James Andariese
c147c33414
init script broke because the image was alpine for that container and this repo's image for the primary container. the sed replacement clobbered both, rendering the init inoperable.
114 lines
3.0 KiB
YAML
114 lines
3.0 KiB
YAML
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
labels:
|
|
app: gitea
|
|
gitea: runner
|
|
name: runner
|
|
namespace: gitea
|
|
annotations:
|
|
reloader.stakater.com/auto: "true"
|
|
spec:
|
|
podManagementPolicy: OrderedReady
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: gitea
|
|
gitea: runner
|
|
serviceName: runner
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: gitea
|
|
gitea: runner
|
|
spec:
|
|
securityContext:
|
|
fsGroup: 1000
|
|
volumes:
|
|
- name: gitea-package-registry-secret
|
|
secret:
|
|
secretName: gitea-package-registry-secret
|
|
- name: gitea-runner-config
|
|
configMap:
|
|
name: gitea-runner-config
|
|
- name: docker-certs
|
|
emptyDir: {}
|
|
initContainers:
|
|
- image: alpine:3.19
|
|
imagePullPolicy: IfNotPresent
|
|
name: chowner
|
|
volumeMounts:
|
|
- mountPath: /data
|
|
name: gitea-runner-data
|
|
subPath: data
|
|
- mountPath: /run
|
|
name: gitea-runner-data
|
|
subPath: run
|
|
- mountPath: /home
|
|
name: gitea-runner-data
|
|
subPath: home
|
|
securityContext:
|
|
privileged: true
|
|
command: [ sh, -c ]
|
|
args:
|
|
- |
|
|
mkdir -p /home/rootless
|
|
mkdir -p /home/dockremap
|
|
chown 1000:1000 /home/rootless
|
|
chown 100:101 /home/dockremap
|
|
containers:
|
|
- image: git.strudelline.net/cascade/docker-act_runner:main-2024-03-29-02.31.25
|
|
imagePullPolicy: Always
|
|
name: runner
|
|
env:
|
|
- name: DOCKER_HOST
|
|
value: tcp://localhost:2376
|
|
- name: DOCKER_CERT_PATH
|
|
value: /certs/client
|
|
- name: DOCKER_TLS_VERIFY
|
|
value: "1"
|
|
- name: DOCKER_REGISTRY
|
|
value: git.strudelline.net
|
|
- name: CONFIG_FILE
|
|
value: /config/config.yaml
|
|
- name: GITEA_INSTANCE_URL
|
|
value: http://gitea.gitea.svc.cluster.local:3000
|
|
- name: GITEA_RUNNER_REGISTRATION_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gitea-runner-token
|
|
key: token
|
|
volumeMounts:
|
|
- mountPath: /data
|
|
name: gitea-runner-data
|
|
subPath: data
|
|
- mountPath: /run
|
|
name: gitea-runner-data
|
|
subPath: run
|
|
- mountPath: /home
|
|
name: gitea-runner-data
|
|
subPath: home
|
|
- mountPath: /config
|
|
name: gitea-runner-config
|
|
readOnly: true
|
|
- mountPath: /home/rootless/.docker/config.json
|
|
subPath: .dockerconfigjson
|
|
name: gitea-package-registry-secret
|
|
readOnly: true
|
|
securityContext:
|
|
privileged: true
|
|
restartPolicy: Always
|
|
dnsPolicy: ClusterFirst
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: gitea-runner-data
|
|
spec:
|
|
accessModes: [ "ReadWriteOnce" ]
|
|
storageClassName: nvme
|
|
resources:
|
|
requests:
|
|
storage: 200Gi
|
|
|