apiVersion: apps/v1 kind: StatefulSet metadata: labels: app: gitea gitea: runner name: runner namespace: gitea annotations: reloader.stakater.com/auto: "true" spec: podManagementPolicy: OrderedReady replicas: 1 selector: matchLabels: app: gitea gitea: runner serviceName: runner updateStrategy: type: RollingUpdate template: metadata: labels: app: gitea gitea: runner spec: securityContext: fsGroup: 1000 volumes: - name: gitea-package-registry-secret secret: secretName: gitea-package-registry-secret - name: gitea-runner-config configMap: name: gitea-runner-config - name: docker-certs emptyDir: {} initContainers: - image: alpine:3.19 imagePullPolicy: IfNotPresent name: chowner volumeMounts: - mountPath: /data name: gitea-runner-data subPath: data - mountPath: /run name: gitea-runner-data subPath: run - mountPath: /home name: gitea-runner-data subPath: home securityContext: privileged: true command: [ sh, -c ] args: - | mkdir -p /home/rootless mkdir -p /home/dockremap chown 1000:1000 /home/rootless chown 100:101 /home/dockremap containers: - image: git.strudelline.net/cascade/docker-act_runner:main-2024-10-19-17.00.39 imagePullPolicy: Always name: runner env: - name: DOCKER_HOST value: tcp://localhost:2376 - name: DOCKER_CERT_PATH value: /certs/client - name: DOCKER_TLS_VERIFY value: "1" - name: DOCKER_REGISTRY value: git.strudelline.net - name: CONFIG_FILE value: /config/config.yaml - name: GITEA_INSTANCE_URL value: http://gitea.gitea.svc.cluster.local:3000 - name: GITEA_RUNNER_REGISTRATION_TOKEN valueFrom: secretKeyRef: name: gitea-runner-token key: token volumeMounts: - mountPath: /data name: gitea-runner-data subPath: data - mountPath: /run name: gitea-runner-data subPath: run - mountPath: /home name: gitea-runner-data subPath: home - mountPath: /config name: gitea-runner-config readOnly: true - mountPath: /home/rootless/.local/share/docker name: gitea-runner-data subPath: home-local-share-docker - mountPath: /home/rootless/.local/share/containers name: gitea-runner-data subPath: home-local-share-containers - mountPath: /home/rootless/.docker/config.json subPath: .dockerconfigjson name: gitea-package-registry-secret readOnly: true securityContext: privileged: true restartPolicy: Always dnsPolicy: ClusterFirst volumeClaimTemplates: - metadata: name: gitea-runner-data spec: accessModes: [ "ReadWriteOnce" ] storageClassName: longhorn-e1r-ssd resources: requests: storage: 200Gi