Avatar

alienscience

alienscience@programming.dev
Joined
0 posts • 3 comments
Direct message

I am not sure if it is best practice, but this is what I do and it might provide some inspiration:

  • Bootstrap from a private gitlab.com repository with a base ansible setup. Executed from a laptop.
  • The bootstrap setups up k8s and installs a bare bones git repository docker container based on https://codeberg.org/al13nsc13nc3/gitsrv.
  • Flux CD is installed into the bare bones git repository and k8s.
  • Flux CD is used to install Forgejo and Woodpecker CI using the bare bones git repository as the gitops source of truth.

This has the advantage that Gitops and normal git repositories are separate. I think that a similar principle would work with docker compose instead of k8s.

permalink
report
reply

Just to add to this point. I have been running a separate namespace for CI and it is possible to limit total CPU and memory use for each namespace. This saved me from having to run a VM. Everything (even junk) goes onto k8s isolated by separate namespaces.

If limits and namespaces like this are interesting to you, the k8s resources to read up on are ResourceQuota and LimitRange.

permalink
report
parent
reply

Despite using Tokio underneath, I think that Actix does NOT do work stealing and uses mostly separate threads:

Given this architecture, I think the article might inaccurate when it says that Actix handlers must be Send + Sync. See also: https://www.reddit.com/r/rust/comments/14cbe1u/why_does_actixwebs_handler_not_require_send/

Actix is a bit weird, but it has been around, and used in production, for a relatively long time.

permalink
report
reply