apiVersion: apps/v1 kind: Deployment metadata: name: gitea-runner namespace: runner spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: gitea-runner template: metadata: labels: app: gitea-runner spec: nodeSelector: role: system hostAliases: - ip: 127.0.0.1 hostnames: - git.lunarfront.tech containers: - name: runner image: gitea/act_runner:latest workingDir: /data command: ["sh", "-c", "until nc -z localhost 2375 2>/dev/null; do echo 'waiting for dind...'; sleep 2; done && if [ ! -f /data/.runner ]; then /usr/local/bin/act_runner register --no-interactive --instance \"$GITEA_INSTANCE_URL\" --token \"$GITEA_RUNNER_REGISTRATION_TOKEN\" --name \"$GITEA_RUNNER_NAME\" --config \"$CONFIG_FILE\"; fi && exec /usr/local/bin/act_runner daemon --config \"$CONFIG_FILE\""] resources: requests: cpu: 100m memory: 128Mi limits: cpu: 2000m memory: 2Gi env: - name: GITEA_INSTANCE_URL value: http://gitea-http.gitea.svc.cluster.local:3000 - name: GITEA_RUNNER_REGISTRATION_TOKEN valueFrom: secretKeyRef: name: gitea-runner-token key: token - name: GITEA_RUNNER_NAME value: k8s-runner - name: DOCKER_HOST value: tcp://localhost:2375 - name: DOCKER_TLS_VERIFY value: "0" - name: CONFIG_FILE value: /etc/runner/config.yaml volumeMounts: - name: runner-config mountPath: /etc/runner - name: runner-data mountPath: /data - name: registry-proxy image: haproxy:alpine securityContext: runAsUser: 0 resources: requests: cpu: 10m memory: 32Mi limits: cpu: 100m memory: 128Mi volumeMounts: - name: haproxy-config mountPath: /usr/local/etc/haproxy - name: dind image: docker:dind securityContext: privileged: true resources: requests: cpu: 100m memory: 256Mi limits: cpu: 2000m memory: 4Gi env: - name: DOCKER_TLS_CERTDIR value: "" args: ["--host=tcp://0.0.0.0:2375"] volumes: - name: runner-config configMap: name: gitea-runner-config - name: runner-data persistentVolumeClaim: claimName: gitea-runner-data - name: haproxy-config configMap: name: runner-haproxy-config