Adding a default docker registry mirror (#689)

* Adding a default docker registry mirror

This change allows the controller to start with a specified default
docker registry mirror and avoid having to specify it in all the runner*
objects.

The change is backward compatible, if a runner has a docker registry
mirror specified, it will supersede the default one.

charts/actions-runner-controller/README.md

@@ -22,6 +22,7 @@ _Default values are the defaults set in the charts values.yaml, some properties
 | `authSecret.github_app_installation_id`                  | The ID of your GitHub App installation. **This can't be set at the same time as `authSecret.github_token`**                |                                                                      |
 | `authSecret.github_app_private_key`                      | The multiline string of your GitHub App's private key. **This can't be set at the same time as `authSecret.github_token`** |                                                                      |
 | `authSecret.github_token`                                | Your chosen GitHub PAT token. **This can't be set at the same time as the `authSecret.github_app_*`**                      |                                                                      |
+| `dockerRegistryMirror`                                   | The default Docker Registry Mirror used by runners.                                                                        |
 | `image.repository`                                       | The "repository/image" of the controller container                                                                         | summerwind/actions-runner-controller                                 |
 | `image.tag`                                              | The tag of the controller container                                                                                        |                                                                      |
 | `image.actionsRunnerRepositoryAndTag`                    | The "repository/image" of the actions runner container                                                                     | summerwind/actions-runner:latest                                     |

charts/actions-runner-controller/templates/deployment.yaml

@@ -41,6 +41,9 @@ spec:
         - "--sync-period={{ .Values.syncPeriod }}"
         - "--docker-image={{ .Values.image.dindSidecarRepositoryAndTag }}"
         - "--runner-image={{ .Values.image.actionsRunnerRepositoryAndTag }}"
+        {{- if .Values.dockerRegistryMirror }}
+        - "--docker-registry-mirror={{ .Values.dockerRegistryMirror }}"
+        {{- end }}
         {{- if .Values.scope.singleNamespace }}
         - "--watch-namespace={{ default .Release.Namespace .Values.scope.watchNamespace }}"
         {{- end }}

charts/actions-runner-controller/values.yaml

@@ -28,6 +28,7 @@ authSecret:
   ### GitHub PAT Configuration
   #github_token: ""
 
+dockerRegistryMirror: ""
 image:
   repository: "summerwind/actions-runner-controller"
   actionsRunnerRepositoryAndTag: "summerwind/actions-runner:latest"

controllers/runner_controller.go

@@ -66,6 +66,7 @@ type RunnerReconciler struct {
 	GitHubClient                *github.Client
 	RunnerImage                 string
 	DockerImage                 string
+	DockerRegistryMirror        string
 	Name                        string
 	RegistrationRecheckInterval time.Duration
 	RegistrationRecheckJitter   time.Duration
@@ -634,7 +635,7 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 
 	registrationOnly := metav1.HasAnnotation(runner.ObjectMeta, annotationKeyRegistrationOnly)
 
-	pod, err := newRunnerPod(template, runner.Spec.RunnerConfig, r.RunnerImage, r.DockerImage, r.GitHubClient.GithubBaseURL, registrationOnly)
+	pod, err := newRunnerPod(template, runner.Spec.RunnerConfig, r.RunnerImage, r.DockerImage, r.DockerRegistryMirror, r.GitHubClient.GithubBaseURL, registrationOnly)
 	if err != nil {
 		return pod, err
 	}
@@ -728,7 +729,7 @@ func mutatePod(pod *corev1.Pod, token string) *corev1.Pod {
 	return updated
 }
 
-func newRunnerPod(template corev1.Pod, runnerSpec v1alpha1.RunnerConfig, defaultRunnerImage, defaultDockerImage, githubBaseURL string, registrationOnly bool) (corev1.Pod, error) {
+func newRunnerPod(template corev1.Pod, runnerSpec v1alpha1.RunnerConfig, defaultRunnerImage, defaultDockerImage, defaultDockerRegistryMirror string, githubBaseURL string, registrationOnly bool) (corev1.Pod, error) {
 	var (
 		privileged                bool = true
 		dockerdInRunner           bool = runnerSpec.DockerdWithinRunnerContainer != nil && *runnerSpec.DockerdWithinRunnerContainer
@@ -747,6 +748,13 @@ func newRunnerPod(template corev1.Pod, runnerSpec v1alpha1.RunnerConfig, default
 		workDir = "/runner/_work"
 	}
 
+	var dockerRegistryMirror string
+	if runnerSpec.DockerRegistryMirror == nil {
+		dockerRegistryMirror = defaultDockerRegistryMirror
+	} else {
+		dockerRegistryMirror = *runnerSpec.DockerRegistryMirror
+	}
+
 	env := []corev1.EnvVar{
 		{
 			Name:  EnvVarOrg,
@@ -863,11 +871,11 @@ func newRunnerPod(template corev1.Pod, runnerSpec v1alpha1.RunnerConfig, default
 		}...)
 	}
 
-	if mirror := runnerSpec.DockerRegistryMirror; mirror != nil && dockerdInRunner {
+	if dockerRegistryMirror != "" && dockerdInRunner {
 		runnerContainer.Env = append(runnerContainer.Env, []corev1.EnvVar{
 			{
 				Name:  "DOCKER_REGISTRY_MIRROR",
-				Value: *runnerSpec.DockerRegistryMirror,
+				Value: dockerRegistryMirror,
 			},
 		}...)
 	}
@@ -994,9 +1002,9 @@ func newRunnerPod(template corev1.Pod, runnerSpec v1alpha1.RunnerConfig, default
 			)
 		}
 
-		if mirror := runnerSpec.DockerRegistryMirror; mirror != nil {
+		if dockerRegistryMirror != "" {
 			dockerdContainer.Args = append(dockerdContainer.Args,
-				fmt.Sprintf("--registry-mirror=%s", *runnerSpec.DockerRegistryMirror),
+				fmt.Sprintf("--registry-mirror=%s", dockerRegistryMirror),
 			)
 		}
 	}

controllers/runnerset_controller.go

@@ -51,9 +51,11 @@ type RunnerSetReconciler struct {
 	Recorder record.EventRecorder
 	Scheme   *runtime.Scheme
 
-	CommonRunnerLabels       []string
+	CommonRunnerLabels   []string
-	GitHubBaseURL            string
+	GitHubBaseURL        string
-	RunnerImage, DockerImage string
+	RunnerImage          string
+	DockerImage          string
+	DockerRegistryMirror string
 }
 
 // +kubebuilder:rbac:groups=actions.summerwind.dev,resources=runnersets,verbs=get;list;watch;create;update;patch;delete
@@ -257,7 +259,7 @@ func (r *RunnerSetReconciler) newStatefulSet(runnerSet *v1alpha1.RunnerSet) (*ap
 		Spec:       runnerSetWithOverrides.StatefulSetSpec.Template.Spec,
 	}
 
-	pod, err := newRunnerPod(template, runnerSet.Spec.RunnerConfig, r.RunnerImage, r.DockerImage, r.GitHubBaseURL, false)
+	pod, err := newRunnerPod(template, runnerSet.Spec.RunnerConfig, r.RunnerImage, r.DockerImage, r.DockerRegistryMirror, r.GitHubBaseURL, false)
 	if err != nil {
 		return nil, err
 	}

main.go

@@ -69,10 +69,11 @@ func main() {
 
 		gitHubAPICacheDuration time.Duration
 
-		runnerImage string
+		runnerImage          string
-		dockerImage string
+		dockerImage          string
-		namespace   string
+		dockerRegistryMirror string
-		logLevel    string
+		namespace            string
+		logLevel             string
 
 		commonRunnerLabels commaSeparatedStringSlice
 	)
@@ -88,6 +89,7 @@ func main() {
 		"Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.")
 	flag.StringVar(&runnerImage, "runner-image", defaultRunnerImage, "The image name of self-hosted runner container.")
 	flag.StringVar(&dockerImage, "docker-image", defaultDockerImage, "The image name of docker sidecar container.")
+	flag.StringVar(&dockerRegistryMirror, "docker-registry-mirror", "", "The default Docker Registry Mirror used by runners.")
 	flag.StringVar(&c.Token, "github-token", c.Token, "The personal access token of GitHub.")
 	flag.Int64Var(&c.AppID, "github-app-id", c.AppID, "The application ID of GitHub App.")
 	flag.Int64Var(&c.AppInstallationID, "github-app-installation-id", c.AppInstallationID, "The installation ID of GitHub App.")
@@ -138,12 +140,13 @@ func main() {
 	}
 
 	runnerReconciler := &controllers.RunnerReconciler{
-		Client:       mgr.GetClient(),
+		Client:               mgr.GetClient(),
-		Log:          log.WithName("runner"),
+		Log:                  log.WithName("runner"),
-		Scheme:       mgr.GetScheme(),
+		Scheme:               mgr.GetScheme(),
-		GitHubClient: ghClient,
+		GitHubClient:         ghClient,
-		RunnerImage:  runnerImage,
+		RunnerImage:          runnerImage,
-		DockerImage:  dockerImage,
+		DockerImage:          dockerImage,
+		DockerRegistryMirror: dockerRegistryMirror,
 	}
 
 	if err = runnerReconciler.SetupWithManager(mgr); err != nil {
@@ -176,13 +179,14 @@ func main() {
 	}
 
 	runnerSetReconciler := &controllers.RunnerSetReconciler{
-		Client:             mgr.GetClient(),
+		Client:               mgr.GetClient(),
-		Log:                log.WithName("runnerset"),
+		Log:                  log.WithName("runnerset"),
-		Scheme:             mgr.GetScheme(),
+		Scheme:               mgr.GetScheme(),
-		CommonRunnerLabels: commonRunnerLabels,
+		CommonRunnerLabels:   commonRunnerLabels,
-		RunnerImage:        runnerImage,
+		RunnerImage:          runnerImage,
-		DockerImage:        dockerImage,
+		DockerImage:          dockerImage,
-		GitHubBaseURL:      ghClient.GithubBaseURL,
+		DockerRegistryMirror: dockerRegistryMirror,
+		GitHubBaseURL:        ghClient.GithubBaseURL,
 	}
 
 	if err = runnerSetReconciler.SetupWithManager(mgr); err != nil {