diff --git a/actions-runner-controller/values-llvm.yaml b/actions-runner-controller/values-llvm.yaml index 8f7571c..8bde3dd 100644 --- a/actions-runner-controller/values-llvm.yaml +++ b/actions-runner-controller/values-llvm.yaml @@ -1,16 +1,154 @@ -# See full list settings doc in https://github.com/actions/actions-runner-controller/tree/master/charts/actions-runner-controller. +# See options doc in https://github.com/actions/actions-runner-controller/tree/master/charts/actions-runner-controller +## githubConfigUrl is the GitHub url for where you want to configure runners +## ex: https://github.com/myorg/myrepo or https://github.com/myorg githubConfigUrl: "https://github.com/llvm/llvm-project" -# Created by first installation. -githubConfigSecret: arc-runner-set-gha-rs-github-secret +## githubConfigSecret is the k8s secrets to use when auth with GitHub API. +githubConfigSecret: + ### GitHub Apps Configuration + ## NOTE: IDs MUST be strings, use quotes + github_app_id: "418336" + github_app_installation_id: "43821912" + ## Pass --set-file=githubConfigSecret.github_app_private_key= +# First installation creates this secret. +# githubConfigSecret: arc-runner-set-gha-rs-github-secret -minRunners: 1 +## proxy can be used to define proxy settings that will be used by the +## controller, the listener and the runner of this scale set. +# +# proxy: +# http: +# url: http://proxy.com:1234 +# credentialSecretRef: proxy-auth # a secret with `username` and `password` keys +# https: +# url: http://proxy.com:1234 +# credentialSecretRef: proxy-auth # a secret with `username` and `password` keys +# noProxy: +# - example.com +# - example.org + +## maxRunners is the max number of runners the autoscaling runner set will scale up to. maxRunners: 3 -# runnerGroup: "generic-google-cloud" +## minRunners is the min number of runners the autoscaling runner set will scale down to. +minRunners: 1 -## template for each runner Pod +runnerGroup: "generic-google-cloud-2" + +## name of the runner scale set to create. Defaults to the helm release name +# runnerScaleSetName: "" + +## A self-signed CA certificate for communication with the GitHub server can be +## provided using a config map key selector. If `runnerMountPath` is set, for +## each runner pod ARC will: +## - create a `github-server-tls-cert` volume containing the certificate +## specified in `certificateFrom` +## - mount that volume on path `runnerMountPath`/{certificate name} +## - set NODE_EXTRA_CA_CERTS environment variable to that same path +## - set RUNNER_UPDATE_CA_CERTS environment variable to "1" (as of version +## 2.303.0 this will instruct the runner to reload certificates on the host) +## +## If any of the above had already been set by the user in the runner pod +## template, ARC will observe those and not overwrite them. +## Example configuration: +# +# githubServerTLS: +# certificateFrom: +# configMapKeyRef: +# name: config-map-name +# key: ca.crt +# runnerMountPath: /usr/local/share/ca-certificates/ + +## Container mode is an object that provides out-of-box configuration +## for dind and kubernetes mode. Template will be modified as documented under the +## template object. +## +## If any customization is required for dind or kubernetes mode, containerMode should remain +## empty, and configuration should be applied to the template. +# containerMode: +# type: "dind" ## type can be set to dind or kubernetes +# ## the following is required when containerMode.type=kubernetes +# kubernetesModeWorkVolumeClaim: +# accessModes: ["ReadWriteOnce"] +# # For local testing, use https://github.com/openebs/dynamic-localpv-provisioner/blob/develop/docs/quickstart.md to provide dynamic provision volume with storageClassName: openebs-hostpath +# storageClassName: "dynamic-blob-storage" +# resources: +# requests: +# storage: 1Gi +# kubernetesModeServiceAccount: +# annotations: + +## template is the PodSpec for each listener Pod +## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec +# listenerTemplate: +# spec: +# containers: +# # Use this section to append additional configuration to the listener container. +# # If you change the name of the container, the configuration will not be applied to the listener, +# # and it will be treated as a side-car container. +# - name: listener +# securityContext: +# runAsUser: 1000 +# # Use this section to add the configuration of a side-car container. +# # Comment it out or remove it if you don't need it. +# # Spec for this container will be applied as is without any modifications. +# - name: side-car +# image: example-sidecar + +## template is the PodSpec for each runner Pod +## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec + ## template.spec will be modified if you change the container mode + ## with containerMode.type=dind, we will populate the template.spec with following pod spec + ## template: + ## spec: + ## initContainers: + ## - name: init-dind-externals + ## image: ghcr.io/actions/actions-runner:latest + ## command: ["cp", "-r", "-v", "/home/runner/externals/.", "/home/runner/tmpDir/"] + ## volumeMounts: + ## - name: dind-externals + ## mountPath: /home/runner/tmpDir + ## containers: + ## - name: runner + ## image: ghcr.io/actions/actions-runner:latest + ## command: ["/home/runner/run.sh"] + ## env: + ## - name: DOCKER_HOST + ## value: unix:///run/docker/docker.sock + ## volumeMounts: + ## - name: work + ## mountPath: /home/runner/_work + ## - name: dind-sock + ## mountPath: /run/docker + ## readOnly: true + ## - name: dind + ## image: docker:dind + ## args: + ## - dockerd + ## - --host=unix:///run/docker/docker.sock + ## - --group=$(DOCKER_GROUP_GID) + ## env: + ## - name: DOCKER_GROUP_GID + ## value: "123" + ## securityContext: + ## privileged: true + ## volumeMounts: + ## - name: work + ## mountPath: /home/runner/_work + ## - name: dind-sock + ## mountPath: /run/docker + ## - name: dind-externals + ## mountPath: /home/runner/externals + ## volumes: + ## - name: work + ## emptyDir: {} + ## - name: dind-sock + ## emptyDir: {} + ## - name: dind-externals + ## emptyDir: {} + ###################################################################################################### + ## with containerMode.type=kubernetes, we will populate the template.spec with following pod spec template: spec: containers: @@ -44,3 +182,13 @@ template: emptyDir: {} nodeSelector: cloud.google.com/gke-nodepool: linux-agents-2 + +## Optional controller service account that needs to have required Role and RoleBinding +## to operate this gha-runner-scale-set installation. +## The helm chart will try to find the controller deployment and its service account at installation time. +## In case the helm chart can't find the right service account, you can explicitly pass in the following value +## to help it finish RoleBinding with the right service account. +## Note: if your controller is installed to only watch a single namespace, you have to pass these values explicitly. +# controllerServiceAccount: +# namespace: arc-system +# name: test-arc-gha-runner-scale-set-controller diff --git a/actions-runner-controller/values-test.yaml b/actions-runner-controller/values-test.yaml index bf40bb3..e7a0df1 100644 --- a/actions-runner-controller/values-test.yaml +++ b/actions-runner-controller/values-test.yaml @@ -32,7 +32,7 @@ githubConfigSecret: arc-runner-set-gha-rs-github-secret maxRunners: 3 ## minRunners is the min number of runners the autoscaling runner set will scale down to. -minRunners: 1 +minRunners: 0 # runnerGroup: "default" diff --git a/kubernetes/buildkite/windows.yaml b/kubernetes/buildkite/windows.yaml index 5f7e7f5..c034fc3 100644 --- a/kubernetes/buildkite/windows.yaml +++ b/kubernetes/buildkite/windows.yaml @@ -17,7 +17,7 @@ kind: Deployment metadata: name: windows-buildkite spec: - replicas: 6 + replicas: 7 strategy: type: Recreate selector: