[ ARC ] Action Runner Controller (GitHub)

개요
GitHub Action 이란?
Github Actions는 Github 저장소를 기반으로 워크플로우(Workflow)를 자동화 할 수 있는 도구입니다.
워크플로우를 이용하면, 저장소에서 발생하는 이벤트를 이용하여,
소스를 빌드, 테스트, 패키징, 배포 등을 자동화 처리할 수 있습니다.

공식 홈페이지 : https://github.com/features/actions
공식 문서 : https://help.github.com/en/actions

GitHub runner 기본 동작
runner 서버에서 runner process를 구동하면 github와 커넥션을 맽고,
주기적으로 자동으로 변경사항을 check & pulling 하는 형태로 동작

 

Flows

 

 

runner의 2가지 종류

• runner은 GitHub Hosted Runner와 Self-Hosted Runner으로 구분된다.
  • GitHub-hosted Runner은 GitHub에서 제공해주는 runner를 사용해서 JOB를 수행한다.
    • https://www.korgithub.com/GitHub%20Actions/Actions%EC%9D%98%20%EC%9E%91%EC%84%B1/GitHub-hosted-runner.html
    • 사용 시간에 따른 비용 청구, 제한된 H/W Resource
  • Self-Hosted Runner은 사용자가 직접 생성한 호스트(EC2,PC)에서 구성한 runner를 사용해서 JOB를 수행한다.
    • https://www.korgithub.com/GitHub%20Actions/Actions%EC%9D%98%20%EC%9E%91%EC%84%B1/Self-hosted-runner.html
• Github의 workflow JOB 1개당 1개의 Runner가 작업을 수행한다.

 

Self Hosted Runner의 Autoscaling 이란?

• Self-Hosted Runner의 Autoscaling은 필요에 따라서 Self-Hosted Runner의 개수를 늘렸다가 줄였다가하는 기능입니다.

• Self-Hosted Runner 종류
  • Ephemeral runner ( default mode )
    • 임시 runner로 JOB 수행 후 데이터와 pod가 삭제된다.
    • JOB 마다 깨끗한 환경을 제공, 보안에 침해당한 runner의 위험도를 줄인다.(보안)
  • Persistent Runner
    • 정보를 유지하는 runner ( Set to → spec.spec.ephemetal: false )

    • apiVersion: actions.summerwind.dev/v1alpha1
      kind: RunnerDeployment
      metadata:
        name: mbx-prod-runnerdeploy
        namespace: actions-runner-system
      spec:
        replicas: 3
        template:
          spec:
            ephemeral: false
            organization: thrust-ltd

• Runner Trigger 방식
  • webhook driven
    • webhook 정보를 받아서 runner에게 전달 및 오토스켈링 결정
  • pull driven
    • 주기적으로 pull 정보를 가져와서 runner에게 전달 및 오토스켈링 결정
• AutoScaling으로 생성된 runner은 10분 동안 유지 후 삭제된다(default 10분)
  • scaleDownDelaySecondsAfterScaleOut 옵션으로 시간을 조절 가능

 

---

Action runner 설치

 

 

• https://github.com/actions-runner-controller/actions-runner-controller
• 설치 순서
  • 1. Cert-manager
  • 2. Action-runner-controller
  • 3. runnerSet, HorizontalRunnerAutoscaler

 

Prerequisites

• 1. cert-manager 설치
  • Cert-Manager 설치 가이드
• GitHub Token Key 생성

 

2. ARC (Action-runner-controller) 설치

• 기본 설명
  • https://www.korgithub.com/GitHub%20Actions/Actions%EC%9D%98%20%EC%9E%91%EC%84%B1/actions-runner-controller.html
• Action-Controller 설치
  • Action-runner-controller 설치 가이드
• Actions-runner-controller 설치 명령어
  • token 입력
    • --set=authSecret.github_token=xxxxxx
    • token은 ““으로 묶으면 안됨.

  • helm install actions-runner-controller . -f values.yaml --namespace actions-runner-system --create-namespace --set=authSecret.create=true \
    --set=authSecret.github_token=ghp_p4R*****************jZGhO
    
    
    NAME: actions-runner-controller
    LAST DEPLOYED: Thu Nov  3 17:16:49 2022
    NAMESPACE: actions-runner-system
    STATUS: deployed
    REVISION: 1
    ......
      kubectl --namespace actions-runner-system port-forward $POD_NAME 8080:$CONTAINER_PORT

 

3. Runnerset 설치

• https://github.com/actions-runner-controller/actions-runner-controller/blob/master/docs/detailed-docs.md#runnersets

• runnerset 설치 명령어
  • arc_runnset 설치 파일 위치

kubectl apply -f HRA_HorizontalRunnerAutoscaler-arc.yaml -n actions-runner-system
kubectl apply -f runnerset-arc.yaml -n actions-runner-system

 

 

 

 

---

# runner deployment 사용 안함 #

Runner Deployment 설치

• runner deployment 설치
  • https://github.com/thrust-ltd/mbx-charts/tree/develop/arc_Actions-Runner-Controller/runnerdeployment )
• runnerdeployment.yaml

  • apiVersion: actions.summerwind.dev/v1alpha1
    kind: RunnerDeployment
    metadata:
      name: mbx-prod-runnerdeploy
      namespace: actions-runner-system
    spec:
      replicas: 2
      template:
        spec:
          group: prod
          env: []
          organization: thrust-ltd
          labels:
            - prod-arc

• runner & runnerdeploy

  • ❯ k get runners                                                                           
    NAME                                ENTERPRISE   ORGANIZATION   REPOSITORY                             GROUP   LABELS   STATUS   MESSAGE   AGE
    mbx-prod-runnerdeploy-7hd5g-ff6zq                               mumoshu/actions-runner-controller-ci                                       5m10s
    mbx-prod-runnerdeploy-tg8dl-l6np7                               mumoshu/actions-runner-controller-ci                                       5m29s

  • ❯ k get runnerdeployment                                                                  (arn:aws:eks:ap-southeast-1:875099165433:cluster/marblex-prod-eks/default)
    NAME                    DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
    mbx-prod-runnerdeploy   1         0         0            0           28m

  • 아래와 같이 Actions runner pod가 구동된 것을 확인할 수 있음.

  • ❯ k get pod -n actions-runner-system                                                                                                (arn:aws:eks:ap-southeast-1:875099165433:cluster/marblex-prod-eks/default)
    NAME                                         READY   STATUS    RESTARTS   AGE
    actions-runner-controller-865dbbccb7-hc4m4   2/2     Running   0          3m4s
    actions-runner-controller-865dbbccb7-r2jjz   2/2     Running   0          3m4s
    mbx-prod-runnerdeploy-8cklz-dqltt            2/2     Running   0          45s
    mbx-prod-runnerdeploy-8cklz-qkll4            2/2     Running   0          45s
    mbx-prod-runnerdeploy-8cklz-wf92k            2/2     Running   0          45s

Github Personal Access Token(PAT) 발급

From an account that has admin privileges for the repository, create a personal access token with repo scope. This token is used to register a self-hosted runner by actions-runner-controller.

Self-hosted runners in GitHub can either be connected to a single repository, or to a GitHub organization (so they are available to all repositories in the organization). This token is used to register a self-hosted runner by actions-runner-controller.

For adding a runner to a repository, the token should have repo scope. If the runner should be added to an organization, the token should have admin:org scope. Note that to use a Personal Access Token, you must issue the token with an account that has admin privileges (on the repository and/or the organization).

Open the Create Token page from the following link, grant the repo and/or admin:org scope, and press the “Generate Token” button at the bottom of the page to create the token.

 

Github Setting >Runners 정보

 

 

 

AutoScaling 설치

• 구성 방법 문서
  • https://www.korgithub.com/GitHub%20Actions/Actions%EC%9D%98%20%EC%9E%91%EC%84%B1/Self-hosted%20Runner%EC%9D%98%20Autoscaling.html

https://actions-runner-controller.github.io/actions-runner-controller/#autoscaling

 

Trouble Shoooting

runner에서 Docker(image) build 실패

• 서비스 API 주로와 통신이 되는지 체크해본다.
  • runner 서버에서 빌드시 접근이 필요한 API 주소(e.g. 서버.com )와 통신 필요함( 방화벽 체크 )

Runner 시 리소스 삭제가 잘 안될 때

• kubectl delete validatingwebhookconfiguration validating-webhook-configuration
  kubectl delete mutatingwebhookconfiguration mutating-webhook-configuration
  kubectl delete mutatingwebhookconfiguration actions-runner-controller-mutating-webhook-configuration
  kubectl delete validatingwebhookconfiguration actions-runner-controller-validating-webhook-configuration

그 외 참고문서

• https://github.com/actions-runner-controller/actions-runner-controller/blob/master/docs/detailed-docs.md
• https://actions-runner-controller.github.io/actions-runner-controller/#autoscaling