apiVersion: apps/v1 kind: Deployment metadata: name: gitea-runner namespace: build labels: app: gitea-runner spec: replicas: 1 selector: matchLabels: app: gitea-runner template: metadata: labels: app: gitea-runner spec: serviceAccountName: gitea-runner nodeSelector: kubernetes.io/hostname: kubemaster1 tolerations: - key: node-role.kubernetes.io/control-plane effect: NoSchedule containers: - name: runner image: gitea/act_runner:latest command: ["sh", "-c"] args: - | # Install tools needed by workflows apt-get update && apt-get install -y git curl kubectl 2>/dev/null || \ apk add --no-cache git curl kubectl 2>/dev/null || true # Register runner if not already registered if [ ! -f /data/.runner ]; then act_runner register \ --instance http://gitea-http.gitea.svc:3000 \ --token $(cat /secrets/token) \ --name k8s-runner \ --labels "ubuntu-latest:host,self-hosted:host" \ --no-interactive fi act_runner daemon --config /config/config.yaml volumeMounts: - name: runner-data mountPath: /data - name: runner-config mountPath: /config - name: runner-secret mountPath: /secrets - name: tmp mountPath: /tmp resources: requests: cpu: 100m memory: 128Mi limits: cpu: "1" memory: 1Gi volumes: - name: runner-data emptyDir: {} - name: runner-config configMap: name: runner-config - name: runner-secret secret: secretName: runner-secret - name: tmp emptyDir: {} --- apiVersion: v1 kind: ServiceAccount metadata: name: gitea-runner namespace: build --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: gitea-runner rules: - apiGroups: [""] resources: ["pods", "pods/log"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: ["batch"] resources: ["jobs"] verbs: ["get", "list", "watch", "create", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: gitea-runner subjects: - kind: ServiceAccount name: gitea-runner namespace: build roleRef: kind: ClusterRole name: gitea-runner apiGroup: rbac.authorization.k8s.io