apiVersion: apps/v1
kind: Deployment
metadata:
  name: actions-runner
spec:
  selector:
    matchLabels:
      app: actions-runner
  template:
    metadata:
      labels:
        app: actions-runner
    spec:
      hostname: kube-runner
      # serviceAccountName: actions-runner
      containers:
      - name: actions-runner
        image: actions-runner
        resources:
          requests:
            memory: "128Mi"
            cpu: "500m"
          limits:
            memory: "2Gi"
            cpu: "2"
        env:
        - name: DOCKER_HOST
          value: tcp://localhost:2376
        - name: DOCKER_CERT_PATH
          value: /certs/client
        - name: DOCKER_TLS_VERIFY
          value: "1"
        - name: GITEA_INSTANCE_URL
          value: "https://git.kluster.moll.re"
        - name: GITEA_RUNNER_REGISTRATION_TOKEN
          valueFrom:
            secretKeyRef:
              name: actions-runner-secret
              key: runner-token
        - name: GITEA_RUNNER_LABELS
          value: k8s
        volumeMounts:
        - name: runner-data
          mountPath: /data
      - name: daemon
        image: docker:23.0.6-dind
        env:
        - name: DOCKER_TLS_CERTDIR
          value: /certs
        securityContext:
          privileged: true
        volumeMounts:
        - name: docker-certs
          mountPath: /certs
        resources:
          requests:
            memory: "128Mi"
            cpu: "500m"
          limits:
            memory: "2Gi"
            cpu: "2"

      volumes:
      - name: runner-data
        emptyDir: {}
      - name: docker-certs
        emptyDir: {}