very much wip

charts/gha-runner-scale-set-dev/templates/_helpers.tpl

@@ -357,15 +357,81 @@ Create chart name and version as used by the chart label.
 {{/*
 Container spec that is expanded for the runner container
 */}}
-{{- define "container-spec.runner" -}}
+{{- define "autoscaling-runner-set.template-runner-container" -}}
-
 {{- if not .Values.runner.container }}
   {{ fail "You must provide a runner container specification in values.runner.container" }}
 {{- end }}
-
 {{- $tlsConfig := (default (dict) .Values.githubServerTLS) -}}
 name: runner
 image: {{ .Values.runner.container.image | default "ghcr.io/actions/runner:latest" }}
 command: {{ toJson (default (list "/home/runner/run.sh") .Values.runner.container.command) }}
+{{- $extra := omit .Values.runner.container "name" "image" "command" -}}
+{{- if not (empty $extra) -}}
+{{ toYaml $extra }}
+{{- end -}}
+{{- end }}
+
+{{- define "autoscaling-runner-set.template-dind-container" -}}
+{{- $dind := (.Values.runner.dind | default dict) -}}
+name: {{ $dind.container.name | default "dind" | quote }}
+image: {{ $dind.container.image | default "docker:dind" | quote }}
+args:
+{{- if $dind.container.args -}}
+  {{- toYaml $dind.container.args | indent 2 }}
+{{- else }}
+  {{- toYaml (include "dind.default-args" .) | indent 2 }}
+{{- end }}
+env:
+  - name: DOCKER_GROUP_GID
+    value: "{{ $dind.dockerGroupGid | default "123" }}"
+  {{- if $dind.container.env -}}
+{{ toYaml $dind.container.env | indent 2 }}
+  {{- end }}
+securityContext:
+  {{- if $dind.container.securityContext -}}
+  {{ toYaml $dind.container.securityContext | indent 2 }}
+  {{- else }}
+  privileged: true
+  {{- end }}
+restartPolicy: {{ $dind.restartPolicy | default "Always" | quote }} 
+startupProbe:
+  {{- if $dind.startupProbe -}}
+  {{ toYaml $dind.startupProbe | indent 2 }}
+  {{- else }}
+  {{- toYaml (include "dind.default-startup-probe" .) | indent 2 }}
+  {{- end }}
+{{- end }}
+
+{{- define "dind.default-startup-probe" -}}
+exec:
+  command:
+    - docker
+    - info
+initialDelaySeconds: 0
+failureThreshold: 24
+periodSeconds: 5
+{{- end }}
+
+{{- define "dind.default-args" -}}
+- dockerd
+- --host=unix:///var/run/docker.sock
+- --group=$(DOCKER_GROUP_GID)
+{{- end }}
+
+{{- define "autoscaling-runner-set.template-service-account" -}}
+{{- $runner := (.Values.runner | default dict) -}}
+{{- $runnerMode := (index $runner "mode" | default "") -}}
+{{- $kubeMode := (index $runner "kubernetesMode" | default dict) -}}
+{{- $kubeServiceAccountName := (index $kubeMode "serviceAccountName" | default "") -}}
+{{- $kubeDefaults := (index $kubeMode "default" | default true) -}}
+{{- if ne $runnerMode "kubernetes" }}
+  {{-  include "no-permission-serviceaccount.name" . }}
+{{- else if not (empty $kubeServiceAccountName) }}
+  {{- $kubeServiceAccountName }}
+{{- else if $kubeDefaults }}
+  {{- include "kube-mode-serviceaccount.name" . }}
+{{- else }}
+  {{- fail "runner.kubernetesMode.serviceAccountName must be set when runner.mode is 'kubernetes' and runner.kubernetesMode.default is false" -}}
+{{- end }}
 {{- end }}
 

charts/gha-runner-scale-set-dev/templates/autoscalingrunnserset.yaml

@@ -1,3 +1,13 @@
+{{- $runner := (.Values.runner | default dict) }}
+{{- $runnerMode := (index $runner "mode" | default "") }}
+{{- $kubeMode := (index $runner "kubernetesMode" | default dict) }}
+{{- $kubeDefaults := (index $kubeMode "default" | default true) }}
+{{- $kubeServiceAccountName := (index $kubeMode "serviceAccountName" | default "") }}
+{{- $usesKubernetesSecrets := or (not .Values.secretResolution) (eq .Values.secretResolution.type "kubernetes") }}
+{{- $extraContainers := (index $runner "extraContainers" | default list) }}
+{{- if not (kindIs "slice" $extraContainers) -}}
+  {{- fail ".Values.runner.extraContainers must be a list of container specifications" -}}
+{{- end }}
 apiVersion: actions.github.com/v1alpha1
 kind: AutoscalingRunnerSet
 metadata:
@@ -8,9 +18,6 @@ metadata:
   annotations:
     {{- include "autoscaling-runner-set.annotations" . | nindent 4 }}
     actions.github.com/values-hash: {{ toJson .Values | sha256sum | trunc 63 }}
-    {{- $runnerMode := (.Values.runner.mode | default "") }}
-    {{- $kubeDefaults := (.Values.runner.kubernetesMode.default | default true) }}
-    {{- $usesKubernetesSecrets := or (not .Values.secretResolution) (eq .Values.secretResolution.type "kubernetes") }}
     {{- if and $usesKubernetesSecrets (empty .Values.auth.secretName) }}
     actions.github.com/cleanup-github-secret-name: {{ include "github-secret.name" . | quote }}
     {{- end }}
@@ -19,7 +26,7 @@ metadata:
     {{- if ne $runnerMode "kubernetes" }}
     actions.github.com/cleanup-no-permission-service-account-name: {{ include "no-permission-serviceaccount.name" . | quote }}
     {{- end }}
-    {{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty .Values.runner.kubernetesMode.serviceAccountName) }}
+    {{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty $kubeServiceAccountName) }}
     actions.github.com/cleanup-kubernetes-mode-role-binding-name: {{ include "kube-mode-role-binding.name" . | quote }}
     actions.github.com/cleanup-kubernetes-mode-role-name: {{ include "kube-mode-role.name" . | quote }}
     actions.github.com/cleanup-kubernetes-mode-service-account-name: {{ include "kube-mode-serviceaccount.name" . | quote }}
@@ -112,15 +119,14 @@ spec:
 
   template:
     spec:
-      {{- $runnerMode := (.Values.runner.mode | default "") -}}
-      {{- if ne $runnerMode "kubernetes" }}
       serviceAccountName: {{ include "no-permission-serviceaccount.name" . | quote }}
-      {{- else if not (empty .Values.runner.kubernetesMode.serviceAccountName) }}
-      serviceAccountName: {{ .Values.runner.kubernetesMode.serviceAccountName | quote }}
-      {{- else if (.Values.runner.kubernetesMode.default | default true) }}
-      serviceAccountName: {{ include "kube-mode-serviceaccount.name" . | quote }}
-      {{- end }}
       containers:
-        - name: runner
+        - {{ include "autoscaling-runner-set.template-runner-container" . | nindent 10 }}
-          image: {{ .Values.runner.container.image | default "ghcr.io/actions/actions-runner:latest" | quote }}
+        {{- if eq $runnerMode "dind" -}}
-          command: {{ toJson (default (list "/home/runner/run.sh") .Values.runner.container.command) }}
+        - {{ include "autoscaling-runner-set.template-dind-container" . | nindent 10 }}
+        {{- end }}
+        {{- if $extraContainers }}
+          {{- range $extraContainers }}
+        - {{ toYaml . | nindent 10 }}
+          {{- end }}
+        {{- end }}

charts/gha-runner-scale-set-dev/templates/kube_mode_role.yaml

@@ -1,6 +1,9 @@
-{{- $runnerMode := (.Values.runner.mode | default "") -}}
+{{- $runner := (.Values.runner | default dict) -}}
-{{- $kubeDefaults := (.Values.runner.kubernetesMode.default | default true) -}}
+{{- $runnerMode := (index $runner "mode" | default "") -}}
-{{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty .Values.runner.kubernetesMode.serviceAccountName) }}
+{{- $kubeMode := (index $runner "kubernetesMode" | default dict) -}}
+{{- $kubeDefaults := (index $kubeMode "default" | default true) -}}
+{{- $kubeServiceAccountName := (index $kubeMode "serviceAccountName" | default "") -}}
+{{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty $kubeServiceAccountName) }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:

charts/gha-runner-scale-set-dev/templates/kube_mode_role_binding.yaml

@@ -1,6 +1,9 @@
-{{- $runnerMode := (.Values.runner.mode | default "") -}}
+{{- $runner := (.Values.runner | default dict) -}}
-{{- $kubeDefaults := (.Values.runner.kubernetesMode.default | default true) -}}
+{{- $runnerMode := (index $runner "mode" | default "") -}}
-{{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty .Values.runner.kubernetesMode.serviceAccountName) }}
+{{- $kubeMode := (index $runner "kubernetesMode" | default dict) -}}
+{{- $kubeDefaults := (index $kubeMode "default" | default true) -}}
+{{- $kubeServiceAccountName := (index $kubeMode "serviceAccountName" | default "") -}}
+{{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty $kubeServiceAccountName) }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:

charts/gha-runner-scale-set-dev/templates/kube_mode_serviceaccount.yaml

@@ -1,6 +1,9 @@
-{{- $runnerMode := (.Values.runner.mode | default "") -}}
+{{- $runner := (.Values.runner | default dict) -}}
-{{- $kubeDefaults := (.Values.runner.kubernetesMode.default | default true) -}}
+{{- $runnerMode := (index $runner "mode" | default "") -}}
-{{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty .Values.runner.kubernetesMode.serviceAccountName) }}
+{{- $kubeMode := (index $runner "kubernetesMode" | default dict) -}}
+{{- $kubeDefaults := (index $kubeMode "default" | default true) -}}
+{{- $kubeServiceAccountName := (index $kubeMode "serviceAccountName" | default "") -}}
+{{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty $kubeServiceAccountName) }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:

charts/gha-runner-scale-set-dev/values.yaml

@@ -147,26 +147,39 @@ resource:
 
 # Template applied for the runner container
 runner:
-  # metadata:
-  #   labels: []
-  #   annotations: []
-
   # Mode can be used to automatically add required configuration for the selected mode
   mode: "" # Available modes: "", "kubernetes", "dind"
   
+  pod:
+    metadata:
+      labels: {}
+      annotations: {}
+    spec: {}
+    
+  workVolume:
+    type: ""
+
   # container field is applied to the container named "runner". You cannot override the name of the runner container
   container:
     image: "ghcr.io/actions/actions-runner:latest"
     command: ["/home/runner/run.sh"]
 
   dind:
-    # If default is set to true, we will expand the default spec for the `dind` container, and you can provide fields to override them
+    copyExternals: true
-    default: true
+    dockerGroupId: "123"
+    container:
+      image: "docker:dind"
 
   kubernetesMode:
-    default: true
     serviceAccountName: ""
+    hookPath: "/home/runner/k8s/index.js"
+    requireJobContainer: true
     extension: {}
+  
+  extraInitContainers: []
+  extraContainers: []
+  extraVolumes: []
+
 ## A self-signed CA certificate for communication with the GitHub server can be
 ## provided using a config map key selector. If `runnerMountPath` is set, for
 ## each runner pod ARC will: