From 14df1fb03beab66c5caa9bd05d399901fec32952 Mon Sep 17 00:00:00 2001 From: "Eason(G Ray)" <30045503+Eason0729@users.noreply.github.com> Date: Fri, 28 Jun 2024 13:43:34 +0800 Subject: [PATCH] init --- gitea/deployment.yml | 30 +++++++++++++++ gitea/service.yml | 30 +++++++++++++++ gitea/storage.yml | 10 +++++ hello-world/deployment.yml | 23 ++++++++++++ hello-world/service.yml | 31 ++++++++++++++++ runner/config.yml | 38 +++++++++++++++++++ runner/deployment.yml | 75 ++++++++++++++++++++++++++++++++++++++ runner/storage.yml | 11 ++++++ traefik/config.yml | 30 +++++++++++++++ traefik/deployment.yml | 49 +++++++++++++++++++++++++ traefik/role.yml | 52 ++++++++++++++++++++++++++ 11 files changed, 379 insertions(+) create mode 100644 gitea/deployment.yml create mode 100644 gitea/service.yml create mode 100644 gitea/storage.yml create mode 100644 hello-world/deployment.yml create mode 100644 hello-world/service.yml create mode 100644 runner/config.yml create mode 100644 runner/deployment.yml create mode 100644 runner/storage.yml create mode 100644 traefik/config.yml create mode 100644 traefik/deployment.yml create mode 100644 traefik/role.yml diff --git a/gitea/deployment.yml b/gitea/deployment.yml new file mode 100644 index 0000000..6a4a1d9 --- /dev/null +++ b/gitea/deployment.yml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitea + labels: + app: gitea +spec: + replicas: 1 + selector: + matchLabels: + app: gitea + template: + metadata: + labels: + app: gitea + spec: + containers: + - name: gitea + image: registry.hub.docker.com/gitea/gitea:latest + imagePullPolicy: Always + ports: + - name: web + containerPort: 3000 + volumeMounts: + - name: gitea-data + mountPath: /data + volumes: + - name: gitea-data + persistentVolumeClaim: + claimName: gitea-storage \ No newline at end of file diff --git a/gitea/service.yml b/gitea/service.yml new file mode 100644 index 0000000..536881a --- /dev/null +++ b/gitea/service.yml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Service +metadata: + name: gitea + +spec: + ports: + - name: web + port: 3000 + targetPort: web + + selector: + app: gitea +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: gitea-ingress +spec: + rules: + - host: gitea.k8s.example.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: gitea + port: + number: 3000 diff --git a/gitea/storage.yml b/gitea/storage.yml new file mode 100644 index 0000000..db94985 --- /dev/null +++ b/gitea/storage.yml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: gitea-storage +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 4Gi \ No newline at end of file diff --git a/hello-world/deployment.yml b/hello-world/deployment.yml new file mode 100644 index 0000000..7778218 --- /dev/null +++ b/hello-world/deployment.yml @@ -0,0 +1,23 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: hello-world + labels: + app: hello-world + +spec: + replicas: 1 + selector: + matchLabels: + app: hello-world + template: + metadata: + labels: + app: hello-world + spec: + containers: + - name: hello-world + image: registry.hub.docker.com/lmmendes/http-hello-world + ports: + - name: web + containerPort: 80 \ No newline at end of file diff --git a/hello-world/service.yml b/hello-world/service.yml new file mode 100644 index 0000000..e4653c2 --- /dev/null +++ b/hello-world/service.yml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + name: hello-world + +spec: + ports: + - name: web + port: 80 + targetPort: web + + selector: + app: hello-world +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: hello-world-ingress +spec: + ingressClassName: traefik + rules: + - host: hello-world.k8s.example.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: hello-world + port: + name: web \ No newline at end of file diff --git a/runner/config.yml b/runner/config.yml new file mode 100644 index 0000000..ffd7c76 --- /dev/null +++ b/runner/config.yml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: gitea-runner +data: + config: | + log: + level: info + runner: + # Where to store the registration result. + file: /data/.runner + # Execute how many tasks concurrently at the same time. + capacity: 1 + # Extra environment variables to run jobs. + envs: + ACT_RUNNER_SEC: test-runner-1 + env_file: .env + timeout: 3h + insecure: true + fetch_timeout: 5s + fetch_interval: 3s + labels: [] + cache: + enabled: false + dir: "" + host: "" + port: 0 + external_server: "" + container: + network: "" + privileged: false + options: + workdir_parent: + valid_volumes: [] + docker_host: "" + force_pull: false + host: + workdir_parent: diff --git a/runner/deployment.yml b/runner/deployment.yml new file mode 100644 index 0000000..a9ab846 --- /dev/null +++ b/runner/deployment.yml @@ -0,0 +1,75 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: gitea-runner +spec: + serviceName: "gitea-runner-service" + selector: + matchLabels: + app: gitea-runner + replicas: 1 + template: + metadata: + labels: + app: gitea-runner + spec: + containers: + - name: gitea-runner-dind + securityContext: + privileged: true + image: docker:dind + env: + - name: DOCKER_DRIVER + value: "overlay2" + - name: DOCKER_TLS_CERTDIR + value: "" + volumeMounts: + - name: docker-socket + mountPath: "/var/run" + - name: gitea-runner + image: gitea/act_runner:nightly + env: + # FIXME: use secret + - name: GITEA_RUNNER_REGISTRATION_TOKEN + value: "MPAEFqYGNTXhkmgJFMyakT58epIpQMfxQ6d20yyb" + - name: GITEA_INSTANCE_URL + value: "http://gitea.k8s.example.com:30429/" + - name: CONFIG_FILE + value: "/config/config.yaml" + volumeMounts: + - name: config + mountPath: "/config" + readOnly: true + - name: runner-data + mountPath: "/data" + - name: docker-socket + mountPath: "/var/run" + # FIXME: use socat + startupProbe: + exec: + command: ["/bin/sh", "-c", "sleep 10"] + timeoutSeconds: 12 + volumes: + - name: config + configMap: + name: gitea-runner + items: + - key: "config" + path: "config.yaml" + volumeClaimTemplates: + - metadata: + name: runner-data + spec: + accessModes: + - "ReadWriteOncePod" + resources: + requests: + storage: 256Mi + - metadata: + name: docker-socket + spec: + accessModes: + - "ReadWriteOncePod" + resources: + requests: + storage: 256Mi \ No newline at end of file diff --git a/runner/storage.yml b/runner/storage.yml new file mode 100644 index 0000000..45af19f --- /dev/null +++ b/runner/storage.yml @@ -0,0 +1,11 @@ +# runner cache +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: gitea-runner-storage +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 4Gi \ No newline at end of file diff --git a/traefik/config.yml b/traefik/config.yml new file mode 100644 index 0000000..8f1efde --- /dev/null +++ b/traefik/config.yml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: traefik +data: + config: | + api: + insecure: true + dashboard: true + + ping: {} + + providers: + kubernetesingress: {} + + entryPoints: + web: + address: :80 + http: + # redirections: + # entryPoint: + # to: websecure + # scheme: https + # permanent: false + # http3: {} + websecure: + address: :443 + http2: + maxConcurrentStreams: 16 + http3: {} diff --git a/traefik/deployment.yml b/traefik/deployment.yml new file mode 100644 index 0000000..0241772 --- /dev/null +++ b/traefik/deployment.yml @@ -0,0 +1,49 @@ +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: traefik + labels: + app: traefik +spec: + selector: + matchLabels: + name: traefik + template: + metadata: + labels: + k8s-app: traefik + name: traefik + spec: + serviceAccountName: traefik-account + terminationGracePeriodSeconds: 60 + containers: + - image: traefik:v3.0 + name: traefik + ports: + - name: web + containerPort: 80 + hostPort: 80 + - name: dashboard + containerPort: 8080 + # hostPort: 8080 + volumeMounts: + - name: config + mountPath: "/config" + readOnly: true + securityContext: + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + args: + - --api.insecure + # - --providers.kubernetesingress + - --configFile=/config/traefik.yaml + volumes: + - name: config + configMap: + name: traefik + items: + - key: "config" + path: "traefik.yaml" \ No newline at end of file diff --git a/traefik/role.yml b/traefik/role.yml new file mode 100644 index 0000000..9e0c108 --- /dev/null +++ b/traefik/role.yml @@ -0,0 +1,52 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: traefik-role + +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: traefik-account +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: traefik-role-binding + +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: traefik-role +subjects: + - kind: ServiceAccount + name: traefik-account + namespace: default \ No newline at end of file