From af6696279c590a0aaf28ad51b4f49784c074ea4c Mon Sep 17 00:00:00 2001 From: stackops Date: Thu, 9 Apr 2026 15:40:50 +0300 Subject: [PATCH] fix runner config: socket DinD, docker:27, sh shell --- 08-gitea-runner/runner.yaml | 31 ++++----- 08-gitea-runner/runner.yaml.bak | 118 ++++++++++++++++++++++++++++++++ 2 files changed, 132 insertions(+), 17 deletions(-) create mode 100644 08-gitea-runner/runner.yaml.bak diff --git a/08-gitea-runner/runner.yaml b/08-gitea-runner/runner.yaml index 9ae91bc..f40fcd2 100644 --- a/08-gitea-runner/runner.yaml +++ b/08-gitea-runner/runner.yaml @@ -25,11 +25,12 @@ data: capacity: 1 timeout: 1h labels: - - "ubuntu-latest:docker://node:20-bookworm" - - "ubuntu-22.04:docker://node:20-bookworm" + - "ubuntu-latest:docker://docker:27" + - "ubuntu-22.04:docker://docker:27" container: - network: "" + network: host privileged: true + docker_host: unix:///var/run/docker.sock options: "" workdir_parent: /workspace --- @@ -53,21 +54,18 @@ spec: image: gitea/act_runner:latest env: - name: DOCKER_HOST - value: tcp://localhost:2376 - - name: DOCKER_TLS_VERIFY - value: "1" - - name: DOCKER_CERT_PATH - value: /certs/client + value: unix:///var/run/docker.sock command: ["sh", "-c"] args: - | - while ! nc -z localhost 2376; do sleep 1; done + apk add --no-cache docker-cli >/dev/null 2>&1 + while ! docker info >/dev/null 2>&1; do sleep 1; done act_runner register --no-interactive \ --instance http://gitea-http.gitea.svc.cluster.local:3000 \ --token "$(cat /secret/token)" \ --name k3s-runner \ --config /config/config.yaml \ - --labels "ubuntu-latest:docker://node:20-bookworm,ubuntu-22.04:docker://node:20-bookworm" + --labels "ubuntu-latest:docker://docker:27,ubuntu-22.04:docker://docker:27" act_runner daemon --config /config/config.yaml volumeMounts: - name: secret @@ -76,9 +74,8 @@ spec: - name: config mountPath: /config readOnly: true - - name: certs - mountPath: /certs - readOnly: true + - name: docker-sock + mountPath: /var/run - name: data mountPath: /data resources: @@ -94,10 +91,10 @@ spec: privileged: true env: - name: DOCKER_TLS_CERTDIR - value: /certs + value: "" volumeMounts: - - name: certs - mountPath: /certs + - name: docker-sock + mountPath: /var/run - name: dind-storage mountPath: /var/lib/docker resources: @@ -114,7 +111,7 @@ spec: - name: config configMap: name: runner-config - - name: certs + - name: docker-sock emptyDir: {} - name: data emptyDir: {} diff --git a/08-gitea-runner/runner.yaml.bak b/08-gitea-runner/runner.yaml.bak new file mode 100644 index 0000000..fdfb950 --- /dev/null +++ b/08-gitea-runner/runner.yaml.bak @@ -0,0 +1,118 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: gitea-runner +--- +apiVersion: v1 +kind: Secret +metadata: + name: runner-secret + namespace: gitea-runner +stringData: + token: "m7uOZcE8st7MtvjI2YThQy6em5GoCs2TPMXSnvdV" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: runner-config + namespace: gitea-runner +data: + config.yaml: | + log: + level: info + runner: + file: .runner + capacity: 1 + timeout: 1h + labels: + - "ubuntu-latest:docker://docker:27-git" + - "ubuntu-22.04:docker://docker:27-git" + container: + network: host + privileged: true + docker_host: unix:///var/run/docker.sock + options: "-v /var/run/docker.sock:/var/run/docker.sock -v /certs/client:/certs/client" + workdir_parent: /workspace +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitea-runner + namespace: gitea-runner +spec: + replicas: 1 + selector: + matchLabels: + app: gitea-runner + template: + metadata: + labels: + app: gitea-runner + spec: + containers: + - name: runner + image: gitea/act_runner:latest + env: + - name: DOCKER_HOST + value: unix:///var/run/docker.sock + command: ["sh", "-c"] + args: + - | + while ! docker info >/dev/null 2>&1; do sleep 1; done + act_runner register --no-interactive \ + --instance http://gitea-http.gitea.svc.cluster.local:3000 \ + --token "$(cat /secret/token)" \ + --name k3s-runner \ + --config /config/config.yaml \ + --labels "ubuntu-latest:docker://docker:27-git,ubuntu-22.04:docker://docker:27-git" + act_runner daemon --config /config/config.yaml + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: config + mountPath: /config + readOnly: true + - name: docker-sock + mountPath: /var/run + - name: data + mountPath: /data + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + - name: dind + image: docker:27-dind + securityContext: + privileged: true + env: + - name: DOCKER_TLS_CERTDIR + value: "" + volumeMounts: + - name: docker-sock + mountPath: /var/run + - name: dind-storage + mountPath: /var/lib/docker + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 2000m + memory: 2Gi + volumes: + - name: secret + secret: + secretName: runner-secret + - name: config + configMap: + name: runner-config + - name: docker-sock + emptyDir: {} + - name: data + emptyDir: {} + - name: dind-storage + emptyDir: {}