0386c0734c
* added containerMode=kubernetes env variables to the runner * removed unused logging * restored configs and charts * restored makefile cert version and acceptance/run * added workVolumeClaimTemplate in pod definition, including logic * added claim template name based on the runner * Apply suggestions from code review update errors * added concurrent cleanup before runner pod is deleted * update manifests * added retry after 30s if pod cleanup contains err * added admission webhook check, made workVolumeClaimTemplate mandatory for k8s * style changes and added comments * added izZero timestamp check for deleting runner-linked pods * changed order of local variable to avoid copy if p is deleted * removed docker from container mode k8s * restored charts, config, makefile * restored forked files back and not the ARC ones * created PersistentVolume on containerMode k8s * create pv only if storage class name is local-storage * removed actions if storage class name is local-storage * added service account validation if container mode kubernetes * changed the coding style to match rest of the ARC * added validation to the runnerdeployment webhook * specified fields more precisely, added webhook validation to the replicaset as well * remake manifests * wraped delete runner-linked-pods in kube mode * fixed empty line * fixed import * makefile changes for hooks * added cleanup secrets * create manifests * docs * update access modes * update dockerfile * nit changes * fixed dockerfile * rewrite allowing reuse for runners and runnersets * deepcopy forgot to stage * changed privileged * make manifests * partly moved to finalizer, still need to apply finalizer first * finalizer added if env variable used in container mode exists * bump runner version * error message moved from Error to Info on cleanup pods/secrets * removed useless dereferencing, added transformation tests of workVolumeClaimTemplate * Apply suggestions from code review * Update controllers/utils_test.go Co-authored-by: Thomas Boop <52323235+thboop@users.noreply.github.com> * Update controllers/utils_test.go Co-authored-by: Thomas Boop <52323235+thboop@users.noreply.github.com> * add hook version to cli, update to 0.1.2 * Apply suggestions from code review * Update controllers/utils_test.go * Update runner/Makefile * Fix missing secret permission and the error handling * Fix a runnerpod reconciler finalizer to not trigger unnecessary retry Co-authored-by: Nikola Jokic <nikola-jokic@github.com> Co-authored-by: Nikola Jokic <97525037+nikola-jokic@users.noreply.github.com> Co-authored-by: Yusuke Kuoka <ykuoka@gmail.com> |
||
|---|---|---|
| .. | ||
| ci | ||
| crds | ||
| docs | ||
| templates | ||
| .helmignore | ||
| Chart.yaml | ||
| README.md | ||
| values.yaml | ||
README.md
Docs
All additional docs are kept in the docs/ folder, this README is solely for documenting the values.yaml keys and values
Values
The values are documented as of HEAD, to review the configuration options for your chart version ensure you view this file at the relevant tag
Default values are the defaults set in the charts
values.yaml, some properties have default configurations in the code for when the property is omitted or invalid
| Key | Description | Default |
|---|---|---|
labels |
Set labels to apply to all resources in the chart | |
replicaCount |
Set the number of controller pods | 1 |
webhookPort |
Set the containerPort for the webhook Pod | 9443 |
syncPeriod |
Set the period in which the controler reconciles the desired runners count | 10m |
enableLeaderElection |
Enable election configuration | true |
leaderElectionId |
Set the election ID for the controller group | |
githubEnterpriseServerURL |
Set the URL for a self-hosted GitHub Enterprise Server | |
githubURL |
Override GitHub URL to be used for GitHub API calls | |
githubUploadURL |
Override GitHub Upload URL to be used for GitHub API calls | |
runnerGithubURL |
Override GitHub URL to be used by runners during registration | |
logLevel |
Set the log level of the controller container | |
additionalVolumes |
Set additional volumes to add to the manager container | |
additionalVolumeMounts |
Set additional volume mounts to add to the manager container | |
authSecret.create |
Deploy the controller auth secret | false |
authSecret.name |
Set the name of the auth secret | controller-manager |
authSecret.annotations |
Set annotations for the auth Secret | |
authSecret.github_app_id |
The ID of your GitHub App. This can't be set at the same time as authSecret.github_token |
|
authSecret.github_app_installation_id |
The ID of your GitHub App installation. This can't be set at the same time as authSecret.github_token |
|
authSecret.github_app_private_key |
The multiline string of your GitHub App's private key. This can't be set at the same time as authSecret.github_token |
|
authSecret.github_token |
Your chosen GitHub PAT token. This can't be set at the same time as the authSecret.github_app_* |
|
authSecret.github_basicauth_username |
Username for GitHub basic auth to use instead of PAT or GitHub APP in case it's running behind a proxy API | |
authSecret.github_basicauth_password |
Password for GitHub basic auth to use instead of PAT or GitHub APP in case it's running behind a proxy API | |
dockerRegistryMirror |
The default Docker Registry Mirror used by runners. | |
hostNetwork |
The "hostNetwork" of the controller container | false |
image.repository |
The "repository/image" of the controller container | summerwind/actions-runner-controller |
image.tag |
The tag of the controller container | |
image.actionsRunnerRepositoryAndTag |
The "repository/image" of the actions runner container | summerwind/actions-runner:latest |
image.actionsRunnerImagePullSecrets |
Optional image pull secrets to be included in the runner pod's ImagePullSecrets | |
image.dindSidecarRepositoryAndTag |
The "repository/image" of the dind sidecar container | docker:dind |
image.pullPolicy |
The pull policy of the controller image | IfNotPresent |
metrics.serviceMonitor |
Deploy serviceMonitor kind for for use with prometheus-operator CRDs | false |
metrics.serviceAnnotations |
Set annotations for the provisioned metrics service resource | |
metrics.port |
Set port of metrics service | 8443 |
metrics.proxy.enabled |
Deploy kube-rbac-proxy container in controller pod | true |
metrics.proxy.image.repository |
The "repository/image" of the kube-proxy container | quay.io/brancz/kube-rbac-proxy |
metrics.proxy.image.tag |
The tag of the kube-proxy image to use when pulling the container | v0.10.0 |
metrics.serviceMonitorLabels |
Set labels to apply to ServiceMonitor resources | |
imagePullSecrets |
Specifies the secret to be used when pulling the controller pod containers | |
fullnameOverride |
Override the full resource names | |
nameOverride |
Override the resource name prefix | |
serviceAccount.annotations |
Set annotations to the service account | |
serviceAccount.create |
Deploy the controller pod under a service account | true |
podAnnotations |
Set annotations for the controller pod | |
podLabels |
Set labels for the controller pod | |
serviceAccount.name |
Set the name of the service account | |
securityContext |
Set the security context for each container in the controller pod | |
podSecurityContext |
Set the security context to controller pod | |
service.annotations |
Set annotations for the provisioned webhook service resource | |
service.port |
Set controller service ports | |
service.type |
Set controller service type | |
topologySpreadConstraints |
Set the controller pod topologySpreadConstraints | |
nodeSelector |
Set the controller pod nodeSelector | |
resources |
Set the controller pod resources | |
affinity |
Set the controller pod affinity rules | |
podDisruptionBudget.enabled |
Enables a PDB to ensure HA of controller pods | false |
podDisruptionBudget.minAvailable |
Minimum number of pods that must be available after eviction | |
podDisruptionBudget.maxUnavailable |
Maximum number of pods that can be unavailable after eviction. Kubernetes 1.7+ required. | |
tolerations |
Set the controller pod tolerations | |
env |
Set environment variables for the controller container | |
priorityClassName |
Set the controller pod priorityClassName | |
scope.watchNamespace |
Tells the controller and the github webhook server which namespace to watch if scope.singleNamespace is true |
Release.Namespace (the default namespace of the helm chart). |
scope.singleNamespace |
Limit the controller to watch a single namespace | false |
certManagerEnabled |
Enable cert-manager. If disabled you must set admissionWebHooks.caBundle and create TLS secrets manually | true |
admissionWebHooks.caBundle |
Base64-encoded PEM bundle containing the CA that signed the webhook's serving certificate | |
githubWebhookServer.logLevel |
Set the log level of the githubWebhookServer container | |
githubWebhookServer.replicaCount |
Set the number of webhook server pods | 1 |
githubWebhookServer.useRunnerGroupsVisibility |
Enable supporting runner groups with custom visibility. This will incur in extra API calls and may blow up your budget. Currently, you also need to set githubWebhookServer.secret.enabled to enable this feature. |
false |
githubWebhookServer.syncPeriod |
Set the period in which the controller reconciles the resources | 10m |
githubWebhookServer.enabled |
Deploy the webhook server pod | false |
githubWebhookServer.secret.enabled |
Passes the webhook hook secret to the github-webhook-server | false |
githubWebhookServer.secret.create |
Deploy the webhook hook secret | false |
githubWebhookServer.secret.name |
Set the name of the webhook hook secret | github-webhook-server |
githubWebhookServer.secret.github_webhook_secret_token |
Set the webhook secret token value | |
githubWebhookServer.imagePullSecrets |
Specifies the secret to be used when pulling the githubWebhookServer pod containers | |
githubWebhookServer.nameOverride |
Override the resource name prefix | |
githubWebhookServer.fullnameOverride |
Override the full resource names | |
githubWebhookServer.serviceAccount.create |
Deploy the githubWebhookServer under a service account | true |
githubWebhookServer.serviceAccount.annotations |
Set annotations for the service account | |
githubWebhookServer.serviceAccount.name |
Set the service account name | |
githubWebhookServer.podAnnotations |
Set annotations for the githubWebhookServer pod | |
githubWebhookServer.podLabels |
Set labels for the githubWebhookServer pod | |
githubWebhookServer.podSecurityContext |
Set the security context to githubWebhookServer pod | |
githubWebhookServer.securityContext |
Set the security context for each container in the githubWebhookServer pod | |
githubWebhookServer.resources |
Set the githubWebhookServer pod resources | |
githubWebhookServer.topologySpreadConstraints |
Set the githubWebhookServer pod topologySpreadConstraints | |
githubWebhookServer.nodeSelector |
Set the githubWebhookServer pod nodeSelector | |
githubWebhookServer.tolerations |
Set the githubWebhookServer pod tolerations | |
githubWebhookServer.affinity |
Set the githubWebhookServer pod affinity rules | |
githubWebhookServer.priorityClassName |
Set the githubWebhookServer pod priorityClassName | |
githubWebhookServer.service.type |
Set githubWebhookServer service type | |
githubWebhookServer.service.ports |
Set githubWebhookServer service ports | [{"port":80, "targetPort:"http", "protocol":"TCP", "name":"http"}] |
githubWebhookServer.ingress.enabled |
Deploy an ingress kind for the githubWebhookServer | false |
githubWebhookServer.ingress.annotations |
Set annotations for the ingress kind | |
githubWebhookServer.ingress.hosts |
Set hosts configuration for ingress | [{"host": "chart-example.local", "paths": []}] |
githubWebhookServer.ingress.tls |
Set tls configuration for ingress | |
githubWebhookServer.ingress.ingressClassName |
Set ingress class name | |
githubWebhookServer.podDisruptionBudget.enabled |
Enables a PDB to ensure HA of githubwebhook pods | false |
githubWebhookServer.podDisruptionBudget.minAvailable |
Minimum number of pods that must be available after eviction | |
githubWebhookServer.podDisruptionBudget.maxUnavailable |
Maximum number of pods that can be unavailable after eviction. Kubernetes 1.7+ required. |