Add variants of PodTemplate spec fields into the Runner spec (#7)

Resolves #5
Fixes #11
Fixes #12

Changes:

* Added podtemplate spec

* Rework pod creation logic

* Added most using podspecs

* Added copy of podspec

* Fixed Github List method

* Fixed containers

* Added ability to override runner's containers

* Added ability to override runner's containers

* Added ability to override runner's containers

* Update controllers/runner_controller.go

Co-Authored-By: Moto Ishizawa <summerwind.jp@gmail.com>

* Remove optional restartpolicy

* Changed naming convention

Co-authored-by: Moto Ishizawa <summerwind.jp@gmail.com>

.github/workflows/build.yml

@@ -4,6 +4,7 @@ on:
     - master
     paths-ignore:
     - 'runner/**'
+    - '.github/**'
 
 jobs:
   build:
@@ -17,6 +18,8 @@ jobs:
         curl -L -O https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.2.0/kubebuilder_2.2.0_linux_amd64.tar.gz
         tar zxvf kubebuilder_2.2.0_linux_amd64.tar.gz
         sudo mv kubebuilder_2.2.0_linux_amd64 /usr/local/kubebuilder
+    - name: Run tests
+      run: make test
     - name: Build container image
       run: make docker-build
     - name: Docker Login

Makefile

@@ -64,6 +64,7 @@ docker-push:
 
 # Generate the release manifest file
 release: manifests
+	cd config/manager && kustomize edit set image controller=${NAME}:${VERSION}
 	mkdir -p release
 	kustomize build config/default > release/actions-runner-controller.yaml
 

PROJECT

@@ -4,4 +4,10 @@ resources:
 - group: actions
   kind: Runner
   version: v1alpha1
+- group: actions
+  kind: RunnerReplicaSet
+  version: v1alpha1
+- group: actions
+  kind: RunnerDeployment
+  version: v1alpha1
 version: "2"

README.md

@@ -13,7 +13,7 @@ This controller operates self-hosted runners for GitHub Actions on your Kubernet
 First, install *actions-runner-controller* with a manifest file. This will create a *actions-runner-system* namespace in your Kubernetes and deploy the required resources.
 
 ```
-$ kubectl -f https://github.com/summerwind/actions-runner-controller/releases/download/latest/actions-runner-controller.yaml
+$ kubectl apply -f https://github.com/summerwind/actions-runner-controller/releases/latest/download/actions-runner-controller.yaml
 ```
 
 Set your access token of GitHub to the secret. `${GITHUB_TOKEN}` is the value you must replace with your access token. This token is used to register Self-hosted runner by *actions-runner-controller*.
@@ -24,32 +24,39 @@ $ kubectl create secret generic controller-manager --from-literal=github_token=$
 
 ## Usage
 
-To launch Self-hosted runner, you need to create a manifest file includes *Runner* resource as follows. This example launches a self-hosted runner with name *example-runner* for the *summerwind/actions-runner-controller* repository.
+There's generally two ways to use this controller:
+
+- Manage runners one by one with `Runner`
+- Manage a set of runners with `RunnerDeployment`
+
+### Runners
+
+To launch a single Self-hosted runner, you need to create a manifest file includes *Runner* resource as follows. This example launches a self-hosted runner with name *example-runner* for the *summerwind/actions-runner-controller* repository.
 
 ```
-$ vim runner.yaml
-```
-```
+# runner.yaml
 apiVersion: actions.summerwind.dev/v1alpha1
 kind: Runner
 metadata:
   name: example-runner
 spec:
   repository: summerwind/actions-runner-controller
+  env: []
 ```
 
 Apply the created manifest file to your Kubernetes.
 
 ```
 $ kubectl apply -f runner.yaml
+runner.actions.summerwind.dev/example-runner created
 ```
 
 You can see that the Runner resource has been created.
 
 ```
 $ kubectl get runners
-NAME             AGE
-example-runner   1m
+NAME             REPOSITORY                             STATUS
+example-runner   summerwind/actions-runner-controller   Running
 ```
 
 You can also see that the runner pod has been running.
@@ -64,4 +71,41 @@ The runner you created has been registerd to your repository.
 
 <img width="756" alt="Actions tab in your repository settings" src="https://user-images.githubusercontent.com/230145/73618667-8cbf9700-466c-11ea-80b6-c67e6d3f70e7.png">
 
-Now your can use your self-hosted runner. See the [documentation](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/using-self-hosted-runners-in-a-workflow) on how to run a job with it.
+Now your can use your self-hosted runner. See the [official documentation](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/using-self-hosted-runners-in-a-workflow) on how to run a job with it.
+
+### RunnerDeployments
+
+There's also `RunnerReplicaSet` and `RunnerDeployment` that corresponds to `ReplicaSet` and `Deployment` but for `Runner`.
+
+You usually need only `RunnerDeployment` rather than `RunnerReplicaSet` as the former is for managing the latter.
+
+```yaml
+# runnerdeployment.yaml
+apiVersion: actions.summerwind.dev/v1alpha1
+kind: RunnerDeployment
+metadata:
+  name: example-runnerdeploy
+spec:
+  replicas: 2
+  template:
+    spec:
+      repository: mumoshu/actions-runner-controller-ci
+      env: []
+```
+
+Apply the manifest file to your cluster:
+
+```
+$ kubectl apply -f runner.yaml
+runnerdeployment.actions.summerwind.dev/example-runnerdeploy created
+```
+
+You can see that 2 runners has been created as specified by `replicas: 2`:
+
+```
+$ kubectl get runners
+NAME             REPOSITORY                             STATUS
+NAME                             REPOSITORY                             STATUS
+example-runnerdeploy2475h595fr   mumoshu/actions-runner-controller-ci   Running
+example-runnerdeploy2475ht2qbr   mumoshu/actions-runner-controller-ci   Running
+```

api/v1alpha1/runner_types.go

@@ -17,6 +17,7 @@ limitations under the License.
 package v1alpha1
 
 import (
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -26,16 +27,53 @@ type RunnerSpec struct {
 	// +kubebuilder:validation:Pattern=`^[^/]+/[^/]+$`
 	Repository string `json:"repository"`
 
+	// +optional
+	Containers []corev1.Container `json:"containers,omitempty"`
+	// +optional
+	Resources corev1.ResourceRequirements `json:"resources,omitempty"`
+	// +optional
+	VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty"`
+	// +optional
+	EnvFrom []corev1.EnvFromSource `json:"envFrom,omitempty"`
+
 	// +optional
 	Image string `json:"image"`
+	// +optional
+	Env []corev1.EnvVar `json:"env,omitempty"`
+
+	// +optional
+	Volumes []corev1.Volume `json:"volumes,omitempty"`
+
+	// +optional
+	InitContainers []corev1.Container `json:"initContainers,omitempty"`
+	// +optional
+	SidecarContainers []corev1.Container `json:"sidecarContainers,omitempty"`
+	// +optional
+	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
+	// +optional
+	ServiceAccountName string `json:"serviceAccountName,omitempty"`
+	// +optional
+	AutomountServiceAccountToken *bool `json:"automountServiceAccountToken,omitempty"`
+	// +optional
+	SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
+	// +optional
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+	// +optional
+	Affinity *corev1.Affinity `json:"affinity,omitempty"`
+	// +optional
+	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
+	// +optional
+	EphemeralContainers []corev1.EphemeralContainer `json:"ephemeralContainers,omitempty"`
+	// +optional
+	TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty"`
 }
 
 // RunnerStatus defines the observed state of Runner
 type RunnerStatus struct {
 	Registration RunnerStatusRegistration `json:"registration"`
-	Phase        string                   `json:"Phase"`
-	Reason       string                   `json:"Reason"`
-	Message      string                   `json:"Message"`
+	Phase        string                   `json:"phase"`
+	Reason       string                   `json:"reason"`
+	Message      string                   `json:"message"`
 }
 
 type RunnerStatusRegistration struct {
@@ -46,6 +84,8 @@ type RunnerStatusRegistration struct {
 
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:JSONPath=".spec.repository",name=Repository,type=string
+// +kubebuilder:printcolumn:JSONPath=".status.phase",name=Status,type=string
 
 // Runner is the Schema for the runners API
 type Runner struct {

api/v1alpha1/runnerdeployment_types.go

@@ -0,0 +1,61 @@
+/*
+Copyright 2020 The actions-runner-controller authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// RunnerReplicaSetSpec defines the desired state of RunnerDeployment
+type RunnerDeploymentSpec struct {
+	Replicas *int `json:"replicas"`
+
+	Template RunnerTemplate `json:"template"`
+}
+
+type RunnerDeploymentStatus struct {
+	AvailableReplicas int `json:"availableReplicas"`
+	ReadyReplicas     int `json:"readyReplicas"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:JSONPath=".spec.replicas",name=Desired,type=number
+// +kubebuilder:printcolumn:JSONPath=".status.availableReplicas",name=Current,type=number
+// +kubebuilder:printcolumn:JSONPath=".status.readyReplicas",name=Ready,type=number
+
+// RunnerDeployment is the Schema for the runnerdeployments API
+type RunnerDeployment struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   RunnerDeploymentSpec   `json:"spec,omitempty"`
+	Status RunnerDeploymentStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// RunnerList contains a list of Runner
+type RunnerDeploymentList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []RunnerDeployment `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&RunnerDeployment{}, &RunnerDeploymentList{})
+}

api/v1alpha1/runnerreplicaset_types.go

@@ -0,0 +1,67 @@
+/*
+Copyright 2020 The actions-runner-controller authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// RunnerReplicaSetSpec defines the desired state of RunnerReplicaSet
+type RunnerReplicaSetSpec struct {
+	Replicas *int `json:"replicas"`
+
+	Template RunnerTemplate `json:"template"`
+}
+
+type RunnerReplicaSetStatus struct {
+	AvailableReplicas int `json:"availableReplicas"`
+	ReadyReplicas     int `json:"readyReplicas"`
+}
+
+type RunnerTemplate struct {
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec RunnerSpec `json:"spec,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:JSONPath=".spec.replicas",name=Desired,type=number
+// +kubebuilder:printcolumn:JSONPath=".status.availableReplicas",name=Current,type=number
+// +kubebuilder:printcolumn:JSONPath=".status.readyReplicas",name=Ready,type=number
+
+// RunnerReplicaSet is the Schema for the runnerreplicasets API
+type RunnerReplicaSet struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   RunnerReplicaSetSpec   `json:"spec,omitempty"`
+	Status RunnerReplicaSetStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// RunnerList contains a list of Runner
+type RunnerReplicaSetList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []RunnerReplicaSet `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&RunnerReplicaSet{}, &RunnerReplicaSetList{})
+}

api/v1alpha1/zz_generated.deepcopy.go

@@ -21,6 +21,7 @@ limitations under the License.
 package v1alpha1
 
 import (
+	"k8s.io/api/core/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
@@ -29,7 +30,7 @@ func (in *Runner) DeepCopyInto(out *Runner) {
 	*out = *in
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	out.Spec = in.Spec
+	in.Spec.DeepCopyInto(&out.Spec)
 	in.Status.DeepCopyInto(&out.Status)
 }
 
@@ -51,6 +52,101 @@ func (in *Runner) DeepCopyObject() runtime.Object {
 	return nil
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RunnerDeployment) DeepCopyInto(out *RunnerDeployment) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	out.Status = in.Status
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunnerDeployment.
+func (in *RunnerDeployment) DeepCopy() *RunnerDeployment {
+	if in == nil {
+		return nil
+	}
+	out := new(RunnerDeployment)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *RunnerDeployment) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RunnerDeploymentList) DeepCopyInto(out *RunnerDeploymentList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]RunnerDeployment, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunnerDeploymentList.
+func (in *RunnerDeploymentList) DeepCopy() *RunnerDeploymentList {
+	if in == nil {
+		return nil
+	}
+	out := new(RunnerDeploymentList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *RunnerDeploymentList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RunnerDeploymentSpec) DeepCopyInto(out *RunnerDeploymentSpec) {
+	*out = *in
+	if in.Replicas != nil {
+		in, out := &in.Replicas, &out.Replicas
+		*out = new(int)
+		**out = **in
+	}
+	in.Template.DeepCopyInto(&out.Template)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunnerDeploymentSpec.
+func (in *RunnerDeploymentSpec) DeepCopy() *RunnerDeploymentSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(RunnerDeploymentSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RunnerDeploymentStatus) DeepCopyInto(out *RunnerDeploymentStatus) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunnerDeploymentStatus.
+func (in *RunnerDeploymentStatus) DeepCopy() *RunnerDeploymentStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(RunnerDeploymentStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *RunnerList) DeepCopyInto(out *RunnerList) {
 	*out = *in
@@ -83,9 +179,200 @@ func (in *RunnerList) DeepCopyObject() runtime.Object {
 	return nil
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RunnerReplicaSet) DeepCopyInto(out *RunnerReplicaSet) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	out.Status = in.Status
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunnerReplicaSet.
+func (in *RunnerReplicaSet) DeepCopy() *RunnerReplicaSet {
+	if in == nil {
+		return nil
+	}
+	out := new(RunnerReplicaSet)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *RunnerReplicaSet) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RunnerReplicaSetList) DeepCopyInto(out *RunnerReplicaSetList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]RunnerReplicaSet, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunnerReplicaSetList.
+func (in *RunnerReplicaSetList) DeepCopy() *RunnerReplicaSetList {
+	if in == nil {
+		return nil
+	}
+	out := new(RunnerReplicaSetList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *RunnerReplicaSetList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RunnerReplicaSetSpec) DeepCopyInto(out *RunnerReplicaSetSpec) {
+	*out = *in
+	if in.Replicas != nil {
+		in, out := &in.Replicas, &out.Replicas
+		*out = new(int)
+		**out = **in
+	}
+	in.Template.DeepCopyInto(&out.Template)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunnerReplicaSetSpec.
+func (in *RunnerReplicaSetSpec) DeepCopy() *RunnerReplicaSetSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(RunnerReplicaSetSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RunnerReplicaSetStatus) DeepCopyInto(out *RunnerReplicaSetStatus) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunnerReplicaSetStatus.
+func (in *RunnerReplicaSetStatus) DeepCopy() *RunnerReplicaSetStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(RunnerReplicaSetStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *RunnerSpec) DeepCopyInto(out *RunnerSpec) {
 	*out = *in
+	if in.Containers != nil {
+		in, out := &in.Containers, &out.Containers
+		*out = make([]v1.Container, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	in.Resources.DeepCopyInto(&out.Resources)
+	if in.VolumeMounts != nil {
+		in, out := &in.VolumeMounts, &out.VolumeMounts
+		*out = make([]v1.VolumeMount, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.EnvFrom != nil {
+		in, out := &in.EnvFrom, &out.EnvFrom
+		*out = make([]v1.EnvFromSource, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.Env != nil {
+		in, out := &in.Env, &out.Env
+		*out = make([]v1.EnvVar, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.Volumes != nil {
+		in, out := &in.Volumes, &out.Volumes
+		*out = make([]v1.Volume, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.InitContainers != nil {
+		in, out := &in.InitContainers, &out.InitContainers
+		*out = make([]v1.Container, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.SidecarContainers != nil {
+		in, out := &in.SidecarContainers, &out.SidecarContainers
+		*out = make([]v1.Container, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.NodeSelector != nil {
+		in, out := &in.NodeSelector, &out.NodeSelector
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.AutomountServiceAccountToken != nil {
+		in, out := &in.AutomountServiceAccountToken, &out.AutomountServiceAccountToken
+		*out = new(bool)
+		**out = **in
+	}
+	if in.SecurityContext != nil {
+		in, out := &in.SecurityContext, &out.SecurityContext
+		*out = new(v1.PodSecurityContext)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ImagePullSecrets != nil {
+		in, out := &in.ImagePullSecrets, &out.ImagePullSecrets
+		*out = make([]v1.LocalObjectReference, len(*in))
+		copy(*out, *in)
+	}
+	if in.Affinity != nil {
+		in, out := &in.Affinity, &out.Affinity
+		*out = new(v1.Affinity)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Tolerations != nil {
+		in, out := &in.Tolerations, &out.Tolerations
+		*out = make([]v1.Toleration, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.EphemeralContainers != nil {
+		in, out := &in.EphemeralContainers, &out.EphemeralContainers
+		*out = make([]v1.EphemeralContainer, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.TerminationGracePeriodSeconds != nil {
+		in, out := &in.TerminationGracePeriodSeconds, &out.TerminationGracePeriodSeconds
+		*out = new(int64)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunnerSpec.
@@ -129,3 +416,20 @@ func (in *RunnerStatusRegistration) DeepCopy() *RunnerStatusRegistration {
 	in.DeepCopyInto(out)
 	return out
 }
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RunnerTemplate) DeepCopyInto(out *RunnerTemplate) {
+	*out = *in
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunnerTemplate.
+func (in *RunnerTemplate) DeepCopy() *RunnerTemplate {
+	if in == nil {
+		return nil
+	}
+	out := new(RunnerTemplate)
+	in.DeepCopyInto(out)
+	return out
+}

config/crd/kustomization.yaml

@@ -3,6 +3,8 @@
 # It should be run by config/default
 resources:
 - bases/actions.summerwind.dev_runners.yaml
+- bases/actions.summerwind.dev_runnerreplicasets.yaml
+- bases/actions.summerwind.dev_runnerdeployments.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:

config/rbac/role.yaml

@@ -6,6 +6,46 @@ metadata:
   creationTimestamp: null
   name: manager-role
 rules:
+- apiGroups:
+  - actions.summerwind.dev
+  resources:
+  - runnerdeployments
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - actions.summerwind.dev
+  resources:
+  - runnerdeployments/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - actions.summerwind.dev
+  resources:
+  - runnerreplicasets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - actions.summerwind.dev
+  resources:
+  - runnerreplicasets/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - actions.summerwind.dev
   resources:

config/samples/actions_v1alpha1_runnerdeployment.yaml

@@ -0,0 +1,9 @@
+apiVersion: actions.summerwind.dev/v1alpha1
+kind: RunnerDeployment
+metadata:
+  name: summerwind-actions-runner-controller
+spec:
+  replicas: 2
+  template:
+    spec:
+      repository: summerwind/actions-runner-controller

config/samples/actions_v1alpha1_runnerreplicaset.yaml

@@ -0,0 +1,9 @@
+apiVersion: actions.summerwind.dev/v1alpha1
+kind: RunnerReplicaSet
+metadata:
+  name: summerwind-actions-runner-controller
+spec:
+  replicas: 2
+  template:
+    spec:
+      repository: summerwind/actions-runner-controller

controllers/runner_controller.go

@@ -26,6 +26,7 @@ import (
 	"github.com/google/go-github/v29/github"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/tools/record"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
@@ -36,11 +37,23 @@ import (
 )
 
 const (
-	defaultImage  = "summerwind/actions-runner:latest"
 	containerName = "runner"
+	finalizerName = "runner.actions.summerwind.dev"
 )
 
-type RegistrationToken struct {
+type GitHubRunnerList struct {
+	TotalCount int            `json:"total_count"`
+	Runners    []GitHubRunner `json:"runners,omitempty"`
+}
+
+type GitHubRunner struct {
+	ID     int    `json:"id"`
+	Name   string `json:"name"`
+	OS     string `json:"os"`
+	Status string `json:"status"`
+}
+
+type GitHubRegistrationToken struct {
 	Token     string `json:"token"`
 	ExpiresAt string `json:"expires_at"`
 }
@@ -49,8 +62,11 @@ type RegistrationToken struct {
 type RunnerReconciler struct {
 	client.Client
 	Log          logr.Logger
+	Recorder     record.EventRecorder
 	Scheme       *runtime.Scheme
 	GitHubClient *github.Client
+	RunnerImage  string
+	DockerImage  string
 }
 
 // +kubebuilder:rbac:groups=actions.summerwind.dev,resources=runners,verbs=get;list;watch;create;update;patch;delete
@@ -63,14 +79,56 @@ func (r *RunnerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 
 	var runner v1alpha1.Runner
 	if err := r.Get(ctx, req.NamespacedName, &runner); err != nil {
-		log.Error(err, "Unable to fetch Runner")
 		return ctrl.Result{}, client.IgnoreNotFound(err)
 	}
 
+	if runner.ObjectMeta.DeletionTimestamp.IsZero() {
+		finalizers, added := addFinalizer(runner.ObjectMeta.Finalizers)
+
+		if added {
+			newRunner := runner.DeepCopy()
+			newRunner.ObjectMeta.Finalizers = finalizers
+
+			if err := r.Update(ctx, newRunner); err != nil {
+				log.Error(err, "Failed to update runner")
+				return ctrl.Result{}, err
+			}
+
+			return ctrl.Result{}, nil
+		}
+	} else {
+		finalizers, removed := removeFinalizer(runner.ObjectMeta.Finalizers)
+
+		if removed {
+			ok, err := r.unregisterRunner(ctx, runner.Spec.Repository, runner.Name)
+			if err != nil {
+				log.Error(err, "Failed to unregister runner")
+				return ctrl.Result{}, err
+			}
+
+			if !ok {
+				log.V(1).Info("Runner no longer exists on GitHub")
+			}
+
+			newRunner := runner.DeepCopy()
+			newRunner.ObjectMeta.Finalizers = finalizers
+
+			if err := r.Update(ctx, newRunner); err != nil {
+				log.Error(err, "Failed to update runner")
+				return ctrl.Result{}, err
+			}
+
+			log.Info("Removed runner from GitHub", "repository", runner.Spec.Repository)
+		}
+
+		return ctrl.Result{}, nil
+	}
+
 	if !runner.IsRegisterable() {
 		reg, err := r.newRegistration(ctx, runner.Spec.Repository)
 		if err != nil {
-			log.Error(err, "Failed to get new registration")
+			r.Recorder.Event(&runner, corev1.EventTypeWarning, "FailedUpdateRegistrationToken", "Updating registration token failed")
+			log.Error(err, "Failed to get new registration token")
 			return ctrl.Result{}, err
 		}
 
@@ -78,10 +136,11 @@ func (r *RunnerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 		updated.Status.Registration = reg
 
 		if err := r.Status().Update(ctx, updated); err != nil {
-			log.Error(err, "Unable to update Runner status")
+			log.Error(err, "Failed to update runner status")
 			return ctrl.Result{}, err
 		}
 
+		r.Recorder.Event(&runner, corev1.EventTypeNormal, "RegistrationTokenUpdated", "Successfully update registration token")
 		log.Info("Updated registration token", "repository", runner.Spec.Repository)
 		return ctrl.Result{}, nil
 	}
@@ -94,17 +153,32 @@ func (r *RunnerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 
 		newPod, err := r.newPod(runner)
 		if err != nil {
-			log.Error(err, "could not create pod")
+			log.Error(err, "Could not create pod")
 			return ctrl.Result{}, err
 		}
 
 		if err := r.Create(ctx, &newPod); err != nil {
-			log.Error(err, "failed to create pod resource")
+			log.Error(err, "Failed to create pod resource")
 			return ctrl.Result{}, err
 		}
 
-		log.Info("Created a runner pod", "repository", runner.Spec.Repository)
+		r.Recorder.Event(&runner, corev1.EventTypeNormal, "PodCreated", fmt.Sprintf("Created pod '%s'", newPod.Name))
+		log.Info("Created runner pod", "repository", runner.Spec.Repository)
 	} else {
+		if runner.Status.Phase != string(pod.Status.Phase) {
+			updated := runner.DeepCopy()
+			updated.Status.Phase = string(pod.Status.Phase)
+			updated.Status.Reason = pod.Status.Reason
+			updated.Status.Message = pod.Status.Message
+
+			if err := r.Status().Update(ctx, updated); err != nil {
+				log.Error(err, "Failed to update runner status")
+				return ctrl.Result{}, err
+			}
+
+			return ctrl.Result{}, nil
+		}
+
 		if !pod.ObjectMeta.DeletionTimestamp.IsZero() {
 			return ctrl.Result{}, err
 		}
@@ -125,7 +199,7 @@ func (r *RunnerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 
 		newPod, err := r.newPod(runner)
 		if err != nil {
-			log.Error(err, "could not create pod")
+			log.Error(err, "Could not create pod")
 			return ctrl.Result{}, err
 		}
 
@@ -140,11 +214,12 @@ func (r *RunnerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 		}
 
 		if err := r.Delete(ctx, &pod); err != nil {
-			log.Error(err, "failed to delete pod resource")
+			log.Error(err, "Failed to delete pod resource")
 			return ctrl.Result{}, err
 		}
 
-		log.Info("Restarted a runner pod", "repository", runner.Spec.Repository)
+		r.Recorder.Event(&runner, corev1.EventTypeNormal, "PodDeleted", fmt.Sprintf("Deleted pod '%s'", newPod.Name))
+		log.Info("Deleted runner pod", "repository", runner.Spec.Repository)
 	}
 
 	return ctrl.Result{}, nil
@@ -170,8 +245,8 @@ func (r *RunnerReconciler) newRegistration(ctx context.Context, repo string) (v1
 	return reg, err
 }
 
-func (r *RunnerReconciler) getRegistrationToken(ctx context.Context, repo string) (RegistrationToken, error) {
-	var regToken RegistrationToken
+func (r *RunnerReconciler) getRegistrationToken(ctx context.Context, repo string) (GitHubRegistrationToken, error) {
+	var regToken GitHubRegistrationToken
 
 	req, err := r.GitHubClient.NewRequest("POST", fmt.Sprintf("/repos/%s/actions/runners/registration-token", repo), nil)
 	if err != nil {
@@ -190,43 +265,112 @@ func (r *RunnerReconciler) getRegistrationToken(ctx context.Context, repo string
 	return regToken, nil
 }
 
+func (r *RunnerReconciler) unregisterRunner(ctx context.Context, repo, name string) (bool, error) {
+	runners, err := r.listRunners(ctx, repo)
+	if err != nil {
+		return false, err
+	}
+
+	id := 0
+	for _, runner := range runners.Runners {
+		if runner.Name == name {
+			id = runner.ID
+			break
+		}
+	}
+
+	if id == 0 {
+		return false, nil
+	}
+
+	if err := r.removeRunner(ctx, repo, id); err != nil {
+		return false, err
+	}
+
+	return true, nil
+}
+
+func (r *RunnerReconciler) listRunners(ctx context.Context, repo string) (GitHubRunnerList, error) {
+	runners := GitHubRunnerList{}
+
+	req, err := r.GitHubClient.NewRequest("GET", fmt.Sprintf("/repos/%s/actions/runners", repo), nil)
+	if err != nil {
+		return runners, err
+	}
+
+	res, err := r.GitHubClient.Do(ctx, req, &runners)
+	if err != nil {
+		return runners, err
+	}
+
+	if res.StatusCode != 200 {
+		return runners, fmt.Errorf("unexpected status: %d", res.StatusCode)
+	}
+
+	return runners, nil
+}
+
+func (r *RunnerReconciler) removeRunner(ctx context.Context, repo string, id int) error {
+	req, err := r.GitHubClient.NewRequest("DELETE", fmt.Sprintf("/repos/%s/actions/runners/%d", repo, id), nil)
+	if err != nil {
+		return err
+	}
+
+	res, err := r.GitHubClient.Do(ctx, req, nil)
+	if err != nil {
+		return err
+	}
+
+	if res.StatusCode != 204 {
+		return fmt.Errorf("unexpected status: %d", res.StatusCode)
+	}
+
+	return nil
+}
+
 func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 	var (
 		privileged bool  = true
 		group      int64 = 0
 	)
 
-	image := runner.Spec.Image
-	if image == "" {
-		image = defaultImage
+	runnerImage := runner.Spec.Image
+	if runnerImage == "" {
+		runnerImage = r.RunnerImage
 	}
 
+	env := []corev1.EnvVar{
+		{
+			Name:  "RUNNER_NAME",
+			Value: runner.Name,
+		},
+		{
+			Name:  "RUNNER_REPO",
+			Value: runner.Spec.Repository,
+		},
+		{
+			Name:  "RUNNER_TOKEN",
+			Value: runner.Status.Registration.Token,
+		},
+	}
+
+	env = append(env, runner.Spec.Env...)
 	pod := corev1.Pod{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      runner.Name,
-			Namespace: runner.Namespace,
+			Name:        runner.Name,
+			Namespace:   runner.Namespace,
+			Labels:      runner.Labels,
+			Annotations: runner.Annotations,
 		},
 		Spec: corev1.PodSpec{
 			RestartPolicy: "OnFailure",
 			Containers: []corev1.Container{
 				{
 					Name:            containerName,
-					Image:           image,
+					Image:           runnerImage,
 					ImagePullPolicy: "Always",
-					Env: []corev1.EnvVar{
-						{
-							Name:  "RUNNER_NAME",
-							Value: runner.Name,
-						},
-						{
-							Name:  "RUNNER_REPO",
-							Value: runner.Spec.Repository,
-						},
-						{
-							Name:  "RUNNER_TOKEN",
-							Value: runner.Status.Registration.Token,
-						},
-					},
+					Env:             env,
+					EnvFrom:         runner.Spec.EnvFrom,
 					VolumeMounts: []corev1.VolumeMount{
 						{
 							Name:      "docker",
@@ -236,10 +380,11 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 					SecurityContext: &corev1.SecurityContext{
 						RunAsGroup: &group,
 					},
+					Resources: runner.Spec.Resources,
 				},
 				{
 					Name:  "docker",
-					Image: "docker:19.03.5-dind",
+					Image: r.DockerImage,
 					VolumeMounts: []corev1.VolumeMount{
 						{
 							Name:      "docker",
@@ -262,6 +407,59 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 		},
 	}
 
+	if len(runner.Spec.Containers) != 0 {
+		pod.Spec.Containers = runner.Spec.Containers
+	}
+
+	if len(runner.Spec.VolumeMounts) != 0 {
+		pod.Spec.Containers[0].VolumeMounts = append(pod.Spec.Containers[0].VolumeMounts, runner.Spec.VolumeMounts...)
+	}
+
+	if len(runner.Spec.Volumes) != 0 {
+		pod.Spec.Volumes = append(runner.Spec.Volumes, runner.Spec.Volumes...)
+	}
+	if len(runner.Spec.InitContainers) != 0 {
+		pod.Spec.InitContainers = append(pod.Spec.InitContainers, runner.Spec.InitContainers...)
+	}
+
+	if runner.Spec.NodeSelector != nil {
+		pod.Spec.NodeSelector = runner.Spec.NodeSelector
+	}
+	if runner.Spec.ServiceAccountName != "" {
+		pod.Spec.ServiceAccountName = runner.Spec.ServiceAccountName
+	}
+	if runner.Spec.AutomountServiceAccountToken != nil {
+		pod.Spec.AutomountServiceAccountToken = runner.Spec.AutomountServiceAccountToken
+	}
+
+	if len(runner.Spec.SidecarContainers) != 0 {
+		pod.Spec.Containers = append(pod.Spec.Containers, runner.Spec.SidecarContainers...)
+	}
+
+	if runner.Spec.SecurityContext != nil {
+		pod.Spec.SecurityContext = runner.Spec.SecurityContext
+	}
+
+	if len(runner.Spec.ImagePullSecrets) != 0 {
+		pod.Spec.ImagePullSecrets = runner.Spec.ImagePullSecrets
+	}
+
+	if runner.Spec.Affinity != nil {
+		pod.Spec.Affinity = runner.Spec.Affinity
+	}
+
+	if len(runner.Spec.Tolerations) != 0 {
+		pod.Spec.Tolerations = runner.Spec.Tolerations
+	}
+
+	if len(runner.Spec.EphemeralContainers) != 0 {
+		pod.Spec.EphemeralContainers = runner.Spec.EphemeralContainers
+	}
+
+	if runner.Spec.TerminationGracePeriodSeconds != nil {
+		pod.Spec.TerminationGracePeriodSeconds = runner.Spec.TerminationGracePeriodSeconds
+	}
+
 	if err := ctrl.SetControllerReference(&runner, &pod, r.Scheme); err != nil {
 		return pod, err
 	}
@@ -270,8 +468,40 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 }
 
 func (r *RunnerReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	r.Recorder = mgr.GetEventRecorderFor("runner-controller")
+
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&v1alpha1.Runner{}).
 		Owns(&corev1.Pod{}).
 		Complete(r)
 }
+
+func addFinalizer(finalizers []string) ([]string, bool) {
+	exists := false
+	for _, name := range finalizers {
+		if name == finalizerName {
+			exists = true
+		}
+	}
+
+	if exists {
+		return finalizers, false
+	}
+
+	return append(finalizers, finalizerName), true
+}
+
+func removeFinalizer(finalizers []string) ([]string, bool) {
+	removed := false
+	result := []string{}
+
+	for _, name := range finalizers {
+		if name == finalizerName {
+			removed = true
+			continue
+		}
+		result = append(result, name)
+	}
+
+	return result, removed
+}

controllers/runnerdeployment_controller.go

@@ -0,0 +1,261 @@
+/*
+Copyright 2020 The actions-runner-controller authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controllers
+
+import (
+	"context"
+	"fmt"
+	"hash/fnv"
+	"sort"
+
+	"github.com/davecgh/go-spew/spew"
+	"github.com/go-logr/logr"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/util/rand"
+	"k8s.io/client-go/tools/record"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/summerwind/actions-runner-controller/api/v1alpha1"
+)
+
+const (
+	LabelKeyRunnerTemplateHash = "runner-template-hash"
+
+	runnerSetOwnerKey = ".metadata.controller"
+)
+
+// RunnerDeploymentReconciler reconciles a Runner object
+type RunnerDeploymentReconciler struct {
+	client.Client
+	Log      logr.Logger
+	Recorder record.EventRecorder
+	Scheme   *runtime.Scheme
+}
+
+// +kubebuilder:rbac:groups=actions.summerwind.dev,resources=runnerdeployments,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=actions.summerwind.dev,resources=runnerdeployments/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=actions.summerwind.dev,resources=runnerreplicasets,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=actions.summerwind.dev,resources=runnerreplicasets/status,verbs=get;update;patch
+
+func (r *RunnerDeploymentReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+	ctx := context.Background()
+	log := r.Log.WithValues("runnerreplicaset", req.NamespacedName)
+
+	var rd v1alpha1.RunnerDeployment
+	if err := r.Get(ctx, req.NamespacedName, &rd); err != nil {
+		return ctrl.Result{}, client.IgnoreNotFound(err)
+	}
+
+	if !rd.ObjectMeta.DeletionTimestamp.IsZero() {
+		return ctrl.Result{}, nil
+	}
+
+	var myRunnerReplicaSetList v1alpha1.RunnerReplicaSetList
+	if err := r.List(ctx, &myRunnerReplicaSetList, client.InNamespace(req.Namespace), client.MatchingFields{runnerSetOwnerKey: req.Name}); err != nil {
+		return ctrl.Result{}, err
+	}
+
+	myRunnerReplicaSets := myRunnerReplicaSetList.Items
+
+	sort.Slice(myRunnerReplicaSets, func(i, j int) bool {
+		return myRunnerReplicaSets[i].GetCreationTimestamp().After(myRunnerReplicaSets[j].GetCreationTimestamp().Time)
+	})
+
+	var newestSet *v1alpha1.RunnerReplicaSet
+
+	var oldSets []v1alpha1.RunnerReplicaSet
+
+	if len(myRunnerReplicaSets) > 0 {
+		newestSet = &myRunnerReplicaSets[0]
+	}
+
+	if len(myRunnerReplicaSets) > 1 {
+		oldSets = myRunnerReplicaSets[1:]
+	}
+
+	desiredRS, err := r.newRunnerReplicaSet(rd)
+	if err != nil {
+		log.Error(err, "Could not create runnerreplicaset")
+
+		return ctrl.Result{}, err
+	}
+
+	if newestSet == nil {
+		if err := r.Client.Create(ctx, &desiredRS); err != nil {
+			log.Error(err, "Failed to create runnerreplicaset resource")
+
+			return ctrl.Result{}, err
+		}
+
+		return ctrl.Result{}, nil
+	}
+
+	newestTemplateHash, ok := getTemplateHash(newestSet)
+	if !ok {
+		log.Info("Failed to get template hash of newest runnerreplicaset resource. It must be in an invalid state. Please manually delete the runnerreplicaset so that it is recreated")
+
+		return ctrl.Result{}, nil
+	}
+
+	desiredTemplateHash, ok := getTemplateHash(&desiredRS)
+	if !ok {
+		log.Info("Failed to get template hash of desired runnerreplicaset resource. It must be in an invalid state. Please manually delete the runnerreplicaset so that it is recreated")
+
+		return ctrl.Result{}, nil
+	}
+
+	if newestTemplateHash != desiredTemplateHash {
+		if err := r.Client.Create(ctx, &desiredRS); err != nil {
+			log.Error(err, "Failed to create runnerreplicaset resource")
+
+			return ctrl.Result{}, err
+		}
+
+		return ctrl.Result{}, nil
+	}
+
+	// Please add more conditions that we can in-place update the newest runnerreplicaset without disruption
+	if newestSet.Spec.Replicas != desiredRS.Spec.Replicas {
+		newestSet.Spec.Replicas = desiredRS.Spec.Replicas
+
+		if err := r.Client.Update(ctx, newestSet); err != nil {
+			log.Error(err, "Failed to update runnerreplicaset resource")
+
+			return ctrl.Result{}, err
+		}
+
+		return ctrl.Result{}, nil
+	}
+
+	for i := range oldSets {
+		rs := oldSets[i]
+
+		if err := r.Client.Delete(ctx, &rs); err != nil {
+			log.Error(err, "Failed to delete runner resource")
+
+			return ctrl.Result{}, err
+		}
+
+		r.Recorder.Event(&rd, corev1.EventTypeNormal, "RunnerReplicaSetDeleted", fmt.Sprintf("Deleted runnerreplicaset '%s'", rs.Name))
+		log.Info("Deleted runnerreplicaset", "runnerdeployment", rd.ObjectMeta.Name, "runnerreplicaset", rs.Name)
+	}
+
+	return ctrl.Result{}, nil
+}
+
+func getTemplateHash(rs *v1alpha1.RunnerReplicaSet) (string, bool) {
+	hash, ok := rs.Labels[LabelKeyRunnerTemplateHash]
+
+	return hash, ok
+}
+
+// ComputeHash returns a hash value calculated from pod template and
+// a collisionCount to avoid hash collision. The hash will be safe encoded to
+// avoid bad words.
+//
+// Proudly modified and adopted from k8s.io/kubernetes/pkg/util/hash.DeepHashObject and
+// k8s.io/kubernetes/pkg/controller.ComputeHash.
+func ComputeHash(template interface{}) string {
+	hasher := fnv.New32a()
+
+	hasher.Reset()
+
+	printer := spew.ConfigState{
+		Indent:         " ",
+		SortKeys:       true,
+		DisableMethods: true,
+		SpewKeys:       true,
+	}
+	printer.Fprintf(hasher, "%#v", template)
+
+	return rand.SafeEncodeString(fmt.Sprint(hasher.Sum32()))
+}
+
+// Clones the given map and returns a new map with the given key and value added.
+// Returns the given map, if labelKey is empty.
+//
+// Proudly copied from k8s.io/kubernetes/pkg/util/labels.CloneAndAddLabel
+func CloneAndAddLabel(labels map[string]string, labelKey, labelValue string) map[string]string {
+	if labelKey == "" {
+		// Don't need to add a label.
+		return labels
+	}
+	// Clone.
+	newLabels := map[string]string{}
+	for key, value := range labels {
+		newLabels[key] = value
+	}
+	newLabels[labelKey] = labelValue
+	return newLabels
+}
+
+func (r *RunnerDeploymentReconciler) newRunnerReplicaSet(rd v1alpha1.RunnerDeployment) (v1alpha1.RunnerReplicaSet, error) {
+	newRSTemplate := *rd.Spec.Template.DeepCopy()
+	templateHash := ComputeHash(&newRSTemplate)
+	// Add template hash label to selector.
+	labels := CloneAndAddLabel(rd.Spec.Template.Labels, LabelKeyRunnerTemplateHash, templateHash)
+
+	newRSTemplate.Labels = labels
+
+	rs := v1alpha1.RunnerReplicaSet{
+		TypeMeta: metav1.TypeMeta{},
+		ObjectMeta: metav1.ObjectMeta{
+			GenerateName: rd.ObjectMeta.Name + "-",
+			Namespace:    rd.ObjectMeta.Namespace,
+			Labels:       labels,
+		},
+		Spec: v1alpha1.RunnerReplicaSetSpec{
+			Replicas: rd.Spec.Replicas,
+			Template: newRSTemplate,
+		},
+	}
+
+	if err := ctrl.SetControllerReference(&rd, &rs, r.Scheme); err != nil {
+		return rs, err
+	}
+
+	return rs, nil
+}
+
+func (r *RunnerDeploymentReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	r.Recorder = mgr.GetEventRecorderFor("runnerdeployment-controller")
+
+	if err := mgr.GetFieldIndexer().IndexField(&v1alpha1.RunnerReplicaSet{}, runnerSetOwnerKey, func(rawObj runtime.Object) []string {
+		runnerSet := rawObj.(*v1alpha1.RunnerReplicaSet)
+		owner := metav1.GetControllerOf(runnerSet)
+		if owner == nil {
+			return nil
+		}
+
+		if owner.APIVersion != v1alpha1.GroupVersion.String() || owner.Kind != "RunnerDeployment" {
+			return nil
+		}
+
+		return []string{owner.Name}
+	}); err != nil {
+		return err
+	}
+
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&v1alpha1.RunnerDeployment{}).
+		Owns(&v1alpha1.RunnerReplicaSet{}).
+		Complete(r)
+}

controllers/runnerdeployment_controller_test.go

@@ -0,0 +1,176 @@
+package controllers
+
+import (
+	"context"
+	"time"
+
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/kubernetes/scheme"
+	ctrl "sigs.k8s.io/controller-runtime"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	actionsv1alpha1 "github.com/summerwind/actions-runner-controller/api/v1alpha1"
+)
+
+// SetupDeploymentTest will set up a testing environment.
+// This includes:
+// * creating a Namespace to be used during the test
+// * starting the 'RunnerDeploymentReconciler'
+// * stopping the 'RunnerDeploymentReconciler" after the test ends
+// Call this function at the start of each of your tests.
+func SetupDeploymentTest(ctx context.Context) *corev1.Namespace {
+	var stopCh chan struct{}
+	ns := &corev1.Namespace{}
+
+	BeforeEach(func() {
+		stopCh = make(chan struct{})
+		*ns = corev1.Namespace{
+			ObjectMeta: metav1.ObjectMeta{Name: "testns-" + randStringRunes(5)},
+		}
+
+		err := k8sClient.Create(ctx, ns)
+		Expect(err).NotTo(HaveOccurred(), "failed to create test namespace")
+
+		mgr, err := ctrl.NewManager(cfg, ctrl.Options{})
+		Expect(err).NotTo(HaveOccurred(), "failed to create manager")
+
+		controller := &RunnerDeploymentReconciler{
+			Client:   mgr.GetClient(),
+			Scheme:   scheme.Scheme,
+			Log:      logf.Log,
+			Recorder: mgr.GetEventRecorderFor("runnerreplicaset-controller"),
+		}
+		err = controller.SetupWithManager(mgr)
+		Expect(err).NotTo(HaveOccurred(), "failed to setup controller")
+
+		go func() {
+			defer GinkgoRecover()
+
+			err := mgr.Start(stopCh)
+			Expect(err).NotTo(HaveOccurred(), "failed to start manager")
+		}()
+	})
+
+	AfterEach(func() {
+		close(stopCh)
+
+		err := k8sClient.Delete(ctx, ns)
+		Expect(err).NotTo(HaveOccurred(), "failed to delete test namespace")
+	})
+
+	return ns
+}
+
+var _ = Context("Inside of a new namespace", func() {
+	ctx := context.TODO()
+	ns := SetupDeploymentTest(ctx)
+
+	Describe("when no existing resources exist", func() {
+
+		It("should create a new RunnerReplicaSet resource from the specified template, add a another RunnerReplicaSet on template modification, and eventually removes old runnerreplicasets", func() {
+			name := "example-runnerdeploy"
+
+			{
+				rs := &actionsv1alpha1.RunnerDeployment{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      name,
+						Namespace: ns.Name,
+					},
+					Spec: actionsv1alpha1.RunnerDeploymentSpec{
+						Replicas: intPtr(1),
+						Template: actionsv1alpha1.RunnerTemplate{
+							Spec: actionsv1alpha1.RunnerSpec{
+								Repository: "foo/bar",
+								Image:      "bar",
+								Env: []corev1.EnvVar{
+									{Name: "FOO", Value: "FOOVALUE"},
+								},
+							},
+						},
+					},
+				}
+
+				err := k8sClient.Create(ctx, rs)
+
+				Expect(err).NotTo(HaveOccurred(), "failed to create test RunnerReplicaSet resource")
+
+				runnerSets := actionsv1alpha1.RunnerReplicaSetList{Items: []actionsv1alpha1.RunnerReplicaSet{}}
+
+				Eventually(
+					func() int {
+						err := k8sClient.List(ctx, &runnerSets, client.InNamespace(ns.Name))
+						if err != nil {
+							logf.Log.Error(err, "list runner sets")
+						}
+
+						return len(runnerSets.Items)
+					},
+					time.Second*5, time.Millisecond*500).Should(BeEquivalentTo(1))
+
+				Eventually(
+					func() int {
+						err := k8sClient.List(ctx, &runnerSets, client.InNamespace(ns.Name))
+						if err != nil {
+							logf.Log.Error(err, "list runner sets")
+						}
+
+						if len(runnerSets.Items) == 0 {
+							logf.Log.Info("No runnerreplicasets exist yet")
+							return -1
+						}
+
+						return *runnerSets.Items[0].Spec.Replicas
+					},
+					time.Second*5, time.Millisecond*500).Should(BeEquivalentTo(1))
+			}
+
+			{
+				// We wrap the update in the Eventually block to avoid the below error that occurs due to concurrent modification
+				// made by the controller to update .Status.AvailableReplicas and .Status.ReadyReplicas
+				//   Operation cannot be fulfilled on runnersets.actions.summerwind.dev "example-runnerset": the object has been modified; please apply your changes to the latest version and try again
+				Eventually(func() error {
+					var rd actionsv1alpha1.RunnerDeployment
+
+					err := k8sClient.Get(ctx, types.NamespacedName{Namespace: ns.Name, Name: name}, &rd)
+
+					Expect(err).NotTo(HaveOccurred(), "failed to get test RunnerReplicaSet resource")
+
+					rd.Spec.Replicas = intPtr(2)
+
+					return k8sClient.Update(ctx, &rd)
+				},
+					time.Second*1, time.Millisecond*500).Should(BeNil())
+
+				runnerSets := actionsv1alpha1.RunnerReplicaSetList{Items: []actionsv1alpha1.RunnerReplicaSet{}}
+
+				Eventually(
+					func() int {
+						err := k8sClient.List(ctx, &runnerSets, client.InNamespace(ns.Name))
+						if err != nil {
+							logf.Log.Error(err, "list runner sets")
+						}
+
+						return len(runnerSets.Items)
+					},
+					time.Second*5, time.Millisecond*500).Should(BeEquivalentTo(1))
+
+				Eventually(
+					func() int {
+						err := k8sClient.List(ctx, &runnerSets, client.InNamespace(ns.Name))
+						if err != nil {
+							logf.Log.Error(err, "list runner sets")
+						}
+
+						return *runnerSets.Items[0].Spec.Replicas
+					},
+					time.Second*5, time.Millisecond*500).Should(BeEquivalentTo(2))
+			}
+		})
+	})
+})

controllers/runnerreplicaset_controller.go

@@ -0,0 +1,167 @@
+/*
+Copyright 2020 The actions-runner-controller authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controllers
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/go-logr/logr"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/tools/record"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/summerwind/actions-runner-controller/api/v1alpha1"
+)
+
+// RunnerReplicaSetReconciler reconciles a Runner object
+type RunnerReplicaSetReconciler struct {
+	client.Client
+	Log      logr.Logger
+	Recorder record.EventRecorder
+	Scheme   *runtime.Scheme
+}
+
+// +kubebuilder:rbac:groups=actions.summerwind.dev,resources=runnerreplicasets,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=actions.summerwind.dev,resources=runnerreplicasets/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=actions.summerwind.dev,resources=runners,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=actions.summerwind.dev,resources=runners/status,verbs=get;update;patch
+
+func (r *RunnerReplicaSetReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+	ctx := context.Background()
+	log := r.Log.WithValues("runner", req.NamespacedName)
+
+	var rs v1alpha1.RunnerReplicaSet
+	if err := r.Get(ctx, req.NamespacedName, &rs); err != nil {
+		return ctrl.Result{}, client.IgnoreNotFound(err)
+	}
+
+	if !rs.ObjectMeta.DeletionTimestamp.IsZero() {
+		return ctrl.Result{}, nil
+	}
+
+	var allRunners v1alpha1.RunnerList
+	if err := r.List(ctx, &allRunners, client.InNamespace(req.Namespace)); err != nil {
+		if !errors.IsNotFound(err) {
+			return ctrl.Result{}, err
+		}
+	}
+
+	var myRunners []v1alpha1.Runner
+
+	var available, ready int
+
+	for _, r := range allRunners.Items {
+		if metav1.IsControlledBy(&r, &rs) {
+			myRunners = append(myRunners, r)
+
+			available += 1
+
+			if r.Status.Phase == string(corev1.PodRunning) {
+				ready += 1
+			}
+		}
+	}
+
+	var desired int
+
+	if rs.Spec.Replicas != nil {
+		desired = *rs.Spec.Replicas
+	} else {
+		desired = 1
+	}
+
+	log.V(0).Info("debug", "desired", desired, "available", available)
+
+	if available > desired {
+		n := available - desired
+
+		for i := 0; i < n; i++ {
+			if err := r.Client.Delete(ctx, &myRunners[i]); err != nil {
+				log.Error(err, "Failed to delete runner resource")
+
+				return ctrl.Result{}, err
+			}
+
+			r.Recorder.Event(&rs, corev1.EventTypeNormal, "RunnerDeleted", fmt.Sprintf("Deleted runner '%s'", myRunners[i].Name))
+			log.Info("Deleted runner", "runnerreplicaset", rs.ObjectMeta.Name)
+		}
+	} else if desired > available {
+		n := desired - available
+
+		for i := 0; i < n; i++ {
+			newRunner, err := r.newRunner(rs)
+			if err != nil {
+				log.Error(err, "Could not create runner")
+
+				return ctrl.Result{}, err
+			}
+
+			if err := r.Client.Create(ctx, &newRunner); err != nil {
+				log.Error(err, "Failed to create runner resource")
+
+				return ctrl.Result{}, err
+			}
+		}
+	}
+
+	if rs.Status.AvailableReplicas != available || rs.Status.ReadyReplicas != ready {
+		updated := rs.DeepCopy()
+		updated.Status.AvailableReplicas = available
+		updated.Status.ReadyReplicas = ready
+
+		if err := r.Status().Update(ctx, updated); err != nil {
+			log.Error(err, "Failed to update runner status")
+			return ctrl.Result{}, err
+		}
+	}
+
+	return ctrl.Result{}, nil
+}
+
+func (r *RunnerReplicaSetReconciler) newRunner(rs v1alpha1.RunnerReplicaSet) (v1alpha1.Runner, error) {
+	objectMeta := rs.Spec.Template.ObjectMeta.DeepCopy()
+
+	objectMeta.GenerateName = rs.ObjectMeta.Name + "-"
+	objectMeta.Namespace = rs.ObjectMeta.Namespace
+
+	runner := v1alpha1.Runner{
+		TypeMeta:   metav1.TypeMeta{},
+		ObjectMeta: *objectMeta,
+		Spec:       rs.Spec.Template.Spec,
+	}
+
+	if err := ctrl.SetControllerReference(&rs, &runner, r.Scheme); err != nil {
+		return runner, err
+	}
+
+	return runner, nil
+}
+
+func (r *RunnerReplicaSetReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	r.Recorder = mgr.GetEventRecorderFor("runnerreplicaset-controller")
+
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&v1alpha1.RunnerReplicaSet{}).
+		Owns(&v1alpha1.Runner{}).
+		Complete(r)
+}

controllers/runnerreplicaset_controller_test.go

@@ -0,0 +1,195 @@
+package controllers
+
+import (
+	"context"
+	"math/rand"
+	"time"
+
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/kubernetes/scheme"
+	ctrl "sigs.k8s.io/controller-runtime"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	actionsv1alpha1 "github.com/summerwind/actions-runner-controller/api/v1alpha1"
+)
+
+// SetupTest will set up a testing environment.
+// This includes:
+// * creating a Namespace to be used during the test
+// * starting the 'RunnerReconciler'
+// * stopping the 'RunnerReplicaSetReconciler" after the test ends
+// Call this function at the start of each of your tests.
+func SetupTest(ctx context.Context) *corev1.Namespace {
+	var stopCh chan struct{}
+	ns := &corev1.Namespace{}
+
+	BeforeEach(func() {
+		stopCh = make(chan struct{})
+		*ns = corev1.Namespace{
+			ObjectMeta: metav1.ObjectMeta{Name: "testns-" + randStringRunes(5)},
+		}
+
+		err := k8sClient.Create(ctx, ns)
+		Expect(err).NotTo(HaveOccurred(), "failed to create test namespace")
+
+		mgr, err := ctrl.NewManager(cfg, ctrl.Options{})
+		Expect(err).NotTo(HaveOccurred(), "failed to create manager")
+
+		controller := &RunnerReplicaSetReconciler{
+			Client:   mgr.GetClient(),
+			Scheme:   scheme.Scheme,
+			Log:      logf.Log,
+			Recorder: mgr.GetEventRecorderFor("runnerreplicaset-controller"),
+		}
+		err = controller.SetupWithManager(mgr)
+		Expect(err).NotTo(HaveOccurred(), "failed to setup controller")
+
+		go func() {
+			defer GinkgoRecover()
+
+			err := mgr.Start(stopCh)
+			Expect(err).NotTo(HaveOccurred(), "failed to start manager")
+		}()
+	})
+
+	AfterEach(func() {
+		close(stopCh)
+
+		err := k8sClient.Delete(ctx, ns)
+		Expect(err).NotTo(HaveOccurred(), "failed to delete test namespace")
+	})
+
+	return ns
+}
+
+var letterRunes = []rune("abcdefghijklmnopqrstuvwxyz1234567890")
+
+func randStringRunes(n int) string {
+	b := make([]rune, n)
+	for i := range b {
+		b[i] = letterRunes[rand.Intn(len(letterRunes))]
+	}
+	return string(b)
+}
+
+func intPtr(v int) *int {
+	return &v
+}
+
+var _ = Context("Inside of a new namespace", func() {
+	ctx := context.TODO()
+	ns := SetupTest(ctx)
+
+	Describe("when no existing resources exist", func() {
+
+		It("should create a new Runner resource from the specified template, add a another Runner on replicas increased, and removes all the replicas when set to 0", func() {
+			name := "example-runnerreplicaset"
+
+			{
+				rs := &actionsv1alpha1.RunnerReplicaSet{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      name,
+						Namespace: ns.Name,
+					},
+					Spec: actionsv1alpha1.RunnerReplicaSetSpec{
+						Replicas: intPtr(1),
+						Template: actionsv1alpha1.RunnerTemplate{
+							Spec: actionsv1alpha1.RunnerSpec{
+								Repository: "foo/bar",
+								Image:      "bar",
+								Env: []corev1.EnvVar{
+									{Name: "FOO", Value: "FOOVALUE"},
+								},
+							},
+						},
+					},
+				}
+
+				err := k8sClient.Create(ctx, rs)
+
+				Expect(err).NotTo(HaveOccurred(), "failed to create test RunnerReplicaSet resource")
+
+				runners := actionsv1alpha1.RunnerList{Items: []actionsv1alpha1.Runner{}}
+
+				Eventually(
+					func() int {
+						err := k8sClient.List(ctx, &runners, client.InNamespace(ns.Name))
+						if err != nil {
+							logf.Log.Error(err, "list runners")
+						}
+
+						return len(runners.Items)
+					},
+					time.Second*5, time.Millisecond*500).Should(BeEquivalentTo(1))
+			}
+
+			{
+				// We wrap the update in the Eventually block to avoid the below error that occurs due to concurrent modification
+				// made by the controller to update .Status.AvailableReplicas and .Status.ReadyReplicas
+				//   Operation cannot be fulfilled on runnerreplicasets.actions.summerwind.dev "example-runnerreplicaset": the object has been modified; please apply your changes to the latest version and try again
+				Eventually(func() error {
+					var rs actionsv1alpha1.RunnerReplicaSet
+
+					err := k8sClient.Get(ctx, types.NamespacedName{Namespace: ns.Name, Name: name}, &rs)
+
+					Expect(err).NotTo(HaveOccurred(), "failed to get test RunnerReplicaSet resource")
+
+					rs.Spec.Replicas = intPtr(2)
+
+					return k8sClient.Update(ctx, &rs)
+				},
+					time.Second*1, time.Millisecond*500).Should(BeNil())
+
+				runners := actionsv1alpha1.RunnerList{Items: []actionsv1alpha1.Runner{}}
+
+				Eventually(
+					func() int {
+						err := k8sClient.List(ctx, &runners, client.InNamespace(ns.Name))
+						if err != nil {
+							logf.Log.Error(err, "list runners")
+						}
+
+						return len(runners.Items)
+					},
+					time.Second*5, time.Millisecond*500).Should(BeEquivalentTo(2))
+			}
+
+			{
+				// We wrap the update in the Eventually block to avoid the below error that occurs due to concurrent modification
+				// made by the controller to update .Status.AvailableReplicas and .Status.ReadyReplicas
+				//   Operation cannot be fulfilled on runnersets.actions.summerwind.dev "example-runnerset": the object has been modified; please apply your changes to the latest version and try again
+				Eventually(func() error {
+					var rs actionsv1alpha1.RunnerReplicaSet
+
+					err := k8sClient.Get(ctx, types.NamespacedName{Namespace: ns.Name, Name: name}, &rs)
+
+					Expect(err).NotTo(HaveOccurred(), "failed to get test RunnerReplicaSet resource")
+
+					rs.Spec.Replicas = intPtr(0)
+
+					return k8sClient.Update(ctx, &rs)
+				},
+					time.Second*1, time.Millisecond*500).Should(BeNil())
+
+				runners := actionsv1alpha1.RunnerList{Items: []actionsv1alpha1.Runner{}}
+
+				Eventually(
+					func() int {
+						err := k8sClient.List(ctx, &runners, client.InNamespace(ns.Name))
+						if err != nil {
+							logf.Log.Error(err, "list runners")
+						}
+
+						return len(runners.Items)
+					},
+					time.Second*5, time.Millisecond*500).Should(BeEquivalentTo(0))
+			}
+		})
+	})
+})

go.mod

@@ -6,9 +6,10 @@ require (
 	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
 	github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d // indirect
 	github.com/bradleyfalzon/ghinstallation v1.1.1
+	github.com/davecgh/go-spew v1.1.1
 	github.com/go-logr/logr v0.1.0
 	github.com/google/go-github v17.0.0+incompatible
-	github.com/google/go-github/v29 v29.0.2
+	github.com/google/go-github/v29 v29.0.3
 	github.com/onsi/ginkgo v1.8.0
 	github.com/onsi/gomega v1.5.0
 	github.com/prometheus/common v0.0.0-20181126121408-4724e9255275

go.sum

@@ -124,6 +124,8 @@ github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4r
 github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
 github.com/google/go-github/v29 v29.0.2 h1:opYN6Wc7DOz7Ku3Oh4l7prmkOMwEcQxpFtxdU8N8Pts=
 github.com/google/go-github/v29 v29.0.2/go.mod h1:CHKiKKPHJ0REzfwc14QMklvtHwCveD0PxlMjLlzAM5E=
+github.com/google/go-github/v29 v29.0.3 h1:IktKCTwU//aFHnpA+2SLIi7Oo9uhAzgsdZNbcAqhgdc=
+github.com/google/go-github/v29 v29.0.3/go.mod h1:CHKiKKPHJ0REzfwc14QMklvtHwCveD0PxlMjLlzAM5E=
 github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=

main.go

@@ -34,6 +34,11 @@ import (
 	// +kubebuilder:scaffold:imports
 )
 
+const (
+	defaultRunnerImage = "summerwind/actions-runner:v2.165.2"
+	defaultDockerImage = "docker:19.03.6-dind"
+)
+
 var (
 	scheme   = runtime.NewScheme()
 	setupLog = ctrl.Log.WithName("setup")
@@ -47,16 +52,28 @@ func init() {
 }
 
 func main() {
-	var metricsAddr string
-	var enableLeaderElection bool
+	var (
+		metricsAddr          string
+		enableLeaderElection bool
+
+		runnerImage string
+		dockerImage string
+		ghToken     string
+	)
+
 	flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
 	flag.BoolVar(&enableLeaderElection, "enable-leader-election", false,
 		"Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.")
+	flag.StringVar(&runnerImage, "runner-image", defaultRunnerImage, "The image name of self-hosted runner container.")
+	flag.StringVar(&dockerImage, "docker-image", defaultDockerImage, "The image name of docker sidecar container.")
+	flag.StringVar(&ghToken, "github-token", "", "The access token of GitHub.")
 	flag.Parse()
 
-	ghToken := os.Getenv("GITHUB_TOKEN")
 	if ghToken == "" {
-		fmt.Fprintln(os.Stderr, "Error: access token is not specified in the environment variable 'GITHUB_TOKEN'")
+		ghToken = os.Getenv("GITHUB_TOKEN")
+	}
+	if ghToken == "" {
+		fmt.Fprintln(os.Stderr, "Error: GitHub access token must be specified.")
 		os.Exit(1)
 	}
 
@@ -85,12 +102,36 @@ func main() {
 		Log:          ctrl.Log.WithName("controllers").WithName("Runner"),
 		Scheme:       mgr.GetScheme(),
 		GitHubClient: ghClient,
+		RunnerImage:  runnerImage,
+		DockerImage:  dockerImage,
 	}
 
 	if err = runnerReconciler.SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "Runner")
 		os.Exit(1)
 	}
+
+	runnerSetReconciler := &controllers.RunnerReplicaSetReconciler{
+		Client: mgr.GetClient(),
+		Log:    ctrl.Log.WithName("controllers").WithName("RunnerReplicaSet"),
+		Scheme: mgr.GetScheme(),
+	}
+
+	if err = runnerSetReconciler.SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "RunnerReplicaSet")
+		os.Exit(1)
+	}
+
+	runnerDeploymentReconciler := &controllers.RunnerDeploymentReconciler{
+		Client: mgr.GetClient(),
+		Log:    ctrl.Log.WithName("controllers").WithName("RunnerDeployment"),
+		Scheme: mgr.GetScheme(),
+	}
+
+	if err = runnerDeploymentReconciler.SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "RunnerDeployment")
+		os.Exit(1)
+	}
 	// +kubebuilder:scaffold:builder
 
 	setupLog.Info("starting manager")

runner/Dockerfile

@@ -9,6 +9,8 @@ RUN apt update \
   && tar zxvf docker.tgz \
   && install -o root -g root -m 755 docker/docker /usr/local/bin/docker \
   && rm -rf docker docker.tgz \
+  && curl -L -o /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_amd64 \
+  && chmod +x /usr/local/bin/dumb-init \
   && adduser --disabled-password --gecos "" --uid 1000 runner
 
 RUN mkdir -p /runner \
@@ -21,4 +23,5 @@ RUN mkdir -p /runner \
 COPY entrypoint.sh /runner
 
 USER runner:runner
-ENTRYPOINT ["/runner/entrypoint.sh"]
+ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
+CMD ["/runner/entrypoint.sh"]

runner/Makefile

@@ -1,7 +1,7 @@
 NAME ?= summerwind/actions-runner
 
-RUNNER_VERSION ?= 2.165.1
-DOCKER_VERSION ?= 19.03.5
+RUNNER_VERSION ?= 2.165.2
+DOCKER_VERSION ?= 19.03.6
 
 docker-build:
 	docker build --build-arg RUNNER_VERSION=${RUNNER_VERSION} --build-arg DOCKER_VERSION=${DOCKER_VERSION} -t ${NAME}:latest -t ${NAME}:v${RUNNER_VERSION} .

runner/entrypoint.sh

@@ -17,4 +17,6 @@ fi
 
 cd /runner
 ./config.sh --unattended --replace --name "${RUNNER_NAME}" --url "https://github.com/${RUNNER_REPO}" --token "${RUNNER_TOKEN}"
-./run.sh --once
+
+unset RUNNER_NAME RUNNER_REPO RUNNER_TOKEN
+exec ./run.sh --once