* Changed folder structure to allow multi group registration
* included actions.github.com directory for resources and controllers
* updated go module to actions/actions-runner-controller
* publish arc packages under actions-runner-controller
* Update charts/actions-runner-controller/docs/UPGRADING.md
Co-authored-by: Yusuke Kuoka <ykuoka@gmail.com>
* runner: Expose dind runner dockerd logs via stdout/stderr
We've been letting supervisord to run dockerd within the dind runner container presuming it would avoid producing zombie processes. However we used dumb-init to wrap supervisord to wrap dockerd. In this picture supervisord might be unnecessary and dumb-init is actually a correct pid 0 for containers.
Rmoving supervisord removes this unnecessary complexity, while saving a little memory, and more importantly logs from dockerd is exposed via stdout/stderr of the container for easy access from kubectl-logs, fluentd, and so on.
* feat: dind-rootless 22.04 runner
* runner: Bring back packages needed by rootlesskit
* e2e: Update E2E buildvars with ubuntu 22.04 dockerfiles
* feat: use new uid for runner user
* e2e: Make it possible to inject ubuntu version via envvar for actiosn-runner-dind image
* doc: Use fsGroup=1001 for IRSA on Ubuntu 22.04 runner
Co-authored-by: toast-gear <toast-gear@users.noreply.github.com>
Co-authored-by: Yusuke Kuoka <ykuoka@gmail.com>
* ci: prepare ci for multiple runners
* chore: rename dockerfiles
* chore: sup multiple os in makefile
* chore: changes to support multiple versions
* chore: remove test for TARGETPLATFORM
* chore: fixes and add individual targets
* ci: add latest tag back in
* ci: remove latest suffix tag
Co-authored-by: toast-gear <toast-gear@users.noreply.github.com>
* feat: clean and add docker-compose
* feat: make docker compose download arch aware
* fix: use new ARG name
* fix: correct case in url
* ci: add some debug output to workflow
* ci: add ARG for docker
* fix: various fixes
* chore: more alignment changes
* chore: use /usr/bin over /usr/local/bin
* chore: more logical order
* fix: add recursive flag
* chore: actions/runner stuff with actions/runner
* ci: bump checkout to latest
* fix: rootless build
Co-authored-by: toast-gear <toast-gear@users.noreply.github.com>
Co-authored-by: Yusuke Kuoka <ykuoka@gmail.com>
By default `sudo` drops all environment variables and executes its commands with a clean environment. This is by design, but for the `DEBIAN_FRONTEND` environment variable it is not what we want, since it results in installers being interactive. This adds the `env_keep` instruction to `/etc/sudoers` to keep `DEBIAN_FRONTEND` with its `noninteractive` value, and thus pass it on to commands that care about it. Note that this makes no difference in our builds, because we are running them directly as `root`. However, for users of our image this is going to make a difference, since they start out as `runner` and have to use `sudo`.
Co-authored-by: Fleshgrinder <fleshgrinder@users.noreply.github.com>
* Allow to set docker default address pool
* fixup! Allow to set docker default address pool
Signed-off-by: Yusuke Kuoka <ykuoka@gmail.com>
* Revert unnecessary chart ver bump
* Update docs for DOCKER_DEFAULT_ADDRESS_POOL_*
* Fix the dockerd default address pool scripts to actually work as probably intended
* Update the E2E testdata runnerdeployment to accomodate the new docker default addr pool options
* Correct default dockerd addr pool doc
Signed-off-by: Yusuke Kuoka <ykuoka@gmail.com>
Co-authored-by: Claudio Vellage <claudio.vellage@pm.me>
Co-authored-by: Yusuke Kuoka <ykuoka@gmail.com>
* Fix permission issue when you use PV for rootless dind cache
This fixes the said issue I have found while testing #1759.
Signed-off-by: Yusuke Kuoka <ykuoka@gmail.com>
While testing #1759, I found an issue in the rootless dind entrypoint that it was not respecting the configured MTU for dind docker due to a permission issue. This fixes that.
It turned out too hard to debug configuration issues on the rootless dind daemon as it was not writing any logs to stdout/stderr of the container. This fixes that, so that any rootless dind configuration or startup errors are visible in e.g. the kubectl-logs output.
I am about to revisit #1517, #1454, #1561, and #1560 as a part of our on-going effort for a major enhancement to the runner entrypoints being made in #1759.
This change updates and reintroduces #1517 contributed by @CASABECI in a way it becomes applicable to today's code-base.
* feat: Add container to propagate host network MTU
Some network environments use non-standard MTU values. In these
situations, the `DockerMTU` setting might be used to specify the MTU
setting for the `bridge` network created by Docker. However, when the
Github Actions workflow creates networks, it doesn't propagate the
`bridge` network MTU which can lead to `connection reset by peer`
messages.
To overcome this, I've created a new docker image called
`summerwind/actions-runner-mtu` that shims the docker binary in order to
propagate the MTU setting to networks created by Github workflows.
This is a follow-up on the discussion in
(#1046)[https://github.com/actions-runner-controller/actions-runner-controller/issues/1046]
and uses a separate image since there might be some unintended
side-effects with this approach.
* fixup! feat: Add container to propagate host network MTU
Co-authored-by: Yusuke Kuoka <ykuoka@gmail.com>
* feat: allow to discover runner statuses
* fix manifests
* Bump runner version to 2.289.1 which includes the hooks support
* Add feedback from review
* Update reference to newRunnerPod
* Fix TestNewRunnerPodFromRunnerController and make hooks file names job specific
* Fix additional TestNewRunnerPod test
* Cover additional feedback from review
* fix rbac manager role
* Add permissions to service account for container mode if not provided
* Rename flag to runner.statusUpdateHook.enabled and fix needsServiceAccount
Co-authored-by: Yusuke Kuoka <ykuoka@gmail.com>
* chore: move HOME to more logical place
* chore: don't break the PATH
* chore: don't break the PATH
Co-authored-by: toast-gear <toast-gear@users.noreply.github.com>
* Runner Entrypoint: fix daemon.json
Do not owerwrite daemon.json if it already exists.
Usage: custom images, which are using public image as source.
* Update runner/startup.sh
Co-authored-by: Callum Tait <15716903+toast-gear@users.noreply.github.com>
Co-authored-by: Callum Tait <15716903+toast-gear@users.noreply.github.com>
* added containerMode=kubernetes env variables to the runner
* removed unused logging
* restored configs and charts
* restored makefile cert version and acceptance/run
* added workVolumeClaimTemplate in pod definition, including logic
* added claim template name based on the runner
* Apply suggestions from code review
update errors
* added concurrent cleanup before runner pod is deleted
* update manifests
* added retry after 30s if pod cleanup contains err
* added admission webhook check, made workVolumeClaimTemplate mandatory for k8s
* style changes and added comments
* added izZero timestamp check for deleting runner-linked pods
* changed order of local variable to avoid copy if p is deleted
* removed docker from container mode k8s
* restored charts, config, makefile
* restored forked files back and not the ARC ones
* created PersistentVolume on containerMode k8s
* create pv only if storage class name is local-storage
* removed actions if storage class name is local-storage
* added service account validation if container mode kubernetes
* changed the coding style to match rest of the ARC
* added validation to the runnerdeployment webhook
* specified fields more precisely, added webhook validation to the replicaset as well
* remake manifests
* wraped delete runner-linked-pods in kube mode
* fixed empty line
* fixed import
* makefile changes for hooks
* added cleanup secrets
* create manifests
* docs
* update access modes
* update dockerfile
* nit changes
* fixed dockerfile
* rewrite allowing reuse for runners and runnersets
* deepcopy forgot to stage
* changed privileged
* make manifests
* partly moved to finalizer, still need to apply finalizer first
* finalizer added if env variable used in container mode exists
* bump runner version
* error message moved from Error to Info on cleanup pods/secrets
* removed useless dereferencing, added transformation tests of workVolumeClaimTemplate
* Apply suggestions from code review
* Update controllers/utils_test.go
Co-authored-by: Thomas Boop <52323235+thboop@users.noreply.github.com>
* Update controllers/utils_test.go
Co-authored-by: Thomas Boop <52323235+thboop@users.noreply.github.com>
* add hook version to cli, update to 0.1.2
* Apply suggestions from code review
* Update controllers/utils_test.go
* Update runner/Makefile
* Fix missing secret permission and the error handling
* Fix a runnerpod reconciler finalizer to not trigger unnecessary retry
Co-authored-by: Nikola Jokic <nikola-jokic@github.com>
Co-authored-by: Nikola Jokic <97525037+nikola-jokic@users.noreply.github.com>
Co-authored-by: Yusuke Kuoka <ykuoka@gmail.com>
Bassem Dghaidi
Stephane Moser
Nikola Jokic
Yusuke Kuoka
Callum Tait
Igor Sarkisov
Richard Fussenegger
Claudio Vellage
renovate[bot]
Tiago Melo
Frederic MARTIN
David Girón
Natalie Somersall
k.bigwheel (kazufumi nishida)
Giovanni Barillari
Felipe Galindo Sanchez
Vladyslav Miletskyi
Thomas Boop