k8s.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: docker-runner
  labels:
    app: docker-runner
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: docker-runner
  template:
    metadata:
      labels:
        app: docker-runner
    spec:
      serviceAccountName: docker-runner
      containers:
      - image: docker.dolansoft.org/dolansoft/docker-runner/dind:dev2
        securityContext:
          privileged: true
        name: docker
        resources:
          requests:
            cpu: 20m
            memory: 200Mi
        volumeMounts:
        - mountPath: /var/lib/docker
          name: cache
        - mountPath: /var/run
          name: socket
        - mountPath: /etc/docker/certs.d
          name: certs
          readOnly: true
      - image: docker.dolansoft.org/dolansoft/docker-builder:dev3
        name: runner
        env:
        - name: GITLAB_URL
          value: https://git.dolansoft.org/
        - name: REGISTRY
          value: docker.dolansoft.org
        - name: DOCKER_API_VERSION
          value: "1.38"
        - name: GITLAB_RUNNER_TOKEN
          valueFrom:
            secretKeyRef:
              name: docker-builder-token
              key: token
        volumeMounts:
        - name: socket
          mountPath: /var/run
        - name: cacerts
          mountPath: /etc/ssl/certs
      volumes:
        - name: cache
          persistentVolumeClaim:
            claimName: docker-runner-cache
        - name: certs
          hostPath:
            path: /etc/docker/certs.d
        - name: socket
          emptyDir: {}
        - name: cacerts
          configMap:
            name: cacerts
      restartPolicy: Always