From 4af7373d35dd8c46d89a6a98ea113ee269df8f0a Mon Sep 17 00:00:00 2001 From: Nikola Jokic Date: Thu, 22 Jan 2026 19:46:29 +0100 Subject: [PATCH] wip --- .../templates/_defaults.tpl | 23 ++++ .../templates/_dind.tpl | 116 ++++++++++++++++++ .../templates/autoscalingrunnserset.yaml | 24 +++- ...caling_runner_set_dind_mode_spec_test.yaml | 115 +++++++++++++++++ charts/gha-runner-scale-set-dev/values.yaml | 2 + 5 files changed, 275 insertions(+), 5 deletions(-) create mode 100644 charts/gha-runner-scale-set-dev/templates/_defaults.tpl create mode 100644 charts/gha-runner-scale-set-dev/templates/_dind.tpl create mode 100644 charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_dind_mode_spec_test.yaml diff --git a/charts/gha-runner-scale-set-dev/templates/_defaults.tpl b/charts/gha-runner-scale-set-dev/templates/_defaults.tpl new file mode 100644 index 00000000..25a257cb --- /dev/null +++ b/charts/gha-runner-scale-set-dev/templates/_defaults.tpl @@ -0,0 +1,23 @@ +{{- define "runner.image" -}} +{{- $runner := .Values.runner.container | default dict -}} +{{- if not (kindIs "map" $runner) -}} + {{- fail "runner.container must be a map/object" -}} +{{- end -}} +{{- $image := $runner.image | default "ghcr.io/actions/actions-runner:latest" -}} +{{- if not (kindIs "string" $image) -}} + {{- fail "runner.container.image must be a string" -}} +{{- end -}} +{{- $image }} +{{- end }} + +{{- define "runner.command" -}} +{{- $runner := .Values.runner.container | default dict -}} +{{- if not (kindIs "map" $runner) -}} + {{- fail "runner.container must be a map/object" -}} +{{- end -}} +{{- $command := $runner.command | default (list "/home/runner/run.sh") -}} +{{- if not (kindIs "slice" $command) -}} + {{- fail "runner.container.command must be a list/array" -}} +{{- end -}} +{{- toJson $command -}} +{{- end }} \ No newline at end of file diff --git a/charts/gha-runner-scale-set-dev/templates/_dind.tpl b/charts/gha-runner-scale-set-dev/templates/_dind.tpl new file mode 100644 index 00000000..54df2ffa --- /dev/null +++ b/charts/gha-runner-scale-set-dev/templates/_dind.tpl @@ -0,0 +1,116 @@ +{{- define "runner-mode-dind.runner-container" -}} +name: runner +image: {{ include "runner.image" . | quote }} +command: {{ include "runner.command" . }} +env: + - {{ include "runner-mode-dind.env-docker-host" . | nindent 4 }} + - {{ include "runner-mode-dind.env-wait-for-docker-timeout" . | nindent 4 }} + {{/* TODO:: Should we skip DOCKER_HOST and RUNNER_WAIT_FOR_DOCKER_IN_SECONDS? */}} + {{- with .Values.runner.env }} + {{- toYaml . | nindent 2 }} + {{- end }} +volumeMounts: + - name: work + mountPath: /home/runner/_work + - name: dind-sock + mountPath: {{ include "runner-mode-dind.sock-mount-dir" . | quote }} +{{- end }} + +{{- define "runner-mode-dind.dind-container" -}} +{{- $dind := .Values.runner.dind | default dict -}} +name: {{ $dind.container.name | default "dind" }} +image: {{ $dind.container.image | default "docker:dind" | quote }} +args: + {{- include "runner-mode-dind.args" . | nindent 2 }} +env: + - name: DOCKER_GROUP_GID + value: {{ ($dind.dockerGroupId | default "123") | quote }} +securityContext: +{{- if $dind.container.securityContext }} + {{- toYaml $dind.container.securityContext | nindent 2 }} +{{ else }} + {{- toYaml (dict "privileged" true) | nindent 2 }} +{{- end }} +restartPolicy: Always +startupProbe: + {{- include "runner-mode-dind.startup-probe" . | nindent 2 }} +volumeMounts: + - name: work + mountPath: /home/runner/_work + - name: dind-sock + mountPath: {{ include "runner-mode-dind.sock-mount-dir" . | quote }} +{{- if $dind.copyExternals }} + - name: dind-externals + mountPath: /home/runner/externals +{{- end }} +{{- end }} + +{{- define "runner-mode-dind.pod-volumes" -}} +- name: work + emptyDir: {} +- name: dind-sock + emptyDir: {} +{{- if .Values.runner.dind.copyExternals }} +- name: dind-externals + emptyDir: {} +{{- end }} +{{- end }} + +{{- define "runner-mode-dind.copy-externals" -}} +name: init-dind-externals +image: ghcr.io/actions/actions-runner:latest +command: ["cp", "-r", "/home/runner/externals/.", "/home/runner/tmpDir/"] +volumeMounts: + - name: dind-externals + mountPath: /home/runner/tmpDir +{{- end }} + +{{- define "runner-mode-dind.startup-probe" -}} +exec: + command: + - docker + - info +initialDelaySeconds: 0 +failureThreshold: 24 +periodSeconds: 5 +{{- end }} + +{{- define "runner-mode-dind.args" -}} +- dockerd +- --host=unix:///var/run/docker.sock +- --group=$(DOCKER_GROUP_GID) +{{- end }} + +{{- define "runner-mode-dind.env-docker-host" -}} +{{- $dind := .Values.runner.dind | default dict -}} +{{- $dockerSock := $dind.dockerSock | default "unix:///var/run/docker.sock" -}} +{{- if not (kindIs "string" $dockerSock) -}} + {{- fail "runner.dind.dockerSock must be a string" -}} +{{- end -}} +name: DOCKER_HOST +value: {{ $dockerSock | quote }} +{{- end }} + +{{- define "runner-mode-dind.env-wait-for-docker-timeout" -}} +{{- $dind := .Values.runner.dind | default dict -}} +{{- $waitForDockerInSeconds := $dind.waitForDockerInSeconds | default 120 -}} +{{- if not (or (kindIs "int" $waitForDockerInSeconds) (kindIs "int64" $waitForDockerInSeconds) (kindIs "float64" $waitForDockerInSeconds)) -}} + {{- fail "runner.dind.waitForDockerInSeconds must be a number" -}} +{{- end -}} +{{- $waitForDockerInSecondsInt := ($waitForDockerInSeconds | int) -}} +{{- if lt $waitForDockerInSecondsInt 0 -}} + {{- fail "runner.dind.waitForDockerInSeconds must be non-negative" -}} +{{- end -}} +name: RUNNER_WAIT_FOR_DOCKER_IN_SECONDS +value: {{ $waitForDockerInSecondsInt | toString | quote }} +{{- end }} + +{{- define "runner-mode-dind.sock-mount-dir" -}} +{{- $dind := .Values.runner.dind | default dict -}} +{{- $dockerSock := $dind.dockerSock | default "unix:///var/run/docker.sock" -}} +{{- if not (kindIs "string" $dockerSock) -}} + {{- fail "runner.dind.dockerSock must be a string" -}} +{{- end -}} +{{- $dockerSockPath := trimPrefix "unix://" $dockerSock -}} +{{- dir $dockerSockPath -}} +{{- end }} \ No newline at end of file diff --git a/charts/gha-runner-scale-set-dev/templates/autoscalingrunnserset.yaml b/charts/gha-runner-scale-set-dev/templates/autoscalingrunnserset.yaml index aa0f71cc..917d4b91 100644 --- a/charts/gha-runner-scale-set-dev/templates/autoscalingrunnserset.yaml +++ b/charts/gha-runner-scale-set-dev/templates/autoscalingrunnserset.yaml @@ -120,13 +120,27 @@ spec: template: spec: serviceAccountName: {{ include "no-permission-serviceaccount.name" . | quote }} - containers: - - {{ include "autoscaling-runner-set.template-runner-container" . | nindent 10 }} - {{- if eq $runnerMode "dind" -}} - - {{ include "autoscaling-runner-set.template-dind-container" . | nindent 10 }} + {{- if eq $runnerMode "dind" }} + initContainers: + {{- if .Values.runner.dind.copyExternals }} + - {{ include "runner-mode-dind.copy-externals" . | nindent 10 }} {{- end }} + - {{ include "runner-mode-dind.dind-container" . | nindent 10 }} + containers: + - {{ include "runner-mode-dind.runner-container" . | nindent 10 }} {{- if $extraContainers }} {{- range $extraContainers }} - {{ toYaml . | nindent 10 }} {{- end }} - {{- end }} \ No newline at end of file + {{- end }} + volumes: + {{- include "runner-mode-dind.pod-volumes" . | nindent 8 }} + {{- else }} + containers: + - {{ include "autoscaling-runner-set.template-runner-container" . | nindent 10 }} + {{- if $extraContainers }} + {{- range $extraContainers }} + - {{ toYaml . | nindent 10 }} + {{- end }} + {{- end }} + {{- end }} diff --git a/charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_dind_mode_spec_test.yaml b/charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_dind_mode_spec_test.yaml new file mode 100644 index 00000000..a88623f5 --- /dev/null +++ b/charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_dind_mode_spec_test.yaml @@ -0,0 +1,115 @@ +suite: "AutoscalingRunnerSet dind mode podspec" +templates: + - autoscalingrunnserset.yaml +tests: + - it: should render the default dind pod spec (initContainers, runner container, volumes) + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + runner: + mode: "dind" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.template.spec.initContainers[0].name + value: init-dind-externals + - equal: + path: spec.template.spec.initContainers[0].image + value: ghcr.io/actions/actions-runner:latest + - equal: + path: spec.template.spec.initContainers[0].command[0] + value: cp + - equal: + path: spec.template.spec.initContainers[1].name + value: dind + - equal: + path: spec.template.spec.initContainers[1].image + value: docker:dind + - equal: + path: spec.template.spec.initContainers[1].args[0] + value: dockerd + - equal: + path: spec.template.spec.initContainers[1].args[1] + value: --host=unix:///var/run/docker.sock + - equal: + path: spec.template.spec.initContainers[1].args[2] + value: --group=$(DOCKER_GROUP_GID) + - equal: + path: spec.template.spec.initContainers[1].env[0].name + value: DOCKER_GROUP_GID + - equal: + path: spec.template.spec.initContainers[1].env[0].value + value: "123" + - equal: + path: spec.template.spec.initContainers[1].securityContext.privileged + value: true + - equal: + path: spec.template.spec.initContainers[1].startupProbe.exec.command[0] + value: docker + - equal: + path: spec.template.spec.initContainers[1].startupProbe.exec.command[1] + value: info + - equal: + path: spec.template.spec.initContainers[1].volumeMounts[0].name + value: work + - equal: + path: spec.template.spec.initContainers[1].volumeMounts[0].mountPath + value: /home/runner/_work + - equal: + path: spec.template.spec.initContainers[1].volumeMounts[1].name + value: dind-sock + - equal: + path: spec.template.spec.initContainers[1].volumeMounts[1].mountPath + value: /var/run + + - equal: + path: spec.template.spec.containers[0].name + value: runner + - equal: + path: spec.template.spec.containers[0].image + value: ghcr.io/actions/actions-runner:latest + - equal: + path: spec.template.spec.containers[0].env[0].name + value: DOCKER_HOST + - equal: + path: spec.template.spec.containers[0].env[0].value + value: unix:///var/run/docker.sock + - equal: + path: spec.template.spec.containers[0].env[1].name + value: RUNNER_WAIT_FOR_DOCKER_IN_SECONDS + - equal: + path: spec.template.spec.containers[0].env[1].value + value: "120" + - equal: + path: spec.template.spec.containers[0].volumeMounts[0].name + value: work + - equal: + path: spec.template.spec.containers[0].volumeMounts[0].mountPath + value: /home/runner/_work + - equal: + path: spec.template.spec.containers[0].volumeMounts[1].name + value: dind-sock + - equal: + path: spec.template.spec.containers[0].volumeMounts[1].mountPath + value: /var/run + + - contains: + path: spec.template.spec.volumes + content: + name: work + emptyDir: {} + - contains: + path: spec.template.spec.volumes + content: + name: dind-sock + emptyDir: {} + - contains: + path: spec.template.spec.volumes + content: + name: dind-externals + emptyDir: {} diff --git a/charts/gha-runner-scale-set-dev/values.yaml b/charts/gha-runner-scale-set-dev/values.yaml index 17575b7b..9817e025 100644 --- a/charts/gha-runner-scale-set-dev/values.yaml +++ b/charts/gha-runner-scale-set-dev/values.yaml @@ -167,6 +167,8 @@ runner: dind: copyExternals: true dockerGroupId: "123" + dockerSock: "unix:///var/run/docker.sock" + waitForDockerInSeconds: 120 container: image: "docker:dind"