From fe64850d3dab2a9c1e7a4d9f70cd02d02dbf1a97 Mon Sep 17 00:00:00 2001 From: Yusuke Kuoka Date: Tue, 14 Sep 2021 08:23:55 +0000 Subject: [PATCH] Document and values.yaml updates for leader election customization Follow-up for #806 --- README.md | 9 ++++++++- .../actions-runner-controller/templates/deployment.yaml | 6 +++--- charts/actions-runner-controller/values.yaml | 9 ++++----- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index e9aa4652..f09b1309 100644 --- a/README.md +++ b/README.md @@ -216,7 +216,14 @@ By default the controller will look for runners in all namespaces, the watch nam This feature is configured via the controller `--watch-namespace` flag. When a namespace is provided via this flag the controller will only monitor runners in that namespace. -If you plan on installing all instances of the controller stack into a single namespace you will need to make the names of the resources are unique for each stack. In the case of Helm this can be done via the `fullnameOverride` properties. Alternatively, you can install each controller stack into its own unique namespace (relative to other controller stacks in the cluster), avoiding the need to uniquely prefix resources. +If you plan on installing all instances of the controller stack into a single namespace you will need to make the names of the resources are unique for each stack. In the case of Helm this can be done by giving each a unique release name, or via the `fullnameOverride` properties. + +Alternatively, you can install each controller stack into its own unique namespace (relative to other controller stacks in the cluster), avoiding the need to uniquely prefix resources. + +When you go to the route of sharing the namespace while giving each a unique Helm release name, you must also ensure the following values are configured correctly: + +- `authSecret.name` needs be unique per stack when each stack is tied to runners in different GitHub organizations and repositories AND you want your GitHub credentials to narrowly scoped. +- `leaderElectionId` needs to be unique per stack. Otherwise, all the stack tries to race onto the leader election lock and results in only one stack can work concurrently. ## Usage diff --git a/charts/actions-runner-controller/templates/deployment.yaml b/charts/actions-runner-controller/templates/deployment.yaml index e0384b75..b15ff98f 100644 --- a/charts/actions-runner-controller/templates/deployment.yaml +++ b/charts/actions-runner-controller/templates/deployment.yaml @@ -37,11 +37,11 @@ spec: {{- $metricsHost := .Values.metrics.proxy.enabled | ternary "127.0.0.1" "0.0.0.0" }} {{- $metricsPort := .Values.metrics.proxy.enabled | ternary "8080" .Values.metrics.port }} - "--metrics-addr={{ $metricsHost }}:{{ $metricsPort }}" - {{- if .Values.controller.enableLeaderElection }} + {{- if .Values.enableLeaderElection }} - "--enable-leader-election" {{- end }} - {{- if .Values.controller.leaderElectionId }} - - "--leader-election-id={{ .Values.controller.leaderElectionId }}" + {{- if .Values.leaderElectionId }} + - "--leader-election-id={{ .Values.leaderElectionId }}" {{- end }} - "--sync-period={{ .Values.syncPeriod }}" - "--docker-image={{ .Values.image.dindSidecarRepositoryAndTag }}" diff --git a/charts/actions-runner-controller/values.yaml b/charts/actions-runner-controller/values.yaml index 3dbe4309..f4ff7637 100644 --- a/charts/actions-runner-controller/values.yaml +++ b/charts/actions-runner-controller/values.yaml @@ -8,11 +8,10 @@ replicaCount: 1 syncPeriod: 10m -controller: - enableLeaderElection: true - # Specifies the controller id for leader election. - # Must be unique if more than one controller installed. - #leaderElectionId: "actions-runner-controller" +enableLeaderElection: true +# Specifies the controller id for leader election. +# Must be unique if more than one controller installed onto the same namespace. +#leaderElectionId: "actions-runner-controller" # The controller tries its best not to repeat the duplicate GitHub API call # within this duration.