gitea_admin/deploy-app-kargo-private
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bea103a280f798940acd30f007250df663225f35
deploy-app-kargo-private/test-env/gitea-runner/rbac.yaml
XoR bea103a280 fix(test-env): replace Job with initContainer for runner registration 
Problem: Job ran on every ArgoCD sync, creating duplicate runners in Gitea.
Solution:
- initContainer gets token + saves to PVC (/data/.registration-token)
- Runner container registers once, persists .runner file in PVC
- Subsequent restarts skip registration (idempotent)
- PVC runner-data (1Gi) persists registration across pod restarts
- Removed register-job.yaml, moved RBAC to rbac.yaml
- Runner waits for DinD before starting
- Stable runner name: test-env-runner
- Labels: edt + ubuntu-latest
2026-03-12 13:29:36 +03:00

35 lines
789 B
YAML
Raw Blame History

# RBAC for runner registration initContainer
# Allows reading gitea-admin secret and listing pods in gitea namespace
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: runner-registrar
namespace: test-env
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: test-env-gitea-reader
rules:
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["gitea-admin"]
verbs: ["get"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: test-env-gitea-reader
subjects:
- kind: ServiceAccount
name: runner-registrar
namespace: test-env
roleRef:
kind: ClusterRole
name: test-env-gitea-reader
apiGroup: rbac.authorization.k8s.io
Reference in New Issue View Git Blame Copy Permalink