+ ADD Build environment

.devops/build/1-runner-role.yaml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: runner-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'

.devops/build/2-runner-role-binding.yaml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: runner-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: runner-role
+subjects:
+- kind: ServiceAccount
+  name: default

.devops/build/3-act-runner-vol.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: act-runner-vol
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi

.devops/build/4-act-runner.yaml

@@ -0,0 +1,75 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: act-runner
+  labels:
+    app: act-runner
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: act-runner
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: act-runner
+    spec:
+      containers:
+      - command:
+        - sh
+        - -c
+        - while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...';
+          sleep 5; done; /sbin/tini -- run.sh
+        env:
+        - name: DOCKER_HOST
+          value: tcp://localhost:2376
+        - name: DOCKER_CERT_PATH
+          value: /certs/client
+        - name: DOCKER_TLS_VERIFY
+          value: "1"
+        - name: GITEA_INSTANCE_URL
+          value: http://gitea-http.gitea.svc.cluster.local:3000
+        - name: GITEA_RUNNER_REGISTRATION_TOKEN
+          valueFrom:
+            secretKeyRef:
+              key: token
+              name: runner-secret
+        image: gitea/act_runner:nightly
+        imagePullPolicy: IfNotPresent
+        name: runner
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /certs
+          name: docker-certs
+        - mountPath: /data
+          name: runner-data
+      - env:
+        - name: DOCKER_TLS_CERTDIR
+          value: /certs
+        image: docker:23.0.6-dind
+        imagePullPolicy: IfNotPresent
+        name: daemon
+        securityContext:
+          privileged: true
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /certs
+          name: docker-certs
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: docker-certs
+      - name: runner-data
+        persistentVolumeClaim:
+          claimName: act-runner-vol

.devops/gitea-values.yaml

@@ -0,0 +1,17 @@
+    fullnameOverride: gitea
+    ingress:
+      enabled: 'false'
+      className: nginx
+      annotations:
+        nginx.ingress.kubernetes.io/ssl-redirect: "true"
+        cert-manager.io/cluster-issuer: cloudflare-cluster-issuer
+        external-dns.alpha.kubernetes.io/hostname: git.hvgrt.hu
+      hosts:
+      - host: git.hvgrt.hu
+        paths:
+          - path: /
+            pathType: Prefix
+      tls:
+      - secretName: gitea-tls
+        hosts:
+        - git.hvgrt.hu