gitea revert to dind runner

2024-05-25 10:45:27 +02:00
parent d53ee0079e
commit 9f8ae4b0fa
6 changed files with 42 additions and 124 deletions
--- a/infrastructure/gitea/actions.deployment.yaml
+++ b/infrastructure/gitea/actions.deployment.yaml
@@ -1,28 +1,24 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: actions-runner
+  labels:
+    app: act-runner
+  name: act-runner
 spec:
+  replicas: 1
  selector:
    matchLabels:
-      app: actions-runner
+      app: act-runner
  template:
    metadata:
      labels:
-        app: actions-runner
+        app: act-runner
    spec:
-      hostname: kube-runner
-      serviceAccountName: actions-runner
+      restartPolicy: Always
      containers:
-      - name: actions-runner
-        image: actions-runner
-        resources:
-          requests:
-            memory: "128Mi"
-            cpu: "500m"
-          limits:
-            memory: "2Gi"
-            cpu: "2"
+      - name: runner
+        image: runner
+        command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"]
        env:
        - name: DOCKER_HOST
          value: tcp://localhost:2376
@@ -37,30 +33,40 @@ spec:
            secretKeyRef:
              name: actions-runner-secret
              key: runner-token
-        # - name: GITEA_RUNNER_LABELS
-        #   value: ubuntu-latest:docker://node:16-bullseye,ubuntu-22.04:docker://node:16-bullseye
        - name: ACTIONS_RUNNER_POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
-        - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
-          value: "true"
-        - name: ACTIONS_RUNNER_CONTAINER_HOOKS
-          value: /home/runner/k8s/index.js
-        - name: ACTIONS_RUNNER_CLAIM_NAME
-          value: runner-workdir
-        - name: GITEA_RUNNER_LABELS
-          value: k8s
        volumeMounts:
-        - name: runner-workdir
-          mountPath: /home/runner/_work
+        - name: docker-certs
+          mountPath: /certs
        - name: runner-data
          mountPath: /data
-    
+        resources:
+          limits:
+            memory: "1Gi"
+            cpu: "1"
+
+      - name: daemon
+        image: daemon
+        env:
+        - name: DOCKER_TLS_CERTDIR
+          value: /certs
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: docker-certs
+          mountPath: /certs
+        resources:
+          requests:
+            memory: "128Mi"
+            cpu: "500m"
+          limits:
+            memory: "4Gi"
+            cpu: "4"    
      volumes:
-      - name: runner-workdir
-        persistentVolumeClaim:
-          claimName: runner-workdir
+      - name: docker-certs
+        emptyDir: {}
      - name: runner-data
        persistentVolumeClaim:
          claimName: runner-data
@@ -77,16 +83,3 @@ spec:
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: runner-workdir
-spec:
-  resources:
-    requests:
-      storage: 5Gi
-  storageClassName: "nfs-client"
-  volumeMode: Filesystem
-  accessModes:
-    - ReadWriteMany