Simplify dind setup to allow for default docker config in workflows (#46)

### Description of the change This switches the dind daemon to socket mode which allows default docker config in workflows. If also simplifies the statefulset by leveraging sidecar containers and probes to replace the inline bash script ### Benefits No need to override docker configs in workflows. Enable use of buildx ### Possible drawbacks EOL kubernetes versions i.e before 1.29 may not support sidecar containers ### Applicable issues - Fixes #40 - Fixes #27 ### ⚠ BREAKING Switches Docker client to socket mode instead of TCP. Any workflows that override the default docker client config will need to be updated. ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [x] Breaking changes are documented in the `README.md` - [x] Helm templating unittests are added (required when changing anything in `templates` folder) - [x] Bash unittests are added (required when changing anything in `scripts` folder) - [x] All added template resources MUST render a namespace in metadata Co-authored-by: ThisIsQasim <18313886+ThisIsQasim@users.noreply.github.com> Co-authored-by: ChristopherHX <christopherhx@noreply.gitea.com> Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/46 Reviewed-by: DaanSelen <daanselen@noreply.gitea.com> Reviewed-by: ChristopherHX <christopherhx@noreply.gitea.com> Co-authored-by: thisisqasim <thisisqasim@noreply.gitea.com> Co-committed-by: thisisqasim <thisisqasim@noreply.gitea.com>
2026-04-05 09:10:46 +00:00 · 2025-11-03 20:54:01 +00:00
parent b91d297e32
commit d17d1fd865
2 changed files with 46 additions and 44 deletions
--- a/templates/statefulset.yaml
+++ b/templates/statefulset.yaml
@ -45,18 +45,42 @@ spec:
                echo "Trying again in 3 seconds..."
              done
              echo "Gitea has been reached!"
+        - name: dind
+          image: "{{ include "gitea.actions.dind.image" . }}"
+          imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
+          {{- if .Values.statefulset.dind.extraEnvs }}
+          env:
+            {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
+          {{- end }}
+          restartPolicy: Always
+          securityContext:
+            privileged: true
+          startupProbe:
+            exec:
+              command:
+                - /usr/bin/test
+                - -S
+                - /var/run/docker.sock
+          livenessProbe:
+            exec:
+              command:
+                - /usr/bin/test
+                - -S
+                - /var/run/docker.sock
+          resources:
+            {{- toYaml .Values.statefulset.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /var/run/
+              name: docker-socket
+            {{- with .Values.statefulset.dind.extraVolumeMounts }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
      containers:
        - name: act-runner
          image: "{{ include "gitea.actions.actRunner.image" . }}"
          imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }}
          workingDir: /data
          env:
-            - name: DOCKER_HOST
-              value: tcp://127.0.0.1:2376
-            - name: DOCKER_TLS_VERIFY
-              value: "1"
-            - name: DOCKER_CERT_PATH
-              value: /certs/client
            - name: GITEA_RUNNER_REGISTRATION_TOKEN
              valueFrom:
                secretKeyRef:
@ -77,36 +101,14 @@ spec:
            - mountPath: /actrunner/config.yaml
              name: act-runner-config
              subPath: config.yaml
-            - mountPath: /certs/client
-              name: docker-certs
+            - mountPath: /var/run/docker.sock
+              name: docker-socket
+              subPath: docker.sock
            - mountPath: /data
              name: data-act-runner
            {{- with .Values.statefulset.actRunner.extraVolumeMounts }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
-        - name: dind
-          image: "{{ include "gitea.actions.dind.image" . }}"
-          imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
-          env:
-            - name: DOCKER_HOST
-              value: tcp://127.0.0.1:2376
-            - name: DOCKER_TLS_VERIFY
-              value: "1"
-            - name: DOCKER_CERT_PATH
-              value: /certs/client
-            {{- if .Values.statefulset.dind.extraEnvs }}
-            {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
-            {{- end }}
-          securityContext:
-            privileged: true
-          resources:
-            {{- toYaml .Values.statefulset.resources | nindent 12 }}
-          volumeMounts:
-            - mountPath: /certs/client
-              name: docker-certs
-            {{- with .Values.statefulset.dind.extraVolumeMounts }}
-            {{- toYaml . | nindent 12 }}
-            {{- end }}
      {{- range $key, $value := .Values.statefulset.nodeSelector }}
      nodeSelector:
        {{ $key }}: {{ $value | quote }}
@ -123,7 +125,7 @@ spec:
        - name: act-runner-config
          configMap:
            name: {{ include "gitea.actions.fullname" . }}-act-runner-config
-        - name: docker-certs
+        - name: docker-socket
          emptyDir: {}
        {{- with .Values.statefulset.extraVolumes }}
        {{- toYaml . | nindent 8 }}
--- a/unittests/helm/statefulset.yaml
+++ b/unittests/helm/statefulset.yaml
@ -74,7 +74,7 @@ tests:
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
-          path: spec.template.spec.containers[1].image
+          path: spec.template.spec.initContainers[1].image
          value: test.io/dind:x.y.z
  - it: dind uses global.imageRegistry
    template: templates/statefulset.yaml
@ -92,7 +92,7 @@ tests:
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
-          path: spec.template.spec.containers[1].image
+          path: spec.template.spec.initContainers[1].image
          value: test.io/docker:28.3.3-dind
  - it: init uses fullOverride
    template: templates/statefulset.yaml
@ -152,15 +152,15 @@ tests:
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
-          path: spec.template.spec.containers[0].env[7]
+          path: spec.template.spec.containers[0].env[4]
          value:
            name: CUSTOM_ENV
            value: "1"
      - matchRegex:
-          path: spec.template.spec.containers[0].env[8].valueFrom.fieldRef.fieldPath
+          path: spec.template.spec.containers[0].env[5].valueFrom.fieldRef.fieldPath
          pattern: "metadata\\.name"
      - matchRegex:
-          path: spec.template.spec.containers[0].env[8].name
+          path: spec.template.spec.containers[0].env[5].name
          pattern: "GITEA_RUNNER_NAME"
  - it: Has fsGroup in securityContext
    template: templates/statefulset.yaml
@ -235,7 +235,7 @@ tests:
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
-          path: spec.template.spec.containers[0].env[3]
+          path: spec.template.spec.containers[0].env[0]
          value:
            name: GITEA_RUNNER_REGISTRATION_TOKEN
            valueFrom:
@ -256,7 +256,7 @@ tests:
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
-          path: spec.template.spec.containers[0].env[3]
+          path: spec.template.spec.containers[0].env[0]
          value:
            name: GITEA_RUNNER_REGISTRATION_TOKEN
            valueFrom:
@ -295,7 +295,7 @@ tests:
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
-          path: spec.template.spec.containers[0].env[4]
+          path: spec.template.spec.containers[0].env[1]
          value:
            name: GITEA_INSTANCE_URL
            value: "http://git.example.com"
@ -323,7 +323,7 @@ tests:
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
-          path: spec.template.spec.containers[0].env[4]
+          path: spec.template.spec.containers[0].env[1]
          value:
            name: GITEA_INSTANCE_URL
            value: "https://git.example.com"
@ -351,7 +351,7 @@ tests:
          apiVersion: apps/v1
          name: gitea-unittests-actions-act-runner
      - equal:
-          path: spec.template.spec.containers[0].env[4]
+          path: spec.template.spec.containers[0].env[1]
          value:
            name: GITEA_INSTANCE_URL
            value: "https://git.example.com:8443"
@ -375,7 +375,7 @@ tests:
              value: "custom env value"
    asserts:
      - equal:
-          path: spec.template.spec.containers[1].env[3]
+          path: spec.template.spec.initContainers[1].env[0]
          value:
            name: "CUSTOM_ENV_NAME"
            value: "custom env value"
@ -425,7 +425,7 @@ tests:
          name: gitea-unittests-actions-act-runner
      - contains:
          any: true
-          path: spec.template.spec.containers[1].volumeMounts
+          path: spec.template.spec.initContainers[1].volumeMounts
          content:
            mountPath: /mnt
            name: my-dind-volume