Skip to content

GitHubActionsRunnerController is Kubernetes Custom Controller that runs self-hosted runner of GitHub Actions.

License

Notifications You must be signed in to change notification settings

kaidotdev/github-actions-runner-controller

Repository files navigation

GitHubActionsRunnerController

GitHubActionsRunnerController is Kubernetes Custom Controller that runs self-hosted runner of GitHub Actions.

Installation

$ kubectl apply -k manifests

Usage

Applying an examples manifest runs self-hosted runner of GitHub Actions.

TOKEN must have administration permission of a target repository to use POST /repos/:owner/:repo/actions/runners/registration-token endpoint.

$ echo -n "<YOUR GITHUB TOKEN>" > examples/TOKEN
$ kubectl apply -k examples

runners

The runner is based on an image that defined at Runner manifest. Its image is rebuilt as an image for Runner using GoogleContainerTools/kaniko by github-actions-runner-controller, and it is distributed via local docker registry.

$ cat examples/runner.yaml
apiVersion: github-actions-runner.kaidotdev.github.io/v1
kind: Runner
metadata:
  name: example
spec:
  image: ubuntu:18.04
  repository: kaidotdev/github-actions-runner-controller
  tokenSecretKeyRef:
    name: credentials
    key: TOKEN

# This shows the image is pulling from the local docker registry
$ kubectl get pod -l app=example -o jsonpath='{$.items[*].metadata.name}: {$.items[*].spec.containers[0].image}'
example-6dd7c8974c-4sgjv: 127.0.0.1:31994/f601e6d⏎

# This shows the image is based on ubuntu:18.04
$ kubectl exec -it example-6dd7c8974c-4sgjv cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.4 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.4 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic

You can pass additional information to runner pod via builderContainerSpec, runnerContainerSpec, and template.

apiVersion: github-actions-runner.kaidotdev.github.io/v1
kind: Runner
metadata:
  name: example
spec:
  image: ubuntu:18.04
  repository: kaidotdev/github-actions-runner-controller
  tokenSecretKeyRef:
    name: credentials
    key: TOKEN
  builderContainerSpec:
    resource:
      requests:
        cpu: 1000m
  runnerContainerSpec:
    env:
      - name: FOO
        valueFrom:
          fieldRef:
            fieldPath: metadata.name
      - name: BAR
        value: bar
  template:
    metadata:
      labels:
        version: v1
      annotations:
        # `--enable-runner-metrics` is required to scrape from prometheus
        prometheus.io/scrape: "true"
        prometheus.io/schema: "http"
        prometheus.io/port: "9090"
        prometheus.io/path: "/metrics"
        sidecar.istio.io/inject: "false"

Therefore, when combined with DirectXMan12/k8s-prometheus-adapter, it is possible to scale according to runner metrics using HPA.

    - seriesQuery: 'github_actions_runs{status="queued"}'
      resources:
        overrides:
          namespace:
            resource: namespace
          pod:
            resource: pod
      name:
        matches: "^(.*)$"
        as: "${1}_queued"
      metricsQuery: <<.Series>>{<<.LabelMatchers>>}
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
  name: example-runner
spec:
  maxReplicas: 5
  minReplicas: 1
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: example
  metrics:
    - type: Pods
      pods:
        metric:
          name: github_actions_runs_queued
        target:
          type: AverageValue
          averageValue: 3

See CRD for other available fields and detailed descriptions: github-actions-runner.kaidotdev.github.io_runners.yaml

GitHub Apps

You can use GitHub Apps to authenticate the runner.

kubectl create secret generic credentials --from-literal=github_app_id="<YOUR GITHUB APP ID>" --from-literal=github_app_installation_id="<YOUR GITHUB APP INSTALLATION ID>" --from-file=github_app_private_key="<PATH TO YOUR GITHUB APP PRIVATE KEY>"
cat <<EOF | kubectl apply -f -
apiVersion: github-actions-runner.kaidotdev.github.io/v1
kind: Runner
metadata:
  name: github-apps-example
spec:
  image: ubuntu:18.04
  repository: kaidotio/hippocampus
  appSecretRef:
    name: credentials
EOF

Required Permissions

  • Actions (read)
  • Administration (read / write)
  • Metadata (read)

How to develop

skaffold dev

$ make dev

Test

$ make test

Lint

$ make lint

Generate CRD from *_types.go by controller-gen

$ make gen

About

GitHubActionsRunnerController is Kubernetes Custom Controller that runs self-hosted runner of GitHub Actions.

Topics

Resources

License

Stars

Watchers

Forks

Packages