Files
actions-runner-controller/charts/gha-runner-scale-set-experimental/templates/autoscalingrunnserset.yaml
T
2026-03-19 15:29:40 +01:00

276 lines
12 KiB
YAML

{{- $runner := (.Values.runner | default dict) }}
{{- $runnerMode := (index $runner "mode" | default "") }}
{{- $kubeMode := (index $runner "kubernetesMode" | default dict) }}
{{- $dind := (index $runner "dind" | default dict) }}
{{- $kubeDefaults := (index $kubeMode "default" | default true) }}
{{- $kubeServiceAccountName := (index $kubeMode "serviceAccountName" | default "") }}
{{- $usesKubernetesSecrets := or (not .Values.secretResolution) (eq .Values.secretResolution.type "kubernetes") }}
{{- $runnerPod := (index $runner "pod" | default dict) -}}
{{- if not (kindIs "map" $runnerPod) -}}
{{- fail ".Values.runner.pod must be an object" -}}
{{- end }}
{{- $runnerPodSpec := (index $runnerPod "spec" | default dict) -}}
{{- if not (kindIs "map" $runnerPodSpec) -}}
{{- fail ".Values.runner.pod.spec must be an object" -}}
{{- end }}
{{- $extraContainers := (index $runnerPodSpec "containers" | default list) -}}
{{- if not (kindIs "slice" $extraContainers) -}}
{{- fail ".Values.runner.pod.spec.containers must be a list of container specifications" -}}
{{- end }}
{{- range $extraContainers -}}
{{- if not (kindIs "map" .) -}}
{{- fail ".Values.runner.pod.spec.containers must be a list of container specifications" -}}
{{- end }}
{{- $extraContainerName := (index . "name" | default "") -}}
{{- if empty $extraContainerName -}}
{{- fail ".Values.runner.pod.spec.containers[].name is required" -}}
{{- end }}
{{- if eq $extraContainerName "runner" -}}
{{- fail ".Values.runner.pod.spec.containers[].name must not be 'runner' (reserved)" -}}
{{- end }}
{{- end }}
{{- $extraInitContainers := (index $runnerPodSpec "initContainers" | default list) -}}
{{- if not (kindIs "slice" $extraInitContainers) -}}
{{- fail ".Values.runner.pod.spec.initContainers must be a list of container specifications" -}}
{{- end }}
{{- range $extraInitContainers -}}
{{- if not (kindIs "map" .) -}}
{{- fail ".Values.runner.pod.spec.initContainers must be a list of container specifications" -}}
{{- end }}
{{- $extraInitContainerName := (index . "name" | default "") -}}
{{- if empty $extraInitContainerName -}}
{{- fail ".Values.runner.pod.spec.initContainers[].name is required" -}}
{{- end }}
{{- end }}
{{- $runnerPodSpecExtraFields := (omit $runnerPodSpec "containers" "initContainers" "volumes" "serviceAccountName") -}}
{{- $extraVolumes := (index $runnerPodSpec "volumes" | default list) -}}
{{- if not (kindIs "slice" $extraVolumes) -}}
{{- fail ".Values.runner.pod.spec.volumes must be a list of volume specifications" -}}
{{- end }}
{{- $tlsConfig := (default (dict) .Values.githubServerTLS) -}}
{{- $tlsMountPath := (index $tlsConfig "runnerMountPath" | default "") -}}
{{- $hasInitContainers := or (gt (len $extraInitContainers) 0) (eq $runnerMode "dind") -}}
{{- $hasVolumes := or (gt (len $extraVolumes) 0) (eq $runnerMode "kubernetes") (eq $runnerMode "dind") (not (empty $tlsMountPath)) -}}
apiVersion: actions.github.com/v1alpha1
kind: AutoscalingRunnerSet
metadata:
name: {{ include "autoscaling-runner-set.name" . | quote }}
namespace: {{ include "autoscaling-runner-set.namespace" . | quote }}
labels:
{{- include "autoscaling-runner-set.labels" . | nindent 4 }}
annotations:
{{- include "autoscaling-runner-set.annotations" . | nindent 4 }}
actions.github.com/values-hash: {{ toJson .Values | sha256sum | trunc 63 }}
{{- if and $usesKubernetesSecrets (empty .Values.auth.secretName) }}
actions.github.com/cleanup-github-secret-name: {{ include "github-secret.name" . | quote }}
{{- end }}
actions.github.com/cleanup-manager-role-binding: {{ include "manager-role-binding.name" . | quote }}
actions.github.com/cleanup-manager-role-name: {{ include "manager-role.name" . | quote }}
{{- if ne $runnerMode "kubernetes" }}
actions.github.com/cleanup-no-permission-service-account-name: {{ include "no-permission-serviceaccount.name" . | quote }}
{{- end }}
{{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty $kubeServiceAccountName) }}
actions.github.com/cleanup-kubernetes-mode-role-binding-name: {{ include "kube-mode-role-binding.name" . | quote }}
actions.github.com/cleanup-kubernetes-mode-role-name: {{ include "kube-mode-role.name" . | quote }}
actions.github.com/cleanup-kubernetes-mode-service-account-name: {{ include "kube-mode-serviceaccount.name" . | quote }}
{{- end }}
spec:
githubConfigUrl: {{ required ".Values.auth.url is required" (trimSuffix "/" .Values.auth.url) | quote }}
githubConfigSecret: {{ include "github-secret.name" . | quote }}
runnerGroup: {{ .Values.scaleset.runnerGroup | quote }}
runnerScaleSetName: {{ .Values.scaleset.name | quote }}
{{- if and .Values.scaleset.labels (kindIs "slice" .Values.scaleset.labels) }}
{{- range .Values.scaleset.labels }}
{{- if empty . }}
{{- fail "scaleset.labels contains an empty string, each label must be a non-empty string of less than 256 characters" }}
{{- end }}
{{- if ge (len .) 256 }}
{{- fail "scaleset.labels contains a label that is 256 characters or more, each label must be a non-empty string of less than 256 characters" }}
{{- end }}
{{- end }}
runnerScaleSetLabels:
{{- toYaml .Values.scaleset.labels | nindent 4 }}
{{- end }}
{{- if .Values.githubServerTLS }}
githubServerTLS:
{{- with .Values.githubServerTLS.certificateFrom }}
certificateFrom:
configMapKeyRef:
name: {{ .configMapKeyRef.name }}
key: {{ .configMapKeyRef.key }}
{{- end }}
{{- end }}
{{- if and .Values.secretResolution (ne .Values.secretResolution.type "kubernetes") }}
vaultConfig:
type: {{ .Values.secretResolution.type }}
{{- if .Values.secretResolution.proxy }}
proxy: {{- toYaml .Values.secretResolution.proxy | nindent 6 }}
{{- end }}
{{- if eq .Values.secretResolution.type "azureKeyVault" }}
azureKeyVault:
url: {{ .Values.secretResolution.azureKeyVault.url }}
tenantId: {{ .Values.secretResolution.azureKeyVault.tenantId }}
clientId: {{ .Values.secretResolution.azureKeyVault.clientId }}
certificatePath: {{ .Values.secretResolution.azureKeyVault.certificatePath }}
secretKey: {{ .Values.secretResolution.azureKeyVault.secretKey }}
{{- else }}
{{- fail (printf "Unsupported keyVault type: %s" .Values.secretResolution.type) }}
{{- end }}
{{- end }}
{{- if .Values.proxy }}
proxy:
{{- if .Values.proxy.http }}
http:
url: {{ .Values.proxy.http.url }}
{{- if .Values.proxy.http.credentialSecretRef }}
credentialSecretRef: {{ .Values.proxy.http.credentialSecretRef }}
{{- end }}
{{- end }}
{{- if .Values.proxy.https }}
https:
url: {{ .Values.proxy.https.url }}
{{- if .Values.proxy.https.credentialSecretRef }}
credentialSecretRef: {{ .Values.proxy.https.credentialSecretRef }}
{{- end }}
{{- end }}
{{- if and .Values.proxy.noProxy (kindIs "slice" .Values.proxy.noProxy) }}
noProxy: {{ .Values.proxy.noProxy | toYaml | nindent 6}}
{{- end }}
{{- end }}
{{- if and (or (kindIs "int64" .Values.scaleset.minRunners) (kindIs "float64" .Values.scaleset.minRunners)) (or (kindIs "int64" .Values.scaleset.maxRunners) (kindIs "float64" .Values.scaleset.maxRunners)) }}
{{- if gt .Values.scaleset.minRunners .Values.scaleset.maxRunners }}
{{- fail "maxRunners has to be greater or equal to minRunners" }}
{{- end }}
{{- end }}
{{- if or (kindIs "int64" .Values.scaleset.maxRunners) (kindIs "float64" .Values.scaleset.maxRunners)}}
{{- if lt (.Values.scaleset.maxRunners | int) 0 }}
{{- fail "maxRunners has to be greater or equal to 0" }}
{{- end }}
maxRunners: {{ .Values.scaleset.maxRunners | int }}
{{- end }}
{{- if or (kindIs "int64" .Values.scaleset.minRunners) (kindIs "float64" .Values.scaleset.minRunners) }}
{{- if lt (.Values.scaleset.minRunners | int) 0 }}
{{- fail "minRunners has to be greater or equal to 0" }}
{{- end }}
minRunners: {{ .Values.scaleset.minRunners | int }}
{{- end }}
{{- if and .Values.listenerPodTemplate (or .Values.listenerPodTemplate.metadata .Values.listenerPodTemplate.spec) }}
listenerTemplate:
{{- include "listener-template.pod" . | nindent 4}}
{{- end }}
{{- with .Values.listenerMetrics }}
listenerMetrics:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.resource.autoscalingListener.metadata }}
autoscalingListener:
{{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }}
{{- end }}
{{- with .Values.resource.listenerServiceAccount.metadata }}
listenerServiceAccountMetadata:
{{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }}
{{- end }}
{{- with .Values.resource.listenerRole.metadata }}
listenerRoleMetadata:
{{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }}
{{- end }}
{{- with .Values.resource.listenerRoleBinding.metadata }}
listenerRoleBindingMetadata:
{{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }}
{{- end }}
{{- with .Values.resource.listenerConfigSecret.metadata }}
listenerConfigSecretMetadata:
{{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }}
{{- end }}
{{- with .Values.resource.ephemeralRunnerSet.metadata }}
ephemeralRunnerSetMetadata:
{{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }}
{{- end }}
{{- with .Values.resource.ephemeralRunner.metadata }}
ephemeralRunnerMetadata:
{{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }}
{{- end }}
{{- with .Values.resource.ephemeralRunnerConfigSecret.metadata }}
ephemeralRunnerConfigSecretMetadata:
{{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }}
{{- end }}
template:
{{- $runnerPodLabels := (include "autoscaling-runner-set.runner-pod.labels" .) -}}
{{- $runnerPodAnnotations := (include "autoscaling-runner-set.runner-pod.annotations" .) -}}
{{- if or $runnerPodLabels $runnerPodAnnotations }}
metadata:
{{- if $runnerPodLabels }}
labels:
{{- $runnerPodLabels | nindent 8 }}
{{- end }}
{{- if $runnerPodAnnotations }}
annotations:
{{- $runnerPodAnnotations | nindent 8 }}
{{- end }}
{{- end }}
spec:
serviceAccountName: {{ include "autoscaling-runner-set.template-service-account" . | quote }}
{{- if $hasInitContainers }}
initContainers:
{{- if and (eq $runnerMode "dind") $dind.copyRunnerExternals }}
- {{ include "runner-mode-dind.copy-externals" . | nindent 10 }}
{{- end }}
{{- range $extraInitContainers }}
- {{ toYaml . | nindent 10 }}
{{- end }}
{{- if eq $runnerMode "dind" }}
- {{ include "runner-mode-dind.dind-container" . | nindent 10 }}
{{- end }}
{{- end }}
containers:
-
{{- if eq $runnerMode "kubernetes" }}
{{- include "runner-mode-kubernetes.runner-container" . | nindent 10 }}
{{- else if eq $runnerMode "dind" }}
{{- include "runner-mode-dind.runner-container" . | nindent 10 }}
{{- else }}
{{- include "runner-mode-empty.runner-container" . | nindent 10 }}
{{- end }}
{{- if $extraContainers }}
{{- range $extraContainers }}
- {{ toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- if $hasVolumes }}
volumes:
{{- if eq $runnerMode "kubernetes" }}
{{- include "runner-mode-kubernetes.pod-volumes" . | nindent 8 }}
{{- else }}
{{- include "runner-mode-dind.pod-volumes" . | nindent 8 }}
{{- end }}
{{- if $extraVolumes }}
{{- range $extraVolumes }}
- {{ toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- end }}
{{- if gt (len $runnerPodSpecExtraFields) 0 }}
{{- toYaml $runnerPodSpecExtraFields | nindent 6 }}
{{- end }}