From debe2b788605ada10aba4677cf5730e51056535f Mon Sep 17 00:00:00 2001 From: Ian Flores Siaca Date: Wed, 6 Jul 2022 09:36:36 -0400 Subject: [PATCH 1/5] adding windows docs --- README.md | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 112 insertions(+) diff --git a/README.md b/README.md index 380541e93a..646efe69a2 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ ToC: - [Using IRSA (IAM Roles for Service Accounts) in EKS](#using-irsa-iam-roles-for-service-accounts-in-eks) - [Software Installed in the Runner Image](#software-installed-in-the-runner-image) - [Using without cert-manager](#using-without-cert-manager) + - [Windows Runners](#setting-up-windows-runners) - [Troubleshooting](#troubleshooting) - [Contributing](#contributing) @@ -1744,6 +1745,117 @@ $ helm --upgrade install actions-runner-controller/actions-runner-controller \ admissionWebHooks.caBundle=${CA_BUNDLE} ``` +### Setting up Windows Runners + +You need to set the `nodeSelector.kubernetes.io/os` property in both the `cert-manager` and the `actions-runner-controller` deployments to `linux` so that the pods are only scheduled in Linux nodes. + +```yaml +nodeSelector: + kubernetes.io/os: linux +``` + +For `cert-manager` you need to set it for: + +- The main deployment +- The `webhook` +- The `cainjector` +- The `startupapicheck` + +For the `actions-runner-controller` it's only for the main deployment. + +Once this is set up, you will need to deploy two different `RunnerDeployment`'s, one for Windows and one for Linux. +The Linux deployment can use either the default or a custom image, however, there isn't a default Windows image so for Windows deployments you will have to build your own image. + +Below we share an example of the YAML used to create the deployment for each Operating System and a Dockerfile for the Windows deployment. + +
Windows +

+ +#### RunnerDeployment + +```yaml +--- +apiVersion: actions.summerwind.dev/v1alpha1 +kind: RunnerDeployment +metadata: + name: k8s-runners-windows + namespace: actions-runner-system +spec: + template: + spec: + image: /: + dockerdWithinRunnerContainer: true + nodeSelector: + kubernetes.io/os: windows + kubernetes.io/arch: amd64 + repository: / + labels: + - windows + - X64 + - devops-managed +``` + +#### Dockerfile + +```Dockerfile +FROM mcr.microsoft.com/windows/servercore:ltsc2019 + +WORKDIR /actions-runner + +SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop';$ProgressPreference='silentlyContinue';"] + +RUN Invoke-WebRequest -Uri https://github.com/actions/runner/releases/download/v2.292.0/actions-runner-win-x64-2.292.0.zip -OutFile actions-runner-win-x64-2.292.0.zip + +RUN if((Get-FileHash -Path actions-runner-win-x64-2.292.0.zip -Algorithm SHA256).Hash.ToUpper() -ne 'f27dae1413263e43f7416d719e0baf338c8d80a366fed849ecf5fffcec1e941f'.ToUpper()){ throw 'Computed checksum did not match' } + +RUN Add-Type -AssemblyName System.IO.Compression.FileSystem ; [System.IO.Compression.ZipFile]::ExtractToDirectory('actions-runner-win-x64-2.292.0.zip', $PWD) + +RUN Invoke-WebRequest -Uri 'https://aka.ms/install-powershell.ps1' -OutFile install-powershell.ps1; ./install-powershell.ps1 -AddToPath + +RUN powershell Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) + +RUN powershell choco install git.install --params "'/GitAndUnixToolsOnPath'" -y + +RUN powershell choco feature enable -n allowGlobalConfirmation + +RUN Get-ChildItem '/installation-scripts' | % { & $_.FullName } + +CMD [ "pwsh", "-c", "./config.cmd --name $env:RUNNER_NAME --url https://github.com/$env:RUNNER_REPO --token $env:RUNNER_TOKEN --labels $env:RUNNER_LABELS --unattended --replace --ephemeral; ./run.cmd"] +``` +

+
+ + +
Linux +

+ +#### RunnerDeployment + +```yaml +--- +apiVersion: actions.summerwind.dev/v1alpha1 +kind: RunnerDeployment +metadata: + name: k8s-runners-linux + namespace: actions-runner-system +spec: + template: + spec: + image: /: + nodeSelector: + kubernetes.io/os: linux + kubernetes.io/arch: amd64 + repository: : + labels: + - linux + - X64 + - devops-managed +``` +

+
+ +After both `RunnerDeployment`'s are up and running, you can now proceed to deploy the `HorizontalRunnerAutoscaler` for each deployment. + # Troubleshooting See [troubleshooting guide](TROUBLESHOOTING.md) for solutions to various problems people have run into consistently. From d23a9be6c2c1beab15701f4cf457211cf12a9c6f Mon Sep 17 00:00:00 2001 From: Ian Flores Siaca Date: Wed, 6 Jul 2022 09:39:06 -0400 Subject: [PATCH 2/5] adding windows docs --- README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 646efe69a2..a407f4b246 100644 --- a/README.md +++ b/README.md @@ -1747,7 +1747,7 @@ $ helm --upgrade install actions-runner-controller/actions-runner-controller \ ### Setting up Windows Runners -You need to set the `nodeSelector.kubernetes.io/os` property in both the `cert-manager` and the `actions-runner-controller` deployments to `linux` so that the pods are only scheduled in Linux nodes. +You need to set the `nodeSelector.kubernetes.io/os` property in both the `cert-manager` and the `actions-runner-controller` deployments to `linux` so that the pods for these two deployments are only scheduled in Linux nodes. ```yaml nodeSelector: @@ -1756,15 +1756,19 @@ nodeSelector: For `cert-manager` you need to set it for: +.left[ - The main deployment - The `webhook` +] +.right[ - The `cainjector` - The `startupapicheck` +] For the `actions-runner-controller` it's only for the main deployment. Once this is set up, you will need to deploy two different `RunnerDeployment`'s, one for Windows and one for Linux. -The Linux deployment can use either the default or a custom image, however, there isn't a default Windows image so for Windows deployments you will have to build your own image. +The Linux deployment can use either the default image or a custom one, however, there isn't a default Windows image so for Windows deployments you will have to build your own image. Below we share an example of the YAML used to create the deployment for each Operating System and a Dockerfile for the Windows deployment. From 9ec390909fcc7d11dd5236ed89db3facea22d879 Mon Sep 17 00:00:00 2001 From: Ian Flores Siaca Date: Wed, 6 Jul 2022 11:46:37 -0400 Subject: [PATCH 3/5] Editing the explanations --- README.md | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index a407f4b246..23790085ec 100644 --- a/README.md +++ b/README.md @@ -1747,25 +1747,21 @@ $ helm --upgrade install actions-runner-controller/actions-runner-controller \ ### Setting up Windows Runners -You need to set the `nodeSelector.kubernetes.io/os` property in both the `cert-manager` and the `actions-runner-controller` deployments to `linux` so that the pods for these two deployments are only scheduled in Linux nodes. +The main two steps in enabling Windows self-hosted runners are: + +- Using `nodeSelector`'s property to filter the `cert-manger` and `actions-runner-controller` pods +- Deploying a RunnerDeployment using a Windows-based image + +For the first step, you need to set the `nodeSelector.kubernetes.io/os` property in both the `cert-manager` and the `actions-runner-controller` deployments to `linux` so that the pods for these two deployments are only scheduled in Linux nodes. You can do this as follows: ```yaml nodeSelector: kubernetes.io/os: linux ``` -For `cert-manager` you need to set it for: +`cert-manager` has 4 different application within it the main application, the `webhook`, the `cainjector` and the `startupapicheck`. In the parameters or values file you use for the deployment you need to add the `nodeSelector` property four times, one for each application. -.left[ -- The main deployment -- The `webhook` -] -.right[ -- The `cainjector` -- The `startupapicheck` -] - -For the `actions-runner-controller` it's only for the main deployment. +For the `actions-runner-controller` you only have to use the `nodeSelector` only for the main deployment, so it only has to be set once. Once this is set up, you will need to deploy two different `RunnerDeployment`'s, one for Windows and one for Linux. The Linux deployment can use either the default image or a custom one, however, there isn't a default Windows image so for Windows deployments you will have to build your own image. @@ -1822,8 +1818,6 @@ RUN powershell choco install git.install --params "'/GitAndUnixToolsOnPath'" -y RUN powershell choco feature enable -n allowGlobalConfirmation -RUN Get-ChildItem '/installation-scripts' | % { & $_.FullName } - CMD [ "pwsh", "-c", "./config.cmd --name $env:RUNNER_NAME --url https://github.com/$env:RUNNER_REPO --token $env:RUNNER_TOKEN --labels $env:RUNNER_LABELS --unattended --replace --ephemeral; ./run.cmd"] ```

From 25810cb0d147943334dc487f449adc0940a4a53e Mon Sep 17 00:00:00 2001 From: Yusuke Kuoka Date: Tue, 23 Aug 2022 13:09:00 +0900 Subject: [PATCH 4/5] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 23790085ec..8ed8a0b4d3 100644 --- a/README.md +++ b/README.md @@ -1756,7 +1756,7 @@ For the first step, you need to set the `nodeSelector.kubernetes.io/os` property ```yaml nodeSelector: - kubernetes.io/os: linux + kubernetes.io/os: linux ``` `cert-manager` has 4 different application within it the main application, the `webhook`, the `cainjector` and the `startupapicheck`. In the parameters or values file you use for the deployment you need to add the `nodeSelector` property four times, one for each application. From 05d6de6b70d4b42749103b2e43a50e9a1f5f54b8 Mon Sep 17 00:00:00 2001 From: Yusuke Kuoka Date: Tue, 23 Aug 2022 13:10:36 +0900 Subject: [PATCH 5/5] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 8ed8a0b4d3..3c430f39af 100644 --- a/README.md +++ b/README.md @@ -1797,6 +1797,9 @@ spec: #### Dockerfile +> Note that you'd need to patch the below Dockerfile if you need a graceful termination. +> See https://github.com/actions-runner-controller/actions-runner-controller/pull/1608/files#r917319574 for more information. + ```Dockerfile FROM mcr.microsoft.com/windows/servercore:ltsc2019