actions/actions-runner-controller
1
0
Fork 0
mirror of https://github.com/actions/actions-runner-controller.git synced 2025-12-24 02:27:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

Support installing without cert-manager (#834)

Browse Source 
* Support installing without cert-manager
This commit is contained in:
Jonathan Sokolowski
2021-12-09 08:58:46 +11:00
committed by GitHub
parent 4a55fe563c
commit 3de4e7e9c6
5 changed files with 69 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
README.md
View File

@@ -32,6 +32,7 @@ ToC:
- [Stateful Runners](#stateful-runners)
- [Ephemeral Runners](#ephemeral-runners)
- [Software Installed in the Runner Image](#software-installed-in-the-runner-image)
- [Using without cert-manager](#using-without-cert-manager)
- [Common Errors](#common-errors)
- [Contributing](#contributing)
@@ -43,7 +44,7 @@ ToC:
## Installation
actions-runner-controller uses [cert-manager](https://cert-manager.io/docs/installation/kubernetes/) for certificate management of Admission Webhook. Make sure you have already installed cert-manager before you install. The installation instructions for cert-manager can be found below.
By default, actions-runner-controller uses [cert-manager](https://cert-manager.io/docs/installation/kubernetes/) for certificate management of Admission Webhook. Make sure you have already installed cert-manager before you install. The installation instructions for cert-manager can be found below.
- [Installing cert-manager on Kubernetes](https://cert-manager.io/docs/installation/kubernetes/)
@@ -1236,6 +1237,35 @@ spec:
image: YOUR_CUSTOM_DOCKER_IMAGE
```
### Using without cert-manager
Assuming you are installing in the default namespace, ensure your certificate has SANs:
* `webhook-service.actions-runner-system.svc`
* `webhook-service.actions-runner-system.svc.cluster.local`
It is possible to use a self-signed certificate by following a guide like
[this one](https://mariadb.com/docs/security/encryption/in-transit/create-self-signed-certificates-keys-openssl/)
using `openssl`.
Install your certificate as a TLS secret:
```shell
$ kubectl create secret tls webhook-server-cert \
-n actions-runner-system \
--cert=path/to/cert/file \
--key=path/to/key/file
```
Set the Helm chart values as follows:
```shell
$ CA_BUNDLE=$(cat path/to/ca.pem | base64)
$ helm --upgrade install actions-runner-controller/actions-runner-controller \
certManagerEnabled=false \
admissionWebHooks.caBundle=${CA_BUNDLE}
```
### Common Errors
#### invalid header field value