apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: act-runner
  name: act-runner
spec:
  replicas: 1
  selector:
    matchLabels:
      app: act-runner
  template:
    metadata:
      labels:
        app: act-runner
    spec:
      restartPolicy: Always
      containers:
      - name: runner
        image: vegardit/gitea-act-runner:dind-latest
        env:
        - name: GITEA_INSTANCE_URL
          value: "https://git.kluster.moll.re"
        - name: GITEA_RUNNER_REGISTRATION_TOKEN
          valueFrom:
            secretKeyRef:
              name: actions-runner-secret
              key: runner-token
        - name: ACTIONS_RUNNER_POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: GITEA_RUNNER_UID
          value: '1000'
        - name: GITEA_RUNNER_GID
          value: '1000'
        - name: GITEA_RUNNER_JOB_CONTAINER_PRIVILEGED
          value: 'true'
        securityContext:
          privileged: true
        volumeMounts:
        - name: runner-data
          mountPath: /data
      volumes:
      - name: runner-data
        persistentVolumeClaim:
          claimName: runner-data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: runner-data
spec:
  resources:
    requests:
      storage: 5Gi
  storageClassName: "nfs-client"
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany