bp99/helm-actions
1
0
Fork 0
mirror of https://gitea.com/gitea/helm-actions.git synced 2026-04-05 09:10:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
4a82e5d96d755b57d81cfea3fb8f2088201da7cc
helm-actions/templates/statefulset.yaml
thisisqasim d17d1fd865 Simplify dind setup to allow for default docker config in workflows (#46) 
### Description of the change

This switches the dind daemon to socket mode which allows default docker config in workflows.
If also simplifies the statefulset by leveraging sidecar containers and probes to replace the inline bash script

### Benefits

No need to override docker configs in workflows. Enable use of buildx

### Possible drawbacks

EOL kubernetes versions i.e before 1.29 may not support sidecar containers

### Applicable issues

- Fixes #40
- Fixes #27

### ⚠ BREAKING

Switches Docker client to socket mode instead of TCP. Any workflows that override the default docker client config will need to be updated.

### Checklist

- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [x] Breaking changes are documented in the `README.md`
- [x] Helm templating unittests are added (required when changing anything in `templates` folder)
- [x] Bash unittests are added (required when changing anything in `scripts` folder)
- [x] All added template resources MUST render a namespace in metadata

Co-authored-by: ThisIsQasim <18313886+ThisIsQasim@users.noreply.github.com>
Co-authored-by: ChristopherHX <christopherhx@noreply.gitea.com>
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/46
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Reviewed-by: ChristopherHX <christopherhx@noreply.gitea.com>
Co-authored-by: thisisqasim <thisisqasim@noreply.gitea.com>
Co-committed-by: thisisqasim <thisisqasim@noreply.gitea.com>
2025-11-03 20:54:01 +00:00

143 lines
5.1 KiB
YAML
Raw Blame History

{{- if .Values.enabled }}
{{- $secretName := include "gitea.actions.workername" (dict "global" . "worker" "actions-token") }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
{{- include "gitea.actions.labels.actRunner" . | nindent 4 }}
{{- with .Values.statefulset.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.statefulset.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "gitea.actions.fullname" . }}-act-runner
namespace: {{ .Values.namespace | default .Release.Namespace }}
spec:
replicas: {{ .Values.statefulset.replicas | default 1 }}
selector:
matchLabels:
{{- include "gitea.actions.selectorLabels.actRunner" . | nindent 6 }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/config-act-runner.yaml") . | sha256sum }}
labels:
{{- include "gitea.actions.labels.actRunner" . | nindent 8 }}
{{- with .Values.statefulset.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
securityContext:
{{- toYaml .Values.statefulset.securityContext | nindent 8 }}
initContainers:
- name: init-gitea
image: "{{ include "gitea.actions.init.image" . }}"
command:
- sh
- -c
- |
echo 'Trying to reach Gitea on {{ include "gitea.actions.local_root_url" . }}'
until timeout 10 wget --no-check-certificate --spider {{ include "gitea.actions.local_root_url" . }}; do
sleep 3
echo "Trying again in 3 seconds..."
done
echo "Gitea has been reached!"
- name: dind
image: "{{ include "gitea.actions.dind.image" . }}"
imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
{{- if .Values.statefulset.dind.extraEnvs }}
env:
{{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
{{- end }}
restartPolicy: Always
securityContext:
privileged: true
startupProbe:
exec:
command:
- /usr/bin/test
- -S
- /var/run/docker.sock
livenessProbe:
exec:
command:
- /usr/bin/test
- -S
- /var/run/docker.sock
resources:
{{- toYaml .Values.statefulset.resources | nindent 12 }}
volumeMounts:
- mountPath: /var/run/
name: docker-socket
{{- with .Values.statefulset.dind.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
containers:
- name: act-runner
image: "{{ include "gitea.actions.actRunner.image" . }}"
imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }}
workingDir: /data
env:
- name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: "{{ .Values.existingSecret | default $secretName }}"
key: "{{ .Values.existingSecretKey | default "token" }}"
- name: GITEA_INSTANCE_URL
value: {{ include "gitea.actions.local_root_url" . }}
- name: CONFIG_FILE
value: /actrunner/config.yaml
- name: TZ
value: {{ .Values.statefulset.timezone | default "Etc/UTC" }}
{{- if .Values.statefulset.actRunner.extraEnvs }}
{{- toYaml .Values.statefulset.actRunner.extraEnvs | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.statefulset.resources | nindent 12 }}
volumeMounts:
- mountPath: /actrunner/config.yaml
name: act-runner-config
subPath: config.yaml
- mountPath: /var/run/docker.sock
name: docker-socket
subPath: docker.sock
- mountPath: /data
name: data-act-runner
{{- with .Values.statefulset.actRunner.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- range $key, $value := .Values.statefulset.nodeSelector }}
nodeSelector:
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- with .Values.statefulset.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.statefulset.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: act-runner-config
configMap:
name: {{ include "gitea.actions.fullname" . }}-act-runner-config
- name: docker-socket
emptyDir: {}
{{- with .Values.statefulset.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
volumeClaimTemplates:
- metadata:
name: data-act-runner
spec:
accessModes: [ "ReadWriteOnce" ]
{{- include "gitea.actions.persistence.storageClass" . | nindent 8 }}
resources:
requests:
storage: {{ .Values.statefulset.persistence.size }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink