Skip to content

Commit 299fced

Browse files
committed
add new runner shape
Signed-off-by: Jeffrey Sica <[email protected]>
1 parent 2707497 commit 299fced

File tree

2 files changed

+271
-0
lines changed

2 files changed

+271
-0
lines changed
Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
apiVersion: argoproj.io/v1alpha1
2+
kind: Application
3+
metadata:
4+
name: equinix-8cpu-32gb
5+
namespace: argocd
6+
spec:
7+
project: default
8+
sources:
9+
- chart: gha-runner-scale-set
10+
repoURL: ghcr.io/actions/actions-runner-controller-charts
11+
targetRevision: 0.9.3
12+
helm:
13+
releaseName: equinix-8cpu-32gb
14+
valueFiles:
15+
- $values/ci/cluster/equinix/runners/8cpu-32gb/values.yaml
16+
- repoURL: 'https://github.com/cncf/automation.git'
17+
targetRevision: main
18+
ref: values
19+
destination:
20+
server: "https://kubernetes.default.svc"
21+
namespace: arc-systems
22+
syncPolicy:
23+
automated:
24+
prune: true
25+
selfHeal: true
26+
syncOptions:
27+
- CreateNamespace=true
28+
- ServerSideApply=true
Lines changed: 243 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,243 @@
1+
## githubConfigUrl is the GitHub url for where you want to configure runners
2+
## ex: https://github.com/myorg/myrepo or https://github.com/myorg
3+
githubConfigUrl: http://github.com/enterprises/cncf
4+
5+
## githubConfigSecret is the k8s secrets to use when auth with GitHub API.
6+
## You can choose to use GitHub App or a PAT token
7+
githubConfigSecret: github-arc-secret
8+
9+
controllerServiceAccount:
10+
namespace: arc-system
11+
name: cncf-gha-controller-gha-rs-controller
12+
## proxy can be used to define proxy settings that will be used by the
13+
## controller, the listener and the runner of this scale set.
14+
#
15+
# proxy:
16+
# http:
17+
# url: http://proxy.com:1234
18+
# credentialSecretRef: proxy-auth # a secret with `username` and `password` keys
19+
# https:
20+
# url: http://proxy.com:1234
21+
# credentialSecretRef: proxy-auth # a secret with `username` and `password` keys
22+
# noProxy:
23+
# - example.com
24+
# - example.org
25+
26+
## maxRunners is the max number of runners the autoscaling runner set will scale up to.
27+
maxRunners: 20
28+
29+
## minRunners is the min number of idle runners. The target number of runners created will be
30+
## calculated as a sum of minRunners and the number of jobs assigned to the scale set.
31+
minRunners: 1
32+
33+
# runnerGroup: "default"
34+
35+
## name of the runner scale set to create. Defaults to the helm release name
36+
# runnerScaleSetName: ""
37+
38+
## A self-signed CA certificate for communication with the GitHub server can be
39+
## provided using a config map key selector. If `runnerMountPath` is set, for
40+
## each runner pod ARC will:
41+
## - create a `github-server-tls-cert` volume containing the certificate
42+
## specified in `certificateFrom`
43+
## - mount that volume on path `runnerMountPath`/{certificate name}
44+
## - set NODE_EXTRA_CA_CERTS environment variable to that same path
45+
## - set RUNNER_UPDATE_CA_CERTS environment variable to "1" (as of version
46+
## 2.303.0 this will instruct the runner to reload certificates on the host)
47+
##
48+
## If any of the above had already been set by the user in the runner pod
49+
## template, ARC will observe those and not overwrite them.
50+
## Example configuration:
51+
#
52+
# githubServerTLS:
53+
# certificateFrom:
54+
# configMapKeyRef:
55+
# name: config-map-name
56+
# key: ca.crt
57+
# runnerMountPath: /usr/local/share/ca-certificates/
58+
59+
## Container mode is an object that provides out-of-box configuration
60+
## for dind and kubernetes mode. Template will be modified as documented under the
61+
## template object.
62+
##
63+
## If any customization is required for dind or kubernetes mode, containerMode should remain
64+
## empty, and configuration should be applied to the template.
65+
containerMode:
66+
type: "dind" ## type can be set to dind or kubernetes
67+
# ## the following is required when containerMode.type=kubernetes
68+
# kubernetesModeWorkVolumeClaim:
69+
# accessModes: ["ReadWriteOnce"]
70+
# # For local testing, use https://github.com/openebs/dynamic-localpv-provisioner/blob/develop/docs/quickstart.md to provide dynamic provision volume with storageClassName: openebs-hostpath
71+
# storageClassName: "dynamic-blob-storage"
72+
# resources:
73+
# requests:
74+
# storage: 1Gi
75+
# kubernetesModeServiceAccount:
76+
# annotations:
77+
78+
## template is the PodSpec for each listener Pod
79+
## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec
80+
listenerTemplate:
81+
spec:
82+
tolerations:
83+
- effect: NoSchedule
84+
key: node-role.kubernetes.io/control-plane
85+
# Node affinity is used to force cluster-autoscaler to stick
86+
# to the master node. This allows the cluster to reliably downscale
87+
# to zero worker nodes when needed.
88+
affinity:
89+
nodeAffinity:
90+
requiredDuringSchedulingIgnoredDuringExecution:
91+
nodeSelectorTerms:
92+
- matchExpressions:
93+
- key: node-role.kubernetes.io/control-plane
94+
operator: Exists
95+
containers:
96+
- name: listener
97+
securityContext:
98+
runAsUser: 1000
99+
# containers:
100+
# # Use this section to append additional configuration to the listener container.
101+
# # If you change the name of the container, the configuration will not be applied to the listener,
102+
# # and it will be treated as a side-car container.
103+
# - name: listener
104+
# securityContext:
105+
# runAsUser: 1000
106+
# # Use this section to add the configuration of a side-car container.
107+
# # Comment it out or remove it if you don't need it.
108+
# # Spec for this container will be applied as is without any modifications.
109+
# - name: side-car
110+
# image: example-sidecar
111+
112+
## template is the PodSpec for each runner Pod
113+
## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec
114+
template:
115+
## template.spec will be modified if you change the container mode
116+
## with containerMode.type=dind, we will populate the template.spec with following pod spec
117+
## template:
118+
## spec:
119+
## initContainers:
120+
## - name: init-dind-externals
121+
## image: ghcr.io/actions/actions-runner:latest
122+
## command: ["cp", "-r", "-v", "/home/runner/externals/.", "/home/runner/tmpDir/"]
123+
## volumeMounts:
124+
## - name: dind-externals
125+
## mountPath: /home/runner/tmpDir
126+
## containers:
127+
## - name: runner
128+
## image: ghcr.io/actions/actions-runner:latest
129+
## command: ["/home/runner/run.sh"]
130+
## env:
131+
## - name: DOCKER_HOST
132+
## value: unix:///run/docker/docker.sock
133+
## volumeMounts:
134+
## - name: work
135+
## mountPath: /home/runner/_work
136+
## - name: dind-sock
137+
## mountPath: /run/docker
138+
## readOnly: true
139+
## - name: dind
140+
## image: docker:dind
141+
## args:
142+
## - dockerd
143+
## - --host=unix:///run/docker/docker.sock
144+
## - --group=$(DOCKER_GROUP_GID)
145+
## env:
146+
## - name: DOCKER_GROUP_GID
147+
## value: "123"
148+
## securityContext:
149+
## privileged: true
150+
## volumeMounts:
151+
## - name: work
152+
## mountPath: /home/runner/_work
153+
## - name: dind-sock
154+
## mountPath: /run/docker
155+
## - name: dind-externals
156+
## mountPath: /home/runner/externals
157+
## volumes:
158+
## - name: work
159+
## emptyDir: {}
160+
## - name: dind-sock
161+
## emptyDir: {}
162+
## - name: dind-externals
163+
## emptyDir: {}
164+
######################################################################################################
165+
## with containerMode.type=kubernetes, we will populate the template.spec with following pod spec
166+
## template:
167+
## spec:
168+
## containers:
169+
## - name: runner
170+
## image: ghcr.io/actions/actions-runner:latest
171+
## command: ["/home/runner/run.sh"]
172+
## env:
173+
## - name: ACTIONS_RUNNER_CONTAINER_HOOKS
174+
## value: /home/runner/k8s/index.js
175+
## - name: ACTIONS_RUNNER_POD_NAME
176+
## valueFrom:
177+
## fieldRef:
178+
## fieldPath: metadata.name
179+
## - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
180+
## value: "true"
181+
## volumeMounts:
182+
## - name: work
183+
## mountPath: /home/runner/_work
184+
## volumes:
185+
## - name: work
186+
## ephemeral:
187+
## volumeClaimTemplate:
188+
## spec:
189+
## accessModes: [ "ReadWriteOnce" ]
190+
## storageClassName: "local-path"
191+
## resources:
192+
## requests:
193+
## storage: 1Gi
194+
spec:
195+
containers:
196+
- name: runner
197+
image: ghcr.io/jeefy/gha-runner:main
198+
imagePullPolicy: Always
199+
command: ["/home/runner/run.sh"]
200+
resources:
201+
requests:
202+
memory: 32Gi
203+
cpu: 8
204+
limits:
205+
memory: 36Gi
206+
cpu: 10
207+
- name: dind
208+
image: docker:dind
209+
args:
210+
- dockerd
211+
- --host=unix:///run/docker/docker.sock
212+
- --group=$(DOCKER_GROUP_GID)
213+
- --mtu=1400
214+
- --default-network-opt=bridge=com.docker.network.driver.mtu=1400
215+
env:
216+
- name: DOCKER_GROUP_GID
217+
value: "123"
218+
securityContext:
219+
privileged: true
220+
volumeMounts:
221+
- name: work
222+
mountPath: /home/runner/_work
223+
- name: dind-sock
224+
mountPath: /run/docker
225+
- name: dind-externals
226+
mountPath: /home/runner/externals
227+
volumes:
228+
- name: work
229+
emptyDir: {}
230+
- name: dind-sock
231+
emptyDir: {}
232+
- name: dind-externals
233+
emptyDir: {}
234+
235+
## Optional controller service account that needs to have required Role and RoleBinding
236+
## to operate this gha-runner-scale-set installation.
237+
## The helm chart will try to find the controller deployment and its service account at installation time.
238+
## In case the helm chart can't find the right service account, you can explicitly pass in the following value
239+
## to help it finish RoleBinding with the right service account.
240+
## Note: if your controller is installed to only watch a single namespace, you have to pass these values explicitly.
241+
# controllerServiceAccount:
242+
# namespace: arc-system
243+
# name: test-arc-gha-runner-scale-set-controller

0 commit comments

Comments
 (0)