# See options doc in https://github.com/actions/actions-runner-controller/tree/master/charts/actions-runner-controller ## githubConfigUrl is the GitHub url for where you want to configure runners ## ex: https://github.com/myorg/myrepo or https://github.com/myorg githubConfigUrl: "https://github.com/llvm/llvm-project" ## githubConfigSecret is the k8s secrets to use when auth with GitHub API. githubConfigSecret: ### GitHub Apps Configuration ## NOTE: IDs MUST be strings, use quotes github_app_id: "418336" github_app_installation_id: "43821912" ## Pass --set-file=githubConfigSecret.github_app_private_key= # First installation creates this secret. # githubConfigSecret: arc-runner-set-gha-rs-github-secret ## proxy can be used to define proxy settings that will be used by the ## controller, the listener and the runner of this scale set. # # proxy: # http: # url: http://proxy.com:1234 # credentialSecretRef: proxy-auth # a secret with `username` and `password` keys # https: # url: http://proxy.com:1234 # credentialSecretRef: proxy-auth # a secret with `username` and `password` keys # noProxy: # - example.com # - example.org ## maxRunners is the max number of runners the autoscaling runner set will scale up to. maxRunners: 3 ## minRunners is the min number of runners the autoscaling runner set will scale down to. minRunners: 1 runnerGroup: "generic-google-cloud-2" ## name of the runner scale set to create. Defaults to the helm release name # runnerScaleSetName: "" ## A self-signed CA certificate for communication with the GitHub server can be ## provided using a config map key selector. If `runnerMountPath` is set, for ## each runner pod ARC will: ## - create a `github-server-tls-cert` volume containing the certificate ## specified in `certificateFrom` ## - mount that volume on path `runnerMountPath`/{certificate name} ## - set NODE_EXTRA_CA_CERTS environment variable to that same path ## - set RUNNER_UPDATE_CA_CERTS environment variable to "1" (as of version ## 2.303.0 this will instruct the runner to reload certificates on the host) ## ## If any of the above had already been set by the user in the runner pod ## template, ARC will observe those and not overwrite them. ## Example configuration: # # githubServerTLS: # certificateFrom: # configMapKeyRef: # name: config-map-name # key: ca.crt # runnerMountPath: /usr/local/share/ca-certificates/ ## Container mode is an object that provides out-of-box configuration ## for dind and kubernetes mode. Template will be modified as documented under the ## template object. ## ## If any customization is required for dind or kubernetes mode, containerMode should remain ## empty, and configuration should be applied to the template. # containerMode: # type: "dind" ## type can be set to dind or kubernetes # ## the following is required when containerMode.type=kubernetes # kubernetesModeWorkVolumeClaim: # accessModes: ["ReadWriteOnce"] # # For local testing, use https://github.com/openebs/dynamic-localpv-provisioner/blob/develop/docs/quickstart.md to provide dynamic provision volume with storageClassName: openebs-hostpath # storageClassName: "dynamic-blob-storage" # resources: # requests: # storage: 1Gi # kubernetesModeServiceAccount: # annotations: ## template is the PodSpec for each listener Pod ## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec # listenerTemplate: # spec: # containers: # # Use this section to append additional configuration to the listener container. # # If you change the name of the container, the configuration will not be applied to the listener, # # and it will be treated as a side-car container. # - name: listener # securityContext: # runAsUser: 1000 # # Use this section to add the configuration of a side-car container. # # Comment it out or remove it if you don't need it. # # Spec for this container will be applied as is without any modifications. # - name: side-car # image: example-sidecar ## template is the PodSpec for each runner Pod ## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec ## template.spec will be modified if you change the container mode ## with containerMode.type=dind, we will populate the template.spec with following pod spec ## template: ## spec: ## initContainers: ## - name: init-dind-externals ## image: ghcr.io/actions/actions-runner:latest ## command: ["cp", "-r", "-v", "/home/runner/externals/.", "/home/runner/tmpDir/"] ## volumeMounts: ## - name: dind-externals ## mountPath: /home/runner/tmpDir ## containers: ## - name: runner ## image: ghcr.io/actions/actions-runner:latest ## command: ["/home/runner/run.sh"] ## env: ## - name: DOCKER_HOST ## value: unix:///run/docker/docker.sock ## volumeMounts: ## - name: work ## mountPath: /home/runner/_work ## - name: dind-sock ## mountPath: /run/docker ## readOnly: true ## - name: dind ## image: docker:dind ## args: ## - dockerd ## - --host=unix:///run/docker/docker.sock ## - --group=$(DOCKER_GROUP_GID) ## env: ## - name: DOCKER_GROUP_GID ## value: "123" ## securityContext: ## privileged: true ## volumeMounts: ## - name: work ## mountPath: /home/runner/_work ## - name: dind-sock ## mountPath: /run/docker ## - name: dind-externals ## mountPath: /home/runner/externals ## volumes: ## - name: work ## emptyDir: {} ## - name: dind-sock ## emptyDir: {} ## - name: dind-externals ## emptyDir: {} ###################################################################################################### ## with containerMode.type=kubernetes, we will populate the template.spec with following pod spec template: spec: containers: - name: runner image: us-central1-docker.pkg.dev/llvm-premerge-checks/docker/github-linux:latest command: ["/bin/bash"] args: ["-c", "/entrypoint.sh /home/runner/run.sh"] env: - name: ACTIONS_RUNNER_CONTAINER_HOOKS value: /home/runner/k8s/index.js - name: ACTIONS_RUNNER_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER value: "false" - name: WORKDIR value: "/home/runner/_work" resources: limits: cpu: 31 memory: 80Gi requests: cpu: 31 memory: 80Gi volumeMounts: - name: work mountPath: /home/runner/_work volumes: - name: work emptyDir: {} nodeSelector: cloud.google.com/gke-nodepool: linux-agents-2 ## Optional controller service account that needs to have required Role and RoleBinding ## to operate this gha-runner-scale-set installation. ## The helm chart will try to find the controller deployment and its service account at installation time. ## In case the helm chart can't find the right service account, you can explicitly pass in the following value ## to help it finish RoleBinding with the right service account. ## Note: if your controller is installed to only watch a single namespace, you have to pass these values explicitly. # controllerServiceAccount: # namespace: arc-system # name: test-arc-gha-runner-scale-set-controller