very much wip

2026-01-21 11:50:55 +08:00 · 2026-01-19 21:48:12 +01:00
parent 4056edbe9f
commit ffdf9d05cf
6 changed files with 127 additions and 33 deletions
--- a/charts/gha-runner-scale-set-dev/templates/_helpers.tpl
+++ b/charts/gha-runner-scale-set-dev/templates/_helpers.tpl
@@ -357,15 +357,81 @@ Create chart name and version as used by the chart label.
 {{/*
 Container spec that is expanded for the runner container
 */}}
-{{- define "container-spec.runner" -}}
-
+{{- define "autoscaling-runner-set.template-runner-container" -}}
 {{- if not .Values.runner.container }}
  {{ fail "You must provide a runner container specification in values.runner.container" }}
 {{- end }}
-
 {{- $tlsConfig := (default (dict) .Values.githubServerTLS) -}}
 name: runner
 image: {{ .Values.runner.container.image | default "ghcr.io/actions/runner:latest" }}
 command: {{ toJson (default (list "/home/runner/run.sh") .Values.runner.container.command) }}
+{{- $extra := omit .Values.runner.container "name" "image" "command" -}}
+{{- if not (empty $extra) -}}
+{{ toYaml $extra }}
+{{- end -}}
+{{- end }}
+
+{{- define "autoscaling-runner-set.template-dind-container" -}}
+{{- $dind := (.Values.runner.dind | default dict) -}}
+name: {{ $dind.container.name | default "dind" | quote }}
+image: {{ $dind.container.image | default "docker:dind" | quote }}
+args:
+{{- if $dind.container.args -}}
+  {{- toYaml $dind.container.args | indent 2 }}
+{{- else }}
+  {{- toYaml (include "dind.default-args" .) | indent 2 }}
+{{- end }}
+env:
+  - name: DOCKER_GROUP_GID
+    value: "{{ $dind.dockerGroupGid | default "123" }}"
+  {{- if $dind.container.env -}}
+{{ toYaml $dind.container.env | indent 2 }}
+  {{- end }}
+securityContext:
+  {{- if $dind.container.securityContext -}}
+  {{ toYaml $dind.container.securityContext | indent 2 }}
+  {{- else }}
+  privileged: true
+  {{- end }}
+restartPolicy: {{ $dind.restartPolicy | default "Always" | quote }} 
+startupProbe:
+  {{- if $dind.startupProbe -}}
+  {{ toYaml $dind.startupProbe | indent 2 }}
+  {{- else }}
+  {{- toYaml (include "dind.default-startup-probe" .) | indent 2 }}
+  {{- end }}
+{{- end }}
+
+{{- define "dind.default-startup-probe" -}}
+exec:
+  command:
+    - docker
+    - info
+initialDelaySeconds: 0
+failureThreshold: 24
+periodSeconds: 5
+{{- end }}
+
+{{- define "dind.default-args" -}}
+- dockerd
+- --host=unix:///var/run/docker.sock
+- --group=$(DOCKER_GROUP_GID)
+{{- end }}
+
+{{- define "autoscaling-runner-set.template-service-account" -}}
+{{- $runner := (.Values.runner | default dict) -}}
+{{- $runnerMode := (index $runner "mode" | default "") -}}
+{{- $kubeMode := (index $runner "kubernetesMode" | default dict) -}}
+{{- $kubeServiceAccountName := (index $kubeMode "serviceAccountName" | default "") -}}
+{{- $kubeDefaults := (index $kubeMode "default" | default true) -}}
+{{- if ne $runnerMode "kubernetes" }}
+  {{-  include "no-permission-serviceaccount.name" . }}
+{{- else if not (empty $kubeServiceAccountName) }}
+  {{- $kubeServiceAccountName }}
+{{- else if $kubeDefaults }}
+  {{- include "kube-mode-serviceaccount.name" . }}
+{{- else }}
+  {{- fail "runner.kubernetesMode.serviceAccountName must be set when runner.mode is 'kubernetes' and runner.kubernetesMode.default is false" -}}
+{{- end }}
 {{- end }}

--- a/charts/gha-runner-scale-set-dev/templates/autoscalingrunnserset.yaml
+++ b/charts/gha-runner-scale-set-dev/templates/autoscalingrunnserset.yaml
@@ -1,3 +1,13 @@
+{{- $runner := (.Values.runner | default dict) }}
+{{- $runnerMode := (index $runner "mode" | default "") }}
+{{- $kubeMode := (index $runner "kubernetesMode" | default dict) }}
+{{- $kubeDefaults := (index $kubeMode "default" | default true) }}
+{{- $kubeServiceAccountName := (index $kubeMode "serviceAccountName" | default "") }}
+{{- $usesKubernetesSecrets := or (not .Values.secretResolution) (eq .Values.secretResolution.type "kubernetes") }}
+{{- $extraContainers := (index $runner "extraContainers" | default list) }}
+{{- if not (kindIs "slice" $extraContainers) -}}
+  {{- fail ".Values.runner.extraContainers must be a list of container specifications" -}}
+{{- end }}
 apiVersion: actions.github.com/v1alpha1
 kind: AutoscalingRunnerSet
 metadata:
@@ -8,9 +18,6 @@ metadata:
  annotations:
    {{- include "autoscaling-runner-set.annotations" . | nindent 4 }}
    actions.github.com/values-hash: {{ toJson .Values | sha256sum | trunc 63 }}
-    {{- $runnerMode := (.Values.runner.mode | default "") }}
-    {{- $kubeDefaults := (.Values.runner.kubernetesMode.default | default true) }}
-    {{- $usesKubernetesSecrets := or (not .Values.secretResolution) (eq .Values.secretResolution.type "kubernetes") }}
    {{- if and $usesKubernetesSecrets (empty .Values.auth.secretName) }}
    actions.github.com/cleanup-github-secret-name: {{ include "github-secret.name" . | quote }}
    {{- end }}
@@ -19,7 +26,7 @@ metadata:
    {{- if ne $runnerMode "kubernetes" }}
    actions.github.com/cleanup-no-permission-service-account-name: {{ include "no-permission-serviceaccount.name" . | quote }}
    {{- end }}
-    {{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty .Values.runner.kubernetesMode.serviceAccountName) }}
+    {{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty $kubeServiceAccountName) }}
    actions.github.com/cleanup-kubernetes-mode-role-binding-name: {{ include "kube-mode-role-binding.name" . | quote }}
    actions.github.com/cleanup-kubernetes-mode-role-name: {{ include "kube-mode-role.name" . | quote }}
    actions.github.com/cleanup-kubernetes-mode-service-account-name: {{ include "kube-mode-serviceaccount.name" . | quote }}
@@ -112,15 +119,14 @@ spec:

  template:
    spec:
-      {{- $runnerMode := (.Values.runner.mode | default "") -}}
-      {{- if ne $runnerMode "kubernetes" }}
      serviceAccountName: {{ include "no-permission-serviceaccount.name" . | quote }}
-      {{- else if not (empty .Values.runner.kubernetesMode.serviceAccountName) }}
-      serviceAccountName: {{ .Values.runner.kubernetesMode.serviceAccountName | quote }}
-      {{- else if (.Values.runner.kubernetesMode.default | default true) }}
-      serviceAccountName: {{ include "kube-mode-serviceaccount.name" . | quote }}
-      {{- end }}
      containers:
-        - name: runner
-          image: {{ .Values.runner.container.image | default "ghcr.io/actions/actions-runner:latest" | quote }}
-          command: {{ toJson (default (list "/home/runner/run.sh") .Values.runner.container.command) }}
+        - {{ include "autoscaling-runner-set.template-runner-container" . | nindent 10 }}
+        {{- if eq $runnerMode "dind" -}}
+        - {{ include "autoscaling-runner-set.template-dind-container" . | nindent 10 }}
+        {{- end }}
+        {{- if $extraContainers }}
+          {{- range $extraContainers }}
+        - {{ toYaml . | nindent 10 }}
+          {{- end }}
+        {{- end }}
--- a/charts/gha-runner-scale-set-dev/templates/kube_mode_role.yaml
+++ b/charts/gha-runner-scale-set-dev/templates/kube_mode_role.yaml
@@ -1,6 +1,9 @@
-{{- $runnerMode := (.Values.runner.mode | default "") -}}
-{{- $kubeDefaults := (.Values.runner.kubernetesMode.default | default true) -}}
-{{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty .Values.runner.kubernetesMode.serviceAccountName) }}
+{{- $runner := (.Values.runner | default dict) -}}
+{{- $runnerMode := (index $runner "mode" | default "") -}}
+{{- $kubeMode := (index $runner "kubernetesMode" | default dict) -}}
+{{- $kubeDefaults := (index $kubeMode "default" | default true) -}}
+{{- $kubeServiceAccountName := (index $kubeMode "serviceAccountName" | default "") -}}
+{{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty $kubeServiceAccountName) }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
--- a/charts/gha-runner-scale-set-dev/templates/kube_mode_role_binding.yaml
+++ b/charts/gha-runner-scale-set-dev/templates/kube_mode_role_binding.yaml
@@ -1,6 +1,9 @@
-{{- $runnerMode := (.Values.runner.mode | default "") -}}
-{{- $kubeDefaults := (.Values.runner.kubernetesMode.default | default true) -}}
-{{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty .Values.runner.kubernetesMode.serviceAccountName) }}
+{{- $runner := (.Values.runner | default dict) -}}
+{{- $runnerMode := (index $runner "mode" | default "") -}}
+{{- $kubeMode := (index $runner "kubernetesMode" | default dict) -}}
+{{- $kubeDefaults := (index $kubeMode "default" | default true) -}}
+{{- $kubeServiceAccountName := (index $kubeMode "serviceAccountName" | default "") -}}
+{{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty $kubeServiceAccountName) }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
--- a/charts/gha-runner-scale-set-dev/templates/kube_mode_serviceaccount.yaml
+++ b/charts/gha-runner-scale-set-dev/templates/kube_mode_serviceaccount.yaml
@@ -1,6 +1,9 @@
-{{- $runnerMode := (.Values.runner.mode | default "") -}}
-{{- $kubeDefaults := (.Values.runner.kubernetesMode.default | default true) -}}
-{{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty .Values.runner.kubernetesMode.serviceAccountName) }}
+{{- $runner := (.Values.runner | default dict) -}}
+{{- $runnerMode := (index $runner "mode" | default "") -}}
+{{- $kubeMode := (index $runner "kubernetesMode" | default dict) -}}
+{{- $kubeDefaults := (index $kubeMode "default" | default true) -}}
+{{- $kubeServiceAccountName := (index $kubeMode "serviceAccountName" | default "") -}}
+{{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty $kubeServiceAccountName) }}
 apiVersion: v1
 kind: ServiceAccount
 metadata: