chore(gitea-runners): Updated values for Dind support
Some checks failed
Validate K8s manifests / validate-manifests (push) Has been cancelled
Some checks failed
Validate K8s manifests / validate-manifests (push) Has been cancelled
This commit is contained in:
Daniël Groothuis
@@ -1,8 +1,15 @@
|
||||
# values.yaml (full relevant sections)
|
||||
enabled: true
|
||||
|
||||
statefulset:
|
||||
# One emptyDir to carry just the docker.sock across containers
|
||||
replicas: 3
|
||||
annotations: {}
|
||||
labels: {}
|
||||
resources: {}
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
|
||||
# Share only the docker.sock file between containers
|
||||
extraVolumes:
|
||||
- name: docker-socket
|
||||
emptyDir: {}
|
||||
@@ -11,21 +18,25 @@ statefulset:
|
||||
repository: gitea/act_runner
|
||||
tag: 0.2.13
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# Ensure runner talks to DinD via Unix socket and never uses TLS
|
||||
extraEnvs:
|
||||
- name: DOCKER_HOST
|
||||
value: unix:///var/run/docker.sock
|
||||
- name: DOCKER_BUILDKIT
|
||||
value: "1"
|
||||
# Make sure TLS vars are not set; these lines ensure they are blank
|
||||
- name: DOCKER_TLS_CERTDIR
|
||||
value: ""
|
||||
- name: DOCKER_TLS_VERIFY
|
||||
value: ""
|
||||
# Mount only the socket path from the shared volume
|
||||
|
||||
# Mount only the socket path; avoid mounting the whole /var/run
|
||||
extraVolumeMounts:
|
||||
- name: docker-socket
|
||||
mountPath: /var/run/docker.sock
|
||||
subPath: docker.sock
|
||||
|
||||
# Gitea act-runner config
|
||||
config: |
|
||||
log:
|
||||
level: info
|
||||
@@ -46,25 +57,31 @@ statefulset:
|
||||
repository: docker
|
||||
tag: 28.3.3-dind
|
||||
pullPolicy: IfNotPresent
|
||||
# Disable TLS entirely for in-pod socket use
|
||||
|
||||
# Disable TLS; use only the default Unix socket
|
||||
extraEnvs:
|
||||
- name: DOCKER_TLS_CERTDIR
|
||||
value: ""
|
||||
# Uncomment if you hit iptables legacy issues on your nodes
|
||||
# Uncomment if needed on your nodes:
|
||||
# - name: DOCKER_IPTABLES_LEGACY
|
||||
# value: "1"
|
||||
# Mount the same socket path; dockerd will create the file at startup
|
||||
|
||||
# Mount the same socket path so dockerd can create it
|
||||
extraVolumeMounts:
|
||||
- name: docker-socket
|
||||
mountPath: /var/run/docker.sock
|
||||
subPath: docker.sock
|
||||
# Ensure dockerd uses the default unix socket only; don't bind TCP
|
||||
# Some Helm charts expose command/args—include them if available:
|
||||
|
||||
# Ensure no TCP binding; unix socket only
|
||||
command: ["dockerd"]
|
||||
args:
|
||||
- "--host=unix:///var/run/docker.sock"
|
||||
- "--storage-driver=overlay2"
|
||||
|
||||
# Optional persistence for DinD (images/layers)
|
||||
persistence:
|
||||
size: 1Gi
|
||||
|
||||
init:
|
||||
image:
|
||||
repository: busybox
|
||||
|
||||
Reference in New Issue
Block a user