Feat/decouple-system (#30)

* feat: decouple the runner and controller

* fix docker runner path

Author: uchinda-sph

modules/gha-runner-scale-set/main.tf

@@ -30,8 +30,10 @@ locals {
     github_app_private_key     = var.github_app_private_key
     github_token               = var.github_token
 
-    container_mode_type = var.container_mode_type
-    template_spec       = yamlencode(var.custom_podspec_map)
+    container_mode_type        = var.container_mode_type
+    listener_template_spec     = yamlencode(var.listener_podspec_map)
+    template_spec              = yamlencode(var.custom_podspec_map)
+    controller_service_account = yamlencode(var.controller_service_account)
   }
 
 }

modules/gha-runner-scale-set/templates/values.yaml

@@ -85,6 +85,25 @@ containerMode:
   #       storage: 1Gi
 %{ endif }
 
+## template is the PodSpec for each listener Pod
+## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec
+listenerTemplate:
+  ${indent(2,listener_template_spec)}
+# listenerTemplate:
+#   spec:
+#     containers:
+#     # Use this section to append additional configuration to the listener container.
+#     # If you change the name of the container, the configuration will not be applied to the listener,
+#     # and it will be treated as a side-car container.
+#     - name: listener
+#       securityContext:
+#         runAsUser: 1000
+#     # Use this section to add the configuration of a side-car container.
+#     # Comment it out or remove it if you don't need it.
+#     # Spec for this container will be applied as is without any modifications.
+#     - name: side-car
+#       image: example-sidecar
+
 ## template is the PodSpec for each runner Pod
 %{ if container_mode_type == "" }
 template:
@@ -173,6 +192,7 @@ template:
 ## In case the helm chart can't find the right service account, you can explicitly pass in the following value
 ## to help it finish RoleBinding with the right service account.
 ## Note: if your controller is installed to only watch a single namespace, you have to pass these values explicitly.
-# controllerServiceAccount:
+controllerServiceAccount:
+  ${indent(2,controller_service_account)}
 #   namespace: arc-system
 #   name: test-arc-gha-runner-scale-set-controller

modules/gha-runner-scale-set/variables.tf

@@ -28,7 +28,7 @@ variable "chart_version" {
 variable "chart_namespace" {
   description = "Namespace to install the chart into."
   type        = string
-  default     = "arc-systems"
+  default     = "arc-runners"
 }
 
 variable "chart_namespace_create" {
@@ -123,6 +123,31 @@ variable "runner_scale_set_name" {
   default     = "arc-runner-set"
 }
 
+variable "listener_podspec_map" {
+  description = "Listener podspec map"
+  type = object({
+    metadata = any
+    spec     = any
+  })
+  default = {
+    metadata = {
+      annotations = {
+        "prometheus.io/scrape" = "true"
+        "prometheus.io/path"   = "/metrics"
+        "prometheus.io/port"   = "8080"
+      }
+      labels = {}
+    }
+    spec = {
+      containers = [
+        {
+          name = "listener"
+        }
+      ]
+    }
+  }
+}
+
 # Default spec map for dind container mode
 variable "custom_podspec_map" {
   description = "Custom podspec map"
@@ -166,7 +191,7 @@ variable "custom_podspec_map" {
           env = [
             {
               name  = "DOCKER_HOST",
-              value = "unix:///run/docker/docker.sock"
+              value = "unix:///var/run/docker.sock"
             }
           ],
           volumeMounts = [
@@ -176,15 +201,15 @@ variable "custom_podspec_map" {
             },
             {
               name      = "dind-sock",
-              mountPath = "/run/docker",
+              mountPath = "/var/run",
               readOnly  = true
             }
           ]
         },
         {
           name  = "dind",
           image = "docker:dind",
-          args  = ["dockerd", "--host=unix:///run/docker/docker.sock", "--group=$(DOCKER_GROUP_GID)"],
+          args  = ["dockerd", "--host=unix:///var/run/docker.sock", "--group=$(DOCKER_GROUP_GID)"],
           env = [
             {
               name  = "DOCKER_GROUP_GID",
@@ -228,3 +253,12 @@ variable "custom_podspec_map" {
   }
 
 }
+
+variable "controller_service_account" {
+  description = "Service account for the controller."
+  type        = map(any)
+  default = {
+    namespace = "arc-systems"
+    name      = "actions-runner-controller"
+  }
+}

variables.tf

@@ -1,13 +1,13 @@
 variable "action_runner_scale_set_controller_chart_version" {
   description = "ARC Controller chart version"
   type        = string
-  default     = "0.6.1"
+  default     = "0.9.3"
 }
 
 variable "action_runner_scale_set_chart_version" {
   description = "ARC Scale set chart version"
   type        = string
-  default     = "0.6.1"
+  default     = "0.9.3"
 }
 
 variable "controller_helm_release_name" {