Dind sidecar unable to start due to startupProbe definition

[guy-frontegg]

Checks

• I've already read https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors and I'm sure my issue is not covered in the troubleshooting guide.
• I am using charts that are officially provided

Controller Version

0.12.0, 0.12.1

Deployment Method

ArgoCD

Checks

• This isn't a question or user support case (For Q&A and community support, go to Discussions).
• I've read the Changelog before submitting this issue and I'm sure it's not due to any recently-introduced backward-incompatible changes

To Reproduce

1. Set containerMode to dind
`  
containerMode:
  type: "find"

Describe the bug

When an ephemeralrunner start if fails with the error below

invalid:
spec.initContainers[1].startupProbe: Forbidden: may not be set for init
containers without restartPolicy=Always

this is the manifest generated

apiVersion: actions.github.com/v1alpha1
kind: EphemeralRunner
metadata:
  annotations:
    actions.github.com/patch-id: '0'
    actions.github.com/runner-group-name: Default
    actions.github.com/runner-scale-set-name: dev-ci
    actions.github.com/runner-spec-hash: 7b4677d484
  creationTimestamp: '2025-07-01T11:35:45Z'
  finalizers:
    - ephemeralrunner.actions.github.com/finalizer
    - ephemeralrunner.actions.github.com/runner-registration-finalizer
  generateName: dev-ci-98ntb-runner-
  generation: 1
  labels:
    actions.github.com/organization: frontegg
    actions.github.com/scale-set-name: dev-ci
    actions.github.com/scale-set-namespace: gha-runner-scale-set
    app.kubernetes.io/component: runner
    app.kubernetes.io/instance: dev-ci
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: dev-ci
    app.kubernetes.io/part-of: gha-runner-scale-set
    app.kubernetes.io/version: 0.12.1
    helm.sh/chart: gha-rs-0.12.1
  name: dev-ci-98ntb-runner-fptxm
  namespace: gha-runner-scale-set
  ownerReferences:
    - apiVersion: actions.github.com/v1alpha1
      blockOwnerDeletion: true
      controller: true
      kind: EphemeralRunnerSet
      name: dev-ci-98ntb
      uid: 149e1fc2-8d16-4ebe-9824-06d2e4e28675
  resourceVersion: '551667444'
  uid: e1107bd8-0bd5-4d39-a2a0-67121d5b69a1
spec:
  githubConfigSecret: github-runner-app-secret
  githubConfigUrl: https://github.com/frontegg
  metadata: {}
  runnerScaleSetId: 18
  spec:
    containers:
      - command:
          - /home/runner/run.sh
        env:
          - name: DOCKER_HOST
            value: unix:///var/run/docker.sock
          - name: RUNNER_WAIT_FOR_DOCKER_IN_SECONDS
            value: '120'
        image: ghcr.io/actions/actions-runner:latest
        name: runner
        resources: {}
        volumeMounts:
          - mountPath: /home/runner/_work
            name: work
          - mountPath: /var/run
            name: dind-sock
    initContainers:
      - args:
          - '-r'
          - /home/runner/externals/.
          - /home/runner/tmpDir/
        command:
          - cp
        image: ghcr.io/actions/actions-runner:latest
        name: init-dind-externals
        resources: {}
        volumeMounts:
          - mountPath: /home/runner/tmpDir
            name: dind-externals
      - args:
          - dockerd
          - '--host=unix:///var/run/docker.sock'
          - '--group=$(DOCKER_GROUP_GID)'
        env:
          - name: DOCKER_GROUP_GID
            value: '123'
        image: docker:dind
        name: dind
        resources: {}
        restartPolicy: Always
        securityContext:
          privileged: true
        startupProbe:
          exec:
            command:
              - docker
              - info
          failureThreshold: 24
          periodSeconds: 5
        volumeMounts:
          - mountPath: /home/runner/_work
            name: work
          - mountPath: /var/run
            name: dind-sock
          - mountPath: /home/runner/externals
            name: dind-externals
    restartPolicy: Never
    serviceAccountName: dev-ci-gha-rs-no-permission
    volumes:
      - emptyDir: {}
        name: dind-sock
      - emptyDir: {}
        name: dind-externals
      - emptyDir: {}
        name: work
status:
  message: >-
    Failed to create the pod: Pod "dev-ci-98ntb-runner-fptxm" is invalid:
    spec.initContainers[1].startupProbe: Forbidden: may not be set for init
    containers without restartPolicy=Always
  phase: Failed
  reason: InvalidPod
  runnerId: 558697
  runnerName: dev-ci-98ntb-runner-fptxm

### Describe the expected behavior

I expect EphemralRunner to start consuming workflows and jobs

### Additional Context

```yaml
1. The ARC is deployed via ArgoCD version 2.14 (I don't think it's relevant) on an EKS cluster version 1.32, so StartupContainers are in Beta version.
```

### Controller Logs

```shell
No logs exist
```

### Runner Pod Logs

```shell
No logs exist
```

[github-actions]

Hello! Thank you for filing an issue.

The maintainers will triage your issue shortly.

In the meantime, please take a look at the troubleshooting guide for bug reports.

If this is a feature request, please review our contribution guidelines.

[nathanwong91]

Can also confirm this is happening to us. However we did have it successfully working in our dev EKS 1.32. But it is not working for us on EKS 1.31. Configs between the two runners are basically the same aside from the name..