add hook template

2024-05-02 23:46:48 +02:00 · 2024-05-02 23:46:48 +02:00 · f8391c53e6
parent a1b8e0cc3d
commit f8391c53e6
4 changed files with 60 additions and 0 deletions
--- a/charts/gha-runner-scale-set/templates/_helpers.tpl
+++ b/charts/gha-runner-scale-set/templates/_helpers.tpl
@ -66,6 +66,10 @@ app.kubernetes.io/instance: {{ include "gha-runner-scale-set.scale-set-name" . }
  {{- end }}
 {{- end }}

+{{- define "gha-runner-scale-set.hookTemplate" -}}
+{{- include "gha-runner-scale-set.fullname" . }}-hook-template
+{{- end }}
+
 {{- define "gha-runner-scale-set.noPermissionServiceAccountName" -}}
 {{- include "gha-runner-scale-set.fullname" . }}-no-permission
 {{- end }}
@ -170,6 +174,12 @@ volumeMounts:
  {{- end }}
 {{- end }}

+{{- define "gha-runner-scale-set.hook-template-volume" -}}
+- name: hook-template
+  configMap:
+    name: {{ include "gha-runner-scale-set.hookTemplate" . }}
+{{- end }}
+
 {{- define "gha-runner-scale-set.non-runner-containers" -}}
  {{- range $i, $container := .Values.template.spec.containers }}
    {{- if ne $container.name "runner" }}
@ -277,6 +287,7 @@ volumeMounts:

 {{- define "gha-runner-scale-set.kubernetes-mode-runner-container" -}}
 {{- $tlsConfig := (default (dict) .Values.githubServerTLS) }}
+{{- $hookTemplate := .Values.hookTemplate }}
 {{- range $i, $container := .Values.template.spec.containers }}
  {{- if eq $container.name "runner" }}
    {{- range $key, $val := $container }}
@ -341,6 +352,10 @@ env:
    {{- if $tlsConfig.runnerMountPath }}
      {{- $mountGitHubServerTLS = 1 }}
    {{- end }}
+    {{- if $hookTemplate }}
+  - name: ACTIONS_RUNNER_CONTAINER_HOOK_TEMPLATE
+    value: /home/runner/hookTemplate.yaml
+    {{- end }}
 volumeMounts:
    {{- with $container.volumeMounts }}
      {{- range $i, $volMount := . }}
@ -362,6 +377,12 @@ volumeMounts:
    mountPath: {{ clean (print $tlsConfig.runnerMountPath "/" $tlsConfig.certificateFrom.configMapKeyRef.key) }}
    subPath: {{ $tlsConfig.certificateFrom.configMapKeyRef.key }}
    {{- end }}
+    {{- if $hookTemplate }}
+  - name: hook-template
+    mountPath: /home/runner/hookTemplate.yaml
+    subPath: hookTemplate.yaml
+    readOnly: true
+    {{- end }}
  {{- end }}
 {{- end }}
 {{- end }}
--- a/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml
+++ b/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml
@ -158,6 +158,7 @@ spec:
        {{- else if eq $containerMode.type "kubernetes" }}
          {{- include "gha-runner-scale-set.kubernetes-mode-work-volume" . | nindent 6 }}
          {{- include "gha-runner-scale-set.non-work-volumes" . | nindent 6 }}
+          {{- include "gha-runner-scale-set.hook-template-volume" . | nindent 6 }}
        {{- else }}
          {{- with .Values.template.spec.volumes }}
        {{- toYaml . | nindent 6 }}
--- a/charts/gha-runner-scale-set/templates/kube_mode_pod_template.yaml
+++ b/charts/gha-runner-scale-set/templates/kube_mode_pod_template.yaml
@ -0,0 +1,14 @@
+{{- if (.Values.hookTemplate) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "gha-runner-scale-set.hookTemplate" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "gha-runner-scale-set.labels" . | nindent 4 }}
+  finalizers:
+    - actions.github.com/cleanup-protection
+data:
+  hookTemplate.yaml:
+    {{- .Values.hookTemplate | toYaml | nindent 4 -}}
+{{- end}}
--- a/charts/gha-runner-scale-set/values.yaml
+++ b/charts/gha-runner-scale-set/values.yaml
@ -87,6 +87,17 @@ githubConfigSecret:
 #         storage: 1Gi
 #   kubernetesModeServiceAccount:
 #     annotations:
+#
+#   ## PodTemplate
+#   podTemplate:
+#     metadata:
+#       labels:
+#         app: runner-pod-template
+#     template:
+#       spec:
+#         securityContext:
+#           runAsUser: 1001
+#           runAsGroup: 123

 ## listenerTemplate is the PodSpec for each listener Pod
 ## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec
@ -192,6 +203,19 @@ template:
        image: ghcr.io/actions/actions-runner:latest
        command: ["/home/runner/run.sh"]

+## hookTemplate is the podTemplate definition of the worker in containerMode.type=kubernetes
+## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-template-v1/#PodTemplate
+# hookTemplate:
+#   apiVersion: v1
+#   kind: PodTemplate
+#   spec:
+#     containers:
+#     - name: $job
+#       resources:
+#         requests:
+#           cpu: 32
+#           memory: 32Gi
+
 ## Optional controller service account that needs to have required Role and RoleBinding
 ## to operate this gha-runner-scale-set installation.
 ## The helm chart will try to find the controller deployment and its service account at installation time.