enabled: true statefulset: replicas: 3 annotations: {} labels: {} resources: {} nodeSelector: {} tolerations: [] affinity: {} # Share only the docker.sock file between containers extraVolumes: - name: docker-socket emptyDir: {} actRunner: repository: gitea/act_runner tag: 0.2.13 pullPolicy: IfNotPresent # Ensure runner talks to DinD via Unix socket and never uses TLS extraEnvs: - name: DOCKER_HOST value: unix:///var/run/docker.sock - name: DOCKER_BUILDKIT value: "1" - name: DOCKER_TLS_CERTDIR value: "" - name: DOCKER_TLS_VERIFY value: "" # Mount only the socket path; avoid mounting the whole /var/run extraVolumeMounts: - name: docker-socket mountPath: /var/run/docker.sock subPath: docker.sock # Gitea act-runner config config: | log: level: info cache: enabled: false runner: labels: - "artemis" - "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" - "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04" - "ubuntu-20.04:docker://docker.gitea.com/runner-images:ubuntu-20.04" container: privileged: true require_docker: true docker_timeout: 300s dind: repository: docker tag: 28.3.3-dind pullPolicy: IfNotPresent # Disable TLS; use only the default Unix socket extraEnvs: - name: DOCKER_TLS_CERTDIR value: "" # Uncomment if needed on your nodes: # - name: DOCKER_IPTABLES_LEGACY # value: "1" # Mount the same socket path so dockerd can create it extraVolumeMounts: - name: docker-socket mountPath: /var/run/docker.sock subPath: docker.sock # Ensure no TCP binding; unix socket only command: ["dockerd"] args: - "--host=unix:///var/run/docker.sock" - "--storage-driver=overlay2" # Optional persistence for DinD (images/layers) persistence: size: 1Gi init: image: repository: busybox tag: "1.37.0" existingSecret: "gitea-runner-token" existingSecretKey: "token" giteaRootURL: "https://git.dgse.cloud" global: imageRegistry: "" storageClass: ""