public_git
/
actions-runner-controller
mirror of https://github.com/actions-runner-controller/actions-runner-controller.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update helm chart (#343) 

* add replicaCount

* Add authSecret.existingSecret

* set image.tag null by default

* implement ingress for githubwebhook server

* fix deprecated and secretName template

* backward compat .authSecret.enabled

* existingSecret for github webhook secret

* use secretName template

* set default secret names

* do not use app version based image tag

* create and name variable for secrets
This commit is contained in:
Taehyun Kim 2021-02-26 09:26:51 +09:00 committed by GitHub
parent e9eef04993
commit 450e384c4c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 137 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
charts/actions-runner-controller/Chart.yaml
View File

@ -15,17 +15,17 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes # This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version. # to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/) # Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.5.2 version: 0.6.0
home: https://github.com/summerwind/actions-runner-controller home: https://github.com/summerwind/actions-runner-controller
sources: sources:
- https://github.com/summerwind/actions-runner-controller - https://github.com/summerwind/actions-runner-controller
maintainers: maintainers:
- name: summerwind - name: summerwind
email: contact@summerwind.jp email: contact@summerwind.jp
url: https://github.com/summerwind url: https://github.com/summerwind
- name: funkypenguin - name: funkypenguin
email: davidy@funkypenguin.co.nz email: davidy@funkypenguin.co.nz
url: https://www.funkypenguin.co.nz url: https://www.funkypenguin.co.nz

6
charts/actions-runner-controller/templates/NOTES.txt
View File

@ -1,8 +1,8 @@
1. Get the application URL by running these commands: 1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }} {{- if .Values.githubWebhookServer.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }} {{- range $host := .Values.githubWebhookServer.ingress.hosts }}
{{- range .paths }} {{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} http{{ if $.Values.githubWebhookServer.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- else if contains "NodePort" .Values.service.type }} {{- else if contains "NodePort" .Values.service.type }}

4
charts/actions-runner-controller/templates/_github_webhook_server_helpers.tpl
View File

@ -47,6 +47,10 @@ Create the name of the service account to use
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- define "actions-runner-controller-github-webhook-server.secretName" -}}
{{- default (include "actions-runner-controller-github-webhook-server.fullname" .) .Values.githubWebhookServer.secret.name }}
{{- end }}
{{- define "actions-runner-controller-github-webhook-server.roleName" -}} {{- define "actions-runner-controller-github-webhook-server.roleName" -}}
{{- include "actions-runner-controller-github-webhook-server.fullname" . }} {{- include "actions-runner-controller-github-webhook-server.fullname" . }}
{{- end }} {{- end }}

4
charts/actions-runner-controller/templates/_helpers.tpl
View File

@ -64,6 +64,10 @@ Create the name of the service account to use
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- define "actions-runner-controller.secretName" -}}
{{- default (include "actions-runner-controller.fullname" .) .Values.authSecret.name -}}
{{- end }}
{{- define "actions-runner-controller.leaderElectionRoleName" -}} {{- define "actions-runner-controller.leaderElectionRoleName" -}}
{{- include "actions-runner-controller.fullname" . }}-leader-election {{- include "actions-runner-controller.fullname" . }}-leader-election
{{- end }} {{- end }}

23
charts/actions-runner-controller/templates/deployment.yaml
View File

@ -6,6 +6,7 @@ metadata:
labels: labels:
{{- include "actions-runner-controller.labels" . | nindent 4 }} {{- include "actions-runner-controller.labels" . | nindent 4 }}
spec: spec:
replicas: {{ .Values.replicaCount }}
selector: selector:
matchLabels: matchLabels:
{{- include "actions-runner-controller.selectorLabels" . | nindent 6 }} {{- include "actions-runner-controller.selectorLabels" . | nindent 6 }}
@ -41,19 +42,19 @@ spec:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
key: github_token key: github_token
name: controller-manager name: {{ include "actions-runner-controller.secretName" . }}
optional: true optional: true
- name: GITHUB_APP_ID - name: GITHUB_APP_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
key: github_app_id key: github_app_id
name: controller-manager name: {{ include "actions-runner-controller.secretName" . }}
optional: true optional: true
- name: GITHUB_APP_INSTALLATION_ID - name: GITHUB_APP_INSTALLATION_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
key: github_app_installation_id key: github_app_installation_id
name: controller-manager name: {{ include "actions-runner-controller.secretName" . }}
optional: true optional: true
- name: GITHUB_APP_PRIVATE_KEY - name: GITHUB_APP_PRIVATE_KEY
value: /etc/actions-runner-controller/github_app_private_key value: /etc/actions-runner-controller/github_app_private_key
@ -61,7 +62,7 @@ spec:
- name: {{ $key }} - name: {{ $key }}
value: {{ $val | quote }} value: {{ $val | quote }}
{{- end }} {{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (cat "v" .Chart.AppVersion | replace " " "") }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
name: manager name: manager
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
ports: ports:
@ -71,13 +72,13 @@ spec:
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
volumeMounts: volumeMounts:
- mountPath: "/etc/actions-runner-controller" - mountPath: "/etc/actions-runner-controller"
name: controller-manager name: secret
readOnly: true readOnly: true
- mountPath: /tmp - mountPath: /tmp
name: tmp name: tmp
- mountPath: /tmp/k8s-webhook-server/serving-certs - mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert name: cert
readOnly: true readOnly: true
@ -93,14 +94,14 @@ spec:
- containerPort: 8443 - containerPort: 8443
name: https name: https
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10
volumes: volumes:
- name: controller-manager - name: secret
secret: secret:
secretName: controller-manager secretName: {{ include "actions-runner-controller.secretName" . }}
- name: cert - name: cert
secret: secret:
defaultMode: 420 defaultMode: 420

13
charts/actions-runner-controller/templates/githubwebhook.deployment.yaml
View File

@ -7,6 +7,7 @@ metadata:
labels: labels:
{{- include "actions-runner-controller.labels" . | nindent 4 }} {{- include "actions-runner-controller.labels" . | nindent 4 }}
spec: spec:
replicas: {{ .Values.githubWebhookServer.replicaCount }}
selector: selector:
matchLabels: matchLabels:
{{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 6 }} {{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 6 }}
@ -40,13 +41,13 @@ spec:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
key: github_webhook_secret_token key: github_webhook_secret_token
name: github-webhook-server name: {{- include "actions-runner-controller-github-webhook-server.secretName" . }}
optional: true optional: true
{{- range $key, $val := .Values.githubWebhookServer.env }} {{- range $key, $val := .Values.githubWebhookServer.env }}
- name: {{ $key }} - name: {{ $key }}
value: {{ $val | quote }} value: {{ $val | quote }}
{{- end }} {{- end }}
image: "{{ .Values.githubWebhookServer.image.repository }}:{{ .Values.githubWebhookServer.image.tag | default (cat "v" .Chart.AppVersion | replace " " "") }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
name: github-webhook-server name: github-webhook-server
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
ports: ports:
@ -69,14 +70,10 @@ spec:
- containerPort: 8443 - containerPort: 8443
name: https name: https
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10
volumes:
- name: github-webhook-server
secret:
secretName: github-webhook-server
{{- with .Values.githubWebhookServer.nodeSelector }} {{- with .Values.githubWebhookServer.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}

41
charts/actions-runner-controller/templates/githubwebhook.ingress.yaml Normal file
View File

@ -0,0 +1,41 @@
{{- if .Values.githubWebhookServer.ingress.enabled -}}
{{- $fullName := include "actions-runner-controller-github-webhook-server.fullname" . -}}
{{- $svcPort := .Values.githubWebhookServer.service.port -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "actions-runner-controller.labels" . | nindent 4 }}
{{- with .Values.githubWebhookServer.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.githubWebhookServer.ingress.tls }}
tls:
{{- range .Values.githubWebhookServer.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.githubWebhookServer.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

10
charts/actions-runner-controller/templates/githubwebhook.secrets.yaml
View File

@ -1,16 +1,16 @@
{{- if .Values.githubWebhookServer.enabled }} {{- if .Values.githubWebhookServer.enabled }}
{{- if .Values.githubWebhookServer.secret.enabled }} {{- if .Values.githubWebhookServer.secret.create }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: github-webhook-server name: {{- include "actions-runner-controller-github-webhook-server.secretName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "actions-runner-controller.labels" . | nindent 4 }} {{- include "actions-runner-controller.labels" . | nindent 4 }}
type: Opaque type: Opaque
data: data:
{{- range $k, $v := .Values.githubWebhookServer.secret }} {{- if .Values.githubWebhookServer.secret.github_webhook_secret_token }}
{{ $k }}: {{ $v | toString | b64enc }} github_webhook_secret_token: {{ .Values.githubWebhookServer.secret.github_webhook_secret_token | toString | b64enc }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

21
charts/actions-runner-controller/templates/manager_secrets.yaml
View File

@ -1,14 +1,23 @@
{{- if or .Values.authSecret.enabled }} {{- if .Values.authSecret.create }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: controller-manager name: {{ include "actions-runner-controller.secretName" . }}
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "actions-runner-controller.labels" . | nindent 4 }} {{- include "actions-runner-controller.labels" . | nindent 4 }}
type: Opaque type: Opaque
data: data:
{{- range $k, $v := .Values.authSecret }} {{- if .Values.authSecret.github_app_id }}
{{ $k }}: {{ $v | toString | b64enc }} github_app_id: {{ .Values.authSecret.github_app_id | toString | b64enc }}
{{- end }} {{- end }}
{{- end }} {{- if .Values.authSecret.github_app_installation_id }}
github_app_installation_id: {{ .Values.authSecret.github_app_installation_id | toString | b64enc }}
{{- end }}
{{- if .Values.authSecret.github_app_private_key }}
github_app_private_key: {{ .Values.authSecret.github_app_private_key | toString | b64enc }}
{{- end }}
{{- if .Values.authSecret.github_token }}
github_token: {{ .Values.authSecret.github_token | toString | b64enc }}
{{- end }}
{{- end }}

8
charts/actions-runner-controller/templates/webhook_configs.yaml
View File

@ -1,6 +1,10 @@
--- ---
{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: admissionregistration.k8s.io/v1
{{- else -}}
apiVersion: admissionregistration.k8s.io/v1beta1 apiVersion: admissionregistration.k8s.io/v1beta1
{{- end }}
kind: MutatingWebhookConfiguration kind: MutatingWebhookConfiguration
metadata: metadata:
creationTimestamp: null creationTimestamp: null
@ -64,7 +68,11 @@ webhooks:
- runnerreplicasets - runnerreplicasets
--- ---
{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: admissionregistration.k8s.io/v1
{{- else -}}
apiVersion: admissionregistration.k8s.io/v1beta1 apiVersion: admissionregistration.k8s.io/v1beta1
{{- end }}
kind: ValidatingWebhookConfiguration kind: ValidatingWebhookConfiguration
metadata: metadata:
creationTimestamp: null creationTimestamp: null

64
charts/actions-runner-controller/values.yaml
View File

@ -11,7 +11,8 @@ syncPeriod: 10m
# Only 1 authentication method can be deployed at a time # Only 1 authentication method can be deployed at a time
# Uncomment the configuration you are applying and fill in the details # Uncomment the configuration you are applying and fill in the details
authSecret: authSecret:
enabled: false create: true
name: "controller-manager"
### GitHub Apps Configuration ### GitHub Apps Configuration
#github_app_id: "" #github_app_id: ""
#github_app_installation_id: "" #github_app_installation_id: ""
@ -21,8 +22,7 @@ authSecret:
image: image:
repository: summerwind/actions-runner-controller repository: summerwind/actions-runner-controller
# Overrides the manager image tag whose default is the chart appVersion if the tag key is commented out tag: "v0.17.0"
tag: "latest"
dindSidecarRepositoryAndTag: "docker:dind" dindSidecarRepositoryAndTag: "docker:dind"
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
@ -46,10 +46,12 @@ serviceAccount:
podAnnotations: {} podAnnotations: {}
podSecurityContext: {} podSecurityContext:
{}
# fsGroup: 2000 # fsGroup: 2000
securityContext: {} securityContext:
{}
# capabilities: # capabilities:
# drop: # drop:
# - ALL # - ALL
@ -61,20 +63,8 @@ service:
type: ClusterIP type: ClusterIP
port: 443 port: 443
ingress: resources:
enabled: false {}
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious # We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little # choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following # resources, such as Minikube. If you do want to specify resources, uncomment the following
@ -104,7 +94,8 @@ affinity: {}
# PriorityClass: system-cluster-critical # PriorityClass: system-cluster-critical
priorityClassName: "" priorityClassName: ""
env: {} env:
{}
# http_proxy: "proxy.com:8080" # http_proxy: "proxy.com:8080"
# https_proxy: "proxy.com:8080" # https_proxy: "proxy.com:8080"
# no_proxy: "" # no_proxy: ""
@ -115,14 +106,10 @@ githubWebhookServer:
replicaCount: 1 replicaCount: 1
syncPeriod: 10m syncPeriod: 10m
secret: secret:
enabled: false create: true
name: "github-webhook-server"
### GitHub Webhook Configuration ### GitHub Webhook Configuration
#github_webhook_secret_token: "" #github_webhook_secret_token: ""
image:
repository: summerwind/actions-runner-controller
# Overrides the manager image tag whose default is the chart appVersion if the tag key is commented out
tag: "latest"
pullPolicy: IfNotPresent
imagePullSecrets: [] imagePullSecrets: []
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
@ -144,10 +131,23 @@ githubWebhookServer:
affinity: {} affinity: {}
priorityClassName: "" priorityClassName: ""
service: service:
type: NodePort type: ClusterIP
ports: ports:
- port: 80 - port: 80
targetPort: http targetPort: http
protocol: TCP protocol: TCP
name: http name: http
#nodePort: someFixedPortForUseWithTerraformCdkCfnEtc #nodePort: someFixedPortForUseWithTerraformCdkCfnEtc
ingress:
enabled: false
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local