actions/actions-runner-controller
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
actions-runner-controller-0.7.0
actions-runner-controller/controllers/runner_controller.go

723 lines
21 KiB
Go
Raw Permalink Normal View History

Initial commit
2020-01-28 15:03:23 +09:00
/*
Copyright 2020 The actions-runner-controller authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package controllers
import (
"context"
feat: Prevent blocking on transient runner registration failure (#297) This enhances the controller to recreate the runner pod if the corresponding runner has failed to register itself to GitHub within 10 minutes(currently hard-coded). It should alleviate #288 in case the root cause is some kind of transient failures(network unreliability, GitHub down, temporarly compute resource shortage, etc). Formerly you had to manually detect and delete such pods or even force-delete corresponding runners to unblock the controller. Since this enhancement, the controller does the pod deletion automatically after 10 minutes after pod creation, which result in the controller create another pod that might work. Ref #288
2021-02-09 10:17:52 +09:00
"errors"
Implement runner controller
2020-01-28 21:58:01 +09:00
"fmt"
feat: Prevent blocking on transient runner registration failure (#297) This enhances the controller to recreate the runner pod if the corresponding runner has failed to register itself to GitHub within 10 minutes(currently hard-coded). It should alleviate #288 in case the root cause is some kind of transient failures(network unreliability, GitHub down, temporarly compute resource shortage, etc). Formerly you had to manually detect and delete such pods or even force-delete corresponding runners to unblock the controller. Since this enhancement, the controller does the pod deletion automatically after 10 minutes after pod creation, which result in the controller create another pod that might work. Ref #288
2021-02-09 10:17:52 +09:00
gogithub "github.com/google/go-github/v33/github"
feat: EKS IAM Roles for Service Accounts for Runner Pods (#226) One of the pod recreation conditions has been modified to use hash of runner spec, so that the controller does not keep restarting pods mutated by admission webhooks. This naturally allows us, for example, to use IRSA for EKS that requires its admission webhook to mutate the runner pod to have additional, IRSA-related volumes, volume mounts and env. Resolves #200
2020-12-08 17:56:06 +09:00
"github.com/summerwind/actions-runner-controller/hash"
support runner labels
2020-04-24 11:29:52 +02:00
"strings"
feat: Prevent blocking on transient runner registration failure (#297) This enhances the controller to recreate the runner pod if the corresponding runner has failed to register itself to GitHub within 10 minutes(currently hard-coded). It should alleviate #288 in case the root cause is some kind of transient failures(network unreliability, GitHub down, temporarly compute resource shortage, etc). Formerly you had to manually detect and delete such pods or even force-delete corresponding runners to unblock the controller. Since this enhancement, the controller does the pod deletion automatically after 10 minutes after pod creation, which result in the controller create another pod that might work. Ref #288
2021-02-09 10:17:52 +09:00
"time"
Initial commit
2020-01-28 15:03:23 +09:00
"github.com/go-logr/logr"
feat: Prevent blocking on transient runner registration failure (#297) This enhances the controller to recreate the runner pod if the corresponding runner has failed to register itself to GitHub within 10 minutes(currently hard-coded). It should alleviate #288 in case the root cause is some kind of transient failures(network unreliability, GitHub down, temporarly compute resource shortage, etc). Formerly you had to manually detect and delete such pods or even force-delete corresponding runners to unblock the controller. Since this enhancement, the controller does the pod deletion automatically after 10 minutes after pod creation, which result in the controller create another pod that might work. Ref #288
2021-02-09 10:17:52 +09:00
kerrors "k8s.io/apimachinery/pkg/api/errors"
Initial commit
2020-01-28 15:03:23 +09:00
"k8s.io/apimachinery/pkg/runtime"
Record event of runner resource
2020-02-03 18:40:59 +09:00
"k8s.io/client-go/tools/record"
Initial commit
2020-01-28 15:03:23 +09:00
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
Implement runner controller
2020-01-28 21:58:01 +09:00
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/summerwind/actions-runner-controller/api/v1alpha1"
Use github package to access the GitHub API
2020-04-13 22:28:07 +09:00
"github.com/summerwind/actions-runner-controller/github"
Implement runner controller
2020-01-28 21:58:01 +09:00
)
const (
Restart runner pod on completion
2020-02-01 00:06:30 +09:00
containerName = "runner"
Implement finalizer
2020-02-03 21:35:01 +09:00
finalizerName = "runner.actions.summerwind.dev"
feat: EKS IAM Roles for Service Accounts for Runner Pods (#226) One of the pod recreation conditions has been modified to use hash of runner spec, so that the controller does not keep restarting pods mutated by admission webhooks. This naturally allows us, for example, to use IRSA for EKS that requires its admission webhook to mutate the runner pod to have additional, IRSA-related volumes, volume mounts and env. Resolves #200
2020-12-08 17:56:06 +09:00
LabelKeyPodTemplateHash = "pod-template-hash"
feat: Prevent blocking on transient runner registration failure (#297) This enhances the controller to recreate the runner pod if the corresponding runner has failed to register itself to GitHub within 10 minutes(currently hard-coded). It should alleviate #288 in case the root cause is some kind of transient failures(network unreliability, GitHub down, temporarly compute resource shortage, etc). Formerly you had to manually detect and delete such pods or even force-delete corresponding runners to unblock the controller. Since this enhancement, the controller does the pod deletion automatically after 10 minutes after pod creation, which result in the controller create another pod that might work. Ref #288
2021-02-09 10:17:52 +09:00
retryDelayOnGitHubAPIRateLimitError = 30 * time.Second
Initial commit
2020-01-28 15:03:23 +09:00
)
// RunnerReconciler reconciles a Runner object
type RunnerReconciler struct {
client.Client
Implement runner controller
2020-01-28 21:58:01 +09:00
Log logr.Logger
Record event of runner resource
2020-02-03 18:40:59 +09:00
Recorder record.EventRecorder
Implement runner controller
2020-01-28 21:58:01 +09:00
Scheme *runtime.Scheme
GitHubClient *github.Client
Add '-runner-image' and '-docker-image' flags
2020-02-03 16:56:52 +09:00
RunnerImage string
DockerImage string
Initial commit
2020-01-28 15:03:23 +09:00
}
// +kubebuilder:rbac:groups=actions.summerwind.dev,resources=runners,verbs=get;list;watch;create;update;patch;delete
Ensure controller-gen is up-to-date and the code and the manifests are in-sync Follow-up for #95 that added /finalizers subresource permission and #103 that upgraded controller-gen from 0.2.4 from 0.3.0
2020-10-06 09:23:03 +09:00
// +kubebuilder:rbac:groups=actions.summerwind.dev,resources=runners/finalizers,verbs=get;list;watch;create;update;patch;delete
Initial commit
2020-01-28 15:03:23 +09:00
// +kubebuilder:rbac:groups=actions.summerwind.dev,resources=runners/status,verbs=get;update;patch
Fix permission for pods
2020-02-02 19:49:10 +09:00
// +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch;create;update;patch;delete
Ensure controller-gen is up-to-date and the code and the manifests are in-sync Follow-up for #95 that added /finalizers subresource permission and #103 that upgraded controller-gen from 0.2.4 from 0.3.0
2020-10-06 09:23:03 +09:00
// +kubebuilder:rbac:groups=core,resources=pods/finalizers,verbs=get;list;watch;create;update;patch;delete
Add permission to create/patch events resource
2020-03-27 23:25:37 +09:00
// +kubebuilder:rbac:groups=core,resources=events,verbs=create;patch
Initial commit
2020-01-28 15:03:23 +09:00
func (r *RunnerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
Implement runner controller
2020-01-28 21:58:01 +09:00
ctx := context.Background()
log := r.Log.WithValues("runner", req.NamespacedName)
var runner v1alpha1.Runner
if err := r.Get(ctx, req.NamespacedName, &runner); err != nil {
return ctrl.Result{}, client.IgnoreNotFound(err)
}
Add validation webhooks
2020-04-30 22:11:59 +09:00
err := runner.Validate()
organization and repository are now exclusive
2020-04-28 07:24:37 +02:00
if err != nil {
log.Info("Failed to validate runner spec", "error", err.Error())
return ctrl.Result{}, nil
}
Implement finalizer
2020-02-03 21:35:01 +09:00
if runner.ObjectMeta.DeletionTimestamp.IsZero() {
finalizers, added := addFinalizer(runner.ObjectMeta.Finalizers)
if added {
newRunner := runner.DeepCopy()
newRunner.ObjectMeta.Finalizers = finalizers
if err := r.Update(ctx, newRunner); err != nil {
log.Error(err, "Failed to update runner")
return ctrl.Result{}, err
}
return ctrl.Result{}, nil
}
} else {
finalizers, removed := removeFinalizer(runner.ObjectMeta.Finalizers)
Set volume to pod properly
2020-04-30 18:41:17 +09:00
Implement finalizer
2020-02-03 21:35:01 +09:00
if removed {
fix delete pod when runner failed to register
2020-04-28 16:31:05 +02:00
if len(runner.Status.Registration.Token) > 0 {
Add support for enterprise runners (#290) * Add support for enterprise runners * update docs
2021-02-05 02:31:06 +02:00
ok, err := r.unregisterRunner(ctx, runner.Spec.Enterprise, runner.Spec.Organization, runner.Spec.Repository, runner.Name)
fix delete pod when runner failed to register
2020-04-28 16:31:05 +02:00
if err != nil {
feat: Prevent blocking on transient runner registration failure (#297) This enhances the controller to recreate the runner pod if the corresponding runner has failed to register itself to GitHub within 10 minutes(currently hard-coded). It should alleviate #288 in case the root cause is some kind of transient failures(network unreliability, GitHub down, temporarly compute resource shortage, etc). Formerly you had to manually detect and delete such pods or even force-delete corresponding runners to unblock the controller. Since this enhancement, the controller does the pod deletion automatically after 10 minutes after pod creation, which result in the controller create another pod that might work. Ref #288
2021-02-09 10:17:52 +09:00
if errors.Is(err, &gogithub.RateLimitError{}) {
// We log the underlying error when we failed calling GitHub API to list or unregisters,
// or the runner is still busy.
log.Error(
err,
fmt.Sprintf(
"Failed to unregister runner due to GitHub API rate limits. Delaying retry for %s to avoid excessive GitHub API calls",
retryDelayOnGitHubAPIRateLimitError,
),
)
return ctrl.Result{RequeueAfter: retryDelayOnGitHubAPIRateLimitError}, err
}
fix delete pod when runner failed to register
2020-04-28 16:31:05 +02:00
return ctrl.Result{}, err
}
if !ok {
log.V(1).Info("Runner no longer exists on GitHub")
}
} else {
log.V(1).Info("Runner was never registered on GitHub")
Implement finalizer
2020-02-03 21:35:01 +09:00
}
newRunner := runner.DeepCopy()
newRunner.ObjectMeta.Finalizers = finalizers
if err := r.Update(ctx, newRunner); err != nil {
log.Error(err, "Failed to update runner")
return ctrl.Result{}, err
}
fix delete pod when runner failed to register
2020-04-28 16:31:05 +02:00
log.Info("Removed runner from GitHub", "repository", runner.Spec.Repository, "organization", runner.Spec.Organization)
Implement finalizer
2020-02-03 21:35:01 +09:00
}
return ctrl.Result{}, nil
}
Reconcile when runner pod is updated
2020-01-29 23:12:07 +09:00
var pod corev1.Pod
if err := r.Get(ctx, req.NamespacedName, &pod); err != nil {
feat: Prevent blocking on transient runner registration failure (#297) This enhances the controller to recreate the runner pod if the corresponding runner has failed to register itself to GitHub within 10 minutes(currently hard-coded). It should alleviate #288 in case the root cause is some kind of transient failures(network unreliability, GitHub down, temporarly compute resource shortage, etc). Formerly you had to manually detect and delete such pods or even force-delete corresponding runners to unblock the controller. Since this enhancement, the controller does the pod deletion automatically after 10 minutes after pod creation, which result in the controller create another pod that might work. Ref #288
2021-02-09 10:17:52 +09:00
if !kerrors.IsNotFound(err) {
Reconcile when runner pod is updated
2020-01-29 23:12:07 +09:00
return ctrl.Result{}, err
Implement runner controller
2020-01-28 21:58:01 +09:00
}
Fix token registration broken since v0.11.0 (#167) Fixes #166
2020-11-11 09:38:05 +09:00
if updated, err := r.updateRegistrationToken(ctx, runner); err != nil {
return ctrl.Result{}, err
} else if updated {
return ctrl.Result{Requeue: true}, nil
}
newPod, err := r.newPod(runner)
Implement runner controller
2020-01-28 21:58:01 +09:00
if err != nil {
Record event of runner resource
2020-02-03 18:40:59 +09:00
log.Error(err, "Could not create pod")
Implement runner controller
2020-01-28 21:58:01 +09:00
return ctrl.Result{}, err
}
Reconcile when runner pod is updated
2020-01-29 23:12:07 +09:00
if err := r.Create(ctx, &newPod); err != nil {
Record event of runner resource
2020-02-03 18:40:59 +09:00
log.Error(err, "Failed to create pod resource")
Reconcile when runner pod is updated
2020-01-29 23:12:07 +09:00
return ctrl.Result{}, err
}
Implement runner controller
2020-01-28 21:58:01 +09:00
Record event of runner resource
2020-02-03 18:40:59 +09:00
r.Recorder.Event(&runner, corev1.EventTypeNormal, "PodCreated", fmt.Sprintf("Created pod '%s'", newPod.Name))
log.Info("Created runner pod", "repository", runner.Spec.Repository)
Reconcile when runner pod is updated
2020-01-29 23:12:07 +09:00
} else {
Restart if pod ends up succeeded (#136) Fixes #132
2020-10-21 15:32:26 +03:00
// If pod has ended up succeeded we need to restart it
// Happens e.g. when dind is in runner and run completes
restart := pod.Status.Phase == corev1.PodSucceeded
if !restart && runner.Status.Phase != string(pod.Status.Phase) {
Sync runner status with pod status
2020-02-03 17:25:38 +09:00
updated := runner.DeepCopy()
updated.Status.Phase = string(pod.Status.Phase)
updated.Status.Reason = pod.Status.Reason
updated.Status.Message = pod.Status.Message
if err := r.Status().Update(ctx, updated); err != nil {
Record event of runner resource
2020-02-03 18:40:59 +09:00
log.Error(err, "Failed to update runner status")
Sync runner status with pod status
2020-02-03 17:25:38 +09:00
return ctrl.Result{}, err
}
return ctrl.Result{}, nil
}
Ignore pods being deleted
2020-01-31 22:47:53 +09:00
if !pod.ObjectMeta.DeletionTimestamp.IsZero() {
Introduce pod deletion timeout and forcefully delete stuck pods (#307) * if a k8s node becomes unresponsive, the kube controller will soft delete all pods after the eviction time (default 5 mins) * as long as the node stays unresponsive, the pod will never leave the last status and hence the runner controller will assume that everything is fine with the pod and will not try to create new pods * this can result in a situation where a horizontal autoscaler thinks that none of its runners are currently busy and will not schedule any further runners / pods, resulting in a broken runner deployment until the runnerreplicaset is deleted or the node comes back online * introducing a pod deletion timeout (1 minute) after which the runner controller will try to reboot the runner and create a pod on a working node * use forceful deletion and requeue for pods that have been stuck for more than one minute in terminating state * gracefully handling race conditions if pod gets finally forcefully deleted within
2021-02-15 01:32:28 +01:00
deletionTimeout := 1 * time.Minute
currentTime := time.Now()
deletionDidTimeout := currentTime.Sub(pod.DeletionTimestamp.Add(deletionTimeout)) > 0
if deletionDidTimeout {
log.Info(
"Pod failed to delete itself in a timely manner. "+
"This is typically the case when a Kubernetes node became unreachable "+
"and the kube controller started evicting nodes. Forcefully deleting the pod to not get stuck.",
"podDeletionTimestamp", pod.DeletionTimestamp,
"currentTime", currentTime,
"configuredDeletionTimeout", deletionTimeout,
)
var force int64 = 0
// forcefully delete runner as we would otherwise get stuck if the node stays unreachable
if err := r.Delete(ctx, &pod, &client.DeleteOptions{GracePeriodSeconds: &force}); err != nil {
// probably
if !kerrors.IsNotFound(err) {
log.Error(err, "Failed to forcefully delete pod resource ...")
return ctrl.Result{}, err
}
// forceful deletion finally succeeded
return ctrl.Result{Requeue: true}, nil
}
r.Recorder.Event(&runner, corev1.EventTypeNormal, "PodDeleted", fmt.Sprintf("Forcefully deleted pod '%s'", pod.Name))
log.Info("Forcefully deleted runner pod", "repository", runner.Spec.Repository)
// give kube manager a little time to forcefully delete the stuck pod
return ctrl.Result{RequeueAfter: 3 * time.Second}, err
} else {
return ctrl.Result{}, err
}
Ignore pods being deleted
2020-01-31 22:47:53 +09:00
}
Restart runner pod on completion
2020-02-01 00:06:30 +09:00
if pod.Status.Phase == corev1.PodRunning {
for _, status := range pod.Status.ContainerStatuses {
if status.Name != containerName {
continue
}
if status.State.Terminated != nil && status.State.Terminated.ExitCode == 0 {
restart = true
}
}
}
Fix token registration broken since v0.11.0 (#167) Fixes #166
2020-11-11 09:38:05 +09:00
if updated, err := r.updateRegistrationToken(ctx, runner); err != nil {
return ctrl.Result{}, err
} else if updated {
return ctrl.Result{Requeue: true}, nil
}
newPod, err := r.newPod(runner)
Reconcile when runner pod is updated
2020-01-29 23:12:07 +09:00
if err != nil {
Record event of runner resource
2020-02-03 18:40:59 +09:00
log.Error(err, "Could not create pod")
Reconcile when runner pod is updated
2020-01-29 23:12:07 +09:00
return ctrl.Result{}, err
Implement runner controller
2020-01-28 21:58:01 +09:00
}
Initial commit
2020-01-28 15:03:23 +09:00
Handle offline runners gracefully (#341) * if a runner pod starts up with an invalid token, it will go in an infinite retry loop, appearing as RUNNING from the outside * normally, this error situation is detected because no corresponding runner objects exists in GitHub and the pod will get removed after registration timeout * if the GitHub runner object already existed before - e.g. because a finalizer was not properly run as part of a partial Kubernetes crash, the runner will always stay in a running mode, even updating the registration token will not kill the problematic pod * introducing RunnerOffline exception that can be handled in runner controller and replicaset controller * as runners are offline when a pod is completed and marked for restart, only do additional restart checks if no restart was already decided, making code a bit cleaner and saving GitHub API calls after each job completion
2021-02-22 02:08:04 +01:00
// all checks done below only decide whether a restart is needed
// if a restart was already decided before, there is no need for the checks
// saving API calls and scary log messages
if !restart {
notRegistered := false
offline := false
runnerBusy, err := r.GitHubClient.IsRunnerBusy(ctx, runner.Spec.Enterprise, runner.Spec.Organization, runner.Spec.Repository, runner.Name)
if err != nil {
var notFoundException *github.RunnerNotFound
var offlineException *github.RunnerOffline
if errors.As(err, &notFoundException) {
log.V(1).Info("Failed to check if runner is busy. Either this runner has never been successfully registered to GitHub or it still needs more time.", "runnerName", runner.Name)
notRegistered = true
} else if errors.As(err, &offlineException) {
log.V(1).Info("GitHub runner appears to be offline, waiting for runner to get online ...", "runnerName", runner.Name)
offline = true
} else {
var e *gogithub.RateLimitError
if errors.As(err, &e) {
// We log the underlying error when we failed calling GitHub API to list or unregisters,
// or the runner is still busy.
log.Error(
err,
fmt.Sprintf(
"Failed to check if runner is busy due to Github API rate limit. Retrying in %s to avoid excessive GitHub API calls",
retryDelayOnGitHubAPIRateLimitError,
),
)
feat: Prevent blocking on transient runner registration failure (#297) This enhances the controller to recreate the runner pod if the corresponding runner has failed to register itself to GitHub within 10 minutes(currently hard-coded). It should alleviate #288 in case the root cause is some kind of transient failures(network unreliability, GitHub down, temporarly compute resource shortage, etc). Formerly you had to manually detect and delete such pods or even force-delete corresponding runners to unblock the controller. Since this enhancement, the controller does the pod deletion automatically after 10 minutes after pod creation, which result in the controller create another pod that might work. Ref #288
2021-02-09 10:17:52 +09:00
Handle offline runners gracefully (#341) * if a runner pod starts up with an invalid token, it will go in an infinite retry loop, appearing as RUNNING from the outside * normally, this error situation is detected because no corresponding runner objects exists in GitHub and the pod will get removed after registration timeout * if the GitHub runner object already existed before - e.g. because a finalizer was not properly run as part of a partial Kubernetes crash, the runner will always stay in a running mode, even updating the registration token will not kill the problematic pod * introducing RunnerOffline exception that can be handled in runner controller and replicaset controller * as runners are offline when a pod is completed and marked for restart, only do additional restart checks if no restart was already decided, making code a bit cleaner and saving GitHub API calls after each job completion
2021-02-22 02:08:04 +01:00
return ctrl.Result{RequeueAfter: retryDelayOnGitHubAPIRateLimitError}, err
}
feat: Prevent blocking on transient runner registration failure (#297) This enhances the controller to recreate the runner pod if the corresponding runner has failed to register itself to GitHub within 10 minutes(currently hard-coded). It should alleviate #288 in case the root cause is some kind of transient failures(network unreliability, GitHub down, temporarly compute resource shortage, etc). Formerly you had to manually detect and delete such pods or even force-delete corresponding runners to unblock the controller. Since this enhancement, the controller does the pod deletion automatically after 10 minutes after pod creation, which result in the controller create another pod that might work. Ref #288
2021-02-09 10:17:52 +09:00
Handle offline runners gracefully (#341) * if a runner pod starts up with an invalid token, it will go in an infinite retry loop, appearing as RUNNING from the outside * normally, this error situation is detected because no corresponding runner objects exists in GitHub and the pod will get removed after registration timeout * if the GitHub runner object already existed before - e.g. because a finalizer was not properly run as part of a partial Kubernetes crash, the runner will always stay in a running mode, even updating the registration token will not kill the problematic pod * introducing RunnerOffline exception that can be handled in runner controller and replicaset controller * as runners are offline when a pod is completed and marked for restart, only do additional restart checks if no restart was already decided, making code a bit cleaner and saving GitHub API calls after each job completion
2021-02-22 02:08:04 +01:00
return ctrl.Result{}, err
feat: Prevent blocking on transient runner registration failure (#297) This enhances the controller to recreate the runner pod if the corresponding runner has failed to register itself to GitHub within 10 minutes(currently hard-coded). It should alleviate #288 in case the root cause is some kind of transient failures(network unreliability, GitHub down, temporarly compute resource shortage, etc). Formerly you had to manually detect and delete such pods or even force-delete corresponding runners to unblock the controller. Since this enhancement, the controller does the pod deletion automatically after 10 minutes after pod creation, which result in the controller create another pod that might work. Ref #288
2021-02-09 10:17:52 +09:00
}
Handle offline runners gracefully (#341) * if a runner pod starts up with an invalid token, it will go in an infinite retry loop, appearing as RUNNING from the outside * normally, this error situation is detected because no corresponding runner objects exists in GitHub and the pod will get removed after registration timeout * if the GitHub runner object already existed before - e.g. because a finalizer was not properly run as part of a partial Kubernetes crash, the runner will always stay in a running mode, even updating the registration token will not kill the problematic pod * introducing RunnerOffline exception that can be handled in runner controller and replicaset controller * as runners are offline when a pod is completed and marked for restart, only do additional restart checks if no restart was already decided, making code a bit cleaner and saving GitHub API calls after each job completion
2021-02-22 02:08:04 +01:00
}
feat: Prevent blocking on transient runner registration failure (#297) This enhances the controller to recreate the runner pod if the corresponding runner has failed to register itself to GitHub within 10 minutes(currently hard-coded). It should alleviate #288 in case the root cause is some kind of transient failures(network unreliability, GitHub down, temporarly compute resource shortage, etc). Formerly you had to manually detect and delete such pods or even force-delete corresponding runners to unblock the controller. Since this enhancement, the controller does the pod deletion automatically after 10 minutes after pod creation, which result in the controller create another pod that might work. Ref #288
2021-02-09 10:17:52 +09:00
Handle offline runners gracefully (#341) * if a runner pod starts up with an invalid token, it will go in an infinite retry loop, appearing as RUNNING from the outside * normally, this error situation is detected because no corresponding runner objects exists in GitHub and the pod will get removed after registration timeout * if the GitHub runner object already existed before - e.g. because a finalizer was not properly run as part of a partial Kubernetes crash, the runner will always stay in a running mode, even updating the registration token will not kill the problematic pod * introducing RunnerOffline exception that can be handled in runner controller and replicaset controller * as runners are offline when a pod is completed and marked for restart, only do additional restart checks if no restart was already decided, making code a bit cleaner and saving GitHub API calls after each job completion
2021-02-22 02:08:04 +01:00
// See the `newPod` function called above for more information
// about when this hash changes.
curHash := pod.Labels[LabelKeyPodTemplateHash]
newHash := newPod.Labels[LabelKeyPodTemplateHash]
if !runnerBusy && curHash != newHash {
restart = true
feat: Prevent blocking on transient runner registration failure (#297) This enhances the controller to recreate the runner pod if the corresponding runner has failed to register itself to GitHub within 10 minutes(currently hard-coded). It should alleviate #288 in case the root cause is some kind of transient failures(network unreliability, GitHub down, temporarly compute resource shortage, etc). Formerly you had to manually detect and delete such pods or even force-delete corresponding runners to unblock the controller. Since this enhancement, the controller does the pod deletion automatically after 10 minutes after pod creation, which result in the controller create another pod that might work. Ref #288
2021-02-09 10:17:52 +09:00
}
runner-controller: do not delete runner if it is busy (#103) Currently, after refreshing the token, the controller re-creates the runner with the new token. This results in jobs being interrupted. This PR makes sure the pod is not restarted if it is busy. Closes #74
2020-10-05 01:06:37 +01:00
Handle offline runners gracefully (#341) * if a runner pod starts up with an invalid token, it will go in an infinite retry loop, appearing as RUNNING from the outside * normally, this error situation is detected because no corresponding runner objects exists in GitHub and the pod will get removed after registration timeout * if the GitHub runner object already existed before - e.g. because a finalizer was not properly run as part of a partial Kubernetes crash, the runner will always stay in a running mode, even updating the registration token will not kill the problematic pod * introducing RunnerOffline exception that can be handled in runner controller and replicaset controller * as runners are offline when a pod is completed and marked for restart, only do additional restart checks if no restart was already decided, making code a bit cleaner and saving GitHub API calls after each job completion
2021-02-22 02:08:04 +01:00
registrationTimeout := 10 * time.Minute
currentTime := time.Now()
registrationDidTimeout := currentTime.Sub(pod.CreationTimestamp.Add(registrationTimeout)) > 0
Don't compare runner connetion token at restart need check (#227) Fixes #143
2020-12-08 01:48:35 +02:00
Handle offline runners gracefully (#341) * if a runner pod starts up with an invalid token, it will go in an infinite retry loop, appearing as RUNNING from the outside * normally, this error situation is detected because no corresponding runner objects exists in GitHub and the pod will get removed after registration timeout * if the GitHub runner object already existed before - e.g. because a finalizer was not properly run as part of a partial Kubernetes crash, the runner will always stay in a running mode, even updating the registration token will not kill the problematic pod * introducing RunnerOffline exception that can be handled in runner controller and replicaset controller * as runners are offline when a pod is completed and marked for restart, only do additional restart checks if no restart was already decided, making code a bit cleaner and saving GitHub API calls after each job completion
2021-02-22 02:08:04 +01:00
if notRegistered && registrationDidTimeout {
log.Info(
"Runner failed to register itself to GitHub in timely manner. "+
"Recreating the pod to see if it resolves the issue. "+
"CAUTION: If you see this a lot, you should investigate the root cause. "+
"See https://github.com/summerwind/actions-runner-controller/issues/288",
"podCreationTimestamp", pod.CreationTimestamp,
"currentTime", currentTime,
"configuredRegistrationTimeout", registrationTimeout,
)
restart = true
}
if offline && registrationDidTimeout {
log.Info(
"Already existing GitHub runner still appears offline . "+
"Recreating the pod to see if it resolves the issue. "+
"CAUTION: If you see this a lot, you should investigate the root cause. ",
"podCreationTimestamp", pod.CreationTimestamp,
"currentTime", currentTime,
"configuredRegistrationTimeout", registrationTimeout,
)
restart = true
}
runner-controller: do not delete runner if it is busy (#103) Currently, after refreshing the token, the controller re-creates the runner with the new token. This results in jobs being interrupted. This PR makes sure the pod is not restarted if it is busy. Closes #74
2020-10-05 01:06:37 +01:00
feat: Prevent blocking on transient runner registration failure (#297) This enhances the controller to recreate the runner pod if the corresponding runner has failed to register itself to GitHub within 10 minutes(currently hard-coded). It should alleviate #288 in case the root cause is some kind of transient failures(network unreliability, GitHub down, temporarly compute resource shortage, etc). Formerly you had to manually detect and delete such pods or even force-delete corresponding runners to unblock the controller. Since this enhancement, the controller does the pod deletion automatically after 10 minutes after pod creation, which result in the controller create another pod that might work. Ref #288
2021-02-09 10:17:52 +09:00
}
Don't compare runner connetion token at restart need check (#227) Fixes #143
2020-12-08 01:48:35 +02:00
// Don't do anything if there's no need to restart the runner
Restart runner pod on completion
2020-02-01 00:06:30 +09:00
if !restart {
feat: Prevent blocking on transient runner registration failure (#297) This enhances the controller to recreate the runner pod if the corresponding runner has failed to register itself to GitHub within 10 minutes(currently hard-coded). It should alleviate #288 in case the root cause is some kind of transient failures(network unreliability, GitHub down, temporarly compute resource shortage, etc). Formerly you had to manually detect and delete such pods or even force-delete corresponding runners to unblock the controller. Since this enhancement, the controller does the pod deletion automatically after 10 minutes after pod creation, which result in the controller create another pod that might work. Ref #288
2021-02-09 10:17:52 +09:00
return ctrl.Result{}, nil
Reconcile when runner pod is updated
2020-01-29 23:12:07 +09:00
}
Implement runner controller
2020-01-28 21:58:01 +09:00
Don't compare runner connetion token at restart need check (#227) Fixes #143
2020-12-08 01:48:35 +02:00
// Delete current pod if recreation is needed
Ignore pods being deleted
2020-01-31 22:47:53 +09:00
if err := r.Delete(ctx, &pod); err != nil {
Record event of runner resource
2020-02-03 18:40:59 +09:00
log.Error(err, "Failed to delete pod resource")
Implement runner controller
2020-01-28 21:58:01 +09:00
return ctrl.Result{}, err
}
Reconcile when runner pod is updated
2020-01-29 23:12:07 +09:00
Record event of runner resource
2020-02-03 18:40:59 +09:00
r.Recorder.Event(&runner, corev1.EventTypeNormal, "PodDeleted", fmt.Sprintf("Deleted pod '%s'", newPod.Name))
log.Info("Deleted runner pod", "repository", runner.Spec.Repository)
Implement runner controller
2020-01-28 21:58:01 +09:00
}
Initial commit
2020-01-28 15:03:23 +09:00
return ctrl.Result{}, nil
}
Add support for enterprise runners (#290) * Add support for enterprise runners * update docs
2021-02-05 02:31:06 +02:00
func (r *RunnerReconciler) unregisterRunner(ctx context.Context, enterprise, org, repo, name string) (bool, error) {
runners, err := r.GitHubClient.ListRunners(ctx, enterprise, org, repo)
Implement finalizer
2020-02-03 21:35:01 +09:00
if err != nil {
return false, err
}
Use github package to access the GitHub API
2020-04-13 22:28:07 +09:00
id := int64(0)
for _, runner := range runners {
if runner.GetName() == name {
runner-controller: do not delete runner if it is busy (#103) Currently, after refreshing the token, the controller re-creates the runner with the new token. This results in jobs being interrupted. This PR makes sure the pod is not restarted if it is busy. Closes #74
2020-10-05 01:06:37 +01:00
if runner.GetBusy() {
return false, fmt.Errorf("runner is busy")
}
Use github package to access the GitHub API
2020-04-13 22:28:07 +09:00
id = runner.GetID()
Implement finalizer
2020-02-03 21:35:01 +09:00
break
}
}
Use github package to access the GitHub API
2020-04-13 22:28:07 +09:00
if id == int64(0) {
Implement finalizer
2020-02-03 21:35:01 +09:00
return false, nil
}
Add support for enterprise runners (#290) * Add support for enterprise runners * update docs
2021-02-05 02:31:06 +02:00
if err := r.GitHubClient.RemoveRunner(ctx, enterprise, org, repo, id); err != nil {
Implement finalizer
2020-02-03 21:35:01 +09:00
return false, err
}
return true, nil
}
Fix token registration broken since v0.11.0 (#167) Fixes #166
2020-11-11 09:38:05 +09:00
func (r *RunnerReconciler) updateRegistrationToken(ctx context.Context, runner v1alpha1.Runner) (bool, error) {
if runner.IsRegisterable() {
return false, nil
}
log := r.Log.WithValues("runner", runner.Name)
Add support for enterprise runners (#290) * Add support for enterprise runners * update docs
2021-02-05 02:31:06 +02:00
rt, err := r.GitHubClient.GetRegistrationToken(ctx, runner.Spec.Enterprise, runner.Spec.Organization, runner.Spec.Repository, runner.Name)
Fix token registration broken since v0.11.0 (#167) Fixes #166
2020-11-11 09:38:05 +09:00
if err != nil {
r.Recorder.Event(&runner, corev1.EventTypeWarning, "FailedUpdateRegistrationToken", "Updating registration token failed")
log.Error(err, "Failed to get new registration token")
return false, err
}
updated := runner.DeepCopy()
updated.Status.Registration = v1alpha1.RunnerStatusRegistration{
Organization: runner.Spec.Organization,
Repository: runner.Spec.Repository,
Labels: runner.Spec.Labels,
Token: rt.GetToken(),
ExpiresAt: metav1.NewTime(rt.GetExpiresAt().Time),
}
if err := r.Status().Update(ctx, updated); err != nil {
log.Error(err, "Failed to update runner status")
return false, err
}
r.Recorder.Event(&runner, corev1.EventTypeNormal, "RegistrationTokenUpdated", "Successfully update registration token")
log.Info("Updated registration token", "repository", runner.Spec.Repository)
return true, nil
}
func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
Add docker container to a runner pod
2020-01-30 23:52:40 +09:00
var (
Configurable "runner and DinD in a single container" (#126)
2020-10-20 02:48:28 +03:00
privileged bool = true
Rename Runner.Spec.dockerWithinRunnerContainer to docker"d"WithinRunnerContainer (#134) * Rename Runner.Spec.dockerWithinRunnerContainer to dockerdWithinRunnerContainer Ref https://github.com/summerwind/actions-runner-controller/pull/126#issuecomment-712501790
2020-10-21 21:32:40 +09:00
dockerdInRunner bool = runner.Spec.DockerdWithinRunnerContainer != nil && *runner.Spec.DockerdWithinRunnerContainer
add dockerEnabled option (#191) Add dockerEnabled option for users who does not need docker and want not to run privileged container. if `dockerEnabled == false`, dind container not run, and there are no privileged container. Do the same as closed #96
2020-11-16 09:41:12 +09:00
dockerEnabled bool = runner.Spec.DockerEnabled == nil || *runner.Spec.DockerEnabled
Add docker container to a runner pod
2020-01-30 23:52:40 +09:00
)
Add '-runner-image' and '-docker-image' flags
2020-02-03 16:56:52 +09:00
runnerImage := runner.Spec.Image
if runnerImage == "" {
runnerImage = r.RunnerImage
Implement runner controller
2020-01-28 21:58:01 +09:00
}
parametrized working directory (#185) * parametrized working directory * manifests v3.0
2020-11-25 00:55:26 +01:00
workDir := runner.Spec.WorkDir
if workDir == "" {
workDir = "/runner/_work"
}
add config to respect image pull policy
2020-07-08 23:53:52 -07:00
runnerImagePullPolicy := runner.Spec.ImagePullPolicy
if runnerImagePullPolicy == "" {
runnerImagePullPolicy = corev1.PullAlways
}
Add 'env' field to runner resource
2020-02-06 22:09:07 +09:00
env := []corev1.EnvVar{
{
Name: "RUNNER_NAME",
Value: runner.Name,
},
support for organization runners
2020-04-23 16:36:40 +02:00
{
Name: "RUNNER_ORG",
Value: runner.Spec.Organization,
},
Add 'env' field to runner resource
2020-02-06 22:09:07 +09:00
{
Name: "RUNNER_REPO",
Value: runner.Spec.Repository,
},
Add support for enterprise runners (#290) * Add support for enterprise runners * update docs
2021-02-05 02:31:06 +02:00
{
Name: "RUNNER_ENTERPRISE",
Value: runner.Spec.Enterprise,
},
support runner labels
2020-04-24 11:29:52 +02:00
{
Name: "RUNNER_LABELS",
Value: strings.Join(runner.Spec.Labels, ","),
},
Adds RUNNER_GROUP argument to the runner registration (#157) * Adds RUNNER_GROUP argument to the runner registration Adds the ability to register a runner to a predefined runner_group Resolves #137 * Update README with runner group example - Updates the README with instructions of how to add the runner to a group - Fix code fencing for shell and yaml blocks in the README - Use consistent bullet points (dash not asterisk)
2020-11-10 08:15:54 +00:00
{
Name: "RUNNER_GROUP",
Value: runner.Spec.Group,
},
Add 'env' field to runner resource
2020-02-06 22:09:07 +09:00
{
Name: "RUNNER_TOKEN",
Fix token registration broken since v0.11.0 (#167) Fixes #166
2020-11-11 09:38:05 +09:00
Value: runner.Status.Registration.Token,
Add 'env' field to runner resource
2020-02-06 22:09:07 +09:00
},
Configurable "runner and DinD in a single container" (#126)
2020-10-20 02:48:28 +03:00
{
Name: "DOCKERD_IN_RUNNER",
Value: fmt.Sprintf("%v", dockerdInRunner),
},
Added support for other than public GitHub URL (#146) Refactoring a bit
2020-10-28 15:15:53 +02:00
{
Name: "GITHUB_URL",
Value: r.GitHubClient.GithubBaseURL,
},
parametrized working directory (#185) * parametrized working directory * manifests v3.0
2020-11-25 00:55:26 +01:00
{
Name: "RUNNER_WORKDIR",
Value: workDir,
},
Add 'env' field to runner resource
2020-02-06 22:09:07 +09:00
}
Add variants of PodTemplate spec fields into the Runner spec (#7) Resolves #5 Fixes #11 Fixes #12 Changes: * Added podtemplate spec * Rework pod creation logic * Added most using podspecs * Added copy of podspec * Fixed Github List method * Fixed containers * Added ability to override runner's containers * Added ability to override runner's containers * Added ability to override runner's containers * Update controllers/runner_controller.go Co-Authored-By: Moto Ishizawa <summerwind.jp@gmail.com> * Remove optional restartpolicy * Changed naming convention Co-authored-by: Moto Ishizawa <summerwind.jp@gmail.com>
2020-03-20 15:50:50 +02:00
env = append(env, runner.Spec.Env...)
feat: EKS IAM Roles for Service Accounts for Runner Pods (#226) One of the pod recreation conditions has been modified to use hash of runner spec, so that the controller does not keep restarting pods mutated by admission webhooks. This naturally allows us, for example, to use IRSA for EKS that requires its admission webhook to mutate the runner pod to have additional, IRSA-related volumes, volume mounts and env. Resolves #200
2020-12-08 17:56:06 +09:00
labels := map[string]string{}
for k, v := range runner.Labels {
labels[k] = v
}
// This implies that...
//
// (1) We recreate the runner pod whenever the runner has changes in:
// - metadata.labels (excluding "runner-template-hash" added by the parent RunnerReplicaSet
// - metadata.annotations
// - metadata.spec (including image, env, organization, repository, group, and so on)
// - GithubBaseURL setting of the controller (can be configured via GITHUB_ENTERPRISE_URL)
//
// (2) We don't recreate the runner pod when there are changes in:
// - runner.status.registration.token
// - This token expires and changes hourly, but you don't need to recreate the pod due to that.
// It's the opposite.
// An unexpired token is required only when the runner agent is registering itself on launch.
//
// In other words, the registered runner doesn't get invalidated on registration token expiration.
// A registered runner's session and the a registration token seem to have two different and independent
// lifecycles.
//
// See https://github.com/summerwind/actions-runner-controller/issues/143 for more context.
labels[LabelKeyPodTemplateHash] = hash.FNVHashStringObjects(
filterLabels(runner.Labels, LabelKeyRunnerTemplateHash),
runner.Annotations,
runner.Spec,
r.GitHubClient.GithubBaseURL,
)
Reconcile when runner pod is updated
2020-01-29 23:12:07 +09:00
pod := corev1.Pod{
Implement runner controller
2020-01-28 21:58:01 +09:00
ObjectMeta: metav1.ObjectMeta{
Add variants of PodTemplate spec fields into the Runner spec (#7) Resolves #5 Fixes #11 Fixes #12 Changes: * Added podtemplate spec * Rework pod creation logic * Added most using podspecs * Added copy of podspec * Fixed Github List method * Fixed containers * Added ability to override runner's containers * Added ability to override runner's containers * Added ability to override runner's containers * Update controllers/runner_controller.go Co-Authored-By: Moto Ishizawa <summerwind.jp@gmail.com> * Remove optional restartpolicy * Changed naming convention Co-authored-by: Moto Ishizawa <summerwind.jp@gmail.com>
2020-03-20 15:50:50 +02:00
Name: runner.Name,
Namespace: runner.Namespace,
feat: EKS IAM Roles for Service Accounts for Runner Pods (#226) One of the pod recreation conditions has been modified to use hash of runner spec, so that the controller does not keep restarting pods mutated by admission webhooks. This naturally allows us, for example, to use IRSA for EKS that requires its admission webhook to mutate the runner pod to have additional, IRSA-related volumes, volume mounts and env. Resolves #200
2020-12-08 17:56:06 +09:00
Labels: labels,
Add variants of PodTemplate spec fields into the Runner spec (#7) Resolves #5 Fixes #11 Fixes #12 Changes: * Added podtemplate spec * Rework pod creation logic * Added most using podspecs * Added copy of podspec * Fixed Github List method * Fixed containers * Added ability to override runner's containers * Added ability to override runner's containers * Added ability to override runner's containers * Update controllers/runner_controller.go Co-Authored-By: Moto Ishizawa <summerwind.jp@gmail.com> * Remove optional restartpolicy * Changed naming convention Co-authored-by: Moto Ishizawa <summerwind.jp@gmail.com>
2020-03-20 15:50:50 +02:00
Annotations: runner.Annotations,
Implement runner controller
2020-01-28 21:58:01 +09:00
},
Spec: corev1.PodSpec{
Restart runner pod on completion
2020-02-01 00:06:30 +09:00
RestartPolicy: "OnFailure",
Implement runner controller
2020-01-28 21:58:01 +09:00
Containers: []corev1.Container{
{
Restart runner pod on completion
2020-02-01 00:06:30 +09:00
Name: containerName,
Add '-runner-image' and '-docker-image' flags
2020-02-03 16:56:52 +09:00
Image: runnerImage,
add config to respect image pull policy
2020-07-08 23:53:52 -07:00
ImagePullPolicy: runnerImagePullPolicy,
Add 'env' field to runner resource
2020-02-06 22:09:07 +09:00
Env: env,
Add variants of PodTemplate spec fields into the Runner spec (#7) Resolves #5 Fixes #11 Fixes #12 Changes: * Added podtemplate spec * Rework pod creation logic * Added most using podspecs * Added copy of podspec * Fixed Github List method * Fixed containers * Added ability to override runner's containers * Added ability to override runner's containers * Added ability to override runner's containers * Update controllers/runner_controller.go Co-Authored-By: Moto Ishizawa <summerwind.jp@gmail.com> * Remove optional restartpolicy * Changed naming convention Co-authored-by: Moto Ishizawa <summerwind.jp@gmail.com>
2020-03-20 15:50:50 +02:00
EnvFrom: runner.Spec.EnvFrom,
Add docker container to a runner pod
2020-01-30 23:52:40 +09:00
SecurityContext: &corev1.SecurityContext{
Configurable "runner and DinD in a single container" (#126)
2020-10-20 02:48:28 +03:00
// Runner need to run privileged if it contains DinD
Rename Runner.Spec.dockerWithinRunnerContainer to docker"d"WithinRunnerContainer (#134) * Rename Runner.Spec.dockerWithinRunnerContainer to dockerdWithinRunnerContainer Ref https://github.com/summerwind/actions-runner-controller/pull/126#issuecomment-712501790
2020-10-21 21:32:40 +09:00
Privileged: runner.Spec.DockerdWithinRunnerContainer,
Add docker container to a runner pod
2020-01-30 23:52:40 +09:00
},
Add variants of PodTemplate spec fields into the Runner spec (#7) Resolves #5 Fixes #11 Fixes #12 Changes: * Added podtemplate spec * Rework pod creation logic * Added most using podspecs * Added copy of podspec * Fixed Github List method * Fixed containers * Added ability to override runner's containers * Added ability to override runner's containers * Added ability to override runner's containers * Update controllers/runner_controller.go Co-Authored-By: Moto Ishizawa <summerwind.jp@gmail.com> * Remove optional restartpolicy * Changed naming convention Co-authored-by: Moto Ishizawa <summerwind.jp@gmail.com>
2020-03-20 15:50:50 +02:00
Resources: runner.Spec.Resources,
Add docker container to a runner pod
2020-01-30 23:52:40 +09:00
},
Configurable "runner and DinD in a single container" (#126)
2020-10-20 02:48:28 +03:00
},
},
}
add dockerEnabled option (#191) Add dockerEnabled option for users who does not need docker and want not to run privileged container. if `dockerEnabled == false`, dind container not run, and there are no privileged container. Do the same as closed #96
2020-11-16 09:41:12 +09:00
if !dockerdInRunner && dockerEnabled {
Fix self-update failuers due to /runner/externals mount (#253) * Fix self-update failuers due to /runner/externals mount Fixes #252 * Tested Self-update Fixes (#269) Adding fixes to #253 as confirmed and tested in https://github.com/summerwind/actions-runner-controller/issues/264#issuecomment-764549833 by @jolestar, @achedeuzot and @hfuss :bow: :beers: Co-authored-by: Hayden Fuss <wifu1234@gmail.com>
2021-01-24 10:58:35 +09:00
runnerVolumeName := "runner"
runnerVolumeMountPath := "/runner"
Configurable "runner and DinD in a single container" (#126)
2020-10-20 02:48:28 +03:00
pod.Spec.Volumes = []corev1.Volume{
{
Name: "work",
VolumeSource: corev1.VolumeSource{
EmptyDir: &corev1.EmptyDirVolumeSource{},
Add docker container to a runner pod
2020-01-30 23:52:40 +09:00
},
},
[BUG?]: Create mountpoint for /externals/ (#203) * runner/controller: Add externals directory mount point * Runner: Create hack for moving content of /runner/externals/ dir * Externals dir Mount: mount examples for '__e/node12/bin/node' not found error
2020-11-25 01:53:47 +02:00
{
Fix self-update failuers due to /runner/externals mount (#253) * Fix self-update failuers due to /runner/externals mount Fixes #252 * Tested Self-update Fixes (#269) Adding fixes to #253 as confirmed and tested in https://github.com/summerwind/actions-runner-controller/issues/264#issuecomment-764549833 by @jolestar, @achedeuzot and @hfuss :bow: :beers: Co-authored-by: Hayden Fuss <wifu1234@gmail.com>
2021-01-24 10:58:35 +09:00
Name: runnerVolumeName,
[BUG?]: Create mountpoint for /externals/ (#203) * runner/controller: Add externals directory mount point * Runner: Create hack for moving content of /runner/externals/ dir * Externals dir Mount: mount examples for '__e/node12/bin/node' not found error
2020-11-25 01:53:47 +02:00
VolumeSource: corev1.VolumeSource{
EmptyDir: &corev1.EmptyDirVolumeSource{},
},
},
Use TLS for secure docker connection (#192)
2020-11-30 08:57:33 +09:00
{
Name: "certs-client",
VolumeSource: corev1.VolumeSource{
EmptyDir: &corev1.EmptyDirVolumeSource{},
},
},
Configurable "runner and DinD in a single container" (#126)
2020-10-20 02:48:28 +03:00
}
pod.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{
{
Name: "work",
parametrized working directory (#185) * parametrized working directory * manifests v3.0
2020-11-25 00:55:26 +01:00
MountPath: workDir,
Configurable "runner and DinD in a single container" (#126)
2020-10-20 02:48:28 +03:00
},
[BUG?]: Create mountpoint for /externals/ (#203) * runner/controller: Add externals directory mount point * Runner: Create hack for moving content of /runner/externals/ dir * Externals dir Mount: mount examples for '__e/node12/bin/node' not found error
2020-11-25 01:53:47 +02:00
{
Fix self-update failuers due to /runner/externals mount (#253) * Fix self-update failuers due to /runner/externals mount Fixes #252 * Tested Self-update Fixes (#269) Adding fixes to #253 as confirmed and tested in https://github.com/summerwind/actions-runner-controller/issues/264#issuecomment-764549833 by @jolestar, @achedeuzot and @hfuss :bow: :beers: Co-authored-by: Hayden Fuss <wifu1234@gmail.com>
2021-01-24 10:58:35 +09:00
Name: runnerVolumeName,
MountPath: runnerVolumeMountPath,
[BUG?]: Create mountpoint for /externals/ (#203) * runner/controller: Add externals directory mount point * Runner: Create hack for moving content of /runner/externals/ dir * Externals dir Mount: mount examples for '__e/node12/bin/node' not found error
2020-11-25 01:53:47 +02:00
},
Use TLS for secure docker connection (#192)
2020-11-30 08:57:33 +09:00
{
Name: "certs-client",
MountPath: "/certs/client",
ReadOnly: true,
},
Configurable "runner and DinD in a single container" (#126)
2020-10-20 02:48:28 +03:00
}
Use TLS for secure docker connection (#192)
2020-11-30 08:57:33 +09:00
pod.Spec.Containers[0].Env = append(pod.Spec.Containers[0].Env, []corev1.EnvVar{
{
Name: "DOCKER_HOST",
Value: "tcp://localhost:2376",
},
{
Name: "DOCKER_TLS_VERIFY",
Value: "1",
},
{
Name: "DOCKER_CERT_PATH",
Value: "/certs/client",
},
}...)
Configurable "runner and DinD in a single container" (#126)
2020-10-20 02:48:28 +03:00
pod.Spec.Containers = append(pod.Spec.Containers, corev1.Container{
Name: "docker",
Image: r.DockerImage,
VolumeMounts: []corev1.VolumeMount{
Share runner's working directory with docker sidecar
2020-04-24 22:36:27 +09:00
{
Configurable "runner and DinD in a single container" (#126)
2020-10-20 02:48:28 +03:00
Name: "work",
parametrized working directory (#185) * parametrized working directory * manifests v3.0
2020-11-25 00:55:26 +01:00
MountPath: workDir,
Share runner's working directory with docker sidecar
2020-04-24 22:36:27 +09:00
},
[BUG?]: Create mountpoint for /externals/ (#203) * runner/controller: Add externals directory mount point * Runner: Create hack for moving content of /runner/externals/ dir * Externals dir Mount: mount examples for '__e/node12/bin/node' not found error
2020-11-25 01:53:47 +02:00
{
Fix self-update failuers due to /runner/externals mount (#253) * Fix self-update failuers due to /runner/externals mount Fixes #252 * Tested Self-update Fixes (#269) Adding fixes to #253 as confirmed and tested in https://github.com/summerwind/actions-runner-controller/issues/264#issuecomment-764549833 by @jolestar, @achedeuzot and @hfuss :bow: :beers: Co-authored-by: Hayden Fuss <wifu1234@gmail.com>
2021-01-24 10:58:35 +09:00
Name: runnerVolumeName,
MountPath: runnerVolumeMountPath,
[BUG?]: Create mountpoint for /externals/ (#203) * runner/controller: Add externals directory mount point * Runner: Create hack for moving content of /runner/externals/ dir * Externals dir Mount: mount examples for '__e/node12/bin/node' not found error
2020-11-25 01:53:47 +02:00
},
Use TLS for secure docker connection (#192)
2020-11-30 08:57:33 +09:00
{
Name: "certs-client",
MountPath: "/certs/client",
},
use tcp DOCKER_HOST instead of sharing docker.sock
2020-11-12 08:07:52 +09:00
},
gofmt ed
2020-11-12 09:20:06 +09:00
Env: []corev1.EnvVar{
Share runner's working directory with docker sidecar
2020-04-24 22:36:27 +09:00
{
gofmt ed
2020-11-12 09:20:06 +09:00
Name: "DOCKER_TLS_CERTDIR",
Use TLS for secure docker connection (#192)
2020-11-30 08:57:33 +09:00
Value: "/certs",
Implement runner controller
2020-01-28 21:58:01 +09:00
},
},
Configurable "runner and DinD in a single container" (#126)
2020-10-20 02:48:28 +03:00
SecurityContext: &corev1.SecurityContext{
Privileged: &privileged,
},
Actually use 'dockerdContainerResources' to set resources on the dind container (#273)
2021-01-29 01:18:28 +01:00
Resources: runner.Spec.DockerdContainerResources,
Configurable "runner and DinD in a single container" (#126)
2020-10-20 02:48:28 +03:00
})
Implement runner controller
2020-01-28 21:58:01 +09:00
}
Reconcile when runner pod is updated
2020-01-29 23:12:07 +09:00
Add variants of PodTemplate spec fields into the Runner spec (#7) Resolves #5 Fixes #11 Fixes #12 Changes: * Added podtemplate spec * Rework pod creation logic * Added most using podspecs * Added copy of podspec * Fixed Github List method * Fixed containers * Added ability to override runner's containers * Added ability to override runner's containers * Added ability to override runner's containers * Update controllers/runner_controller.go Co-Authored-By: Moto Ishizawa <summerwind.jp@gmail.com> * Remove optional restartpolicy * Changed naming convention Co-authored-by: Moto Ishizawa <summerwind.jp@gmail.com>
2020-03-20 15:50:50 +02:00
if len(runner.Spec.Containers) != 0 {
pod.Spec.Containers = runner.Spec.Containers
Inject Env Vars into Runner defined Container Spec (#127) The runner token is now injected into the `runner` container defined within Runner.Spec.Containers[]
2020-10-20 01:43:53 +02:00
for i := 0; i < len(pod.Spec.Containers); i++ {
if pod.Spec.Containers[i].Name == containerName {
pod.Spec.Containers[i].Env = append(pod.Spec.Containers[i].Env, env...)
}
}
Add variants of PodTemplate spec fields into the Runner spec (#7) Resolves #5 Fixes #11 Fixes #12 Changes: * Added podtemplate spec * Rework pod creation logic * Added most using podspecs * Added copy of podspec * Fixed Github List method * Fixed containers * Added ability to override runner's containers * Added ability to override runner's containers * Added ability to override runner's containers * Update controllers/runner_controller.go Co-Authored-By: Moto Ishizawa <summerwind.jp@gmail.com> * Remove optional restartpolicy * Changed naming convention Co-authored-by: Moto Ishizawa <summerwind.jp@gmail.com>
2020-03-20 15:50:50 +02:00
}
if len(runner.Spec.VolumeMounts) != 0 {
pod.Spec.Containers[0].VolumeMounts = append(pod.Spec.Containers[0].VolumeMounts, runner.Spec.VolumeMounts...)
}
if len(runner.Spec.Volumes) != 0 {
Set volume to pod properly
2020-04-30 18:41:17 +09:00
pod.Spec.Volumes = append(pod.Spec.Volumes, runner.Spec.Volumes...)
Add variants of PodTemplate spec fields into the Runner spec (#7) Resolves #5 Fixes #11 Fixes #12 Changes: * Added podtemplate spec * Rework pod creation logic * Added most using podspecs * Added copy of podspec * Fixed Github List method * Fixed containers * Added ability to override runner's containers * Added ability to override runner's containers * Added ability to override runner's containers * Update controllers/runner_controller.go Co-Authored-By: Moto Ishizawa <summerwind.jp@gmail.com> * Remove optional restartpolicy * Changed naming convention Co-authored-by: Moto Ishizawa <summerwind.jp@gmail.com>
2020-03-20 15:50:50 +02:00
}
if len(runner.Spec.InitContainers) != 0 {
pod.Spec.InitContainers = append(pod.Spec.InitContainers, runner.Spec.InitContainers...)
}
if runner.Spec.NodeSelector != nil {
pod.Spec.NodeSelector = runner.Spec.NodeSelector
}
if runner.Spec.ServiceAccountName != "" {
pod.Spec.ServiceAccountName = runner.Spec.ServiceAccountName
}
if runner.Spec.AutomountServiceAccountToken != nil {
pod.Spec.AutomountServiceAccountToken = runner.Spec.AutomountServiceAccountToken
}
if len(runner.Spec.SidecarContainers) != 0 {
pod.Spec.Containers = append(pod.Spec.Containers, runner.Spec.SidecarContainers...)
}
if runner.Spec.SecurityContext != nil {
pod.Spec.SecurityContext = runner.Spec.SecurityContext
}
if len(runner.Spec.ImagePullSecrets) != 0 {
pod.Spec.ImagePullSecrets = runner.Spec.ImagePullSecrets
}
if runner.Spec.Affinity != nil {
pod.Spec.Affinity = runner.Spec.Affinity
}
if len(runner.Spec.Tolerations) != 0 {
pod.Spec.Tolerations = runner.Spec.Tolerations
}
if len(runner.Spec.EphemeralContainers) != 0 {
pod.Spec.EphemeralContainers = runner.Spec.EphemeralContainers
}
if runner.Spec.TerminationGracePeriodSeconds != nil {
pod.Spec.TerminationGracePeriodSeconds = runner.Spec.TerminationGracePeriodSeconds
}
Reconcile when runner pod is updated
2020-01-29 23:12:07 +09:00
if err := ctrl.SetControllerReference(&runner, &pod, r.Scheme); err != nil {
return pod, err
}
return pod, nil
Implement runner controller
2020-01-28 21:58:01 +09:00
}
Initial commit
2020-01-28 15:03:23 +09:00
func (r *RunnerReconciler) SetupWithManager(mgr ctrl.Manager) error {
Fix "duplicate metrics collector registration attempted" errors at startup (#317) I have seen this error a lot in our integration test. It turned out due to https://github.com/kubernetes-sigs/controller-runtime/issues/484 and is being fixed with this change.
2021-02-16 18:51:33 +09:00
name := "runner-controller"
r.Recorder = mgr.GetEventRecorderFor(name)
Record event of runner resource
2020-02-03 18:40:59 +09:00
Initial commit
2020-01-28 15:03:23 +09:00
return ctrl.NewControllerManagedBy(mgr).
Implement runner controller
2020-01-28 21:58:01 +09:00
For(&v1alpha1.Runner{}).
Reconcile when runner pod is updated
2020-01-29 23:12:07 +09:00
Owns(&corev1.Pod{}).
Fix "duplicate metrics collector registration attempted" errors at startup (#317) I have seen this error a lot in our integration test. It turned out due to https://github.com/kubernetes-sigs/controller-runtime/issues/484 and is being fixed with this change.
2021-02-16 18:51:33 +09:00
Named(name).
Initial commit
2020-01-28 15:03:23 +09:00
Complete(r)
}
Implement finalizer
2020-02-03 21:35:01 +09:00
func addFinalizer(finalizers []string) ([]string, bool) {
exists := false
for _, name := range finalizers {
if name == finalizerName {
exists = true
}
}
if exists {
return finalizers, false
}
return append(finalizers, finalizerName), true
}
func removeFinalizer(finalizers []string) ([]string, bool) {
removed := false
result := []string{}
for _, name := range finalizers {
if name == finalizerName {
removed = true
continue
}
result = append(result, name)
}
return result, removed
}
Reference in New Issue Copy Permalink