Adding upstream version 3.5.1.HEAD upstream/3.5.1 upstream debian

Signed-off-by: Daniel Baumann <daniel@debian.org>
author: Daniel Baumann <daniel@debian.org> 2024-10-20 22:50:50 +0200
committer: Daniel Baumann <daniel@debian.org> 2024-10-20 22:50:50 +0200
commit: 9fa26b7837ed8e6679b7e6115425cab6ecbc9a8a (patch)
tree: c5b6f218ae267153042529217fdabeac4849ca1e /examples/kubernetes/README.md
parent: Initial commit. (diff)
download: forgejo-runner-9fa26b7837ed8e6679b7e6115425cab6ecbc9a8a.tar.xz
forgejo-runner-9fa26b7837ed8e6679b7e6115425cab6ecbc9a8a.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/examples/kubernetes/README.md b/examples/kubernetes/README.md
new file mode 100644
index 0000000..d00cf1a
--- /dev/null
+++ b/examples/kubernetes/README.md
@@ -0,0 +1,7 @@
+## Kubernetes Docker in Docker Deployment
+
+Registers Kubernetes pod runners using [offline registration](https://forgejo.org/docs/v1.21/admin/actions/#offline-registration), allowing the scaling of runners as needed.
+
+NOTE: Docker in Docker (dind) requires elevated privileges on Kubernetes. The current way to achieve this is to set the pod `SecurityContext` to `privileged`. Keep in mind that this is a potential security issue that has the potential for a malicious application to break out of the container context.
+
+[`dind-docker.yaml`](dind-docker.yaml) creates a deployment and secret for Kubernetes to act as a runner. The Docker credentials are re-generated each time the pod connects and does not need to be persisted.
author	Daniel Baumann <daniel@debian.org>	2024-10-20 22:50:50 +0200
committer	Daniel Baumann <daniel@debian.org>	2024-10-20 22:50:50 +0200
commit	9fa26b7837ed8e6679b7e6115425cab6ecbc9a8a (patch)
tree	c5b6f218ae267153042529217fdabeac4849ca1e /examples/kubernetes/README.md
parent	Initial commit. (diff)
download	forgejo-runner-9fa26b7837ed8e6679b7e6115425cab6ecbc9a8a.tar.xz forgejo-runner-9fa26b7837ed8e6679b7e6115425cab6ecbc9a8a.zip