From 4371de9733515d3d3ced304b848855c6ca0b571a Mon Sep 17 00:00:00 2001 From: Shinnosuke Sawada <6warashi9@gmail.com> Date: Mon, 16 Nov 2020 09:41:12 +0900 Subject: [PATCH] add dockerEnabled option (#191) Add dockerEnabled option for users who does not need docker and want not to run privileged container. if `dockerEnabled == false`, dind container not run, and there are no privileged container. Do the same as closed #96 --- api/v1alpha1/runner_types.go | 2 ++ api/v1alpha1/zz_generated.deepcopy.go | 5 +++++ .../crds/actions.summerwind.dev_runnerdeployments.yaml | 2 ++ .../crds/actions.summerwind.dev_runnerreplicasets.yaml | 2 ++ .../crds/actions.summerwind.dev_runners.yaml | 2 ++ .../crd/bases/actions.summerwind.dev_runnerdeployments.yaml | 2 ++ .../crd/bases/actions.summerwind.dev_runnerreplicasets.yaml | 2 ++ config/crd/bases/actions.summerwind.dev_runners.yaml | 2 ++ controllers/runner_controller.go | 3 ++- 9 files changed, 21 insertions(+), 1 deletion(-) diff --git a/api/v1alpha1/runner_types.go b/api/v1alpha1/runner_types.go index e84d9bd6..8d77fa6d 100644 --- a/api/v1alpha1/runner_types.go +++ b/api/v1alpha1/runner_types.go @@ -84,6 +84,8 @@ type RunnerSpec struct { TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty"` // +optional DockerdWithinRunnerContainer *bool `json:"dockerdWithinRunnerContainer,omitempty"` + // +optional + DockerEnabled *bool `json:"dockerEnabled,omitempty"` } // ValidateRepository validates repository field. diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index b0d758ed..937b43b6 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -530,6 +530,11 @@ func (in *RunnerSpec) DeepCopyInto(out *RunnerSpec) { *out = new(bool) **out = **in } + if in.DockerEnabled != nil { + in, out := &in.DockerEnabled, &out.DockerEnabled + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunnerSpec. diff --git a/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml b/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml index e0b4e02a..2e6e03e7 100644 --- a/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml +++ b/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml @@ -400,6 +400,8 @@ spec: - name type: object type: array + dockerEnabled: + type: boolean dockerdContainerResources: description: ResourceRequirements describes the compute resource requirements. properties: diff --git a/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerreplicasets.yaml b/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerreplicasets.yaml index e243ce43..0cc21cdb 100644 --- a/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerreplicasets.yaml +++ b/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerreplicasets.yaml @@ -400,6 +400,8 @@ spec: - name type: object type: array + dockerEnabled: + type: boolean dockerdContainerResources: description: ResourceRequirements describes the compute resource requirements. properties: diff --git a/charts/actions-runner-controller/crds/actions.summerwind.dev_runners.yaml b/charts/actions-runner-controller/crds/actions.summerwind.dev_runners.yaml index c14ad10d..5f8da46e 100644 --- a/charts/actions-runner-controller/crds/actions.summerwind.dev_runners.yaml +++ b/charts/actions-runner-controller/crds/actions.summerwind.dev_runners.yaml @@ -393,6 +393,8 @@ spec: - name type: object type: array + dockerEnabled: + type: boolean dockerdContainerResources: description: ResourceRequirements describes the compute resource requirements. properties: diff --git a/config/crd/bases/actions.summerwind.dev_runnerdeployments.yaml b/config/crd/bases/actions.summerwind.dev_runnerdeployments.yaml index e0b4e02a..2e6e03e7 100644 --- a/config/crd/bases/actions.summerwind.dev_runnerdeployments.yaml +++ b/config/crd/bases/actions.summerwind.dev_runnerdeployments.yaml @@ -400,6 +400,8 @@ spec: - name type: object type: array + dockerEnabled: + type: boolean dockerdContainerResources: description: ResourceRequirements describes the compute resource requirements. properties: diff --git a/config/crd/bases/actions.summerwind.dev_runnerreplicasets.yaml b/config/crd/bases/actions.summerwind.dev_runnerreplicasets.yaml index e243ce43..0cc21cdb 100644 --- a/config/crd/bases/actions.summerwind.dev_runnerreplicasets.yaml +++ b/config/crd/bases/actions.summerwind.dev_runnerreplicasets.yaml @@ -400,6 +400,8 @@ spec: - name type: object type: array + dockerEnabled: + type: boolean dockerdContainerResources: description: ResourceRequirements describes the compute resource requirements. properties: diff --git a/config/crd/bases/actions.summerwind.dev_runners.yaml b/config/crd/bases/actions.summerwind.dev_runners.yaml index c14ad10d..5f8da46e 100644 --- a/config/crd/bases/actions.summerwind.dev_runners.yaml +++ b/config/crd/bases/actions.summerwind.dev_runners.yaml @@ -393,6 +393,8 @@ spec: - name type: object type: array + dockerEnabled: + type: boolean dockerdContainerResources: description: ResourceRequirements describes the compute resource requirements. properties: diff --git a/controllers/runner_controller.go b/controllers/runner_controller.go index 54e1d71f..7cd4c1c3 100644 --- a/controllers/runner_controller.go +++ b/controllers/runner_controller.go @@ -299,6 +299,7 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) { var ( privileged bool = true dockerdInRunner bool = runner.Spec.DockerdWithinRunnerContainer != nil && *runner.Spec.DockerdWithinRunnerContainer + dockerEnabled bool = runner.Spec.DockerEnabled == nil || *runner.Spec.DockerEnabled ) runnerImage := runner.Spec.Image @@ -373,7 +374,7 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) { }, } - if !dockerdInRunner { + if !dockerdInRunner && dockerEnabled { pod.Spec.Volumes = []corev1.Volume{ { Name: "work",