Gitea Act Runner¶
Gitea CI/CD runner for executing Actions workflows. Deployed in the gitea-runners namespace.
Namespace¶
gitea-runners
Components¶
| Resource | Kind | Details |
|---|---|---|
act-runner |
Deployment | Runner + Docker-in-Docker sidecar |
act-runner-vol |
PVC | 10Gi local-path, runner data at /data |
docker-certs |
emptyDir | Shared TLS certs between runner and DinD |
Architecture¶
Two containers in the same pod:
runner (gitea/act_runner:nightly)
- Connects to Gitea at http://gitea-http.gitea.svc.cluster.local:3000
- Uses Docker daemon via tcp://localhost:2376 with mTLS (DOCKER_TLS_VERIFY=1)
- Registration token stored in env (not in source)
daemon (docker:23.0.6-dind)
- Docker-in-Docker sidecar providing the Docker daemon
- Shares /certs emptyDir with the runner for TLS certificate exchange
Configuration¶
| Env var | Value |
|---|---|
GITEA_INSTANCE_URL |
http://gitea-http.gitea.svc.cluster.local:3000 |
GITEA_RUNNER_REGISTRATION_TOKEN |
Registration token (not stored in source) |
DOCKER_HOST |
tcp://localhost:2376 |
DOCKER_CERT_PATH |
/certs/client |
DOCKER_TLS_VERIFY |
1 |
Security Context¶
Both containers run as privileged: true — required for Docker-in-Docker.
Storage¶
Uses local-path storage class (not NFS) for the runner data PVC, which is more appropriate for ephemeral build state that doesn't require shared access.