diff --git a/charts/dev/Chart.yaml b/charts/dev/Chart.yaml index cf38d440..a87dfdbe 100644 --- a/charts/dev/Chart.yaml +++ b/charts/dev/Chart.yaml @@ -15,13 +15,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: "0.13.0" +version: "0.14.0" # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.13.0" +appVersion: "0.14.0" home: https://github.com/actions/actions-runner-controller diff --git a/charts/dev/templates/_helpers.tpl b/charts/dev/templates/_helpers.tpl index 6188e443..251455a1 100644 --- a/charts/dev/templates/_helpers.tpl +++ b/charts/dev/templates/_helpers.tpl @@ -1,3 +1,4 @@ + {{- define "autoscaling-runner-set.name" -}} {{- $name := .Values.runnerScaleSetName | default .Release.Name | replace "_" "-" | trimSuffix "-" }} {{- if or (empty $name) (gt (len $name) 45) }} @@ -10,11 +11,59 @@ {{- .Values.namespaceOverride | default .Release.Namespace -}} {{- end }} - -{{- define "githubsecret.name" -}} +{{/* +The name of the GitHub secret used for authentication. +*/}} +{{- define "github-secret.name" -}} {{- if not (empty .Values.auth.secretName) }} {{- quote .Values.auth.secretName }} {{- else }} {{- include "autoscaling-runner-set.name" . }}-github-secret {{- end }} {{- end }} + +{{/* +Create the labels for the autoscaling runner set. +*/}} +{{- define "autoscaling-runner-set.labels" -}} +{{- $resourceLabels := dict "app.kubernetes.io/component" "autoscaling-runner-set" -}} +{{- $commonLabels := include "gha-common-labels" .Values | fromYaml -}} +{{- $userLabels := include "gha-process-labels" .Values.resource.autoscalingRunnerSet.metadata.labels | fromYaml -}} +{{- $global := include "gha-process-labels" .Values.resource.all.metadata.labels | fromYaml -}} +{{- mergeOverwrite $global $userLabels $resourceLabels $commonLabels -}} +{{- end }} + +{{/* +Create the common labels used across all resources. +*/}} +{{- define "gha-common-labels" -}} +helm.sh/chart: {{ include "gha-runner-scale-set.chart" . }} +app.kubernetes.io/name: {{ include "autoscaling-runner-set.name" . }} +app.kubernetes.io/instance: {{ include "autoscaling-runner-set.name" . }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "gha-rs" +actions.github.com/scale-set-name: {{ include "autoscaling-runner-set.name" . }} +actions.github.com/scale-set-namespace: {{ include "autoscaling-runner-set.namespace" . }} +{{- end }} + +{{/* +Takes a map of user labels and removes the ones with "actions.github.com/" prefix +*/}} +{{- define "gha-process-labels" -}} +{{- $userLabels := . -}} +{{- $processed := dict -}} +{{- range $key, $value := $userLabels -}} + {{- if not (hasPrefix $key "actions.github.com/") -}} + {{- $_ := set $processed $key $value -}} + {{- end -}} +{{- end -}} +{{- $processed -}} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gha-runner-scale-set.chart" -}} +{{- printf "%s-%s" (include "gha-base-name" .) .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} diff --git a/charts/dev/templates/autoscalingrunnserset.yaml b/charts/dev/templates/autoscalingrunnserset.yaml index 92bfdf41..5d4ac168 100644 --- a/charts/dev/templates/autoscalingrunnserset.yaml +++ b/charts/dev/templates/autoscalingrunnserset.yaml @@ -3,9 +3,11 @@ kind: AutoscalingRunnerSet metadata: name: {{ include "autoscaling-runner-set.name" . | quote }} namespace: {{ include "autoscaling-runner-set.namespace" . | quote }} + labels: {{ include "autoscaling-runner-set.labels" . | nindent 4 }} + spec: githubConfigUrl: {{ required ".Values.auth.url is required" (trimSuffix "/" .Values.auth.url) | quote }} - githubConfigSecret: {{ include "githubsecret.name" . | quote }} + githubConfigSecret: {{ include "github-secret.name" . | quote }} runnerGroup: {{ .Values.scaleset.runnerGroup | quote }} {{- if .Values.githubServerTLS }} @@ -18,21 +20,21 @@ spec: {{- end }} {{- end }} - {{- if and .Values.keyVault .Values.keyVault.type }} + {{- if and .Values.secretResolution (ne .Values.secretResolution.type "kubernetes") }} vaultConfig: - type: {{ .Values.keyVault.type }} - {{- if .Values.keyVault.proxy }} - proxy: {{- toYaml .Values.keyVault.proxy | nindent 6 }} + type: {{ .Values.secretResolution.type }} + {{- if .Values.secretResolution.proxy }} + proxy: {{- toYaml .Values.secretResolution.proxy | nindent 6 }} {{- end }} - {{- if eq .Values.keyVault.type "azure_key_vault" }} + {{- if eq .Values.secretResolution.type "azureKeyVault" }} azureKeyVault: - url: {{ .Values.keyVault.azureKeyVault.url }} - tenantId: {{ .Values.keyVault.azureKeyVault.tenantId }} - clientId: {{ .Values.keyVault.azureKeyVault.clientId }} - certificatePath: {{ .Values.keyVault.azureKeyVault.certificatePath }} - secretKey: {{ .Values.keyVault.azureKeyVault.secretKey }} + url: {{ .Values.secretResolution.azureKeyVault.url }} + tenantId: {{ .Values.secretResolution.azureKeyVault.tenantId }} + clientId: {{ .Values.secretResolution.azureKeyVault.clientId }} + certificatePath: {{ .Values.secretResolution.azureKeyVault.certificatePath }} + secretKey: {{ .Values.secretResolution.azureKeyVault.secretKey }} {{- else }} - {{- fail "Unsupported keyVault type: " .Values.keyVault.type }} + {{- fail "Unsupported keyVault type: " .Values.secretResolution.type }} {{- end }} {{- end }} diff --git a/charts/dev/values.yaml b/charts/dev/values.yaml index af752dd1..8c6db8e2 100644 --- a/charts/dev/values.yaml +++ b/charts/dev/values.yaml @@ -1,14 +1,15 @@ ## By default .Release.namespace is used namespaceOverride: "" -# Name of the scaleset + scaleset: + # Name of the scaleset name: "" runnerGroup: "default" ## minRunners is the min number of idle runners. The target number of runners created will be ## calculated as a sum of minRunners and the number of jobs assigned to the scale set. - # min_runners: 0 + # minRunners: 0 ## maxRunners is the max number of runners the autoscaling runner set will scale up to. - # max_runners: 5 + # maxRunners: 5 # Auth object provides authorization parameters. # You should apply either: @@ -25,6 +26,32 @@ auth: clientId: "" installationId: "" privateKey: "" + +secretResolution: + # Name of the secret resolver to use. + # Available values: + # - "kubernetes" - use Kubernetes secrets + # - "azureKeyVault" - use Azure Key Vault + type: "kubernetes" + + ## Proxy settings when type is NOT "kubernetes" + # proxy: + # http: + # url: http://proxy.com:1234 + # credentialSecretRef: proxy-auth # a secret with `username` and `password` keys + # https: + # url: http://proxy.com:1234 + # credentialSecretRef: proxy-auth # a secret with `username` and `password` keys + # noProxy: + # - example.com + # - example.org + + # azureKeyVault: + # url: "" + # client_id: "" + # tenant_id: "" + # certificate_path: "" + # ## proxy can be used to define proxy settings that will be used by the ## controller, the listener and the runner of this scale set. @@ -57,12 +84,27 @@ auth: # - name: side-car # image: example-sidecar +## Resource object allows modifying resources created by the chart itself +resource: + all: + metadata: + labels: {} + annotations: {} + + autoscalingRunnerSet: + metadata: + labels: {} + annotations: {} + # Template applied for the runner container runner: # metadata: # labels: [] # annotations: [] + # Mode can be used to automatically add required configuration for the selected mode + mode: "" # Available modes: "", "kubernetes", "dind" + # container field is applied to the container named "runner". You cannot override the name of the runner container container: image: "ghcr.io/actions/actions-runner:latest" @@ -75,6 +117,7 @@ runner: kubernetesMode: default: true serviceAccountName: "" + extraPermissions: [] extension: {} ## A self-signed CA certificate for communication with the GitHub server can be ## provided using a config map key selector. If `runnerMountPath` is set, for