apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: act-runner-dind-rootless
  name: act-runner-dind-rootless
  namespace: gitea
spec:
  replicas: 1
  selector:
    matchLabels:
      app: act-runner-dind-rootless
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: act-runner-dind-rootless
    spec:
      hostname: act-runner-dind-rootless
      restartPolicy: Always
      volumes:
      - name: runner-config
        configMap:
          name: runner-config
          items:
          - key: dind-rootless-config.yml
            path: dind-rootless-config.yml
      - name: docker-certs
        emptyDir: {}
      - name: runner-data
        persistentVolumeClaim:
          claimName: act-runner-dind-rootless
      securityContext:
        fsGroup: 1000
      containers:
      - name: runner
        image: gitea/act_runner:nightly-dind-rootless
        imagePullPolicy: Always
        env:
        - name: CONFIG_FILE
          value: /opt/act/config.yml
        - name: DOCKER_HOST
          value: tcp://localhost:2376
        - name: DOCKER_CERT_PATH
          value: /certs/client
        - name: DOCKER_TLS_VERIFY
          value: "1"
        - name: GITEA_INSTANCE_URL
          value: http://gitea.gitea.svc.cluster.local:3000
        - name: GITEA_RUNNER_LABELS
          value: dind-rootless:docker://node:16-bullseye
        - name: GITEA_RUNNER_REGISTRATION_TOKEN
          valueFrom:
            secretKeyRef:
              name: runner-secret
              key: token
        securityContext:
          privileged: true
        volumeMounts:
        - name: runner-data
          mountPath: /data
        - name: runner-config
          mountPath: /opt/act/config.yml
          subPath: dind-rootless-config.yml