Fix runner DinD: disable TLS between sidecar containers
TLS between act_runner and DinD in the same pod is unnecessary and causes race conditions with cert generation. Use port 2375 (no TLS) and set DOCKER_TLS_CERTDIR="" on the DinD sidecar.
This commit is contained in:
Julia McGhee
@@ -29,15 +29,8 @@ spec:
|
|||||||
- name: GITEA_RUNNER_LABELS
|
- name: GITEA_RUNNER_LABELS
|
||||||
value: "ubuntu-latest:docker://node:20-bookworm,linux/amd64:docker://node:20-bookworm,cluster:docker://node:20-bookworm"
|
value: "ubuntu-latest:docker://node:20-bookworm,linux/amd64:docker://node:20-bookworm,cluster:docker://node:20-bookworm"
|
||||||
- name: DOCKER_HOST
|
- name: DOCKER_HOST
|
||||||
value: tcp://localhost:2376
|
value: tcp://localhost:2375
|
||||||
- name: DOCKER_TLS_VERIFY
|
|
||||||
value: "1"
|
|
||||||
- name: DOCKER_CERT_PATH
|
|
||||||
value: /certs/client
|
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: docker-certs
|
|
||||||
mountPath: /certs/client
|
|
||||||
readOnly: true
|
|
||||||
- name: runner-data
|
- name: runner-data
|
||||||
mountPath: /data
|
mountPath: /data
|
||||||
resources:
|
resources:
|
||||||
@@ -53,10 +46,8 @@ spec:
|
|||||||
privileged: true
|
privileged: true
|
||||||
env:
|
env:
|
||||||
- name: DOCKER_TLS_CERTDIR
|
- name: DOCKER_TLS_CERTDIR
|
||||||
value: /certs
|
value: ""
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: docker-certs
|
|
||||||
mountPath: /certs
|
|
||||||
- name: dind-storage
|
- name: dind-storage
|
||||||
mountPath: /var/lib/docker
|
mountPath: /var/lib/docker
|
||||||
resources:
|
resources:
|
||||||
@@ -67,8 +58,6 @@ spec:
|
|||||||
memory: 4Gi
|
memory: 4Gi
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: docker-certs
|
|
||||||
emptyDir: {}
|
|
||||||
- name: runner-data
|
- name: runner-data
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
- name: dind-storage
|
- name: dind-storage
|
||||||
|
|||||||
Reference in New Issue
Block a user