forgejo-runner/README.adoc

@@ -16,6 +16,36 @@ image::https://img.shields.io/badge/AppVersion-3.4.1-informational?style=flat-sq
 | <https://wrenix.eu>
 |===
 
+== Accessing docker socket inside job containers
+
+To access the docker socket inside the job containers, the following example
+values may be used:
+
+[source,yaml]
+----
+runner:
+  config:
+    create: true
+    existingSecret: ""
+    file:
+      log:
+        level: "info"
+      runner:
+        file: ".runner"
+        capacity: 1
+        envs:
+          DOCKER_HOST: tcp://127.0.0.1:2376
+          DOCKER_TLS_VERIFY: 1
+          DOCKER_CERT_PATH: /certs/client
+      container:
+        network: host
+        enable_ipv6: false
+        privileged: false
+        options: -v /certs/client:/certs/client
+        valid_volumes:
+          - /certs/client
+----
+
 == Usage
 
 Helm must be installed and setup to your kubernetes cluster to use the charts.
@@ -43,7 +73,41 @@ helm uninstall forgejo-runner-release
 
 == Values
 
-.Values
+.Values Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml)
+|===
+| Key | Type | Default | Description
+
+| runner.config.file.container.enable_ipv6
+| bool
+| `false`
+| Whether to create networks with IPv6 enabled. Requires the Docker daemon to be set up accordingly. Only takes effect if "network" is set to "".
+
+| runner.config.file.container.network
+| string
+| `"host"`
+| Specifies the network to which the container will connect. Could be host, bridge or the name of a custom network. If it's empty, create a network automatically.
+
+| runner.config.file.log.level
+| string
+| `"info"`
+| The level of logging, can be trace, debug, info, warn, error, fatal
+
+| runner.config.file.runner.capacity
+| int
+| `1`
+| Execute how many tasks concurrently at the same time.
+
+| runner.config.file.runner.envs
+| object
+| `{"DOCKER_CERT_PATH":"/certs/client","DOCKER_HOST":"tcp://127.0.0.1:2376","DOCKER_TLS_VERIFY":1}`
+| Extra environment variables to run jobs.
+
+| runner.config.file.runner.file
+| string
+| `".runner"`
+| Runner config which contains id and token of this runner (autogenerate with create)
+|===
+.Values Other Values
 |===
 | Key | Type | Default | Description
 
@@ -187,6 +251,21 @@ helm uninstall forgejo-runner-release
 | `""`
 | use existingSecret instatt
 
+| runner.config.file.container.options
+| string
+| `"-v /certs/client:/certs/client"`
+|
+
+| runner.config.file.container.privileged
+| bool
+| `false`
+|
+
+| runner.config.file.container.valid_volumes[0]
+| string
+| `"/certs/client"`
+|
+
 | runner.config.instance
 | string
 | `"https://codeberg.org"`

forgejo-runner/_docs.gotmpl

@@ -0,0 +1,14 @@
+{{ define "chart.prerequirements" -}}
+= Accessing docker socket inside job containers
+
+To access the docker socket inside the job containers, the following example
+values may be used:
+
+[source,yaml]
+----
+{{ .Files.Get "values-dind-bypass.yaml" }}
+----
+
+====
+{{ end }}
+

forgejo-runner/templates/deployment.yaml

@@ -48,7 +48,15 @@ spec:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          command: [ "/bin/forgejo-runner", "daemon" ]
+          command: 
+            - "sh"
+            - "-c"
+            - |
+              while ! nc -z 127.0.0.1 2376 </dev/null; do
+                echo 'waiting for docker daemon...';
+                sleep 5;
+              done
+              /bin/forgejo-runner --config /etc/runner/config.yaml daemon
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           env:
@@ -59,6 +67,8 @@ spec:
             - name: DOCKER_TLS_VERIFY
               value: "1"
           volumeMounts:
+            - name: runner-configfile
+              mountPath: /etc/runner
             - name: docker-certs
               mountPath: /certs
             - name: runner-data
@@ -87,6 +97,9 @@ spec:
         - name: runner-config
           secret:
             secretName: {{ .Values.runner.config.existingSecret | default (print ( include "forgejo-runner.fullname" . ) "-config") | quote }}
+        - name: runner-configfile
+          secret:
+            secretName: {{ include "forgejo-runner.fullname" . }}-configfile
         {{- with .Values.volumes }}
         {{- toYaml . | nindent 8 }}
         {{- end }}

forgejo-runner/templates/secrets.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "forgejo-runner.fullname" . }}-configfile
+  labels:
+    {{- include "forgejo-runner.labels" . | nindent 4 }}
+  annotations:
+    config-hash: {{ toYaml .Values.runner.config.file | sha256sum }}
+data:
+  config.yaml: {{ toYaml .Values.runner.config.file | b64enc }}

forgejo-runner/values-dind-bypass.yaml

@@ -0,0 +1,21 @@
+runner:
+  config:
+    create: true
+    existingSecret: ""
+    file:
+      log:
+        level: "info"
+      runner:
+        file: ".runner"
+        capacity: 1
+        envs:
+          DOCKER_HOST: tcp://127.0.0.1:2376
+          DOCKER_TLS_VERIFY: 1
+          DOCKER_CERT_PATH: /certs/client
+      container:
+        network: host
+        enable_ipv6: false
+        privileged: false
+        options: -v /certs/client:/certs/client
+        valid_volumes:
+          - /certs/client

forgejo-runner/values.yaml

@@ -24,6 +24,40 @@ runner:
     instance: https://codeberg.org
     name:
     token:
+    file:
+      log:
+        # -- The level of logging, can be trace, debug, info, warn, error, fatal
+        # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml)
+        level: "info"
+      runner:
+        # -- Runner config which contains id and token of this runner (autogenerate with create)
+        # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml)
+        file: ".runner"
+        # -- Execute how many tasks concurrently at the same time.
+        # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml)
+        capacity: 1
+        # -- Extra environment variables to run jobs.
+        # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml)
+        envs:
+          A_TEST_ENV_NAME_1: a_test_env_value_1
+          A_TEST_ENV_NAME_2: a_test_env_value_2
+      container:
+        # -- Specifies the network to which the container will connect.
+        # Could be host, bridge or the name of a custom network.
+        # If it's empty, create a network automatically.
+        # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml)
+        network: ""
+        # -- Whether to create networks with IPv6 enabled. Requires the Docker daemon to be set up accordingly.
+        # Only takes effect if "network" is set to "".
+        # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml)
+        enable_ipv6: false
+        # -- And other options to be used when the container is started (eg, --add-host=my.forgejo.url:host-gateway).
+        # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml)
+        privileged: false
+        # -- And other options to be used when the container is started (eg, --add-host=my.forgejo.url:host-gateway).
+        # @section -- Configuration yaml of runner (see: https://code.forgejo.org/forgejo/runner/src/branch/main/internal/pkg/config/config.example.yaml)
+        options:
+        valid_volumes: []
 
 dind:
   image: