use dind-rootless image instead of two containers

2025-04-20 09:44:13 +05:30
parent 3e66360e26
commit 2c9df76f77
1 changed files with 14 additions and 22 deletions
--- a/cluster/apps/gitea/gitea-act.yml
+++ b/cluster/apps/gitea/gitea-act.yml
@@ -16,6 +16,8 @@ spec:
      labels:
        app: gitea-actions-runner
    spec:
+      securityContext:
+        fsGroup: 1000
      initContainers:
      - name: wait-for-gitea
        image: busybox
@@ -29,7 +31,9 @@ spec:
            done
      containers:
      - name: runner
-        image: gitea/act_runner:latest
+        image: gitea/act_runner:0.2.11-dind-rootless
+        securityContext:
+          privileged: true
        env:
        - name: GITEA_INSTANCE_URL
          value: "http://gitea-int-service:3000/"
@@ -38,28 +42,16 @@ spec:
            secretKeyRef:
              name: gitea-runner-token
              key: token
-        - name: GITEA_RUNNER_NAME
-          value: "k3s-dind-runner"
-        - name: GITEA_RUNNER_LABELS
-          value: "ubuntu-latest:docker://node:16-bullseye,ubuntu-22.04:docker://node:16-bullseye,ubuntu-20.04:docker://node:16-bullseye"
+        - name: DOCKER_HOST
+          value: tcp://localhost:2376
+        - name: DOCKER_CERT_PATH
+          value: /certs/client
+        - name: DOCKER_TLS_VERIFY
+          value: "1"
        volumeMounts:
-        - name: var-run
-          mountPath: /var/run
-      - name: dind
-        image: docker:dind
-        securityContext:
-          privileged: true
-        env:
-        - name: DOCKER_TLS_CERTDIR
-          value: ""
-        volumeMounts:
-        - name: dind-storage
-          mountPath: /var/lib/docker
-        - name: var-run
-          mountPath: /var/run
+        - name: storage
+          mountPath: /data
      volumes:
-      - name: dind-storage
+      - name: storage
        persistentVolumeClaim:
          claimName: longhorn-gitea-dind
-      - name: var-run
-        emptyDir: {}