# values.yaml (full relevant sections) enabled: true statefulset: # One emptyDir to carry just the docker.sock across containers extraVolumes: - name: docker-socket emptyDir: {} actRunner: repository: gitea/act_runner tag: 0.2.13 pullPolicy: IfNotPresent extraEnvs: - name: DOCKER_HOST value: unix:///var/run/docker.sock - name: DOCKER_BUILDKIT value: "1" # Make sure TLS vars are not set; these lines ensure they are blank - name: DOCKER_TLS_CERTDIR value: "" - name: DOCKER_TLS_VERIFY value: "" # Mount only the socket path from the shared volume extraVolumeMounts: - name: docker-socket mountPath: /var/run/docker.sock subPath: docker.sock config: | log: level: info cache: enabled: false runner: labels: - "artemis" - "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" - "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04" - "ubuntu-20.04:docker://docker.gitea.com/runner-images:ubuntu-20.04" container: privileged: true require_docker: true docker_timeout: 300s dind: repository: docker tag: 28.3.3-dind pullPolicy: IfNotPresent # Disable TLS entirely for in-pod socket use extraEnvs: - name: DOCKER_TLS_CERTDIR value: "" # Uncomment if you hit iptables legacy issues on your nodes # - name: DOCKER_IPTABLES_LEGACY # value: "1" # Mount the same socket path; dockerd will create the file at startup extraVolumeMounts: - name: docker-socket mountPath: /var/run/docker.sock subPath: docker.sock # Ensure dockerd uses the default unix socket only; don't bind TCP # Some Helm charts expose command/args—include them if available: command: ["dockerd"] args: - "--host=unix:///var/run/docker.sock" - "--storage-driver=overlay2" init: image: repository: busybox tag: "1.37.0" existingSecret: "gitea-runner-token" existingSecretKey: "token" giteaRootURL: "https://git.dgse.cloud" global: imageRegistry: "" storageClass: ""