diff --git a/charts/gha-runner-scale-set-dev/templates/autoscalingrunnserset.yaml b/charts/gha-runner-scale-set-dev/templates/autoscalingrunnserset.yaml index efb23393..6dd601d2 100644 --- a/charts/gha-runner-scale-set-dev/templates/autoscalingrunnserset.yaml +++ b/charts/gha-runner-scale-set-dev/templates/autoscalingrunnserset.yaml @@ -10,6 +10,7 @@ spec: githubConfigUrl: {{ required ".Values.auth.url is required" (trimSuffix "/" .Values.auth.url) | quote }} githubConfigSecret: {{ include "github-secret.name" . | quote }} runnerGroup: {{ .Values.scaleset.runnerGroup | quote }} + runnerScaleSetName: {{ .Values.scaleset.name | quote }} {{- if .Values.githubServerTLS }} githubServerTLS: diff --git a/charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_auth_test.yaml b/charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_auth_test.yaml new file mode 100644 index 00000000..981f106e --- /dev/null +++ b/charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_auth_test.yaml @@ -0,0 +1,245 @@ +suite: "Test AutoscalingRunnerSet Authentication & Configuration" +templates: + - autoscalingrunnserset.yaml +tests: + - it: should require githubConfigUrl + set: + scaleset.name: "test" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - failedTemplate: + errorMessage: ".Values.auth.url is required" + + - it: should render githubConfigUrl from auth.url + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.githubConfigUrl + value: "https://github.com/org" + + - it: should trim trailing slash from githubConfigUrl + set: + scaleset.name: "test" + auth.url: "https://github.com/org/" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.githubConfigUrl + value: "https://github.com/org" + + - it: should render default githubConfigSecret from release name + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.githubConfigSecret + value: "test-name-github-secret" + + - it: should render custom githubConfigSecret when auth.secretName is provided + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + auth.secretName: "custom-github-secret" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.githubConfigSecret + value: '"custom-github-secret"' + + - it: should render default runnerGroup when not configured + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.runnerGroup + value: "default" + + - it: should render custom runnerGroup when configured + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + scaleset.runnerGroup: "custom-group" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.runnerGroup + value: "custom-group" + + - it: should render runnerGroup with special characters + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + scaleset.runnerGroup: "my-custom-runner-group-123" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.runnerGroup + value: "my-custom-runner-group-123" + + - it: should render runnerScaleSetName from scaleset.name + set: + scaleset.name: "my-runner-set" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.runnerScaleSetName + value: "my-runner-set" + + - it: should use release name as metadata name when runnerScaleSetName not provided + set: + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + release: + name: "release-name" + namespace: "test-namespace" + asserts: + - equal: + path: metadata.name + value: "release-name" + + - it: should use scaleset.name for spec.runnerScaleSetName when provided + set: + scaleset.name: "spec-runner-name" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + release: + name: "release-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.runnerScaleSetName + value: "spec-runner-name" + + - it: should not normalize underscores in runnerScaleSetName (underscores are preserved) + set: + scaleset.name: "my_runner_set" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.runnerScaleSetName + value: "my_runner_set" + + - it: should reject metadata name exceeding 45 characters + set: + runnerScaleSetName: "this-is-a-very-long-name-that-exceeds-forty-five-characters-long" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - failedTemplate: + errorMessage: "Autoscaling runner set name must have up to 45 characters" + + - it: should handle githubConfigUrl with enterprise GitHub instance + set: + scaleset.name: "test" + auth.url: "https://github.enterprise.com/api/v3" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.githubConfigUrl + value: "https://github.enterprise.com/api/v3" + + - it: should render all configuration together + set: + runnerScaleSetName: "prod-runners" + scaleset.name: "prod-spec-name" + auth.url: "https://github.com/myorg" + auth.githubToken: "gh_token12345" + auth.secretName: "gh-token-secret" + scaleset.runnerGroup: "prod-group" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + release: + name: "prod-scale-set" + namespace: "arc" + asserts: + - equal: + path: spec.githubConfigUrl + value: "https://github.com/myorg" + - equal: + path: spec.githubConfigSecret + value: '"gh-token-secret"' + - equal: + path: spec.runnerGroup + value: "prod-group" + - equal: + path: spec.runnerScaleSetName + value: "prod-spec-name" + - equal: + path: metadata.name + value: "prod-runners" + - equal: + path: metadata.namespace + value: "arc" diff --git a/charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_test.yaml b/charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_labels_test.yaml similarity index 99% rename from charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_test.yaml rename to charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_labels_test.yaml index d9d0ec67..15814000 100644 --- a/charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_test.yaml +++ b/charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_labels_test.yaml @@ -1,4 +1,4 @@ -suite: "Test AutoscalingRunnerSet" +suite: "Test AutoscalingRunnerSet Labels" templates: - autoscalingrunnserset.yaml tests: diff --git a/charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_min_max_runners_test.yaml b/charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_min_max_runners_test.yaml new file mode 100644 index 00000000..056da2ad --- /dev/null +++ b/charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_min_max_runners_test.yaml @@ -0,0 +1,71 @@ +suite: "Test AutoscalingRunnerSet MinMax Runners" +templates: + - autoscalingrunnserset.yaml +tests: + - it: should set minRunners and maxRunners correctly + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + scaleset.minRunners: 2 + scaleset.maxRunners: 5 + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.minRunners + value: 2 + - equal: + path: spec.maxRunners + value: 5 + - it: should fail when minRunners is greater than maxRunners + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + scaleset.minRunners: 6 + scaleset.maxRunners: 5 + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - failedTemplate: {} + - it: should work when minRunners equals maxRunners + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + scaleset.minRunners: 5 + scaleset.maxRunners: 5 + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.minRunners + value: 5 + - equal: + path: spec.maxRunners + value: 5 + - it: should not set minRunners and maxRunners when not provided + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - notExists: + path: spec.minRunners + - notExists: + path: spec.maxRunners \ No newline at end of file diff --git a/charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_proxy_test.yaml b/charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_proxy_test.yaml new file mode 100644 index 00000000..af0df4bc --- /dev/null +++ b/charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_proxy_test.yaml @@ -0,0 +1,290 @@ +suite: "Test AutoscalingRunnerSet Proxy Configuration" +templates: + - autoscalingrunnserset.yaml +tests: + - it: should not render proxy section when not configured + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - notExists: + path: spec.proxy + + - it: should render http proxy configuration + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + proxy: + http: + url: "http://proxy.example.com:3128" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.proxy.http.url + value: "http://proxy.example.com:3128" + - notExists: + path: spec.proxy.https + + - it: should render https proxy configuration + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + proxy: + https: + url: "https://secure-proxy.example.com:3128" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.proxy.https.url + value: "https://secure-proxy.example.com:3128" + - notExists: + path: spec.proxy.http + + - it: should render both http and https proxy configuration + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + proxy: + http: + url: "http://proxy.example.com:3128" + https: + url: "https://secure-proxy.example.com:3128" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.proxy.http.url + value: "http://proxy.example.com:3128" + - equal: + path: spec.proxy.https.url + value: "https://secure-proxy.example.com:3128" + + - it: should render http proxy with credential secret reference + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + proxy: + http: + url: "http://proxy.example.com:3128" + credentialSecretRef: "proxy-credentials" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.proxy.http.url + value: "http://proxy.example.com:3128" + - equal: + path: spec.proxy.http.credentialSecretRef + value: "proxy-credentials" + + - it: should render https proxy with credential secret reference + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + proxy: + https: + url: "https://secure-proxy.example.com:3128" + credentialSecretRef: "secure-proxy-creds" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.proxy.https.url + value: "https://secure-proxy.example.com:3128" + - equal: + path: spec.proxy.https.credentialSecretRef + value: "secure-proxy-creds" + + - it: should render proxy with noProxy list + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + proxy: + http: + url: "http://proxy.example.com:3128" + noProxy: + - "localhost" + - "127.0.0.1" + - ".example.local" + - "10.0.0.0/8" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.proxy.http.url + value: "http://proxy.example.com:3128" + - contains: + path: spec.proxy.noProxy + content: "localhost" + - contains: + path: spec.proxy.noProxy + content: "127.0.0.1" + - contains: + path: spec.proxy.noProxy + content: ".example.local" + - contains: + path: spec.proxy.noProxy + content: "10.0.0.0/8" + + - it: should render complete proxy configuration with all options + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + proxy: + http: + url: "http://proxy.example.com:3128" + credentialSecretRef: "proxy-credentials" + https: + url: "https://secure-proxy.example.com:3128" + credentialSecretRef: "secure-proxy-creds" + noProxy: + - "localhost" + - "127.0.0.1" + - ".local" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.proxy.http.url + value: "http://proxy.example.com:3128" + - equal: + path: spec.proxy.http.credentialSecretRef + value: "proxy-credentials" + - equal: + path: spec.proxy.https.url + value: "https://secure-proxy.example.com:3128" + - equal: + path: spec.proxy.https.credentialSecretRef + value: "secure-proxy-creds" + - contains: + path: spec.proxy.noProxy + content: "localhost" + - contains: + path: spec.proxy.noProxy + content: "127.0.0.1" + - contains: + path: spec.proxy.noProxy + content: ".local" + + - it: should render proxy configuration with empty noProxy list + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + proxy: + http: + url: "http://proxy.example.com:3128" + noProxy: [] + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.proxy.http.url + value: "http://proxy.example.com:3128" + - notExists: + path: spec.proxy.noProxy + + - it: should not render proxy when configured as empty object + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + proxy: {} + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - notExists: + path: spec.proxy + + - it: should render proxy with only http without credentials + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + proxy: + http: + url: "http://unauthenticated-proxy.example.com:8080" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.proxy.http.url + value: "http://unauthenticated-proxy.example.com:8080" + - notExists: + path: spec.proxy.http.credentialSecretRef + - notExists: + path: spec.proxy.https + + - it: should render proxy with https and noProxy without http + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + proxy: + https: + url: "https://secure-proxy.example.com:3128" + noProxy: + - "internal.example.com" + - "*.local" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.proxy.https.url + value: "https://secure-proxy.example.com:3128" + - notExists: + path: spec.proxy.http + - contains: + path: spec.proxy.noProxy + content: "internal.example.com" + - contains: + path: spec.proxy.noProxy + content: "*.local" diff --git a/charts/gha-runner-scale-set-dev/values.yaml b/charts/gha-runner-scale-set-dev/values.yaml index a501c7c7..5f0fa7de 100644 --- a/charts/gha-runner-scale-set-dev/values.yaml +++ b/charts/gha-runner-scale-set-dev/values.yaml @@ -27,6 +27,12 @@ auth: installationId: "" privateKey: "" +# secretResolution configures how secrets are resolved for this scale set. +# By default, secrets are resolved using Kubernetes secrets. When Kubernetes +# secrets are used, no proxy config will be applied. +# +# If you decide to use secret integrations with vaults, you can configure +# proxy settings for the vault communication here. secretResolution: # Name of the secret resolver to use. # Available values: @@ -46,16 +52,15 @@ secretResolution: # - example.com # - example.org + ## Configuration for Azure Key Vault integration # azureKeyVault: # url: "" # client_id: "" # tenant_id: "" # certificate_path: "" -# -## proxy can be used to define proxy settings that will be used by the +## Proxy can be used to define proxy settings that will be used by the ## controller, the listener and the runner of this scale set. -# # proxy: # http: # url: http://proxy.com:1234 @@ -86,15 +91,19 @@ secretResolution: ## Resource object allows modifying resources created by the chart itself resource: + # Specifies metadata that will be applied to all resources managed by ARC all: metadata: labels: {} annotations: {} + # Specifies metadata that will be applied to the AutoscalingRunnerSet resource autoscalingRunnerSet: metadata: labels: {} annotations: {} + + # TODO: Add more resource customizations when needed # Template applied for the runner container runner: