diff --git a/templates/statefulset.yaml b/templates/statefulset.yaml index a1b550d..8cbcf3c 100644 --- a/templates/statefulset.yaml +++ b/templates/statefulset.yaml @@ -45,18 +45,42 @@ spec: echo "Trying again in 3 seconds..." done echo "Gitea has been reached!" + - name: dind + image: "{{ include "gitea.actions.dind.image" . }}" + imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }} + {{- if .Values.statefulset.dind.extraEnvs }} + env: + {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }} + {{- end }} + restartPolicy: Always + securityContext: + privileged: true + startupProbe: + exec: + command: + - /usr/bin/test + - -S + - /var/run/docker.sock + livenessProbe: + exec: + command: + - /usr/bin/test + - -S + - /var/run/docker.sock + resources: + {{- toYaml .Values.statefulset.resources | nindent 12 }} + volumeMounts: + - mountPath: /var/run/ + name: docker-socket + {{- with .Values.statefulset.dind.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} containers: - name: act-runner image: "{{ include "gitea.actions.actRunner.image" . }}" imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }} workingDir: /data env: - - name: DOCKER_HOST - value: tcp://127.0.0.1:2376 - - name: DOCKER_TLS_VERIFY - value: "1" - - name: DOCKER_CERT_PATH - value: /certs/client - name: GITEA_RUNNER_REGISTRATION_TOKEN valueFrom: secretKeyRef: @@ -77,36 +101,14 @@ spec: - mountPath: /actrunner/config.yaml name: act-runner-config subPath: config.yaml - - mountPath: /certs/client - name: docker-certs + - mountPath: /var/run/docker.sock + name: docker-socket + subPath: docker.sock - mountPath: /data name: data-act-runner {{- with .Values.statefulset.actRunner.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} - - name: dind - image: "{{ include "gitea.actions.dind.image" . }}" - imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }} - env: - - name: DOCKER_HOST - value: tcp://127.0.0.1:2376 - - name: DOCKER_TLS_VERIFY - value: "1" - - name: DOCKER_CERT_PATH - value: /certs/client - {{- if .Values.statefulset.dind.extraEnvs }} - {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }} - {{- end }} - securityContext: - privileged: true - resources: - {{- toYaml .Values.statefulset.resources | nindent 12 }} - volumeMounts: - - mountPath: /certs/client - name: docker-certs - {{- with .Values.statefulset.dind.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} {{- range $key, $value := .Values.statefulset.nodeSelector }} nodeSelector: {{ $key }}: {{ $value | quote }} @@ -123,7 +125,7 @@ spec: - name: act-runner-config configMap: name: {{ include "gitea.actions.fullname" . }}-act-runner-config - - name: docker-certs + - name: docker-socket emptyDir: {} {{- with .Values.statefulset.extraVolumes }} {{- toYaml . | nindent 8 }} diff --git a/unittests/helm/statefulset.yaml b/unittests/helm/statefulset.yaml index a16b1dc..948bfe8 100644 --- a/unittests/helm/statefulset.yaml +++ b/unittests/helm/statefulset.yaml @@ -74,7 +74,7 @@ tests: apiVersion: apps/v1 name: gitea-unittests-actions-act-runner - equal: - path: spec.template.spec.containers[1].image + path: spec.template.spec.initContainers[1].image value: test.io/dind:x.y.z - it: dind uses global.imageRegistry template: templates/statefulset.yaml @@ -92,7 +92,7 @@ tests: apiVersion: apps/v1 name: gitea-unittests-actions-act-runner - equal: - path: spec.template.spec.containers[1].image + path: spec.template.spec.initContainers[1].image value: test.io/docker:28.3.3-dind - it: init uses fullOverride template: templates/statefulset.yaml @@ -152,15 +152,15 @@ tests: apiVersion: apps/v1 name: gitea-unittests-actions-act-runner - equal: - path: spec.template.spec.containers[0].env[7] + path: spec.template.spec.containers[0].env[4] value: name: CUSTOM_ENV value: "1" - matchRegex: - path: spec.template.spec.containers[0].env[8].valueFrom.fieldRef.fieldPath + path: spec.template.spec.containers[0].env[5].valueFrom.fieldRef.fieldPath pattern: "metadata\\.name" - matchRegex: - path: spec.template.spec.containers[0].env[8].name + path: spec.template.spec.containers[0].env[5].name pattern: "GITEA_RUNNER_NAME" - it: Has fsGroup in securityContext template: templates/statefulset.yaml @@ -235,7 +235,7 @@ tests: apiVersion: apps/v1 name: gitea-unittests-actions-act-runner - equal: - path: spec.template.spec.containers[0].env[3] + path: spec.template.spec.containers[0].env[0] value: name: GITEA_RUNNER_REGISTRATION_TOKEN valueFrom: @@ -256,7 +256,7 @@ tests: apiVersion: apps/v1 name: gitea-unittests-actions-act-runner - equal: - path: spec.template.spec.containers[0].env[3] + path: spec.template.spec.containers[0].env[0] value: name: GITEA_RUNNER_REGISTRATION_TOKEN valueFrom: @@ -295,7 +295,7 @@ tests: apiVersion: apps/v1 name: gitea-unittests-actions-act-runner - equal: - path: spec.template.spec.containers[0].env[4] + path: spec.template.spec.containers[0].env[1] value: name: GITEA_INSTANCE_URL value: "http://git.example.com" @@ -323,7 +323,7 @@ tests: apiVersion: apps/v1 name: gitea-unittests-actions-act-runner - equal: - path: spec.template.spec.containers[0].env[4] + path: spec.template.spec.containers[0].env[1] value: name: GITEA_INSTANCE_URL value: "https://git.example.com" @@ -351,7 +351,7 @@ tests: apiVersion: apps/v1 name: gitea-unittests-actions-act-runner - equal: - path: spec.template.spec.containers[0].env[4] + path: spec.template.spec.containers[0].env[1] value: name: GITEA_INSTANCE_URL value: "https://git.example.com:8443" @@ -375,7 +375,7 @@ tests: value: "custom env value" asserts: - equal: - path: spec.template.spec.containers[1].env[3] + path: spec.template.spec.initContainers[1].env[0] value: name: "CUSTOM_ENV_NAME" value: "custom env value" @@ -425,7 +425,7 @@ tests: name: gitea-unittests-actions-act-runner - contains: any: true - path: spec.template.spec.containers[1].volumeMounts + path: spec.template.spec.initContainers[1].volumeMounts content: mountPath: /mnt name: my-dind-volume