add fields to dind container

2026-03-04 11:32:08 +01:00 · 2026-03-04 11:32:08 +01:00 · ccf65e919d
parent 79d2bc29fa
commit ccf65e919d
3 changed files with 137 additions and 6 deletions
--- a/charts/gha-runner-scale-set-experimental/templates/_mode_dind.tpl
+++ b/charts/gha-runner-scale-set-experimental/templates/_mode_dind.tpl
@ -20,31 +20,73 @@ volumeMounts:

 {{- define "runner-mode-dind.dind-container" -}}
 {{- $dind := .Values.runner.dind | default dict -}}
-name: {{ $dind.container.name | default "dind" }}
-image: {{ $dind.container.image | default "docker:dind" | quote }}
+{{- $dindContainer := ($dind.container | default dict) -}}
+{{- if and (hasKey $dind "container") (not (kindIs "map" $dindContainer)) -}}
+  {{- fail "runner.dind.container must be a map/object" -}}
+{{- end -}}
+{{- if and (hasKey $dindContainer "env") (not (kindIs "slice" $dindContainer.env)) -}}
+  {{- fail "runner.dind.container.env must be a list" -}}
+{{- end -}}
+{{- if and (hasKey $dindContainer "volumeMounts") (not (kindIs "slice" $dindContainer.volumeMounts)) -}}
+  {{- fail "runner.dind.container.volumeMounts must be a list" -}}
+{{- end -}}
+{{- if hasKey $dindContainer "volumes" -}}
+  {{- fail "runner.dind.container.volumes is not supported; use runner.pod.spec.volumes" -}}
+{{- end -}}
+{{- if and (hasKey $dindContainer "args") (not (kindIs "slice" $dindContainer.args)) -}}
+  {{- fail "runner.dind.container.args must be a list" -}}
+{{- end -}}
+{{- if and (hasKey $dindContainer "securityContext") (not (kindIs "map" $dindContainer.securityContext)) -}}
+  {{- fail "runner.dind.container.securityContext must be a map/object" -}}
+{{- end -}}
+{{- if and (hasKey $dindContainer "startupProbe") (not (kindIs "map" $dindContainer.startupProbe)) -}}
+  {{- fail "runner.dind.container.startupProbe must be a map/object" -}}
+{{- end -}}
+
+name: {{ $dindContainer.name | default "dind" }}
+image: {{ $dindContainer.image | default "docker:dind" | quote }}
 args:
+  {{- if $dindContainer.args }}
+  {{- toYaml $dindContainer.args | nindent 2 }}
+  {{- else }}
  {{- include "runner-mode-dind.args" . | nindent 2 }}
+  {{- end }}
 env:
  - name: DOCKER_GROUP_GID
    value: {{ ($dind.dockerGroupId | default "123") | quote }}
-securityContext: 
-{{- if $dind.container.securityContext }}
-  {{- toYaml $dind.container.securityContext | nindent 2 }}
+  {{- with $dindContainer.env }}
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
+securityContext:
+{{- if $dindContainer.securityContext }}
+  {{- toYaml $dindContainer.securityContext | nindent 2 }}
 {{ else }}
  {{- toYaml (dict "privileged" true) | nindent 2 }}
 {{- end }}
 restartPolicy: Always
 startupProbe:
+  {{- if $dindContainer.startupProbe }}
+  {{- toYaml $dindContainer.startupProbe | nindent 2 }}
+  {{- else }}
  {{- include "runner-mode-dind.startup-probe" . | nindent 2 }}
+  {{- end }}
 volumeMounts:
  - name: work
    mountPath: /home/runner/_work
  - name: dind-sock
    mountPath: {{ include "runner-mode-dind.sock-mount-dir" . | quote }}
+  {{- with $dindContainer.volumeMounts }}
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
 {{- if $dind.copyExternals }}
  - name: dind-externals
    mountPath: /home/runner/externals
-{{- end }}
+{{ end }}
+
+{{- $extra := omit $dindContainer "name" "image" "args" "env" "securityContext" "startupProbe" "volumeMounts" -}}
+{{- if not (empty $extra) -}}
+{{ toYaml $extra }}
+{{- end -}}
 {{- end }}

 {{- define "runner-mode-dind.pod-volumes" -}}
--- a/charts/gha-runner-scale-set-experimental/tests/autoscaling_runner_set_dind_mode_spec_test.yaml
+++ b/charts/gha-runner-scale-set-experimental/tests/autoscaling_runner_set_dind_mode_spec_test.yaml
@ -340,3 +340,83 @@ tests:
          content:
            name: cache
            emptyDir: {}
+
+  - it: should apply dind.container passthrough container fields
+    set:
+      scaleset.name: "test"
+      auth.url: "https://github.com/org"
+      auth.githubToken: "gh_token12345"
+      controllerServiceAccount.name: "arc"
+      controllerServiceAccount.namespace: "arc-system"
+      runner:
+        mode: "dind"
+        dind:
+          container:
+            imagePullPolicy: IfNotPresent
+            tty: true
+            resources:
+              requests:
+                cpu: 100m
+                memory: 128Mi
+              limits:
+                cpu: 500m
+                memory: 512Mi
+            env:
+              - name: EXTRA_ENV
+                value: EXTRA_VALUE
+            volumeMounts:
+              - name: cache
+                mountPath: /cache
+    release:
+      name: "test-name"
+      namespace: "test-namespace"
+    asserts:
+      - equal:
+          path: spec.template.spec.initContainers[1].imagePullPolicy
+          value: IfNotPresent
+      - equal:
+          path: spec.template.spec.initContainers[1].tty
+          value: true
+      - equal:
+          path: spec.template.spec.initContainers[1].resources.requests.cpu
+          value: 100m
+      - equal:
+          path: spec.template.spec.initContainers[1].resources.requests.memory
+          value: 128Mi
+      - equal:
+          path: spec.template.spec.initContainers[1].resources.limits.cpu
+          value: 500m
+      - equal:
+          path: spec.template.spec.initContainers[1].resources.limits.memory
+          value: 512Mi
+      - contains:
+          path: spec.template.spec.initContainers[1].env
+          content:
+            name: EXTRA_ENV
+            value: EXTRA_VALUE
+      - contains:
+          path: spec.template.spec.initContainers[1].volumeMounts
+          content:
+            name: cache
+            mountPath: /cache
+
+  - it: should fail when runner.dind.container.volumes is provided
+    set:
+      scaleset.name: "test"
+      auth.url: "https://github.com/org"
+      auth.githubToken: "gh_token12345"
+      controllerServiceAccount.name: "arc"
+      controllerServiceAccount.namespace: "arc-system"
+      runner:
+        mode: "dind"
+        dind:
+          container:
+            volumes:
+              - name: cache
+                emptyDir: {}
+    release:
+      name: "test-name"
+      namespace: "test-namespace"
+    asserts:
+      - failedTemplate:
+          errorMessage: runner.dind.container.volumes is not supported; use runner.pod.spec.volumes
--- a/charts/gha-runner-scale-set-experimental/values.yaml
+++ b/charts/gha-runner-scale-set-experimental/values.yaml
@ -185,12 +185,21 @@ runner:
    command: ["/home/runner/run.sh"]

  dind:
+    # If official runner image is used, or the dind image doesn't contain
+    # assets from the /home/runner/externals directory, copy externals
+    # starts the init container whose purpose is to prepare the environment
+    # for the dind container.
    copyExternals: true
    dockerGroupId: "123"
    dockerSock: "unix:///var/run/docker.sock"
    waitForDockerInSeconds: 120
    container:
      image: "docker:dind"
+      # Additional container fields are passed through as-is (e.g. resources, imagePullPolicy, ports, etc.)
+      # env: []
+      # volumeMounts: []
+      # args: [] # overrides the chart-generated dockerd args
+      # startupProbe: {} # overrides the chart-generated startupProbe

  kubernetesMode:
    serviceAccountName: ""