DGSE/kubernetes
1
0
Fork 0
Code Issues 3 Pull Requests 8 Actions Packages Projects Releases Wiki Activity

chore(gitea-runners): Updated values for Dind support
Some checks failed
Validate K8s manifests / validate-manifests (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Daniël Groothuis
2025-10-28 18:55:35 +01:00
parent 6b5efb494b
commit 239ed7b214
1 changed files with 15 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
manifests/artemis/gitea-runners/values.yaml
View File

@@ -1,3 +1,5 @@
# values.yaml — Gitea Actions runner with DinD over shared Unix socket (no TCP, no TLS)
enabled: true enabled: true
statefulset: statefulset:
@@ -9,7 +11,7 @@ statefulset:
tolerations: [] tolerations: []
affinity: {} affinity: {}
# Share only the docker.sock file between containers # Share only the docker.sock file between dind and act-runner
extraVolumes: extraVolumes:
- name: docker-socket - name: docker-socket
emptyDir: {} emptyDir: {}
@@ -19,7 +21,7 @@ statefulset:
tag: 0.2.13 tag: 0.2.13
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# Ensure runner talks to DinD via Unix socket and never uses TLS # Runner talks to DinD via unix socket; ensure no TLS is used
extraEnvs: extraEnvs:
- name: DOCKER_HOST - name: DOCKER_HOST
value: unix:///var/run/docker.sock value: unix:///var/run/docker.sock
@@ -30,13 +32,13 @@ statefulset:
- name: DOCKER_TLS_VERIFY - name: DOCKER_TLS_VERIFY
value: "" value: ""
# Mount only the socket path; avoid mounting the whole /var/run # Mount only the socket path, not the entire /var/run (prevents "is a directory" errors)
extraVolumeMounts: extraVolumeMounts:
- name: docker-socket - name: docker-socket
mountPath: /var/run/docker.sock mountPath: /var/run/docker.sock
subPath: docker.sock subPath: docker.sock
# Gitea act-runner config # Act runner config
config: | config: |
log: log:
level: info level: info
@@ -49,8 +51,8 @@ statefulset:
- "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04" - "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04"
- "ubuntu-20.04:docker://docker.gitea.com/runner-images:ubuntu-20.04" - "ubuntu-20.04:docker://docker.gitea.com/runner-images:ubuntu-20.04"
container: container:
privileged: true privileged: true # required for DinD
require_docker: true require_docker: true # fail if docker is not reachable
docker_timeout: 300s docker_timeout: 300s
dind: dind:
@@ -58,27 +60,27 @@ statefulset:
tag: 28.3.3-dind tag: 28.3.3-dind
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# Disable TLS; use only the default Unix socket # Disable TLS and DO NOT advertise TCP; use only unix socket
extraEnvs: extraEnvs:
- name: DOCKER_TLS_CERTDIR - name: DOCKER_TLS_CERTDIR
value: "" value: ""
# Uncomment if needed on your nodes: # If your nodes require legacy iptables:
# - name: DOCKER_IPTABLES_LEGACY # - name: DOCKER_IPTABLES_LEGACY
# value: "1" # value: "1"
# Mount the same socket path so dockerd can create it # Share only the docker.sock file
extraVolumeMounts: extraVolumeMounts:
- name: docker-socket - name: docker-socket
mountPath: /var/run/docker.sock mountPath: /var/run/docker.sock
subPath: docker.sock subPath: docker.sock
# Ensure no TCP binding; unix socket only # Explicitly bind dockerd to the unix socket; do not bind tcp://0.0.0.0:2375
command: ["dockerd"] command: ["dockerd"]
args: args:
- "--host=unix:///var/run/docker.sock" - "--host=unix:///var/run/docker.sock"
- "--storage-driver=overlay2" - "--storage-driver=overlay2"
# Optional persistence for DinD (images/layers) # Optional: persistence for DinD image layers (default will mount /var/lib/docker inside dind)
persistence: persistence:
size: 1Gi size: 1Gi
@@ -87,9 +89,11 @@ init:
repository: busybox repository: busybox
tag: "1.37.0" tag: "1.37.0"
# Runner registration token
existingSecret: "gitea-runner-token" existingSecret: "gitea-runner-token"
existingSecretKey: "token" existingSecretKey: "token"
# Root URL of your Gitea
giteaRootURL: "https://git.dgse.cloud" giteaRootURL: "https://git.dgse.cloud"
global: global: