lunarfront-charts/runner/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitea-runner
  namespace: runner
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: gitea-runner
  template:
    metadata:
      labels:
        app: gitea-runner
    spec:
      nodeSelector:
        role: system
      hostAliases:
        - ip: 127.0.0.1
          hostnames:
            - git.lunarfront.tech
      containers:
        - name: runner
          image: gitea/act_runner:latest
          workingDir: /data
          command: ["sh", "-c", "until nc -z localhost 2375 2>/dev/null; do echo 'waiting for dind...'; sleep 2; done && if [ ! -f /data/.runner ]; then /usr/local/bin/act_runner register --no-interactive --instance \"$GITEA_INSTANCE_URL\" --token \"$GITEA_RUNNER_REGISTRATION_TOKEN\" --name \"$GITEA_RUNNER_NAME\" --config \"$CONFIG_FILE\"; fi && exec /usr/local/bin/act_runner daemon --config \"$CONFIG_FILE\""]
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: 2000m
              memory: 2Gi
          env:
            - name: GITEA_INSTANCE_URL
              value: http://gitea-http.gitea.svc.cluster.local:3000
            - name: GITEA_RUNNER_REGISTRATION_TOKEN
              valueFrom:
                secretKeyRef:
                  name: gitea-runner-token
                  key: token
            - name: GITEA_RUNNER_NAME
              value: k8s-runner
            - name: DOCKER_HOST
              value: tcp://localhost:2375
            - name: DOCKER_TLS_VERIFY
              value: "0"
            - name: CONFIG_FILE
              value: /etc/runner/config.yaml
          volumeMounts:
            - name: runner-config
              mountPath: /etc/runner
            - name: runner-data
              mountPath: /data

        - name: registry-proxy
          image: haproxy:alpine
          securityContext:
            runAsUser: 0
          resources:
            requests:
              cpu: 10m
              memory: 32Mi
            limits:
              cpu: 100m
              memory: 128Mi
          volumeMounts:
            - name: haproxy-config
              mountPath: /usr/local/etc/haproxy

        - name: dind
          image: docker:dind
          securityContext:
            privileged: true
          resources:
            requests:
              cpu: 100m
              memory: 256Mi
            limits:
              cpu: 2000m
              memory: 4Gi
          env:
            - name: DOCKER_TLS_CERTDIR
              value: ""
          args: ["--host=tcp://0.0.0.0:2375"]

      volumes:
        - name: runner-config
          configMap:
            name: gitea-runner-config
        - name: runner-data
          persistentVolumeClaim:
            claimName: gitea-runner-data
        - name: haproxy-config
          configMap:
            name: runner-haproxy-config