slowly develop nicer helper functions

charts/dev/Chart.yaml

@@ -15,13 +15,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: "0.13.0"
+version: "0.14.0"
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.13.0"
+appVersion: "0.14.0"
 
 home: https://github.com/actions/actions-runner-controller
 

charts/dev/templates/_helpers.tpl

@@ -1,3 +1,4 @@
+
 {{- define "autoscaling-runner-set.name" -}}
 {{- $name := .Values.runnerScaleSetName | default .Release.Name | replace "_" "-" | trimSuffix "-" }}
 {{- if or (empty $name) (gt (len $name) 45) }}
@@ -10,11 +11,59 @@
 {{- .Values.namespaceOverride | default .Release.Namespace -}}
 {{- end }}
 
-
-{{- define "githubsecret.name" -}}
+{{/*
+The name of the GitHub secret used for authentication.
+*/}}
+{{- define "github-secret.name" -}}
 {{- if not (empty .Values.auth.secretName) }}
 {{- quote .Values.auth.secretName }}
 {{- else }}
 {{- include "autoscaling-runner-set.name" . }}-github-secret
 {{- end }}
 {{- end }}
+
+{{/*
+Create the labels for the autoscaling runner set.
+*/}}
+{{- define "autoscaling-runner-set.labels" -}}
+{{- $resourceLabels := dict "app.kubernetes.io/component" "autoscaling-runner-set" -}}
+{{- $commonLabels := include "gha-common-labels" .Values | fromYaml -}}
+{{- $userLabels := include "gha-process-labels" .Values.resource.autoscalingRunnerSet.metadata.labels | fromYaml -}}
+{{- $global := include "gha-process-labels" .Values.resource.all.metadata.labels | fromYaml -}}
+{{- mergeOverwrite $global $userLabels $resourceLabels $commonLabels -}}
+{{- end }}
+
+{{/*
+Create the common labels used across all resources.
+*/}}
+{{- define "gha-common-labels" -}}
+helm.sh/chart: {{ include "gha-runner-scale-set.chart" . }}
+app.kubernetes.io/name: {{ include "autoscaling-runner-set.name" . }}
+app.kubernetes.io/instance: {{ include "autoscaling-runner-set.name" . }}
+app.kubernetes.io/version: {{ .Chart.AppVersion }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/part-of: "gha-rs"
+actions.github.com/scale-set-name: {{ include "autoscaling-runner-set.name" . }}
+actions.github.com/scale-set-namespace: {{ include "autoscaling-runner-set.namespace" . }}
+{{- end }}
+
+{{/*
+Takes a map of user labels and removes the ones with "actions.github.com/" prefix
+*/}}
+{{- define "gha-process-labels" -}}
+{{- $userLabels := . -}}
+{{- $processed := dict -}}
+{{- range $key, $value := $userLabels -}}
+  {{- if not (hasPrefix $key "actions.github.com/") -}}
+    {{- $_ := set $processed $key $value -}}
+  {{- end -}}
+{{- end -}}
+{{- $processed -}}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "gha-runner-scale-set.chart" -}}
+{{- printf "%s-%s" (include "gha-base-name" .) .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}

charts/dev/templates/autoscalingrunnserset.yaml

@@ -3,9 +3,11 @@ kind: AutoscalingRunnerSet
 metadata:
   name: {{ include "autoscaling-runner-set.name" . | quote }}
   namespace: {{ include "autoscaling-runner-set.namespace" . | quote }}
+  labels: {{ include "autoscaling-runner-set.labels" . | nindent 4 }}
+
 spec:
   githubConfigUrl: {{ required ".Values.auth.url is required" (trimSuffix "/" .Values.auth.url) | quote }}
-  githubConfigSecret: {{ include "githubsecret.name" . | quote }}
+  githubConfigSecret: {{ include "github-secret.name" . | quote }}
   runnerGroup: {{ .Values.scaleset.runnerGroup | quote }}
 
   {{- if .Values.githubServerTLS }}
@@ -18,21 +20,21 @@ spec:
     {{- end }}
   {{- end }}
 
-  {{- if and .Values.keyVault .Values.keyVault.type }}
+  {{- if and .Values.secretResolution (ne .Values.secretResolution.type "kubernetes") }}
   vaultConfig:
-    type: {{ .Values.keyVault.type }}
-    {{- if .Values.keyVault.proxy }}
-    proxy: {{- toYaml .Values.keyVault.proxy | nindent 6 }}
+    type: {{ .Values.secretResolution.type }}
+    {{- if .Values.secretResolution.proxy }}
+    proxy: {{- toYaml .Values.secretResolution.proxy | nindent 6 }}
     {{- end }}
-    {{- if eq .Values.keyVault.type "azure_key_vault" }}
+    {{- if eq .Values.secretResolution.type "azureKeyVault" }}
     azureKeyVault:
-      url: {{ .Values.keyVault.azureKeyVault.url }}
-      tenantId: {{ .Values.keyVault.azureKeyVault.tenantId }}
-      clientId: {{ .Values.keyVault.azureKeyVault.clientId }}
-      certificatePath: {{ .Values.keyVault.azureKeyVault.certificatePath }}
-      secretKey: {{ .Values.keyVault.azureKeyVault.secretKey }}
+      url: {{ .Values.secretResolution.azureKeyVault.url }}
+      tenantId: {{ .Values.secretResolution.azureKeyVault.tenantId }}
+      clientId: {{ .Values.secretResolution.azureKeyVault.clientId }}
+      certificatePath: {{ .Values.secretResolution.azureKeyVault.certificatePath }}
+      secretKey: {{ .Values.secretResolution.azureKeyVault.secretKey }}
     {{- else }}
-    {{- fail "Unsupported keyVault type: " .Values.keyVault.type }}
+        {{- fail "Unsupported keyVault type: " .Values.secretResolution.type }}
     {{- end }}
   {{- end }}
 

charts/dev/values.yaml

@@ -1,14 +1,15 @@
 ## By default .Release.namespace is used
 namespaceOverride: ""
-# Name of the scaleset
+
 scaleset:
+  # Name of the scaleset
   name: ""
   runnerGroup: "default"
   ## minRunners is the min number of idle runners. The target number of runners created will be
   ## calculated as a sum of minRunners and the number of jobs assigned to the scale set.
-  # min_runners: 0
+  # minRunners: 0
   ## maxRunners is the max number of runners the autoscaling runner set will scale up to.
-  # max_runners: 5
+  # maxRunners: 5
 
 # Auth object provides authorization parameters.
 # You should apply either:
@@ -25,6 +26,32 @@ auth:
     clientId: ""
     installationId: ""
     privateKey: ""
+
+secretResolution:
+  # Name of the secret resolver to use.
+  # Available values:
+  # - "kubernetes" - use Kubernetes secrets
+  # - "azureKeyVault" - use Azure Key Vault
+  type: "kubernetes"
+
+  ## Proxy settings when type is NOT "kubernetes"
+  # proxy:
+  #   http:
+  #     url: http://proxy.com:1234
+  #     credentialSecretRef: proxy-auth # a secret with `username` and `password` keys
+  #   https:
+  #     url: http://proxy.com:1234
+  #     credentialSecretRef: proxy-auth # a secret with `username` and `password` keys
+  #   noProxy:
+  #     - example.com
+  #     - example.org
+
+  # azureKeyVault:
+  #   url: ""
+  #   client_id: ""
+  #   tenant_id: ""
+  #   certificate_path: ""
+
 #
 ## proxy can be used to define proxy settings that will be used by the
 ## controller, the listener and the runner of this scale set.
@@ -57,12 +84,27 @@ auth:
 #     - name: side-car
 #       image: example-sidecar
 
+## Resource object allows modifying resources created by the chart itself
+resource:
+  all:
+    metadata:
+      labels: {}
+      annotations: {}
+
+  autoscalingRunnerSet:
+    metadata:
+      labels: {}
+      annotations: {}
+
 # Template applied for the runner container
 runner:
   # metadata:
   #   labels: []
   #   annotations: []
 
+  # Mode can be used to automatically add required configuration for the selected mode
+  mode: "" # Available modes: "", "kubernetes", "dind"
+
   # container field is applied to the container named "runner". You cannot override the name of the runner container
   container:
     image: "ghcr.io/actions/actions-runner:latest"
@@ -75,6 +117,7 @@ runner:
   kubernetesMode:
     default: true
     serviceAccountName: ""
+    extraPermissions: []
     extension: {}
 ## A self-signed CA certificate for communication with the GitHub server can be
 ## provided using a config map key selector. If `runnerMountPath` is set, for