diff --git a/charts/gha-runner-scale-set-controller/Chart.yaml b/charts/gha-runner-scale-set-controller/Chart.yaml index 97f9940..5a7e32d 100644 --- a/charts/gha-runner-scale-set-controller/Chart.yaml +++ b/charts/gha-runner-scale-set-controller/Chart.yaml @@ -1,12 +1,33 @@ apiVersion: v2 -appVersion: 0.6.0 +name: gha-runner-scale-set-controller description: A Helm chart for install actions-runner-controller CRD + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.6.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.6.1" + home: https://github.com/actions/actions-runner-controller -maintainers: -- name: actions - url: https://github.com/actions -name: gha-runner-scale-set-controller + sources: -- https://github.com/actions/actions-runner-controller -type: application -version: 0.6.0 + - "https://github.com/actions/actions-runner-controller" + +maintainers: + - name: actions + url: https://github.com/actions diff --git a/charts/gha-runner-scale-set/Chart.yaml b/charts/gha-runner-scale-set/Chart.yaml index 30dfd74..e8f6ce4 100644 --- a/charts/gha-runner-scale-set/Chart.yaml +++ b/charts/gha-runner-scale-set/Chart.yaml @@ -1,12 +1,33 @@ apiVersion: v2 -appVersion: 0.6.0 +name: gha-runner-scale-set description: A Helm chart for deploying an AutoScalingRunnerSet + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.6.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.6.1" + home: https://github.com/actions/dev-arc -maintainers: -- name: actions - url: https://github.com/actions -name: gha-runner-scale-set + sources: -- https://github.com/actions/dev-arc -type: application -version: 0.6.0 + - "https://github.com/actions/dev-arc" + +maintainers: + - name: actions + url: https://github.com/actions diff --git a/charts/gha-runner-scale-set/templates/_helpers.tpl b/charts/gha-runner-scale-set/templates/_helpers.tpl index 80cc4af..1e309ab 100644 --- a/charts/gha-runner-scale-set/templates/_helpers.tpl +++ b/charts/gha-runner-scale-set/templates/_helpers.tpl @@ -10,6 +10,10 @@ gha-rs {{- default (include "gha-base-name" .) .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} +{{- define "gha-runner-scale-set.scale-set-name" -}} +{{ .Values.runnerScaleSetName | default .Release.Name }} +{{- end }} + {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). @@ -17,7 +21,7 @@ If release name contains chart name it will be used as a full name. */}} {{- define "gha-runner-scale-set.fullname" -}} {{- $name := default (include "gha-base-name" .) }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- printf "%s-%s" (include "gha-runner-scale-set.scale-set-name" .) $name | trunc 63 | trimSuffix "-" }} {{- end }} {{/* @@ -38,7 +42,7 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: gha-rs -actions.github.com/scale-set-name: {{ .Release.Name }} +actions.github.com/scale-set-name: {{ include "gha-runner-scale-set.scale-set-name" . }} actions.github.com/scale-set-namespace: {{ .Release.Namespace }} {{- end }} @@ -46,8 +50,8 @@ actions.github.com/scale-set-namespace: {{ .Release.Namespace }} Selector labels */}} {{- define "gha-runner-scale-set.selectorLabels" -}} -app.kubernetes.io/name: {{ include "gha-runner-scale-set.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/name: {{ include "gha-runner-scale-set.scale-set-name" . }} +app.kubernetes.io/instance: {{ include "gha-runner-scale-set.scale-set-name" . }} {{- end }} {{- define "gha-runner-scale-set.githubsecret" -}} @@ -93,19 +97,26 @@ volumeMounts: {{- define "gha-runner-scale-set.dind-container" -}} image: docker:dind +args: + - dockerd + - --host=unix:///run/docker/docker.sock + - --group=$(DOCKER_GROUP_GID) +env: + - name: DOCKER_GROUP_GID + value: "123" securityContext: privileged: true volumeMounts: - name: work mountPath: /home/runner/_work - - name: dind-cert - mountPath: /certs/client + - name: dind-sock + mountPath: /run/docker - name: dind-externals mountPath: /home/runner/externals {{- end }} {{- define "gha-runner-scale-set.dind-volume" -}} -- name: dind-cert +- name: dind-sock emptyDir: {} - name: dind-externals emptyDir: {} @@ -185,8 +196,6 @@ volumeMounts: {{- end }} {{- end }} {{- $setDockerHost := 1 }} - {{- $setDockerTlsVerify := 1 }} - {{- $setDockerCertPath := 1 }} {{- $setRunnerWaitDocker := 1 }} {{- $setNodeExtraCaCerts := 0 }} {{- $setRunnerUpdateCaCerts := 0 }} @@ -200,12 +209,6 @@ env: {{- if eq $env.name "DOCKER_HOST" }} {{- $setDockerHost = 0 }} {{- end }} - {{- if eq $env.name "DOCKER_TLS_VERIFY" }} - {{- $setDockerTlsVerify = 0 }} - {{- end }} - {{- if eq $env.name "DOCKER_CERT_PATH" }} - {{- $setDockerCertPath = 0 }} - {{- end }} {{- if eq $env.name "RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" }} {{- $setRunnerWaitDocker = 0 }} {{- end }} @@ -220,15 +223,7 @@ env: {{- end }} {{- if $setDockerHost }} - name: DOCKER_HOST - value: tcp://localhost:2376 - {{- end }} - {{- if $setDockerTlsVerify }} - - name: DOCKER_TLS_VERIFY - value: "1" - {{- end }} - {{- if $setDockerCertPath }} - - name: DOCKER_CERT_PATH - value: /certs/client + value: unix:///run/docker/docker.sock {{- end }} {{- if $setRunnerWaitDocker }} - name: RUNNER_WAIT_FOR_DOCKER_IN_SECONDS @@ -254,7 +249,7 @@ volumeMounts: {{- if eq $volMount.name "work" }} {{- $mountWork = 0 }} {{- end }} - {{- if eq $volMount.name "dind-cert" }} + {{- if eq $volMount.name "dind-sock" }} {{- $mountDindCert = 0 }} {{- end }} {{- if eq $volMount.name "github-server-tls-cert" }} @@ -268,8 +263,8 @@ volumeMounts: mountPath: /home/runner/_work {{- end }} {{- if $mountDindCert }} - - name: dind-cert - mountPath: /certs/client + - name: dind-sock + mountPath: /run/docker readOnly: true {{- end }} {{- if $mountGitHubServerTLS }} diff --git a/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml b/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml index 1d5b333..27460cc 100644 --- a/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml +++ b/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml @@ -1,13 +1,13 @@ apiVersion: actions.github.com/v1alpha1 kind: AutoscalingRunnerSet metadata: - {{- if or (not .Release.Name) (gt (len .Release.Name) 45) }} + {{- if or (not (include "gha-runner-scale-set.scale-set-name" .)) (gt (len (include "gha-runner-scale-set.scale-set-name" .)) 45) }} {{ fail "Name must have up to 45 characters" }} {{- end }} {{- if gt (len .Release.Namespace) 63 }} {{ fail "Namespace must have up to 63 characters" }} {{- end }} - name: {{ .Values.runnerScaleSetName | default .Release.Name }} + name: {{ include "gha-runner-scale-set.scale-set-name" . }} namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/component: "autoscaling-runner-set" diff --git a/charts/gha-runner-scale-set/tests/template_test.go b/charts/gha-runner-scale-set/tests/template_test.go index 89ec7a2..1e4ffa9 100644 --- a/charts/gha-runner-scale-set/tests/template_test.go +++ b/charts/gha-runner-scale-set/tests/template_test.go @@ -330,7 +330,7 @@ func TestTemplateRenderedAutoScalingRunnerSet(t *testing.T) { assert.Equal(t, namespaceName, ars.Namespace) assert.Equal(t, "test-runners", ars.Name) - assert.Equal(t, "gha-rs", ars.Labels["app.kubernetes.io/name"]) + assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/name"]) assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/instance"]) assert.Equal(t, "gha-rs", ars.Labels["app.kubernetes.io/part-of"]) assert.Equal(t, "autoscaling-runner-set", ars.Labels["app.kubernetes.io/component"]) @@ -361,6 +361,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_RunnerScaleSetName(t *testing.T) { require.NoError(t, err) releaseName := "test-runners" + nameOverride := "test-runner-scale-set-name" namespaceName := "test-" + strings.ToLower(random.UniqueId()) options := &helm.Options{ @@ -368,7 +369,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_RunnerScaleSetName(t *testing.T) { SetValues: map[string]string{ "githubConfigUrl": "https://github.com/actions", "githubConfigSecret.github_token": "gh_token12345", - "runnerScaleSetName": "test-runner-scale-set-name", + "runnerScaleSetName": nameOverride, "controllerServiceAccount.name": "arc", "controllerServiceAccount.namespace": "arc-system", }, @@ -381,12 +382,15 @@ func TestTemplateRenderedAutoScalingRunnerSet_RunnerScaleSetName(t *testing.T) { helm.UnmarshalK8SYaml(t, output, &ars) assert.Equal(t, namespaceName, ars.Namespace) - assert.Equal(t, "test-runner-scale-set-name", ars.Name) + assert.Equal(t, nameOverride, ars.Name) - assert.Equal(t, "gha-rs", ars.Labels["app.kubernetes.io/name"]) - assert.Equal(t, releaseName, ars.Labels["app.kubernetes.io/instance"]) + assert.Equal(t, nameOverride, ars.Labels["app.kubernetes.io/name"]) + assert.Equal(t, nameOverride, ars.Labels["app.kubernetes.io/instance"]) + assert.Equal(t, nameOverride, ars.Labels["actions.github.com/scale-set-name"]) + assert.Equal(t, namespaceName, ars.Labels["actions.github.com/scale-set-namespace"]) + assert.Equal(t, "gha-rs", ars.Labels["app.kubernetes.io/part-of"]) assert.Equal(t, "https://github.com/actions", ars.Spec.GitHubConfigUrl) - assert.Equal(t, "test-runners-gha-rs-github-secret", ars.Spec.GitHubConfigSecret) + assert.Equal(t, nameOverride+"-gha-rs-github-secret", ars.Spec.GitHubConfigSecret) assert.Equal(t, "test-runner-scale-set-name", ars.Spec.RunnerScaleSetName) assert.Empty(t, ars.Spec.RunnerGroup, "RunnerGroup should be empty") @@ -767,7 +771,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_DinD_ExtraVolumes(t *testing.T) { helm.UnmarshalK8SYaml(t, output, &ars) assert.Len(t, ars.Spec.Template.Spec.Volumes, 5, "Volumes should be 5") - assert.Equal(t, "dind-cert", ars.Spec.Template.Spec.Volumes[0].Name, "Volume name should be dind-cert") + assert.Equal(t, "dind-sock", ars.Spec.Template.Spec.Volumes[0].Name, "Volume name should be dind-sock") assert.Equal(t, "dind-externals", ars.Spec.Template.Spec.Volumes[1].Name, "Volume name should be dind-externals") assert.Equal(t, "work", ars.Spec.Template.Spec.Volumes[2].Name, "Volume name should be work") assert.Equal(t, "/data", ars.Spec.Template.Spec.Volumes[2].HostPath.Path, "Volume host path should be /data") @@ -840,7 +844,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_EnableDinD(t *testing.T) { assert.Equal(t, namespaceName, ars.Namespace) assert.Equal(t, "test-runners", ars.Name) - assert.Equal(t, "gha-rs", ars.Labels["app.kubernetes.io/name"]) + assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/name"]) assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/instance"]) assert.Equal(t, "https://github.com/actions", ars.Spec.GitHubConfigUrl) assert.Equal(t, "test-runners-gha-rs-github-secret", ars.Spec.GitHubConfigSecret) @@ -863,40 +867,36 @@ func TestTemplateRenderedAutoScalingRunnerSet_EnableDinD(t *testing.T) { assert.Len(t, ars.Spec.Template.Spec.Containers, 2, "Template.Spec should have 2 container") assert.Equal(t, "runner", ars.Spec.Template.Spec.Containers[0].Name) assert.Equal(t, "ghcr.io/actions/actions-runner:latest", ars.Spec.Template.Spec.Containers[0].Image) - assert.Len(t, ars.Spec.Template.Spec.Containers[0].Env, 4, "The runner container should have 4 env vars, DOCKER_HOST, DOCKER_TLS_VERIFY, DOCKER_CERT_PATH and RUNNER_WAIT_FOR_DOCKER_IN_SECONDS") + assert.Len(t, ars.Spec.Template.Spec.Containers[0].Env, 2, "The runner container should have 2 env vars, DOCKER_HOST and RUNNER_WAIT_FOR_DOCKER_IN_SECONDS") assert.Equal(t, "DOCKER_HOST", ars.Spec.Template.Spec.Containers[0].Env[0].Name) - assert.Equal(t, "tcp://localhost:2376", ars.Spec.Template.Spec.Containers[0].Env[0].Value) - assert.Equal(t, "DOCKER_TLS_VERIFY", ars.Spec.Template.Spec.Containers[0].Env[1].Name) - assert.Equal(t, "1", ars.Spec.Template.Spec.Containers[0].Env[1].Value) - assert.Equal(t, "DOCKER_CERT_PATH", ars.Spec.Template.Spec.Containers[0].Env[2].Name) - assert.Equal(t, "/certs/client", ars.Spec.Template.Spec.Containers[0].Env[2].Value) - assert.Equal(t, "RUNNER_WAIT_FOR_DOCKER_IN_SECONDS", ars.Spec.Template.Spec.Containers[0].Env[3].Name) - assert.Equal(t, "120", ars.Spec.Template.Spec.Containers[0].Env[3].Value) - - assert.Len(t, ars.Spec.Template.Spec.Containers[0].VolumeMounts, 2, "The runner container should have 2 volume mounts, dind-cert and work") + assert.Equal(t, "unix:///run/docker/docker.sock", ars.Spec.Template.Spec.Containers[0].Env[0].Value) + assert.Equal(t, "RUNNER_WAIT_FOR_DOCKER_IN_SECONDS", ars.Spec.Template.Spec.Containers[0].Env[1].Name) + assert.Equal(t, "120", ars.Spec.Template.Spec.Containers[0].Env[1].Value) + + assert.Len(t, ars.Spec.Template.Spec.Containers[0].VolumeMounts, 2, "The runner container should have 2 volume mounts, dind-sock and work") assert.Equal(t, "work", ars.Spec.Template.Spec.Containers[0].VolumeMounts[0].Name) assert.Equal(t, "/home/runner/_work", ars.Spec.Template.Spec.Containers[0].VolumeMounts[0].MountPath) assert.False(t, ars.Spec.Template.Spec.Containers[0].VolumeMounts[0].ReadOnly) - assert.Equal(t, "dind-cert", ars.Spec.Template.Spec.Containers[0].VolumeMounts[1].Name) - assert.Equal(t, "/certs/client", ars.Spec.Template.Spec.Containers[0].VolumeMounts[1].MountPath) + assert.Equal(t, "dind-sock", ars.Spec.Template.Spec.Containers[0].VolumeMounts[1].Name) + assert.Equal(t, "/run/docker", ars.Spec.Template.Spec.Containers[0].VolumeMounts[1].MountPath) assert.True(t, ars.Spec.Template.Spec.Containers[0].VolumeMounts[1].ReadOnly) assert.Equal(t, "dind", ars.Spec.Template.Spec.Containers[1].Name) assert.Equal(t, "docker:dind", ars.Spec.Template.Spec.Containers[1].Image) assert.True(t, *ars.Spec.Template.Spec.Containers[1].SecurityContext.Privileged) - assert.Len(t, ars.Spec.Template.Spec.Containers[1].VolumeMounts, 3, "The dind container should have 3 volume mounts, dind-cert, work and externals") + assert.Len(t, ars.Spec.Template.Spec.Containers[1].VolumeMounts, 3, "The dind container should have 3 volume mounts, dind-sock, work and externals") assert.Equal(t, "work", ars.Spec.Template.Spec.Containers[1].VolumeMounts[0].Name) assert.Equal(t, "/home/runner/_work", ars.Spec.Template.Spec.Containers[1].VolumeMounts[0].MountPath) - assert.Equal(t, "dind-cert", ars.Spec.Template.Spec.Containers[1].VolumeMounts[1].Name) - assert.Equal(t, "/certs/client", ars.Spec.Template.Spec.Containers[1].VolumeMounts[1].MountPath) + assert.Equal(t, "dind-sock", ars.Spec.Template.Spec.Containers[1].VolumeMounts[1].Name) + assert.Equal(t, "/run/docker", ars.Spec.Template.Spec.Containers[1].VolumeMounts[1].MountPath) assert.Equal(t, "dind-externals", ars.Spec.Template.Spec.Containers[1].VolumeMounts[2].Name) assert.Equal(t, "/home/runner/externals", ars.Spec.Template.Spec.Containers[1].VolumeMounts[2].MountPath) assert.Len(t, ars.Spec.Template.Spec.Volumes, 3, "Volumes should be 3") - assert.Equal(t, "dind-cert", ars.Spec.Template.Spec.Volumes[0].Name, "Volume name should be dind-cert") + assert.Equal(t, "dind-sock", ars.Spec.Template.Spec.Volumes[0].Name, "Volume name should be dind-sock") assert.Equal(t, "dind-externals", ars.Spec.Template.Spec.Volumes[1].Name, "Volume name should be dind-externals") assert.Equal(t, "work", ars.Spec.Template.Spec.Volumes[2].Name, "Volume name should be work") assert.NotNil(t, ars.Spec.Template.Spec.Volumes[2].EmptyDir, "Volume work should be an emptyDir") @@ -932,7 +932,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_EnableKubernetesMode(t *testing.T) assert.Equal(t, namespaceName, ars.Namespace) assert.Equal(t, "test-runners", ars.Name) - assert.Equal(t, "gha-rs", ars.Labels["app.kubernetes.io/name"]) + assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/name"]) assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/instance"]) assert.Equal(t, "https://github.com/actions", ars.Spec.GitHubConfigUrl) assert.Equal(t, "test-runners-gha-rs-github-secret", ars.Spec.GitHubConfigSecret) @@ -1033,7 +1033,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_UsePredefinedSecret(t *testing.T) assert.Equal(t, namespaceName, ars.Namespace) assert.Equal(t, "test-runners", ars.Name) - assert.Equal(t, "gha-rs", ars.Labels["app.kubernetes.io/name"]) + assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/name"]) assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/instance"]) assert.Equal(t, "https://github.com/actions", ars.Spec.GitHubConfigUrl) assert.Equal(t, "pre-defined-secrets", ars.Spec.GitHubConfigSecret) @@ -1833,10 +1833,6 @@ func TestTemplateRenderedAutoScalingRunnerSet_DinDMergePodSpec(t *testing.T) { assert.Equal(t, "tcp://localhost:9999", ars.Spec.Template.Spec.Containers[0].Env[0].Value, "DOCKER_HOST should be set to `tcp://localhost:9999`") assert.Equal(t, "MY_NODE_NAME", ars.Spec.Template.Spec.Containers[0].Env[1].Name, "MY_NODE_NAME should be set") assert.Equal(t, "spec.nodeName", ars.Spec.Template.Spec.Containers[0].Env[1].ValueFrom.FieldRef.FieldPath, "MY_NODE_NAME should be set to `spec.nodeName`") - assert.Equal(t, "DOCKER_TLS_VERIFY", ars.Spec.Template.Spec.Containers[0].Env[2].Name, "DOCKER_TLS_VERIFY should be set") - assert.Equal(t, "1", ars.Spec.Template.Spec.Containers[0].Env[2].Value, "DOCKER_TLS_VERIFY should be set to `1`") - assert.Equal(t, "DOCKER_CERT_PATH", ars.Spec.Template.Spec.Containers[0].Env[3].Name, "DOCKER_CERT_PATH should be set") - assert.Equal(t, "/certs/client", ars.Spec.Template.Spec.Containers[0].Env[3].Value, "DOCKER_CERT_PATH should be set to `/certs/client`") assert.Equal(t, "work", ars.Spec.Template.Spec.Containers[0].VolumeMounts[0].Name, "VolumeMount name should be work") assert.Equal(t, "/work", ars.Spec.Template.Spec.Containers[0].VolumeMounts[0].MountPath, "VolumeMount mountPath should be /work") assert.Equal(t, "others", ars.Spec.Template.Spec.Containers[0].VolumeMounts[1].Name, "VolumeMount name should be others") diff --git a/charts/gha-runner-scale-set/values.yaml b/charts/gha-runner-scale-set/values.yaml index 96b3d47..64642ed 100644 --- a/charts/gha-runner-scale-set/values.yaml +++ b/charts/gha-runner-scale-set/values.yaml @@ -122,32 +122,35 @@ template: ## command: ["/home/runner/run.sh"] ## env: ## - name: DOCKER_HOST - ## value: tcp://localhost:2376 - ## - name: DOCKER_TLS_VERIFY - ## value: "1" - ## - name: DOCKER_CERT_PATH - ## value: /certs/client + ## value: unix:///run/docker/docker.sock ## volumeMounts: ## - name: work ## mountPath: /home/runner/_work - ## - name: dind-cert - ## mountPath: /certs/client + ## - name: dind-sock + ## mountPath: /run/docker ## readOnly: true ## - name: dind ## image: docker:dind + ## args: + ## - dockerd + ## - --host=unix:///run/docker/docker.sock + ## - --group=$(DOCKER_GROUP_GID) + ## env: + ## - name: DOCKER_GROUP_GID + ## value: "123" ## securityContext: ## privileged: true ## volumeMounts: ## - name: work ## mountPath: /home/runner/_work - ## - name: dind-cert - ## mountPath: /certs/client + ## - name: dind-sock + ## mountPath: /run/docker ## - name: dind-externals ## mountPath: /home/runner/externals ## volumes: ## - name: work ## emptyDir: {} - ## - name: dind-cert + ## - name: dind-sock ## emptyDir: {} ## - name: dind-externals ## emptyDir: {}