Mayne0213
2a42104912
CHORE(app): use kaniko as separate job
Architecture (Option 3 - Recommended):
Runner Pod (DinD maintained)
└─ kubectl create job
└─ Kaniko Pod (isolated)
Benefits:
- Resource isolation
- Parallel builds possible
- Build failures don't affect runner
- Pod-level isolation
- Proper security boundaries
Changes:
- Restore kubectl and kubeconfig setup
- Use kubeconfig from Gitea Secret
- Create Kaniko Job in separate namespace
- Wait for Job completion
- Proper cleanup after build
Infrastructure (already deployed via ArgoCD):
- kaniko-builds namespace
- RBAC for gitea runner ServiceAccount
- Proper permission boundaries
2025-12-28 17:43:22 +09:00
..
2025-12-28 17:43:22 +09:00
2025-12-11 11:48:52 +09:00