chore(gitea-runners): Updated values for Dind support
Some checks failed
Validate K8s manifests / validate-manifests (push) Has been cancelled
Some checks failed
Validate K8s manifests / validate-manifests (push) Has been cancelled
This commit is contained in:
Daniël Groothuis
@@ -1,8 +1,15 @@
|
|||||||
# values.yaml (full relevant sections)
|
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
statefulset:
|
statefulset:
|
||||||
# One emptyDir to carry just the docker.sock across containers
|
replicas: 3
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
resources: {}
|
||||||
|
nodeSelector: {}
|
||||||
|
tolerations: []
|
||||||
|
affinity: {}
|
||||||
|
|
||||||
|
# Share only the docker.sock file between containers
|
||||||
extraVolumes:
|
extraVolumes:
|
||||||
- name: docker-socket
|
- name: docker-socket
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
@@ -11,21 +18,25 @@ statefulset:
|
|||||||
repository: gitea/act_runner
|
repository: gitea/act_runner
|
||||||
tag: 0.2.13
|
tag: 0.2.13
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
|
# Ensure runner talks to DinD via Unix socket and never uses TLS
|
||||||
extraEnvs:
|
extraEnvs:
|
||||||
- name: DOCKER_HOST
|
- name: DOCKER_HOST
|
||||||
value: unix:///var/run/docker.sock
|
value: unix:///var/run/docker.sock
|
||||||
- name: DOCKER_BUILDKIT
|
- name: DOCKER_BUILDKIT
|
||||||
value: "1"
|
value: "1"
|
||||||
# Make sure TLS vars are not set; these lines ensure they are blank
|
|
||||||
- name: DOCKER_TLS_CERTDIR
|
- name: DOCKER_TLS_CERTDIR
|
||||||
value: ""
|
value: ""
|
||||||
- name: DOCKER_TLS_VERIFY
|
- name: DOCKER_TLS_VERIFY
|
||||||
value: ""
|
value: ""
|
||||||
# Mount only the socket path from the shared volume
|
|
||||||
|
# Mount only the socket path; avoid mounting the whole /var/run
|
||||||
extraVolumeMounts:
|
extraVolumeMounts:
|
||||||
- name: docker-socket
|
- name: docker-socket
|
||||||
mountPath: /var/run/docker.sock
|
mountPath: /var/run/docker.sock
|
||||||
subPath: docker.sock
|
subPath: docker.sock
|
||||||
|
|
||||||
|
# Gitea act-runner config
|
||||||
config: |
|
config: |
|
||||||
log:
|
log:
|
||||||
level: info
|
level: info
|
||||||
@@ -46,25 +57,31 @@ statefulset:
|
|||||||
repository: docker
|
repository: docker
|
||||||
tag: 28.3.3-dind
|
tag: 28.3.3-dind
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
# Disable TLS entirely for in-pod socket use
|
|
||||||
|
# Disable TLS; use only the default Unix socket
|
||||||
extraEnvs:
|
extraEnvs:
|
||||||
- name: DOCKER_TLS_CERTDIR
|
- name: DOCKER_TLS_CERTDIR
|
||||||
value: ""
|
value: ""
|
||||||
# Uncomment if you hit iptables legacy issues on your nodes
|
# Uncomment if needed on your nodes:
|
||||||
# - name: DOCKER_IPTABLES_LEGACY
|
# - name: DOCKER_IPTABLES_LEGACY
|
||||||
# value: "1"
|
# value: "1"
|
||||||
# Mount the same socket path; dockerd will create the file at startup
|
|
||||||
|
# Mount the same socket path so dockerd can create it
|
||||||
extraVolumeMounts:
|
extraVolumeMounts:
|
||||||
- name: docker-socket
|
- name: docker-socket
|
||||||
mountPath: /var/run/docker.sock
|
mountPath: /var/run/docker.sock
|
||||||
subPath: docker.sock
|
subPath: docker.sock
|
||||||
# Ensure dockerd uses the default unix socket only; don't bind TCP
|
|
||||||
# Some Helm charts expose command/args—include them if available:
|
# Ensure no TCP binding; unix socket only
|
||||||
command: ["dockerd"]
|
command: ["dockerd"]
|
||||||
args:
|
args:
|
||||||
- "--host=unix:///var/run/docker.sock"
|
- "--host=unix:///var/run/docker.sock"
|
||||||
- "--storage-driver=overlay2"
|
- "--storage-driver=overlay2"
|
||||||
|
|
||||||
|
# Optional persistence for DinD (images/layers)
|
||||||
|
persistence:
|
||||||
|
size: 1Gi
|
||||||
|
|
||||||
init:
|
init:
|
||||||
image:
|
image:
|
||||||
repository: busybox
|
repository: busybox
|
||||||
|
|||||||
Reference in New Issue
Block a user