From e6f8054055b83faf0780839ef05e73a5440c8afc Mon Sep 17 00:00:00 2001
From: Julia McGhee <julia.eloise@pm.me>
Date: Sat, 21 Mar 2026 16:13:19 +0000
Subject: [PATCH] Fix runner DinD: disable TLS between sidecar containers

TLS between act_runner and DinD in the same pod is unnecessary
and causes race conditions with cert generation. Use port 2375
(no TLS) and set DOCKER_TLS_CERTDIR="" on the DinD sidecar.
---
 .../platform/gitea-runner/deployment.yaml         | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/infra/kubernetes/platform/gitea-runner/deployment.yaml b/infra/kubernetes/platform/gitea-runner/deployment.yaml
index bfc4ea4..71aa618 100644
--- a/infra/kubernetes/platform/gitea-runner/deployment.yaml
+++ b/infra/kubernetes/platform/gitea-runner/deployment.yaml
@@ -29,15 +29,8 @@ spec:
             - name: GITEA_RUNNER_LABELS
               value: "ubuntu-latest:docker://node:20-bookworm,linux/amd64:docker://node:20-bookworm,cluster:docker://node:20-bookworm"
             - name: DOCKER_HOST
-              value: tcp://localhost:2376
-            - name: DOCKER_TLS_VERIFY
-              value: "1"
-            - name: DOCKER_CERT_PATH
-              value: /certs/client
+              value: tcp://localhost:2375
           volumeMounts:
-            - name: docker-certs
-              mountPath: /certs/client
-              readOnly: true
             - name: runner-data
               mountPath: /data
           resources:
@@ -53,10 +46,8 @@ spec:
             privileged: true
           env:
             - name: DOCKER_TLS_CERTDIR
-              value: /certs
+              value: ""
           volumeMounts:
-            - name: docker-certs
-              mountPath: /certs
             - name: dind-storage
               mountPath: /var/lib/docker
           resources:
@@ -67,8 +58,6 @@ spec:
               memory: 4Gi
 
       volumes:
-        - name: docker-certs
-          emptyDir: {}
         - name: runner-data
           emptyDir: {}
         - name: dind-storage