gitdataai/deploy/templates/act-runner-deployment.yaml

{{- if .Values.actRunner.enabled -}}
{{- $fullName := include "c-----code.fullname" . -}}
{{- $ns := include "c-----code.namespace" . -}}
{{- $runner := .Values.actRunner -}}

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ $fullName }}-act-runner
  namespace: {{ $ns }}
  labels:
    app.kubernetes.io/name: {{ $fullName }}-act-runner
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
spec:
  replicas: {{ $runner.replicaCount }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ $fullName }}-act-runner
      app.kubernetes.io/instance: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: {{ $fullName }}-act-runner
        app.kubernetes.io/instance: {{ .Release.Name }}
    spec:
      serviceAccountName: {{ $fullName }}-act-runner
      containers:
        - name: runner
          image: "{{ .Values.image.registry }}/act-runner:{{ $runner.image.tag }}"
          imagePullPolicy: {{ $runner.image.pullPolicy | default .Values.image.pullPolicy }}
          args:
            - --config
            - /runner/config.yaml
            - --replaces-self
          env:
            - name: CONFIG_FILE
              value: /runner/config.yaml
            {{- if .Values.nats.enabled }}
            - name: HOOK_POOL_REDIS_LIST_PREFIX
              value: "{hook}"
            - name: HOOK_POOL_REDIS_LOG_CHANNEL
              value: "hook:logs"
            {{- end }}
            {{- range $runner.env }}
            - name: {{ .name }}
              value: {{ .value | quote }}
            {{- end }}
          volumeMounts:
            - name: runner-config
              mountPath: /runner
              readOnly: true
            - name: docker-socket
              mountPath: /var/run/docker.sock
          resources:
            {{- toYaml $runner.resources | nindent 10 }}
      volumes:
        - name: runner-config
          configMap:
            name: {{ $fullName }}-act-runner-config
        - name: docker-socket
          hostPath:
            path: /var/run/docker.sock
            type: Socket
      {{- with $runner.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with $runner.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with $runner.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ $fullName }}-act-runner-config
  namespace: {{ $ns }}
  labels:
    app.kubernetes.io/name: {{ $fullName }}-act-runner
    app.kubernetes.io/instance: {{ .Release.Name }}
data:
  config.yaml: |
    # Act Runner Configuration
    # Generated by Helm values
    log:
      level: {{ $runner.logLevel | default "info" }}
    runner:
      capacity: {{ $runner.capacity | default 2 }}
      labels:
        {{- range $runner.labels }}
        - {{ . }}
        {{- end }}
    cache:
      {{- if $runner.cache.enabled }}
      enabled: true
      dir: {{ $runner.cache.dir | default "/tmp/actions-cache" }}
      {{- else }}
      enabled: false
      {{- end }}
    docker:
      host: unix:///var/run/docker.sock    

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ $fullName }}-act-runner
  namespace: {{ $ns }}
  labels:
    app.kubernetes.io/name: {{ $fullName }}-act-runner
    app.kubernetes.io/instance: {{ .Release.Name }}

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: {{ $fullName }}-act-runner
  namespace: {{ $ns }}
  labels:
    app.kubernetes.io/name: {{ $fullName }}-act-runner
    app.kubernetes.io/instance: {{ .Release.Name }}
rules:
  - apiGroups: [""]
    resources: ["pods", "pods/log"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list"]
  - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["get", "list", "create", "update", "patch"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: {{ $fullName }}-act-runner
  namespace: {{ $ns }}
  labels:
    app.kubernetes.io/name: {{ $fullName }}-act-runner
    app.kubernetes.io/instance: {{ .Release.Name }}
subjects:
  - kind: ServiceAccount
    name: {{ $fullName }}-act-runner
    namespace: {{ $ns }}
roleRef:
  kind: Role
  name: {{ $fullName }}-act-runner
  apiGroup: rbac.authorization.k8s.io

{{- end }}