnSQdmUpMfJPNuWUNbKZ0ma1xPMJnqHGc7BiaR5nJhplGZNGzx/p/y+LwBSuV9zujp8CzPdi9bTiMIDdFeNUUuMaFxjGTyRuMQ7pPfxi1Pijo70rAgASang8aNx3bdtNsKiZr7dBqA90egerpI9L0l/o8+iChX/1jBAGjBOCBUn8Vt8BGfa9xcOIp2q22iMX1Zw44puh/EYfCRtlaY1ezhUAL2IaxBDJQSYRpam//UPPYQwDRfl527NwXGWhmOPizPDyRiBVR5yhsYyBl6D23eHq2hiPTQd76bsu9DGwHrXcDKbclY561Q4tjP4wC90KV1yeIAh33hycQpzV09lGAyUuf4mEseezwZdQTw5ifG9NqmoQIs6Bc9ThkEgjOEgHJwV01cJMcED+PQzHDG76CKP2psvh5dG+n3lvZdmuf7vUQcASYJngGmSIPPamBS0a2qHz5W2BlxlPv4d11IW/sMpR/0oHinYPRBsM72cMdINQIyzO3ua68f3w9XNpHSS5mYF9UlfAfCKkYZpJA== - template: - metadata: - annotations: - cert-manager.io/alt-names: "" - cert-manager.io/certificate-name: internal-ca-cert - cert-manager.io/common-name: homelab-internal-ca - cert-manager.io/ip-sans: "" - cert-manager.io/issuer-group: cert-manager.io - cert-manager.io/issuer-kind: ClusterIssuer - cert-manager.io/issuer-name: internal-ca - cert-manager.io/uri-sans: "" - labels: - controller.cert-manager.io/fao: "true" - name: internal-ca-cert - namespace: gitea-runner - type: kubernetes.io/tls diff --git a/manifests/core/gitea-runner-secret-sealed.yaml b/manifests/core/gitea-runner-secret-sealed.yaml deleted file mode 100644 index a178eee..0000000 --- a/manifests/core/gitea-runner-secret-sealed.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: gitea-runner-secret - namespace: gitea-runner -spec: - encryptedData: - token: AgAAPVI7QWXJlxJRA22hoVaQc9hlBXZiudfF7eVaHKVZR4Y8zGdjBa2sLRn7YjyKCZ9Pe6+939VN4d9p3QxgMe+HjdTSLVE0HwrdR5hBwbCKtffoYPjNGFZZWvdMPSBLe6OVRp8KTROIq87wZc2Zr2AFU0vhmGD0xbp+YhxCc6NIaMDgj7FBoZt/c9QQ/Un1090L8Cm8koQvH77XTddxLCFQAEvbpJqCwP8TX8VNB3TbRb5VTTNg7N+ky3CCpjZgfQp8eFFht75Irn64N5kyZUjJeFJtPLoTclCsXeVChQTwJocmAoi/2poDJGo40oxyx7G+AswV2OKv1xbYgwX25/BuQXnr2xS85v/xKDV1RsbtdV/KnMslHu5I9itg9ty+qrUjMBpp55cXIsp+q6W10sPzhiGdU4A4/Aj8CqXDS2hgF9kBcBdGysDJDR/NaWX8fBKbo/ajvXk7UJ2D5dxH6LIeIKkG3O0mRJj4FvFjqKvO6b/3+mouCBvz4QnHIwxnKJBGGcN4X8/1b6htORLMo2be+lKYgS2JdJjtF/NVq3PV2Tbtdab2mVYD8hHnPpufLXtGt5GeTDB0FuUvLvMAOf7H0aKbyqH7hFkLpXv09yldlc3PNpxEa4c7dKtdM6EB/UMGuCivLNdOCZPZ8wQeUzeRMzd6mepckfLfv7Aam1FupxeLeYblj/stnToMDIlZZB5MrJ0BDhGx7apTXSU8sKRx1U6u8JaaENYysWC/hhvLLFZDi636+18d - template: - metadata: - name: gitea-runner-secret - namespace: gitea-runner - type: Opaque diff --git a/manifests/gitea/gitea-runner.yaml b/manifests/gitea/gitea-runner.yaml deleted file mode 100644 index ecebd4b..0000000 --- a/manifests/gitea/gitea-runner.yaml +++ /dev/null @@ -1,106 +0,0 @@ -# Apply: kubectl apply -f manifests/gitea/gitea-runner.yaml -# Delete: kubectl delete -f manifests/gitea/gitea-runner.yaml -# Description: Gitea Actions runner deployment with host Docker socket and internal CA trust. -apiVersion: v1 -kind: Namespace -metadata: - name: gitea-runner ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gitea-runner - namespace: gitea-runner ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gitea-runner - namespace: gitea-runner -spec: - replicas: 1 - selector: - matchLabels: - app: gitea-runner - template: - metadata: - labels: - app: gitea-runner - spec: - serviceAccountName: gitea-runner - nodeSelector: - node-role: primary - containers: - - name: runner - image: gitea/act_runner:latest - env: - - name: GITEA_INSTANCE_URL - value: "https://gitea.nik4nao.com" - - name: GITEA_RUNNER_REGISTRATION_TOKEN - valueFrom: - secretKeyRef: - name: gitea-runner-secret - key: token - - name: GITEA_RUNNER_NAME - value: "minisforum" - - name: GITEA_RUNNER_LABELS - value: "ubuntu-latest:host,ubuntu-22.04:host" - - name: CONFIG_FILE - value: /config/config.yaml - - name: NODE_EXTRA_CA_CERTS - value: /certs/ca.crt - - name: SSL_CERT_FILE - value: /certs/ca.crt - volumeMounts: - - name: config - mountPath: /config - - name: containerd-sock - mountPath: /var/run/docker.sock - - name: runner-data - mountPath: /data - - name: internal-ca - mountPath: /certs - - name: usr-bin - mountPath: /usr/local/bin/node - subPath: node - dnsConfig: - nameservers: - - 192.168.7.77 - volumes: - - name: config - configMap: - name: gitea-runner-config - - name: containerd-sock - hostPath: - path: /run/k3s/containerd/containerd.sock - - name: runner-data - emptyDir: {} - - name: internal-ca - secret: - secretName: internal-ca-cert - - name: usr-bin - hostPath: - path: /usr/bin/node ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: gitea-runner-config - namespace: gitea-runner -data: - config.yaml: | - log: - level: info - runner: - fetch_timeout: 5s - fetch_interval: 2s - env_vars: - PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - SSL_CERT_FILE: "/certs/ca.crt" - GIT_SSL_CAINFO: "/certs/ca.crt" - container: - network: host - privileged: true - options: "--add-host=gitea.nik4nao.com:192.168.7.77" - valid_volumes: - - "**"