Repository files navigation

K8s operator for schedulingGitHub Actions runner pods.self-hosted-runnersare a way to host your own runners and customize the environment used to run jobs in your GitHub Actions workflows.

This operator helps you scale and schedule runners on-demand in a declarative way.

The operator communicates with GitHub in order to determine available jobs and execute workflow on runners. Authentication to GitHub is available using the following modes:

1. As aGitHub app.

This is the preferred mode as it provides enhanced security and increased API quota, and avoids exposure of tokens to runner pods.

Follow the guide for creating GitHub applications. There is no need to define a callback url or webhook secret as they are not used by this integration.

Depending on whether the GitHub application will operate at a repository or organization level, the followingpermissions must be set:

• Repository level
  • Actions - Read/Write
  • Administration - Read/Write
• Organization level
  • Self Hosted Runners - Read/Write

Once the GitHub application has been created, obtain the integration ID and download the private key.

A Github application can only be used by injecting environment variables into the Operator deployment. It is recommended that credentials be stored as Kubernetes secrets and then injected into the operator deployment.

Create a secret calledgithub-runner-app by executing the following command in the namespace containing the operator:

kubectl create secret generic github-runner-app --from-literal=GITHUB_APP_INTEGRATION_ID=<app_id> --from-file=GITHUB_APP_PRIVATE_KEY=<private_key>

Finally define the following on the operator deployment:

envFrom:- secretRef:    name: github-runner-app

2. UsingPersonal Access Tokens (PAT)

Create a Personal Access token with rights at a repository or organization level.

This PAT can be defined at the operator level or within the custom resource (A PAT defined at the CR level will take precedence)

To make use of a PAT that is declared at a CR level, first create a secret calledactions-runner

kubectl create secret generic actions-runner --from-literal=GH_TOKEN=<token>

Define thetokenRef field on theGithubActionRunner custom resource as shown below:

apiVersion:garo.tietoevry.com/v1alpha1kind:GithubActionRunnermetadata:name:runner-poolspec:tokenRef:key:GH_TOKENname:actions-runner

Runners can be registered either against an individual repository or at an organizational level. The following fields are available on theGithubActionRunner custom resource to specify the repository and/or organization to monitor actions:

• organization - GitHub user or Organization
• repository - (Optional) GitHub repository

apiVersion:garo.tietoevry.com/v1alpha1kind:GithubActionRunnermetadata:name:runner-poolspec:# the github org, requiredorganization:yourOrg# the githb repositoryrepository:myrepo

Arguably the most important field of theGithubActionRunner custom resource is thepodTemplateSpec field as it allow you to define the runner that will be managed by the operator. You have the flexibility to define all of the properties that will be needed by the runner including the image, resources and environment variables. During normal operation, the operator will create a token that can be used in your runner to communicate with GitHub. This token is created in a secret called<CR_NAME>-regtoken in theRUNNER_TOKEN key. You should inject this secret into your runner using an environment variable or volume mount.

The following options are available to install the operator:

AHelm chart is available fromthis Helm repository.

Use the following steps to create a namespace and install the operator into the namespace using a Helm chart

helm repo add evryfs-oss https://evryfs.github.io/helm-charts/kubectl create namespace github-actions-runner-operatorhelm install github-actions-runner-operator evryfs-oss/github-actions-runner-operator --namespace github-actions-runner-operator

Execute the following commands to deploy the operator using manifests available within this repository.

Note: TheKustomize tool is required

1. Install the CRD's

make install

2. Deploy the Operator

make deploy

Coming Soon

A sample of theGithubActionRunner custom resource is foundhere

Operator is based onOperator SDK /Kube builder and written in Go.