Introduce new helm charts for the preview auto-scaling mode for ARC. (#2168)

charts/auto-scaling-runner-set/templates/NOTES.txt

@@ -0,0 +1,3 @@
+Thank you for installing {{ .Chart.Name }}.
+
+Your release is named {{ .Release.Name }}.

charts/auto-scaling-runner-set/templates/_helpers.tpl

@@ -0,0 +1,313 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "auto-scaling-runner-set.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "auto-scaling-runner-set.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "auto-scaling-runner-set.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "auto-scaling-runner-set.labels" -}}
+helm.sh/chart: {{ include "auto-scaling-runner-set.chart" . }}
+{{ include "auto-scaling-runner-set.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "auto-scaling-runner-set.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "auto-scaling-runner-set.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{- define "auto-scaling-runner-set.githubsecret" -}}
+{{- include "auto-scaling-runner-set.fullname" . }}-github-secret
+{{- end }}
+
+{{- define "auto-scaling-runner-set.noPermissionServiceAccountName" -}}
+{{- include "auto-scaling-runner-set.fullname" . }}-no-permission-service-account
+{{- end }}
+
+{{- define "auto-scaling-runner-set.kubeModeRoleName" -}}
+{{- include "auto-scaling-runner-set.fullname" . }}-kube-mode-role
+{{- end }}
+
+{{- define "auto-scaling-runner-set.kubeModeServiceAccountName" -}}
+{{- include "auto-scaling-runner-set.fullname" . }}-kube-mode-service-account
+{{- end }}
+
+{{- define "auto-scaling-runner-set.dind-init-container" -}}
+{{- range $i, $val := .Values.template.spec.containers -}}
+{{- if eq $val.name "runner" -}}
+image: {{ $val.image }}
+{{- if $val.imagePullSecrets }}
+imagePullSecrets:
+  {{ $val.imagePullSecrets | toYaml -}}
+{{- end }}
+command: ["cp"]
+args: ["-r", "-v", "/actions-runner/externals/.", "/actions-runner/tmpDir/"]
+volumeMounts:
+  - name: dind-externals
+    mountPath: /actions-runner/tmpDir
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "auto-scaling-runner-set.dind-container" -}}
+image: docker:dind
+securityContext:
+  privileged: true
+volumeMounts:
+  - name: work
+    mountPath: /actions-runner/_work
+  - name: dind-cert
+    mountPath: /certs/client
+  - name: dind-externals
+    mountPath: /actions-runner/externals
+{{- end }}
+
+{{- define "auto-scaling-runner-set.dind-volume" -}}
+- name: dind-cert
+  emptyDir: {}
+- name: dind-externals
+  emptyDir: {}
+{{- end }}
+
+{{- define "auto-scaling-runner-set.dind-work-volume" -}}
+{{- $createWorkVolume := 1 }}
+  {{- range $i, $volume := .Values.template.spec.volumes }}
+    {{- if eq $volume.name "work" }}
+      {{- $createWorkVolume = 0 -}}
+- name: work
+      {{- range $key, $val := $volume }}
+        {{- if ne $key "name" }}
+  {{ $key }}: {{ $val }}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  {{- if eq $createWorkVolume 1 }}
+- name: work
+  emptyDir: {}
+  {{- end }}
+{{- end }}
+
+{{- define "auto-scaling-runner-set.kubernetes-mode-work-volume" -}}
+{{- $createWorkVolume := 1 }}
+  {{- range $i, $volume := .Values.template.spec.volumes }}
+    {{- if eq $volume.name "work" }}
+      {{- $createWorkVolume = 0 -}}
+- name: work
+      {{- range $key, $val := $volume }}
+        {{- if ne $key "name" }}
+  {{ $key }}: {{ $val }}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  {{- if eq $createWorkVolume 1 }}
+- name: work
+  ephemeral:
+    volumeClaimTemplate:
+      spec:
+        {{- .Values.containerMode.kubernetesModeWorkVolumeClaim | toYaml | nindent 8 }}
+  {{- end }}
+{{- end }}
+
+{{- define "auto-scaling-runner-set.non-work-volumes" -}}
+  {{- range $i, $volume := .Values.template.spec.volumes }}
+    {{- if ne $volume.name "work" }}
+- name: {{ $volume.name }}
+      {{- range $key, $val := $volume }}
+        {{- if ne $key "name" }}
+  {{ $key }}: {{ $val }}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+{{- end }}
+
+{{- define "auto-scaling-runner-set.non-runner-containers" -}}
+  {{- range $i, $container := .Values.template.spec.containers -}}
+    {{- if ne $container.name "runner" -}}
+- name: {{ $container.name }}
+      {{- range $key, $val := $container }}
+        {{- if ne $key "name" }}
+  {{ $key }}: {{ $val }}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+{{- end }}
+
+{{- define "auto-scaling-runner-set.dind-runner-container" -}}
+{{- range $i, $container := .Values.template.spec.containers -}}
+  {{- if eq $container.name "runner" -}}
+    {{- range $key, $val := $container }}
+      {{- if and (ne $key "env") (ne $key "volumeMounts") (ne $key "name") }}
+{{ $key }}: {{ $val }}
+      {{- end }}
+    {{- end }}
+    {{- $setDockerHost := 1 }}
+    {{- $setDockerTlsVerify := 1 }}
+    {{- $setDockerCertPath := 1 }}
+env:
+    {{- with $container.env }}
+      {{- range $i, $env := . }}
+        {{- if eq $env.name "DOCKER_HOST" }}
+          {{- $setDockerHost = 0 -}}
+        {{- end }}
+        {{- if eq $env.name "DOCKER_TLS_VERIFY" }}
+          {{- $setDockerTlsVerify = 0 -}}
+        {{- end }}
+        {{- if eq $env.name "DOCKER_CERT_PATH" }}
+          {{- $setDockerCertPath = 0 -}}
+        {{- end }}
+  - name: {{ $env.name }}
+        {{- range $envKey, $envVal := $env }}
+          {{- if ne $envKey "name" }}
+    {{ $envKey }}: {{ $envVal | toYaml | nindent 8 }}
+          {{- end }}
+        {{- end }}
+      {{- end }}
+      {{- if $setDockerHost }}
+  - name: DOCKER_HOST
+    value: tcp://localhost:2376
+      {{- end }}
+      {{- if $setDockerTlsVerify }}
+  - name: DOCKER_TLS_VERIFY
+    value: "1"
+      {{- end }}
+      {{- if $setDockerCertPath }}
+  - name: DOCKER_CERT_PATH
+    value: /certs/client
+      {{- end }}
+    {{- end }}
+    {{- $mountWork := 1 }}
+    {{- $mountDindCert := 1 }}
+volumeMounts:
+    {{- with $container.volumeMounts }}
+      {{- range $i, $volMount := . }}
+        {{- if eq $volMount.name "work" }}
+          {{- $mountWork = 0 -}}
+        {{- end }}
+        {{- if eq $volMount.name "dind-cert" }}
+          {{- $mountDindCert = 0 -}}
+        {{- end }}
+  - name: {{ $volMount.name }}
+        {{- range $mountKey, $mountVal := $volMount }}
+          {{- if ne $mountKey "name" }}
+    {{ $mountKey }}: {{ $mountVal | toYaml | nindent 8 }}
+          {{- end }}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+    {{- if $mountWork }}
+  - name: work
+    mountPath: /actions-runner/_work
+    {{- end }}
+    {{- if $mountDindCert }}
+  - name: dind-cert
+    mountPath: /certs/client
+    {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "auto-scaling-runner-set.kubernetes-mode-runner-container" -}}
+{{- range $i, $container := .Values.template.spec.containers -}}
+  {{- if eq $container.name "runner" -}}
+    {{- range $key, $val := $container }}
+      {{- if and (ne $key "env") (ne $key "volumeMounts") (ne $key "name") }}
+{{ $key }}: {{ $val }}
+      {{- end }}
+    {{- end }}
+    {{- $setContainerHooks := 1 }}
+    {{- $setPodName := 1 }}
+    {{- $setRequireJobContainer := 1 }}
+env:
+    {{- with $container.env }}
+      {{- range $i, $env := . }}
+        {{- if eq $env.name "ACTIONS_RUNNER_CONTAINER_HOOKS" }}
+          {{- $setContainerHooks = 0 -}}
+        {{- end }}
+        {{- if eq $env.name "ACTIONS_RUNNER_POD_NAME" }}
+          {{- $setPodName = 0 -}}
+        {{- end }}
+        {{- if eq $env.name "ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER" }}
+          {{- $setRequireJobContainer = 0 -}}
+        {{- end }}
+  - name: {{ $env.name }}
+        {{- range $envKey, $envVal := $env }}
+          {{- if ne $envKey "name" }}
+    {{ $envKey }}: {{ $envVal | toYaml | nindent 8 }}
+          {{- end }}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+    {{- if $setContainerHooks }}
+  - name: ACTIONS_RUNNER_CONTAINER_HOOKS
+    value: /actions-runner/k8s/index.js
+    {{- end }}
+    {{- if $setPodName }}
+  - name: ACTIONS_RUNNER_POD_NAME
+    valueFrom:
+      fieldRef:
+        fieldPath: metadata.name
+    {{- end }}
+    {{- if $setRequireJobContainer }}
+  - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
+    value: "true"
+    {{- end }}
+    {{- $mountWork := 1 }}
+volumeMounts:
+    {{- with $container.volumeMounts }}
+      {{- range $i, $volMount := . }}
+        {{- if eq $volMount.name "work" }}
+          {{- $mountWork = 0 -}}
+        {{- end }}
+  - name: {{ $volMount.name }}
+        {{- range $mountKey, $mountVal := $volMount }}
+          {{- if ne $mountKey "name" }}
+    {{ $mountKey }}: {{ $mountVal | toYaml | nindent 8 }}
+          {{- end }}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+    {{- if $mountWork }}
+  - name: work
+    mountPath: /actions-runner/_work
+    {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}

charts/auto-scaling-runner-set/templates/autoscalingrunnerset.yaml

@@ -0,0 +1,91 @@
+apiVersion: actions.github.com/v1alpha1
+kind: AutoscalingRunnerSet
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "auto-scaling-runner-set.labels" . | nindent 4 }}
+spec:
+  githubConfigUrl: {{ required ".Values.githubConfigUrl is required" .Values.githubConfigUrl }}
+  githubConfigSecret: {{ include "auto-scaling-runner-set.githubsecret" . }}
+  {{- with .Values.runnerGroup }}
+  runnerGroup: {{ . }}
+  {{- end }}
+
+  {{- if and (kindIs "int64" .Values.minRunners) (kindIs "int64" .Values.maxRunners) }}
+    {{- if gt .Values.minRunners .Values.maxRunners }}
+      {{- fail "maxRunners has to be greater or equal to minRunners" }}
+    {{- end }}
+  {{- end }}
+
+  {{- if kindIs "int64" .Values.maxRunners }}
+    {{- if lt .Values.maxRunners 0 }}
+      {{- fail "maxRunners has to be greater or equal to 0" }}
+    {{- end }}
+  maxRunners: {{ .Values.maxRunners | int }}
+  {{- end }}
+
+  {{- if kindIs "int64" .Values.minRunners }}
+    {{- if lt .Values.minRunners 0 }}
+      {{- fail "minRunners has to be greater or equal to 0" }}
+    {{- end }}
+  minRunners: {{ .Values.minRunners | int }}
+  {{- end }}
+
+  template:
+    {{- with .Values.template.metadata }}
+    metadata:
+      {{- with .labels }}
+      labels:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .annotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- end }}
+    spec:
+      {{- range $key, $val := .Values.template.spec }}
+        {{- if and (ne $key "containers") (ne $key "volumes") (ne $key "initContainers") (ne $key "serviceAccountName") }}
+      {{ $key }}: {{ $val | toYaml | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      {{- if eq .Values.containerMode.type "kubernetes" }}
+      serviceAccountName: {{ default (include "auto-scaling-runner-set.kubeModeServiceAccountName" .) .Values.template.spec.serviceAccountName }}
+      {{- else }}
+      serviceAccountName: {{ default (include "auto-scaling-runner-set.noPermissionServiceAccountName" .) .Values.template.spec.serviceAccountName }}
+      {{- end }}
+      {{- if or .Values.template.spec.initContainers (eq .Values.containerMode.type "dind") }}
+      initContainers:
+        {{- if eq .Values.containerMode.type "dind" }}
+      - name: init-dind-externals
+        {{- include "auto-scaling-runner-set.dind-init-container" . | nindent 8 }}
+        {{- end }}
+        {{- with .Values.template.spec.initContainers }}
+      {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      containers: 
+      {{- if eq .Values.containerMode.type "dind" }}
+      - name: runner
+        {{- include "auto-scaling-runner-set.dind-runner-container" . | nindent 8 }}
+      - name: dind
+        {{- include "auto-scaling-runner-set.dind-container" . | nindent 8 }}
+      {{- include "auto-scaling-runner-set.non-runner-containers" . | nindent 6 }}
+      {{- else if eq .Values.containerMode.type "kubernetes" }}
+      - name: runner
+        {{- include "auto-scaling-runner-set.kubernetes-mode-runner-container" . | nindent 8 }}
+      {{- include "auto-scaling-runner-set.non-runner-containers" . | nindent 6 }}
+      {{- else }}
+      {{ .Values.template.spec.containers | toYaml | nindent 6 }}
+      {{- end }}
+      {{- if or .Values.template.spec.volumes (eq .Values.containerMode.type "dind") (eq .Values.containerMode.type "kubernetes") }}
+      volumes: 
+        {{- if eq .Values.containerMode.type "dind" }}
+          {{- include "auto-scaling-runner-set.dind-volume" . | nindent 6 }}
+          {{- include "auto-scaling-runner-set.dind-work-volume" . | nindent 6 }}
+        {{- else if eq .Values.containerMode.type "kubernetes" }}
+          {{- include "auto-scaling-runner-set.kubernetes-mode-work-volume" . | nindent 6 }}
+        {{- end }}
+        {{- include "auto-scaling-runner-set.non-work-volumes" . | nindent 6 }}
+      {{- end }}

charts/auto-scaling-runner-set/templates/githubsecret.yaml

@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "auto-scaling-runner-set.githubsecret" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "auto-scaling-runner-set.labels" . | nindent 4 }}
+  finalizers:
+    - actions.github.com/secret-protection
+data:
+  {{- $hasToken := false }}
+  {{- $hasAppId := false }}
+  {{- $hasInstallationId := false }}
+  {{- $hasPrivateKey := false }}
+  {{- range $secretName, $secretValue := (required "Values.githubConfigSecret is required for setting auth with GitHub server." .Values.githubConfigSecret) }}
+    {{- if $secretValue }}
+  {{ $secretName }}: {{ $secretValue | toString | b64enc }}
+      {{- if eq $secretName "github_token" }}
+        {{- $hasToken = true }}
+      {{- end }}
+      {{- if eq $secretName "github_app_id" }}
+        {{- $hasAppId = true }}
+      {{- end }}
+      {{- if eq $secretName "github_app_installation_id" }}
+        {{- $hasInstallationId = true }}
+      {{- end }}
+      {{- if eq $secretName "github_app_private_key" }}
+        {{- $hasPrivateKey = true }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  {{- if and (not $hasToken) (not ($hasAppId)) }}
+    {{- fail "A valid .Values.githubConfigSecret is required for setting auth with GitHub server, provide .Values.githubConfigSecret.github_token or .Values.githubConfigSecret.github_app_id." }}
+  {{- end }}
+  {{- if and $hasAppId (or (not $hasInstallationId) (not $hasPrivateKey)) }}
+    {{- fail "A valid .Values.githubConfigSecret is required for setting auth with GitHub server, provide .Values.githubConfigSecret.github_app_installation_id and .Values.githubConfigSecret.github_app_private_key." }}
+  {{- end }}

charts/auto-scaling-runner-set/templates/kube_mode_role.yaml

@@ -0,0 +1,24 @@
+{{- if and (eq .Values.containerMode.type "kubernetes") (not .Values.template.spec.serviceAccountName) }}
+# default permission for runner pod service account in kubernetes mode (container hook)
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "auto-scaling-runner-set.kubeModeRoleName" . }}
+  namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "create", "delete"]
+- apiGroups: [""]
+  resources: ["pods/exec"]
+  verbs: ["get", "create"]
+- apiGroups: [""]
+  resources: ["pods/log"]
+  verbs: ["get", "list", "watch",]
+- apiGroups: ["batch"]
+  resources: ["jobs"]
+  verbs: ["get", "list", "create", "delete"]
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "list", "create", "delete"]
+{{- end }}

charts/auto-scaling-runner-set/templates/kube_mode_role_binding.yaml

@@ -0,0 +1,15 @@
+{{- if and (eq .Values.containerMode.type "kubernetes") (not .Values.template.spec.serviceAccountName) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "auto-scaling-runner-set.kubeModeRoleName" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "auto-scaling-runner-set.kubeModeRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "auto-scaling-runner-set.kubeModeServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}

charts/auto-scaling-runner-set/templates/kube_mode_serviceaccount.yaml

@@ -0,0 +1,9 @@
+{{- if and (eq .Values.containerMode.type "kubernetes") (not .Values.template.spec.serviceAccountName) }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "auto-scaling-runner-set.kubeModeServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "auto-scaling-runner-set.labels" . | nindent 4 }}
+{{- end }}

charts/auto-scaling-runner-set/templates/no_permission_serviceaccount.yaml

@@ -0,0 +1,9 @@
+{{- if and (ne .Values.containerMode.type "kubernetes") (not .Values.template.spec.serviceAccountName) }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "auto-scaling-runner-set.noPermissionServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "auto-scaling-runner-set.labels" . | nindent 4 }}
+{{- end }}