From f8391c53e6065fca2677caa4b2c39c14b153ae3c Mon Sep 17 00:00:00 2001 From: "Drevensek Timm (uidw6097)" <508684+timmjd@users.noreply.github.com> Date: Thu, 2 May 2024 23:46:48 +0200 Subject: [PATCH 1/4] add hook template --- .../templates/_helpers.tpl | 21 ++++++++++++++++ .../templates/autoscalingrunnerset.yaml | 1 + .../templates/kube_mode_pod_template.yaml | 14 +++++++++++ charts/gha-runner-scale-set/values.yaml | 24 +++++++++++++++++++ 4 files changed, 60 insertions(+) create mode 100644 charts/gha-runner-scale-set/templates/kube_mode_pod_template.yaml diff --git a/charts/gha-runner-scale-set/templates/_helpers.tpl b/charts/gha-runner-scale-set/templates/_helpers.tpl index bd71ed64c9..34600d133a 100644 --- a/charts/gha-runner-scale-set/templates/_helpers.tpl +++ b/charts/gha-runner-scale-set/templates/_helpers.tpl @@ -66,6 +66,10 @@ app.kubernetes.io/instance: {{ include "gha-runner-scale-set.scale-set-name" . } {{- end }} {{- end }} +{{- define "gha-runner-scale-set.hookTemplate" -}} +{{- include "gha-runner-scale-set.fullname" . }}-hook-template +{{- end }} + {{- define "gha-runner-scale-set.noPermissionServiceAccountName" -}} {{- include "gha-runner-scale-set.fullname" . }}-no-permission {{- end }} @@ -170,6 +174,12 @@ volumeMounts: {{- end }} {{- end }} +{{- define "gha-runner-scale-set.hook-template-volume" -}} +- name: hook-template + configMap: + name: {{ include "gha-runner-scale-set.hookTemplate" . }} +{{- end }} + {{- define "gha-runner-scale-set.non-runner-containers" -}} {{- range $i, $container := .Values.template.spec.containers }} {{- if ne $container.name "runner" }} @@ -277,6 +287,7 @@ volumeMounts: {{- define "gha-runner-scale-set.kubernetes-mode-runner-container" -}} {{- $tlsConfig := (default (dict) .Values.githubServerTLS) }} +{{- $hookTemplate := .Values.hookTemplate }} {{- range $i, $container := .Values.template.spec.containers }} {{- if eq $container.name "runner" }} {{- range $key, $val := $container }} @@ -341,6 +352,10 @@ env: {{- if $tlsConfig.runnerMountPath }} {{- $mountGitHubServerTLS = 1 }} {{- end }} + {{- if $hookTemplate }} + - name: ACTIONS_RUNNER_CONTAINER_HOOK_TEMPLATE + value: /home/runner/hookTemplate.yaml + {{- end }} volumeMounts: {{- with $container.volumeMounts }} {{- range $i, $volMount := . }} @@ -362,6 +377,12 @@ volumeMounts: mountPath: {{ clean (print $tlsConfig.runnerMountPath "/" $tlsConfig.certificateFrom.configMapKeyRef.key) }} subPath: {{ $tlsConfig.certificateFrom.configMapKeyRef.key }} {{- end }} + {{- if $hookTemplate }} + - name: hook-template + mountPath: /home/runner/hookTemplate.yaml + subPath: hookTemplate.yaml + readOnly: true + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml b/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml index 39ebfef800..2eddc58eb2 100644 --- a/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml +++ b/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml @@ -158,6 +158,7 @@ spec: {{- else if eq $containerMode.type "kubernetes" }} {{- include "gha-runner-scale-set.kubernetes-mode-work-volume" . | nindent 6 }} {{- include "gha-runner-scale-set.non-work-volumes" . | nindent 6 }} + {{- include "gha-runner-scale-set.hook-template-volume" . | nindent 6 }} {{- else }} {{- with .Values.template.spec.volumes }} {{- toYaml . | nindent 6 }} diff --git a/charts/gha-runner-scale-set/templates/kube_mode_pod_template.yaml b/charts/gha-runner-scale-set/templates/kube_mode_pod_template.yaml new file mode 100644 index 0000000000..32aaf974fb --- /dev/null +++ b/charts/gha-runner-scale-set/templates/kube_mode_pod_template.yaml @@ -0,0 +1,14 @@ +{{- if (.Values.hookTemplate) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "gha-runner-scale-set.hookTemplate" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "gha-runner-scale-set.labels" . | nindent 4 }} + finalizers: + - actions.github.com/cleanup-protection +data: + hookTemplate.yaml: + {{- .Values.hookTemplate | toYaml | nindent 4 -}} +{{- end}} diff --git a/charts/gha-runner-scale-set/values.yaml b/charts/gha-runner-scale-set/values.yaml index 6018b7d0e5..f5ae1efca2 100644 --- a/charts/gha-runner-scale-set/values.yaml +++ b/charts/gha-runner-scale-set/values.yaml @@ -87,6 +87,17 @@ githubConfigSecret: # storage: 1Gi # kubernetesModeServiceAccount: # annotations: +# +# ## PodTemplate +# podTemplate: +# metadata: +# labels: +# app: runner-pod-template +# template: +# spec: +# securityContext: +# runAsUser: 1001 +# runAsGroup: 123 ## listenerTemplate is the PodSpec for each listener Pod ## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec @@ -192,6 +203,19 @@ template: image: ghcr.io/actions/actions-runner:latest command: ["/home/runner/run.sh"] +## hookTemplate is the podTemplate definition of the worker in containerMode.type=kubernetes +## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-template-v1/#PodTemplate +# hookTemplate: +# apiVersion: v1 +# kind: PodTemplate +# spec: +# containers: +# - name: $job +# resources: +# requests: +# cpu: 32 +# memory: 32Gi + ## Optional controller service account that needs to have required Role and RoleBinding ## to operate this gha-runner-scale-set installation. ## The helm chart will try to find the controller deployment and its service account at installation time. From cca54034c6b4246d3ed56c4e0dcbe26aadf487d6 Mon Sep 17 00:00:00 2001 From: "Drevensek Timm (uidw6097)" <508684+timmjd@users.noreply.github.com> Date: Thu, 2 May 2024 23:51:25 +0200 Subject: [PATCH 2/4] undo --- charts/gha-runner-scale-set/values.yaml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/charts/gha-runner-scale-set/values.yaml b/charts/gha-runner-scale-set/values.yaml index f5ae1efca2..52907d4422 100644 --- a/charts/gha-runner-scale-set/values.yaml +++ b/charts/gha-runner-scale-set/values.yaml @@ -87,17 +87,6 @@ githubConfigSecret: # storage: 1Gi # kubernetesModeServiceAccount: # annotations: -# -# ## PodTemplate -# podTemplate: -# metadata: -# labels: -# app: runner-pod-template -# template: -# spec: -# securityContext: -# runAsUser: 1001 -# runAsGroup: 123 ## listenerTemplate is the PodSpec for each listener Pod ## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec From a94b879d7ad4feead787e31f5aaa6547c8397234 Mon Sep 17 00:00:00 2001 From: "Drevensek Timm (uidw6097)" <508684+timmjd@users.noreply.github.com> Date: Thu, 2 May 2024 23:57:08 +0200 Subject: [PATCH 3/4] add test --- .../tests/values_extra_hook_template.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 charts/gha-runner-scale-set/tests/values_extra_hook_template.yaml diff --git a/charts/gha-runner-scale-set/tests/values_extra_hook_template.yaml b/charts/gha-runner-scale-set/tests/values_extra_hook_template.yaml new file mode 100644 index 0000000000..d0cbdc110e --- /dev/null +++ b/charts/gha-runner-scale-set/tests/values_extra_hook_template.yaml @@ -0,0 +1,15 @@ +githubConfigUrl: https://github.com/actions/actions-runner-controller +githubConfigSecret: + github_token: test +hookTemplate: + apiVersion: v1 + kind: PodTemplate + spec: + containers: + - name: $job + resources: + requests: + cpu: 1 + memory: 1Gi +containerMode: + type: kubernetes From 585e1b64b2c2cb265710d5ed3e62e60b9c1a224a Mon Sep 17 00:00:00 2001 From: "Drevensek Timm (uidw6097)" <508684+timmjd@users.noreply.github.com> Date: Fri, 3 May 2024 00:31:20 +0200 Subject: [PATCH 4/4] typos --- .../templates/kube_mode_pod_template.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gha-runner-scale-set/templates/kube_mode_pod_template.yaml b/charts/gha-runner-scale-set/templates/kube_mode_pod_template.yaml index 32aaf974fb..f4a5ec255b 100644 --- a/charts/gha-runner-scale-set/templates/kube_mode_pod_template.yaml +++ b/charts/gha-runner-scale-set/templates/kube_mode_pod_template.yaml @@ -1,6 +1,6 @@ {{- if (.Values.hookTemplate) }} apiVersion: v1 -kind: Secret +kind: ConfigMap metadata: name: {{ include "gha-runner-scale-set.hookTemplate" . }} namespace: {{ .Release.Namespace }} @@ -9,6 +9,6 @@ metadata: finalizers: - actions.github.com/cleanup-protection data: - hookTemplate.yaml: + hookTemplate.yaml: | {{- .Values.hookTemplate | toYaml | nindent 4 -}} {{- end}}