feat: refactor helm chart

To avoid having to completely define template.spec, in case the user
wanted to make significant changes to the runner pod, new values
extra{Args,Env,VolumeMounts...} are introduced.
This also makes the helm chart follow a more canonical layout than
before

Author: norman-zon

charts/gha-runner-scale-set/templates/_helpers.tpl

@@ -20,12 +20,12 @@ metadata:
     {{- end }}
     actions.github.com/cleanup-manager-role-binding: {{ include "gha-runner-scale-set.managerRoleBindingName" . }}
     actions.github.com/cleanup-manager-role-name: {{ include "gha-runner-scale-set.managerRoleName" . }}
-    {{- if and $containerMode (eq $containerMode.type "kubernetes") (not .Values.template.spec.serviceAccountName) }}
+    {{- if and $containerMode (eq $containerMode.type "kubernetes") (not .Values.runner.serviceAccountName) }}
     actions.github.com/cleanup-kubernetes-mode-role-binding-name: {{ include "gha-runner-scale-set.kubeModeRoleBindingName" . }}
     actions.github.com/cleanup-kubernetes-mode-role-name: {{ include "gha-runner-scale-set.kubeModeRoleName" . }}
     actions.github.com/cleanup-kubernetes-mode-service-account-name: {{ include "gha-runner-scale-set.kubeModeServiceAccountName" . }}
     {{- end }}
-    {{- if and (ne $containerMode.type "kubernetes") (not .Values.template.spec.serviceAccountName) }}
+    {{- if and (ne $containerMode.type "kubernetes") (not .Values.runner.serviceAccountName) }}
     actions.github.com/cleanup-no-permission-service-account-name: {{ include "gha-runner-scale-set.noPermissionServiceAccountName" . }}
     {{- end }}
 spec:
@@ -95,7 +95,7 @@ spec:
   {{- end }}
 
   template:
-    {{- with .Values.template.metadata }}
+    {{- with .Values.runner.extraMetadata }}
     metadata:
       {{- with .labels }}
       labels:
@@ -107,60 +107,56 @@ spec:
       {{- end }}
     {{- end }}
     spec:
-      {{- range $key, $val := .Values.template.spec }}
-        {{- if and (ne $key "containers") (ne $key "volumes") (ne $key "initContainers") (ne $key "serviceAccountName") }}
-      {{ $key }}: {{ $val | toYaml | nindent 8 }}
-        {{- end }}
-      {{- end }}
-      {{- if not .Values.template.spec.restartPolicy }}
-      restartPolicy: Never
-      {{- end }}
+      restartPolicy: {{ .Values.runner.restartPolicy }}
       {{- $containerMode := .Values.containerMode }}
       {{- if eq $containerMode.type "kubernetes" }}
-      serviceAccountName: {{ default (include "gha-runner-scale-set.kubeModeServiceAccountName" .) .Values.template.spec.serviceAccountName }}
+      serviceAccountName: {{ default (include "gha-runner-scale-set.kubeModeServiceAccountName" .) .Values.runner.serviceAccountName }}
       {{- else }}
-      serviceAccountName: {{ default (include "gha-runner-scale-set.noPermissionServiceAccountName" .) .Values.template.spec.serviceAccountName }}
+      serviceAccountName: {{ default (include "gha-runner-scale-set.noPermissionServiceAccountName" .) .Values.runner.serviceAccountName }}
       {{- end }}
-      {{- if or .Values.template.spec.initContainers (eq $containerMode.type "dind") }}
+      {{- if or (not (empty .Values.runner.extraInitContainers)) (eq $containerMode.type "dind") }}
       initContainers:
         {{- if eq $containerMode.type "dind" }}
       - name: init-dind-externals
         {{- include "gha-runner-scale-set.dind-init-container" . | nindent 8 }}
         {{- end }}
-        {{- with .Values.template.spec.initContainers }}
-      {{- toYaml . | nindent 6 }}
-        {{- end }}
+      {{- include "gha-runner-scale-set.extra-init-containers" . | nindent 4 }}
       {{- end }}
       containers:
       {{- if eq $containerMode.type "dind" }}
       - name: runner
         {{- include "gha-runner-scale-set.dind-runner-container" . | nindent 8 }}
       - name: dind
         {{- include "gha-runner-scale-set.dind-container" . | nindent 8 }}
-      {{- include "gha-runner-scale-set.non-runner-non-dind-containers" . | nindent 6 }}
+      {{- include "gha-runner-scale-set.extra-containers" . | nindent 4 }}
       {{- else if eq $containerMode.type "kubernetes" }}
       - name: runner
         {{- include "gha-runner-scale-set.kubernetes-mode-runner-container" . | nindent 8 }}
-      {{- include "gha-runner-scale-set.non-runner-containers" . | nindent 6 }}
+      {{- include "gha-runner-scale-set.extra-containers" . | nindent 4 }}
       {{- else }}
-      {{- include "gha-runner-scale-set.default-mode-runner-containers" . | nindent 6 }}
+      - name: runner
+        {{- include "gha-runner-scale-set.default-mode-runner-containers" . | nindent 8 }}
+      {{- include "gha-runner-scale-set.extra-containers" . | nindent 4 }}
       {{- end }}
       {{- $tlsConfig := (default (dict) .Values.githubServerTLS) }}
-      {{- if or .Values.template.spec.volumes (eq $containerMode.type "dind") (eq $containerMode.type "kubernetes") $tlsConfig.runnerMountPath }}
+      {{- if or .Values.runner.extraVolumes (eq $containerMode.type "dind") (eq $containerMode.type "kubernetes") $tlsConfig.runnerMountPath }}
       volumes:
         {{- if $tlsConfig.runnerMountPath }}
           {{- include "gha-runner-scale-set.tls-volume" $tlsConfig | nindent 6 }}
         {{- end }}
         {{- if eq $containerMode.type "dind" }}
           {{- include "gha-runner-scale-set.dind-volume" . | nindent 6 }}
           {{- include "gha-runner-scale-set.dind-work-volume" . | nindent 6 }}
-          {{- include "gha-runner-scale-set.non-work-volumes" . | nindent 6 }}
+          {{- include "gha-runner-scale-set.extra-volumes" . | nindent 6 }}
         {{- else if eq $containerMode.type "kubernetes" }}
           {{- include "gha-runner-scale-set.kubernetes-mode-work-volume" . | nindent 6 }}
-          {{- include "gha-runner-scale-set.non-work-volumes" . | nindent 6 }}
+          {{- include "gha-runner-scale-set.extra-volumes" . | nindent 6 }}
         {{- else }}
-          {{- with .Values.template.spec.volumes }}
-        {{- toYaml . | nindent 6 }}
+          {{- with .Values.runner.extraVolumes }}
+            {{- toYaml . | nindent 6 }}
+          {{- end }}
           {{- end }}
         {{- end }}
+      {{- with .Values.runner.extraPodSpec }}
+        {{- toYaml . | nindent 6 }}
       {{- end }}

charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml

@@ -1,5 +1,5 @@
 {{- $containerMode := .Values.containerMode }}
-{{- if and (eq $containerMode.type "kubernetes") (not .Values.template.spec.serviceAccountName) }}
+{{- if and (eq $containerMode.type "kubernetes") (not .Values.runner.serviceAccountName) }}
 # default permission for runner pod service account in kubernetes mode (container hook)
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role

charts/gha-runner-scale-set/templates/kube_mode_role.yaml

@@ -1,5 +1,5 @@
 {{- $containerMode := .Values.containerMode }}
-{{- if and (eq $containerMode.type "kubernetes") (not .Values.template.spec.serviceAccountName) }}
+{{- if and (eq $containerMode.type "kubernetes") (not .Values.runner.serviceAccountName) }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:

charts/gha-runner-scale-set/templates/kube_mode_role_binding.yaml

@@ -1,5 +1,5 @@
 {{- $containerMode := .Values.containerMode }}
-{{- if and (eq $containerMode.type "kubernetes") (not .Values.template.spec.serviceAccountName) }}
+{{- if and (eq $containerMode.type "kubernetes") (not .Values.runner.serviceAccountName) }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:

charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml

@@ -1,5 +1,5 @@
 {{- $containerMode := .Values.containerMode }}
-{{- if and (ne $containerMode.type "kubernetes") (not .Values.template.spec.serviceAccountName) }}
+{{- if and (ne $containerMode.type "kubernetes") (not .Values.runner.serviceAccountName) }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:

charts/gha-runner-scale-set/templates/no_permission_serviceaccount.yaml

@@ -283,7 +283,7 @@ func TestTemplateRenderedUserProvideSetServiceAccount(t *testing.T) {
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
-			"template.spec.serviceAccountName":   "test-service-account",
+			"runner.serviceAccountName":          "test-service-account",
 			"controllerServiceAccount.name":      "arc",
 			"controllerServiceAccount.namespace": "arc-system",
 		},
@@ -420,14 +420,14 @@ func TestTemplateRenderedAutoScalingRunnerSet_ProvideMetadata(t *testing.T) {
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
-			"githubConfigUrl":                     "https://github.com/actions",
-			"githubConfigSecret.github_token":     "gh_token12345",
-			"template.metadata.labels.test1":      "test1",
-			"template.metadata.labels.test2":      "test2",
-			"template.metadata.annotations.test3": "test3",
-			"template.metadata.annotations.test4": "test4",
-			"controllerServiceAccount.name":       "arc",
-			"controllerServiceAccount.namespace":  "arc-system",
+			"githubConfigUrl":                        "https://github.com/actions",
+			"githubConfigSecret.github_token":        "gh_token12345",
+			"runner.extraMetadata.labels.test1":      "test1",
+			"runner.extraMetadata.labels.test2":      "test2",
+			"runner.extraMetadata.annotations.test3": "test3",
+			"runner.extraMetadata.annotations.test4": "test4",
+			"controllerServiceAccount.name":          "arc",
+			"controllerServiceAccount.namespace":     "arc-system",
 		},
 		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 	}
@@ -1781,7 +1781,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_RestartPolicy(t *testing.T) {
 			"githubConfigSecret.github_token":    "gh_token12345",
 			"controllerServiceAccount.name":      "arc",
 			"controllerServiceAccount.namespace": "arc-system",
-			"template.spec.restartPolicy":        "Always",
+			"runner.restartPolicy":               "Always",
 		},
 		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 	}

charts/gha-runner-scale-set/tests/template_test.go

@@ -1,9 +1,8 @@
 githubConfigUrl: https://github.com/actions/actions-runner-controller
 githubConfigSecret:
   github_token: test
-template:
-  spec:
-    initContainers:
+runner:
+  extraInitContainers:
     - name: kube-init
       image: runner-image:latest
       command: ["sudo", "chown", "-R", "1001:123", "/home/runner/_work"]

charts/gha-runner-scale-set/tests/values_dind_extra_init_containers.yaml

@@ -1,19 +1,15 @@
 githubConfigUrl: https://github.com/actions/actions-runner-controller
 githubConfigSecret:
   github_token: test
-template:
-  spec:
-    containers:
-    - name: other
-      image: other-image:latest
-    volumes:
-    - name: foo
-      emptyDir: {}
-    - name: bar
-      emptyDir: {}
-    - name: work
-      hostPath:
-        path: /data
-        type: Directory
+runner:
+  extraVolumes:
+  - name: foo
+    emptyDir: {}
+  - name: bar
+    emptyDir: {}
+  - name: work
+    hostPath:
+      path: /data
+      type: Directory
 containerMode:
-  type: dind
+  type: dind

charts/gha-runner-scale-set/tests/values_dind_extra_volumes.yaml

@@ -4,16 +4,17 @@ githubConfigSecret:
 template:
   spec:
     containers:
-    - name: runner
+runner:
+  runnerContainer:
       image: runner-image:latest
-      env:
+      extraEnv:
       - name: DOCKER_HOST
         value: tcp://localhost:9999
       - name: MY_NODE_NAME
         valueFrom:
           fieldRef:
             fieldPath: spec.nodeName
-      volumeMounts:
+      extraVolumeMounts:
       - name: work
         mountPath: /work
       - name: others
@@ -22,10 +23,10 @@ template:
         limits:
           memory: "64Mi"
           cpu: "250m"
-    volumes:
+  extraVolumes:
     - name: work
       hostPath:
         path: /data
         type: Directory
 containerMode:
-  type: dind
+  type: dind