docker-act_runner/k/runner.yaml
2024-03-29 02:58:58 +00:00

114 lines
3.0 KiB
YAML

apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app: gitea
gitea: runner
name: runner
namespace: gitea
annotations:
reloader.stakater.com/auto: "true"
spec:
podManagementPolicy: OrderedReady
replicas: 1
selector:
matchLabels:
app: gitea
gitea: runner
serviceName: runner
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: gitea
gitea: runner
spec:
securityContext:
fsGroup: 1000
volumes:
- name: gitea-package-registry-secret
secret:
secretName: gitea-package-registry-secret
- name: gitea-runner-config
configMap:
name: gitea-runner-config
- name: docker-certs
emptyDir: {}
initContainers:
- image: alpine:3.19
imagePullPolicy: IfNotPresent
name: chowner
volumeMounts:
- mountPath: /data
name: gitea-runner-data
subPath: data
- mountPath: /run
name: gitea-runner-data
subPath: run
- mountPath: /home
name: gitea-runner-data
subPath: home
securityContext:
privileged: true
command: [ sh, -c ]
args:
- |
mkdir -p /home/rootless
mkdir -p /home/dockremap
chown 1000:1000 /home/rootless
chown 100:101 /home/dockremap
containers:
- image: git.strudelline.net/cascade/docker-act_runner:main-2024-03-29-02.58.52
imagePullPolicy: Always
name: runner
env:
- name: DOCKER_HOST
value: tcp://localhost:2376
- name: DOCKER_CERT_PATH
value: /certs/client
- name: DOCKER_TLS_VERIFY
value: "1"
- name: DOCKER_REGISTRY
value: git.strudelline.net
- name: CONFIG_FILE
value: /config/config.yaml
- name: GITEA_INSTANCE_URL
value: http://gitea.gitea.svc.cluster.local:3000
- name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: gitea-runner-token
key: token
volumeMounts:
- mountPath: /data
name: gitea-runner-data
subPath: data
- mountPath: /run
name: gitea-runner-data
subPath: run
- mountPath: /home
name: gitea-runner-data
subPath: home
- mountPath: /config
name: gitea-runner-config
readOnly: true
- mountPath: /home/rootless/.docker/config.json
subPath: .dockerconfigjson
name: gitea-package-registry-secret
readOnly: true
securityContext:
privileged: true
restartPolicy: Always
dnsPolicy: ClusterFirst
volumeClaimTemplates:
- metadata:
name: gitea-runner-data
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: nvme
resources:
requests:
storage: 200Gi