diff --git a/github-arc-operator/helm-charts/actions-runner-controller/Chart.yaml b/github-arc-operator/helm-charts/actions-runner-controller/Chart.yaml index 9bf1689..36b8ecb 100644 --- a/github-arc-operator/helm-charts/actions-runner-controller/Chart.yaml +++ b/github-arc-operator/helm-charts/actions-runner-controller/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 0.27.2 +appVersion: 0.27.4 description: A Kubernetes controller that operates self-hosted runners for GitHub Actions on your Kubernetes cluster. home: https://github.com/actions/actions-runner-controller @@ -10,4 +10,4 @@ name: actions-runner-controller sources: - https://github.com/actions/actions-runner-controller type: application -version: 0.23.1 +version: 0.23.3 diff --git a/github-arc-operator/helm-charts/actions-runner-controller/README.md b/github-arc-operator/helm-charts/actions-runner-controller/README.md index 465dd96..d291bb6 100644 --- a/github-arc-operator/helm-charts/actions-runner-controller/README.md +++ b/github-arc-operator/helm-charts/actions-runner-controller/README.md @@ -46,7 +46,7 @@ All additional docs are kept in the `docs/` folder, this README is solely for do | `metrics.port` | Set port of metrics service | 8443 | | `metrics.proxy.enabled` | Deploy kube-rbac-proxy container in controller pod | true | | `metrics.proxy.image.repository` | The "repository/image" of the kube-proxy container | quay.io/brancz/kube-rbac-proxy | -| `metrics.proxy.image.tag` | The tag of the kube-proxy image to use when pulling the container | v0.10.0 | +| `metrics.proxy.image.tag` | The tag of the kube-proxy image to use when pulling the container | v0.13.1 | | `metrics.serviceMonitorLabels` | Set labels to apply to ServiceMonitor resources | | | `imagePullSecrets` | Specifies the secret to be used when pulling the controller pod containers | | | `fullnameOverride` | Override the full resource names | | @@ -102,8 +102,11 @@ All additional docs are kept in the `docs/` folder, this README is solely for do | `githubWebhookServer.tolerations` | Set the githubWebhookServer pod tolerations | | | `githubWebhookServer.affinity` | Set the githubWebhookServer pod affinity rules | | | `githubWebhookServer.priorityClassName` | Set the githubWebhookServer pod priorityClassName | | +| `githubWebhookServer.terminationGracePeriodSeconds` | Set the githubWebhookServer pod terminationGracePeriodSeconds. Useful when using preStop hooks to drain/sleep. | `10` | +| `githubWebhookServer.lifecycle` | Set the githubWebhookServer pod lifecycle hooks | `{}` | | `githubWebhookServer.service.type` | Set githubWebhookServer service type | | | `githubWebhookServer.service.ports` | Set githubWebhookServer service ports | `[{"port":80, "targetPort:"http", "protocol":"TCP", "name":"http"}]` | +| `githubWebhookServer.service.loadBalancerSourceRanges` | Set githubWebhookServer loadBalancerSourceRanges for restricting loadBalancer type services | `[]` | | `githubWebhookServer.ingress.enabled` | Deploy an ingress kind for the githubWebhookServer | false | | `githubWebhookServer.ingress.annotations` | Set annotations for the ingress kind | | | `githubWebhookServer.ingress.hosts` | Set hosts configuration for ingress | `[{"host": "chart-example.local", "paths": []}]` | @@ -115,9 +118,9 @@ All additional docs are kept in the `docs/` folder, this README is solely for do | `actionsMetricsServer.logLevel` | Set the log level of the actionsMetricsServer container | | | `actionsMetricsServer.logFormat` | Set the log format of the actionsMetricsServer controller. Valid options are "text" and "json" | text | | `actionsMetricsServer.enabled` | Deploy the actions metrics server pod | false | -| `actionsMetricsServer.secret.enabled` | Passes the webhook hook secret to the github-webhook-server | false | +| `actionsMetricsServer.secret.enabled` | Passes the webhook hook secret to the actions-metrics-server | false | | `actionsMetricsServer.secret.create` | Deploy the webhook hook secret | false | -| `actionsMetricsServer.secret.name` | Set the name of the webhook hook secret | github-webhook-server | +| `actionsMetricsServer.secret.name` | Set the name of the webhook hook secret | actions-metrics-server | | `actionsMetricsServer.secret.github_webhook_secret_token` | Set the webhook secret token value | | | `actionsMetricsServer.imagePullSecrets` | Specifies the secret to be used when pulling the actionsMetricsServer pod containers | | | `actionsMetricsServer.nameOverride` | Override the resource name prefix | | @@ -135,17 +138,20 @@ All additional docs are kept in the `docs/` folder, this README is solely for do | `actionsMetricsServer.tolerations` | Set the actionsMetricsServer pod tolerations | | | `actionsMetricsServer.affinity` | Set the actionsMetricsServer pod affinity rules | | | `actionsMetricsServer.priorityClassName` | Set the actionsMetricsServer pod priorityClassName | | +| `actionsMetricsServer.terminationGracePeriodSeconds` | Set the actionsMetricsServer pod terminationGracePeriodSeconds. Useful when using preStop hooks to drain/sleep. | `10` | +| `actionsMetricsServer.lifecycle` | Set the actionsMetricsServer pod lifecycle hooks | `{}` | | `actionsMetricsServer.service.type` | Set actionsMetricsServer service type | | | `actionsMetricsServer.service.ports` | Set actionsMetricsServer service ports | `[{"port":80, "targetPort:"http", "protocol":"TCP", "name":"http"}]` | +| `actionsMetricsServer.service.loadBalancerSourceRanges` | Set actionsMetricsServer loadBalancerSourceRanges for restricting loadBalancer type services | `[]` | | `actionsMetricsServer.ingress.enabled` | Deploy an ingress kind for the actionsMetricsServer | false | | `actionsMetricsServer.ingress.annotations` | Set annotations for the ingress kind | | | `actionsMetricsServer.ingress.hosts` | Set hosts configuration for ingress | `[{"host": "chart-example.local", "paths": []}]` | | `actionsMetricsServer.ingress.tls` | Set tls configuration for ingress | | | `actionsMetricsServer.ingress.ingressClassName` | Set ingress class name | | -| `actionsMetrics.serviceMonitor` | Deploy serviceMonitor kind for for use with prometheus-operator CRDs | false | -| `actionsMetrics.serviceAnnotations` | Set annotations for the provisioned actions metrics service resource | | -| `actionsMetrics.port` | Set port of actions metrics service | 8443 | -| `actionsMetrics.proxy.enabled` | Deploy kube-rbac-proxy container in controller pod | true | -| `actionsMetrics.proxy.image.repository` | The "repository/image" of the kube-proxy container | quay.io/brancz/kube-rbac-proxy | -| `actionsMetrics.proxy.image.tag` | The tag of the kube-proxy image to use when pulling the container | v0.10.0 | -| `actionsMetrics.serviceMonitorLabels` | Set labels to apply to ServiceMonitor resources | | +| `actionsMetrics.serviceMonitor` | Deploy serviceMonitor kind for for use with prometheus-operator CRDs | false | +| `actionsMetrics.serviceAnnotations` | Set annotations for the provisioned actions metrics service resource | | +| `actionsMetrics.port` | Set port of actions metrics service | 8443 | +| `actionsMetrics.proxy.enabled` | Deploy kube-rbac-proxy container in controller pod | true | +| `actionsMetrics.proxy.image.repository` | The "repository/image" of the kube-proxy container | quay.io/brancz/kube-rbac-proxy | +| `actionsMetrics.proxy.image.tag` | The tag of the kube-proxy image to use when pulling the container | v0.13.1 | +| `actionsMetrics.serviceMonitorLabels` | Set labels to apply to ServiceMonitor resources | | diff --git a/github-arc-operator/helm-charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml b/github-arc-operator/helm-charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml index 5eac200..d7cb67b 100644 --- a/github-arc-operator/helm-charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml +++ b/github-arc-operator/helm-charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml @@ -50,6 +50,12 @@ spec: {{- end }} command: - "/actions-metrics-server" + {{- if .Values.actionsMetricsServer.lifecycle }} + {{- with .Values.actionsMetricsServer.lifecycle }} + lifecycle: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- end }} env: - name: GITHUB_WEBHOOK_SECRET_TOKEN valueFrom: @@ -142,7 +148,7 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} {{- end }} - terminationGracePeriodSeconds: 10 + terminationGracePeriodSeconds: {{ .Values.actionsMetricsServer.terminationGracePeriodSeconds }} {{- with .Values.actionsMetricsServer.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/github-arc-operator/helm-charts/actions-runner-controller/templates/actionsmetrics.role.yaml b/github-arc-operator/helm-charts/actions-runner-controller/templates/actionsmetrics.role.yaml new file mode 100644 index 0000000..829bcf3 --- /dev/null +++ b/github-arc-operator/helm-charts/actions-runner-controller/templates/actionsmetrics.role.yaml @@ -0,0 +1,90 @@ +{{- if .Values.actionsMetricsServer.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ include "actions-runner-controller-actions-metrics-server.roleName" . }} +rules: +- apiGroups: + - actions.summerwind.dev + resources: + - horizontalrunnerautoscalers + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - actions.summerwind.dev + resources: + - horizontalrunnerautoscalers/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - actions.summerwind.dev + resources: + - horizontalrunnerautoscalers/status + verbs: + - get + - patch + - update +- apiGroups: + - actions.summerwind.dev + resources: + - runnersets + verbs: + - get + - list + - watch +- apiGroups: + - actions.summerwind.dev + resources: + - runnerdeployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - actions.summerwind.dev + resources: + - runnerdeployments/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - actions.summerwind.dev + resources: + - runnerdeployments/status + verbs: + - get + - patch + - update +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +{{- end }} diff --git a/github-arc-operator/helm-charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml b/github-arc-operator/helm-charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml new file mode 100644 index 0000000..0b64ed5 --- /dev/null +++ b/github-arc-operator/helm-charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml @@ -0,0 +1,14 @@ +{{- if .Values.actionsMetricsServer.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "actions-runner-controller-actions-metrics-server.roleName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "actions-runner-controller-actions-metrics-server.roleName" . }} +subjects: + - kind: ServiceAccount + name: {{ include "actions-runner-controller-actions-metrics-server.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/github-arc-operator/helm-charts/actions-runner-controller/templates/actionsmetrics.service.yaml b/github-arc-operator/helm-charts/actions-runner-controller/templates/actionsmetrics.service.yaml index cfd2738..0cfae32 100644 --- a/github-arc-operator/helm-charts/actions-runner-controller/templates/actionsmetrics.service.yaml +++ b/github-arc-operator/helm-charts/actions-runner-controller/templates/actionsmetrics.service.yaml @@ -5,7 +5,7 @@ metadata: name: {{ include "actions-runner-controller-actions-metrics-server.fullname" . }} namespace: {{ .Release.Namespace }} labels: - {{- include "actions-runner-controller.labels" . | nindent 4 }} + {{- include "actions-runner-controller-actions-metrics-server.selectorLabels" . | nindent 4 }} {{- if .Values.actionsMetricsServer.service.annotations }} annotations: {{ toYaml .Values.actionsMetricsServer.service.annotations | nindent 4 }} @@ -23,4 +23,10 @@ spec: {{- end }} selector: {{- include "actions-runner-controller-actions-metrics-server.selectorLabels" . | nindent 4 }} + {{- if .Values.actionsMetricsServer.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $ip := .Values.actionsMetricsServer.service.loadBalancerSourceRanges }} + - {{ $ip -}} + {{- end }} + {{- end }} {{- end }} diff --git a/github-arc-operator/helm-charts/actions-runner-controller/values.yaml b/github-arc-operator/helm-charts/actions-runner-controller/values.yaml index b46ec09..8d8fe8f 100644 --- a/github-arc-operator/helm-charts/actions-runner-controller/values.yaml +++ b/github-arc-operator/helm-charts/actions-runner-controller/values.yaml @@ -47,6 +47,7 @@ authSecret: #github_basicauth_username: "" #github_basicauth_password: "" +# http(s) should be specified for dockerRegistryMirror, e.g.: dockerRegistryMirror="https://" dockerRegistryMirror: "" image: repository: "summerwind/actions-runner-controller" @@ -359,6 +360,7 @@ actionsMetricsServer: protocol: TCP name: http #nodePort: someFixedPortForUseWithTerraformCdkCfnEtc + loadBalancerSourceRanges: [] ingress: enabled: false ingressClassName: "" @@ -388,7 +390,8 @@ actionsMetricsServer: # - secretName: chart-example-tls # hosts: # - chart-example.local - + terminationGracePeriodSeconds: 10 + lifecycle: {} # Default values for openshift. openshift: false