Fix runner DinD: disable TLS between sidecar containers
TLS between act_runner and DinD in the same pod is unnecessary and causes race conditions with cert generation. Use port 2375 (no TLS) and set DOCKER_TLS_CERTDIR="" on the DinD sidecar.
This commit is contained in:
Julia McGhee
@@ -29,15 +29,8 @@ spec:
|
||||
- name: GITEA_RUNNER_LABELS
|
||||
value: "ubuntu-latest:docker://node:20-bookworm,linux/amd64:docker://node:20-bookworm,cluster:docker://node:20-bookworm"
|
||||
- name: DOCKER_HOST
|
||||
value: tcp://localhost:2376
|
||||
- name: DOCKER_TLS_VERIFY
|
||||
value: "1"
|
||||
- name: DOCKER_CERT_PATH
|
||||
value: /certs/client
|
||||
value: tcp://localhost:2375
|
||||
volumeMounts:
|
||||
- name: docker-certs
|
||||
mountPath: /certs/client
|
||||
readOnly: true
|
||||
- name: runner-data
|
||||
mountPath: /data
|
||||
resources:
|
||||
@@ -53,10 +46,8 @@ spec:
|
||||
privileged: true
|
||||
env:
|
||||
- name: DOCKER_TLS_CERTDIR
|
||||
value: /certs
|
||||
value: ""
|
||||
volumeMounts:
|
||||
- name: docker-certs
|
||||
mountPath: /certs
|
||||
- name: dind-storage
|
||||
mountPath: /var/lib/docker
|
||||
resources:
|
||||
@@ -67,8 +58,6 @@ spec:
|
||||
memory: 4Gi
|
||||
|
||||
volumes:
|
||||
- name: docker-certs
|
||||
emptyDir: {}
|
||||
- name: runner-data
|
||||
emptyDir: {}
|
||||
- name: dind-storage
|
||||
|
||||
Reference in New Issue
Block a user