共计 4769 个字符,预计需要花费 12 分钟才能阅读完成。
k8s 部署 Github runner
1. 安装 helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
2. 部署 clash
apiVersion: apps/v1
kind: Deployment
metadata:
name: clash
namespace: arc-systems
spec:
selector:
matchLabels:
app: clash
template:
metadata:
labels:
app: clash
spec:
containers:
- args:
- -f
- /etc/clash/config.yaml
command:
- /clash
image: dreamacro/clash
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 1
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 1080
timeoutSeconds: 1
name: clash
ports:
- containerPort: 1080
name: sock-1080
protocol: TCP
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 2
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 1080
timeoutSeconds: 1
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 40m
memory: 64Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/clash
name: config
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 420
name: clash-config
name: config
---
apiVersion: v1
data:
config.yaml: |
TODO
kind: ConfigMap
metadata:
name: clash-config
namespace: arc-systems
---
apiVersion: v1
kind: Service
metadata:
name: clash
namespace: arc-systems
spec:
ports:
- name: socks
port: 1080
protocol: TCP
targetPort: 1080
- name: manage
port: 9090
protocol: TCP
targetPort: 9090
- name: dns
port: 8853
protocol: UDP
targetPort: 8853
- name: wg-udp
port: 51820
protocol: UDP
targetPort: 51820
- name: bwh-ss
port: 27592
protocol: TCP
targetPort: 27592
selector:
app: clash
sessionAffinity: None
type: ClusterIP
3. 部署 gha-runner-scale-set-controller
affinity: {}
env:
- name: HTTP_PROXY
value: http://clash:1080
- name: HTTPS_PROXY
value: http://clash:1080
flags:
logFormat: text
logLevel: debug
updateStrategy: immediate
fullnameOverride: ""
image:
pullPolicy: IfNotPresent
repository: ghcr.nju.edu.cn/actions/gha-runner-scale-set-controller
tag: ""
imagePullSecrets: []
labels: {}
nameOverride: ""
nodeSelector: {}
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
priorityClassName: ""
replicaCount: 1
resources: {}
securityContext: {}
serviceAccount:
annotations: {}
create: true
name: ""
tolerations: []
NAMESPACE="arc-systems"
helm upgrade --install arc \
--namespace "${NAMESPACE}" \
--create-namespace \
oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller -f values-arc.yaml
4. 部署 gha-runner-scale-set
完善下面 secret
信息
apiVersion: v1
stringData:
github_app_id: app_id
github_app_installation_id: installation_id
github_app_private_key: private_key
kind: Secret
metadata:
name: pre-defined-secret
namespace: arc-runners
type: Opaque
githubConfigSecret: pre-defined-secret
githubConfigUrl: https://github.com/xx # 修改为正确的地址
proxy:
http:
url: http://clash.arc-systems:1080
https:
url: http://clash.arc-systems:1080
template:
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: runner
operator: In
values:
- "true"
containers:
- command:
- /home/runner/run.sh
env:
- name: DOCKER_HOST
value: unix:///run/docker/docker.sock
- name: ALL_PROXY
value: http://clash.arc-systems:1080
image: ghcr.io/actions/actions-runner:latest
name: runner
volumeMounts:
- mountPath: /home/runner/_work
name: work
- mountPath: /run/docker
name: dind-sock
readOnly: true
- mountPath: /home/runner/.docker
name: docker-config-volume
- args:
- dockerd
- --host=unix:///run/docker/docker.sock
- --group=$(DOCKER_GROUP_GID)
- --mtu=1400
env:
- name: DOCKER_GROUP_GID
value: "123"
image: docker:dind
name: dind
securityContext:
privileged: true
volumeMounts:
- mountPath: /home/runner/_work
name: work
- mountPath: /run/docker
name: dind-sock
- mountPath: /home/runner/externals
name: dind-externals
initContainers:
- command:
- /bin/sh
- -c
- |
cp -r -v /home/runner/externals/. /home/runner/tmpDir/ &&
echo '{
"proxies": {
"default": {
"httpProxy": "http://clash.arc-systems:1080",
"httpsProxy": "http://clash.arc-systems:1080",
"noProxy": "*.test.example.com,.example.org,127.0.0.0/8"
}
}
}' > /docker-config/config.json
image: ghcr.io/actions/actions-runner:latest
name: init-dind-externals
volumeMounts:
- mountPath: /home/runner/tmpDir
name: dind-externals
- mountPath: /docker-config
name: docker-config-volume
volumes:
- emptyDir: {}
name: docker-config-volume
- emptyDir: {}
name: work
- emptyDir: {}
name: dind-sock
- emptyDir: {}
name: dind-externals
INSTALLATION_NAME="your-runner-name"
NAMESPACE="arc-runners"
GITHUB_CONFIG_URL="https://github.com/xuelang-group"
helm upgrade --install "${INSTALLATION_NAME}" \
--namespace "${NAMESPACE}" \
--create-namespace \
--set githubConfigUrl="${GITHUB_CONFIG_URL}" \
--set githubConfigSecret="pre-defined-secret" \
oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set -f values-sets.yaml --debug
5. 使用
name: Package airgap and upload to OSS
on:
workflow_dispatch:
push:
branches:
- airgap
concurrency:
group: upload-to-oss
cancel-in-progress: true
jobs:
deploy:
runs-on: your-runner-name # 设置为正确的 runner 名字
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Release
run: echo hello world
6. 参考
正文完