Add support for default image pull secret name (#921)

Resolves #896 Co-authored-by: Yusuke Kuoka <ykuoka@gmail.com>
2021-12-14 16:29:31 -08:00 · 2021-12-14 16:29:31 -08:00 · 9bb21aef1f
parent 7261d927fb
commit 9bb21aef1f
6 changed files with 47 additions and 11 deletions
--- a/charts/actions-runner-controller/README.md
+++ b/charts/actions-runner-controller/README.md
@ -31,6 +31,7 @@ All additional docs are kept in the `docs/` folder, this README is solely for do
 | `image.repository`                                       | The "repository/image" of the controller container                                                                         | summerwind/actions-runner-controller                                 |
 | `image.tag`                                              | The tag of the controller container                                                                                        |                                                                      |
 | `image.actionsRunnerRepositoryAndTag`                    | The "repository/image" of the actions runner container                                                                     | summerwind/actions-runner:latest                                     |
 | `image.actionsRunnerImagePullSecrets`                    | Optional image pull secrets to be included in the runner pod's ImagePullSecrets                                            |                                                                      |
 | `image.dindSidecarRepositoryAndTag`                      | The "repository/image" of the dind sidecar container                                                                       | docker:dind                                                          |
 | `image.pullPolicy`                                       | The pull policy of the controller image                                                                                    | IfNotPresent                                                         |
 | `metrics.serviceMonitor`                                 | Deploy serviceMonitor kind for for use with prometheus-operator CRDs                                                       | false                                                                |
--- a/charts/actions-runner-controller/templates/deployment.yaml
+++ b/charts/actions-runner-controller/templates/deployment.yaml
@ -46,6 +46,9 @@ spec:
        - "--sync-period={{ .Values.syncPeriod }}"
        - "--docker-image={{ .Values.image.dindSidecarRepositoryAndTag }}"
        - "--runner-image={{ .Values.image.actionsRunnerRepositoryAndTag }}"
        {{- range .Values.image.actionsRunnerImagePullSecrets }}
        - "--runner-image-pull-secret={{ . }}"
        {{- end }}
        {{- if .Values.dockerRegistryMirror }}
        - "--docker-registry-mirror={{ .Values.dockerRegistryMirror }}"
        {{- end }}
--- a/charts/actions-runner-controller/values.yaml
+++ b/charts/actions-runner-controller/values.yaml
@ -48,6 +48,9 @@ image:
  actionsRunnerRepositoryAndTag: "summerwind/actions-runner:latest"
  dindSidecarRepositoryAndTag: "docker:dind"
  pullPolicy: IfNotPresent
  # The default image-pull secrets name for self-hosted runner container.
  # It's added to spec.ImagePullSecrets of self-hosted runner pods.
  actionsRunnerImagePullSecrets: []
 imagePullSecrets: []
 nameOverride: ""
--- a/controllers/runner_controller.go
+++ b/controllers/runner_controller.go
@ -66,6 +66,7 @@ type RunnerReconciler struct {
 	Scheme                      *runtime.Scheme
 	GitHubClient                *github.Client
 	RunnerImage                 string
 	RunnerImagePullSecrets      []string
 	DockerImage                 string
 	DockerRegistryMirror        string
 	Name                        string
@ -662,7 +663,7 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 	registrationOnly := metav1.HasAnnotation(runner.ObjectMeta, annotationKeyRegistrationOnly)
-	pod, err := newRunnerPod(template, runner.Spec.RunnerConfig, r.RunnerImage, r.DockerImage, r.DockerRegistryMirror, r.GitHubClient.GithubBaseURL, registrationOnly)
+	pod, err := newRunnerPod(template, runner.Spec.RunnerConfig, r.RunnerImage, r.RunnerImagePullSecrets, r.DockerImage, r.DockerRegistryMirror, r.GitHubClient.GithubBaseURL, registrationOnly)
 	if err != nil {
 		return pod, err
 	}
@ -760,7 +761,7 @@ func mutatePod(pod *corev1.Pod, token string) *corev1.Pod {
 	return updated
 }
-func newRunnerPod(template corev1.Pod, runnerSpec v1alpha1.RunnerConfig, defaultRunnerImage, defaultDockerImage, defaultDockerRegistryMirror string, githubBaseURL string, registrationOnly bool) (corev1.Pod, error) {
+func newRunnerPod(template corev1.Pod, runnerSpec v1alpha1.RunnerConfig, defaultRunnerImage string, defaultRunnerImagePullSecrets []string, defaultDockerImage, defaultDockerRegistryMirror string, githubBaseURL string, registrationOnly bool) (corev1.Pod, error) {
 	var (
 		privileged                bool = true
 		dockerdInRunner           bool = runnerSpec.DockerdWithinRunnerContainer != nil && *runnerSpec.DockerdWithinRunnerContainer
@ -903,6 +904,15 @@ func newRunnerPod(template corev1.Pod, runnerSpec v1alpha1.RunnerConfig, default
 		}...)
 	}
 	if len(pod.Spec.ImagePullSecrets) == 0 && len(defaultRunnerImagePullSecrets) > 0 {
 		// runner spec didn't provide custom values and default image pull secrets are provided
 		for _, imagePullSecret := range defaultRunnerImagePullSecrets {
 			pod.Spec.ImagePullSecrets = append(pod.Spec.ImagePullSecrets, corev1.LocalObjectReference{
 				Name: imagePullSecret,
 			})
 		}
 	}
 	if dockerRegistryMirror != "" && dockerdInRunner {
 		runnerContainer.Env = append(runnerContainer.Env, []corev1.EnvVar{
 			{
--- a/controllers/runnerset_controller.go
+++ b/controllers/runnerset_controller.go
@ -51,11 +51,12 @@ type RunnerSetReconciler struct {
 	Recorder record.EventRecorder
 	Scheme   *runtime.Scheme
-	CommonRunnerLabels   []string
+	CommonRunnerLabels     []string
-	GitHubBaseURL        string
+	GitHubBaseURL          string
-	RunnerImage          string
+	RunnerImage            string
-	DockerImage          string
+	RunnerImagePullSecrets []string
-	DockerRegistryMirror string
+	DockerImage            string
 	DockerRegistryMirror   string
 }
 // +kubebuilder:rbac:groups=actions.summerwind.dev,resources=runnersets,verbs=get;list;watch;create;update;patch;delete
@ -259,7 +260,7 @@ func (r *RunnerSetReconciler) newStatefulSet(runnerSet *v1alpha1.RunnerSet) (*ap
 		Spec:       runnerSetWithOverrides.StatefulSetSpec.Template.Spec,
 	}
-	pod, err := newRunnerPod(template, runnerSet.Spec.RunnerConfig, r.RunnerImage, r.DockerImage, r.DockerRegistryMirror, r.GitHubBaseURL, false)
+	pod, err := newRunnerPod(template, runnerSet.Spec.RunnerConfig, r.RunnerImage, r.RunnerImagePullSecrets, r.DockerImage, r.DockerRegistryMirror, r.GitHubBaseURL, false)
 	if err != nil {
 		return nil, err
 	}
--- a/main.go
+++ b/main.go
@ -58,6 +58,17 @@ func init() {
 	// +kubebuilder:scaffold:scheme
 }
 type stringSlice []string
 func (i *stringSlice) String() string {
 	return fmt.Sprintf("%v", *i)
 }
 func (i *stringSlice) Set(value string) error {
 	*i = append(*i, value)
 	return nil
 }
 func main() {
 	var (
 		err      error
@ -70,7 +81,9 @@ func main() {
 		gitHubAPICacheDuration time.Duration
-		runnerImage          string
+		runnerImage            string
 		runnerImagePullSecrets stringSlice
 		dockerImage          string
 		dockerRegistryMirror string
 		namespace            string
@ -92,6 +105,7 @@ func main() {
 	flag.StringVar(&leaderElectionId, "leader-election-id", "actions-runner-controller", "Controller id for leader election.")
 	flag.StringVar(&runnerImage, "runner-image", defaultRunnerImage, "The image name of self-hosted runner container.")
 	flag.StringVar(&dockerImage, "docker-image", defaultDockerImage, "The image name of docker sidecar container.")
 	flag.Var(&runnerImagePullSecrets, "runner-image-pull-secret", "The default image-pull secret name for self-hosted runner container.")
 	flag.StringVar(&dockerRegistryMirror, "docker-registry-mirror", "", "The default Docker Registry Mirror used by runners.")
 	flag.StringVar(&c.Token, "github-token", c.Token, "The personal access token of GitHub.")
 	flag.Int64Var(&c.AppID, "github-app-id", c.AppID, "The application ID of GitHub App.")
@ -147,9 +161,11 @@ func main() {
 		Log:                  log.WithName("runner"),
 		Scheme:               mgr.GetScheme(),
 		GitHubClient:         ghClient,
 		RunnerImage:          runnerImage,
 		DockerImage:          dockerImage,
 		DockerRegistryMirror: dockerRegistryMirror,
 		// Defaults for self-hosted runner containers
 		RunnerImage:            runnerImage,
 		RunnerImagePullSecrets: runnerImagePullSecrets,
 	}
 	if err = runnerReconciler.SetupWithManager(mgr); err != nil {
@ -186,10 +202,12 @@ func main() {
 		Log:                  log.WithName("runnerset"),
 		Scheme:               mgr.GetScheme(),
 		CommonRunnerLabels:   commonRunnerLabels,
 		RunnerImage:          runnerImage,
 		DockerImage:          dockerImage,
 		DockerRegistryMirror: dockerRegistryMirror,
 		GitHubBaseURL:        ghClient.GithubBaseURL,
 		// Defaults for self-hosted runner containers
 		RunnerImage:            runnerImage,
 		RunnerImagePullSecrets: runnerImagePullSecrets,
 	}
 	if err = runnerSetReconciler.SetupWithManager(mgr); err != nil {