apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitea-runner
  namespace: geocrop
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitea-runner
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: gitea-runner
    spec:
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      containers:
      - name: runner
        image: gitea/act_runner:latest
        env:
        - name: GITEA_INSTANCE_URL
          value: http://gitea.geocrop.svc.cluster.local:3000
        - name: GITEA_RUNNER_REGISTRATION_TOKEN
          value: "3daF7zwBC94Q5YCb1mW1VnfPi4L7pgMxSHhKOBOn"
        - name: GITEA_RUNNER_NAME
          value: "k3s-runner"
        - name: CONFIG_FILE
          value: /config.yaml
        - name: DOCKER_HOST
          value: tcp://localhost:2376
        - name: DOCKER_TLS_CERTDIR
          value: /certs/client
        - name: DOCKER_CERT_PATH
          value: /certs/client
        - name: DOCKER_TLS_VERIFY
          value: "1"
        securityContext:
          privileged: true
        volumeMounts:
        - name: runner-data
          mountPath: /data
        - name: docker-certs
          mountPath: /certs/client
          readOnly: true
        - name: config
          mountPath: /config.yaml
          subPath: config.yaml
      - name: dind
        image: docker:dind
        securityContext:
          privileged: true
        env:
        - name: DOCKER_TLS_CERTDIR
          value: /certs/client
        - name: DOCKER_DRIVER
          value: overlay2
        volumeMounts:
        - name: runner-data
          mountPath: /data
        - name: docker-graph-storage
          mountPath: /var/lib/docker
        - name: docker-certs
          mountPath: /certs/client
      volumes:
      - name: runner-data
        emptyDir: {}
      - name: docker-graph-storage
        emptyDir: {}
      - name: docker-certs
        emptyDir: {}
      - name: config
        configMap:
          name: gitea-runner-config