e6f8054055
TLS between act_runner and DinD in the same pod is unnecessary and causes race conditions with cert generation. Use port 2375 (no TLS) and set DOCKER_TLS_CERTDIR="" on the DinD sidecar.
65 lines
1.6 KiB
YAML
65 lines
1.6 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: gitea-runner
|
|
namespace: platform
|
|
labels:
|
|
app: gitea-runner
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: gitea-runner
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: gitea-runner
|
|
spec:
|
|
containers:
|
|
- name: runner
|
|
image: gitea/act_runner:latest
|
|
env:
|
|
- name: GITEA_INSTANCE_URL
|
|
value: http://gitea-helm-http.platform.svc:3000
|
|
- name: GITEA_RUNNER_REGISTRATION_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-runner-token
|
|
key: token
|
|
- name: GITEA_RUNNER_LABELS
|
|
value: "ubuntu-latest:docker://node:20-bookworm,linux/amd64:docker://node:20-bookworm,cluster:docker://node:20-bookworm"
|
|
- name: DOCKER_HOST
|
|
value: tcp://localhost:2375
|
|
volumeMounts:
|
|
- name: runner-data
|
|
mountPath: /data
|
|
resources:
|
|
requests:
|
|
memory: 256Mi
|
|
cpu: 200m
|
|
limits:
|
|
memory: 1Gi
|
|
|
|
- name: dind
|
|
image: docker:dind
|
|
securityContext:
|
|
privileged: true
|
|
env:
|
|
- name: DOCKER_TLS_CERTDIR
|
|
value: ""
|
|
volumeMounts:
|
|
- name: dind-storage
|
|
mountPath: /var/lib/docker
|
|
resources:
|
|
requests:
|
|
memory: 512Mi
|
|
cpu: 500m
|
|
limits:
|
|
memory: 4Gi
|
|
|
|
volumes:
|
|
- name: runner-data
|
|
emptyDir: {}
|
|
- name: dind-storage
|
|
emptyDir: {}
|