video-iac/k8s/jam-cloud-infra/act-runner.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: act-runner-config
  namespace: jam-cloud-infra
data:
  config.yaml: |
    log:
      level: info
    runner:
      capacity: 1
      timeout: 3h
    container:
      network: ""
      # Give the job container access to the Docker daemon so Dagger can spin up its engine
      options: "-v /var/run/docker.sock:/var/run/docker.sock"
      valid_volumes:
        - "**"    
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: act-runner
  namespace: jam-cloud-infra
  labels:
    app: act-runner
spec:
  replicas: 1
  selector:
    matchLabels:
      app: act-runner
  template:
    metadata:
      labels:
        app: act-runner
    spec:
      containers:
      - name: runner
        image: gitea/act_runner:latest
        env:
        - name: CONFIG_FILE
          value: /etc/act_runner/config.yaml
        - name: GITEA_INSTANCE_URL
          value: http://gitea.jam-cloud-infra.svc.cluster.local:80
        - name: GITEA_RUNNER_REGISTRATION_TOKEN
          value: "UL6SkV1E8cN6M017vNrmN3X2PPGxmcIDjsbbUvuq"
        - name: GITEA_RUNNER_NAME
          value: "k8s-runner"
        - name: GITEA_RUNNER_LABELS
          value: "ubuntu-latest:docker://node:16-bullseye,ubuntu-22.04:docker://node:16-bullseye,dagger:docker://nixpkgs/nix:latest"
        securityContext:
          privileged: true
        volumeMounts:
        - name: docker-sock
          mountPath: /var/run/docker.sock
        - name: config
          mountPath: /etc/act_runner
      - name: dind
        image: docker:23.0.5-dind
        env:
        - name: DOCKER_TLS_CERTDIR
          value: ""
        securityContext:
          privileged: true
        volumeMounts:
        - name: docker-sock
          mountPath: /var/run/docker.sock
      volumes:
      - name: docker-sock
        emptyDir: {}
      - name: config
        configMap:
          name: act-runner-config