k8s 部署 Github Runner(企业可用)

共计 4769 个字符,预计需要花费 12 分钟才能阅读完成。

k8s 部署 Github runner

1. 安装 helm

curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

2. 部署 clash

apiVersion: apps/v1
kind: Deployment
metadata:
  name: clash
  namespace: arc-systems
spec:
  selector:
    matchLabels:
      app: clash
  template:
    metadata:
      labels:
        app: clash
    spec:
      containers:
      - args:
        - -f
        - /etc/clash/config.yaml
        command:
        - /clash
        image: dreamacro/clash
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          initialDelaySeconds: 1
          periodSeconds: 10
          successThreshold: 1
          tcpSocket:
            port: 1080
          timeoutSeconds: 1
        name: clash
        ports:
        - containerPort: 1080
          name: sock-1080
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          initialDelaySeconds: 2
          periodSeconds: 10
          successThreshold: 1
          tcpSocket:
            port: 1080
          timeoutSeconds: 1
        resources:
          limits:
            cpu: 500m
            memory: 256Mi
          requests:
            cpu: 40m
            memory: 64Mi
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /etc/clash
          name: config
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
      volumes:
      - configMap:
          defaultMode: 420
          name: clash-config
        name: config
---
apiVersion: v1
data:
  config.yaml: |
  TODO
kind: ConfigMap
metadata:
  name: clash-config
  namespace: arc-systems
---
apiVersion: v1
kind: Service
metadata:
  name: clash
  namespace: arc-systems
spec:
  ports:
  - name: socks
    port: 1080
    protocol: TCP
    targetPort: 1080
  - name: manage
    port: 9090
    protocol: TCP
    targetPort: 9090
  - name: dns
    port: 8853
    protocol: UDP
    targetPort: 8853
  - name: wg-udp
    port: 51820
    protocol: UDP
    targetPort: 51820
  - name: bwh-ss
    port: 27592
    protocol: TCP
    targetPort: 27592
  selector:
    app: clash
  sessionAffinity: None
  type: ClusterIP

3. 部署 gha-runner-scale-set-controller

affinity: {}
env:
- name: HTTP_PROXY
  value: http://clash:1080
- name: HTTPS_PROXY
  value: http://clash:1080
flags:
  logFormat: text
  logLevel: debug
  updateStrategy: immediate
fullnameOverride: ""
image:
  pullPolicy: IfNotPresent
  repository: ghcr.nju.edu.cn/actions/gha-runner-scale-set-controller
  tag: ""
imagePullSecrets: []
labels: {}
nameOverride: ""
nodeSelector: {}
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
priorityClassName: ""
replicaCount: 1
resources: {}
securityContext: {}
serviceAccount:
  annotations: {}
  create: true
  name: ""
tolerations: []
NAMESPACE="arc-systems"
helm upgrade --install arc \
    --namespace "${NAMESPACE}" \
    --create-namespace \
    oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller -f values-arc.yaml

4. 部署 gha-runner-scale-set

完善下面 secret 信息

apiVersion: v1
stringData:
  github_app_id: app_id
  github_app_installation_id: installation_id
  github_app_private_key: private_key
kind: Secret
metadata:
  name: pre-defined-secret
  namespace: arc-runners
type: Opaque
githubConfigSecret: pre-defined-secret
githubConfigUrl: https://github.com/xx # 修改为正确的地址
proxy:
  http:
    url: http://clash.arc-systems:1080
  https:
    url: http://clash.arc-systems:1080
template:
  spec:
    affinity:
      nodeAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
          nodeSelectorTerms:
          - matchExpressions:
            - key: runner
              operator: In
              values:
              - "true"
    containers:
    - command:
      - /home/runner/run.sh
      env:
      - name: DOCKER_HOST
        value: unix:///run/docker/docker.sock
      - name: ALL_PROXY
        value: http://clash.arc-systems:1080
      image: ghcr.io/actions/actions-runner:latest
      name: runner
      volumeMounts:
      - mountPath: /home/runner/_work
        name: work
      - mountPath: /run/docker
        name: dind-sock
        readOnly: true
      - mountPath: /home/runner/.docker
        name: docker-config-volume
    - args:
      - dockerd
      - --host=unix:///run/docker/docker.sock
      - --group=$(DOCKER_GROUP_GID)
      - --mtu=1400
      env:
      - name: DOCKER_GROUP_GID
        value: "123"
      image: docker:dind
      name: dind
      securityContext:
        privileged: true
      volumeMounts:
      - mountPath: /home/runner/_work
        name: work
      - mountPath: /run/docker
        name: dind-sock
      - mountPath: /home/runner/externals
        name: dind-externals
    initContainers:
    - command:
      - /bin/sh
      - -c
      - |
        cp -r -v /home/runner/externals/. /home/runner/tmpDir/ &&
        echo '{
          "proxies": {
            "default": {
              "httpProxy": "http://clash.arc-systems:1080",
              "httpsProxy": "http://clash.arc-systems:1080",
              "noProxy": "*.test.example.com,.example.org,127.0.0.0/8"
            }
          }
        }' > /docker-config/config.json
      image: ghcr.io/actions/actions-runner:latest
      name: init-dind-externals
      volumeMounts:
      - mountPath: /home/runner/tmpDir
        name: dind-externals
      - mountPath: /docker-config
        name: docker-config-volume
    volumes:
    - emptyDir: {}
      name: docker-config-volume
    - emptyDir: {}
      name: work
    - emptyDir: {}
      name: dind-sock
    - emptyDir: {}
      name: dind-externals
INSTALLATION_NAME="your-runner-name"
NAMESPACE="arc-runners"
GITHUB_CONFIG_URL="https://github.com/xuelang-group"
helm upgrade --install "${INSTALLATION_NAME}" \
    --namespace "${NAMESPACE}" \
    --create-namespace \
    --set githubConfigUrl="${GITHUB_CONFIG_URL}" \
    --set githubConfigSecret="pre-defined-secret" \
    oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set -f values-sets.yaml --debug

5. 使用

name: Package airgap and upload to OSS

on:
  workflow_dispatch:
  push:
    branches:
      - airgap

concurrency: 
  group: upload-to-oss
  cancel-in-progress: true

jobs:
  deploy:
    runs-on: your-runner-name # 设置为正确的 runner 名字

    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Release
        run: echo hello world

6. 参考

Quickstart for Actions Runner Controller - GitHub Docs

正文完
 0
评论(没有评论)