actions-runner-controller icon indicating copy to clipboard operation
actions-runner-controller copied to clipboard
verified publisher icon actions

Allow RunnerDeployment to accept "dnsPolicy: string" to set the DNS policy for the Pod

Open rxa313 opened this issue 4 years ago • 5 comments

Hi @mumoshu / @callum-tait-pbx

I've been reading through some of the crds and I saw this in runnersets

dnsPolicy:
                        description: Set DNS policy for the pod. Defaults to "ClusterFirst".
                          Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
                          'Default' or 'None'. DNS parameters given in DNSConfig will
                          be merged with the policy selected with DNSPolicy. To have
                          DNS options set along with hostNetwork, you have to specify
                          DNS policy explicitly to 'ClusterFirstWithHostNet'.

We need to set this dnsPolicy to "Default" but in trying to figure it out we don't know what to set in order to change this from ClusterFirst to Default

I've tried something in my runnerdeployment like:

spec:
  dnsConfig:
    dnsPolicy: Default

But this doesn't change anything.

What's the proper way to execute this, and will there be documentation provided for this type of configuration?

Thanks!

rxa313 avatar Oct 01 '21 19:10 rxa313

More specifically, I been doing some digging and notice this relates to RunnerDeployment spec.

dnsConfig is valid in RunnerDeployment but can we update this to be able to accept dnsPolicy ?

This would potentially solve an issue where this is only pointing to ClusterFirst and we'd like to change to Default.

the dnsPolicy is only available in the runnerreplicaset crd I believe.. but I wasn't able to successfully deploy this and I keep getting validation errors like this:

error: error validating "runnerdeployment-np.yaml": error validating data: ValidationError(RunnerDeployment.spec.template.spec): unknown field "dnsPolicy" in dev.summerwind.actions.v1alpha1.RunnerDeployment.spec.template.spec; if you choose to ignore these errors, turn validation off with --validate=false

runnersets

rxa313 avatar Oct 04 '21 14:10 rxa313

Can we also do hostNetwork: true on the runner pods while we are at it?

That should allow would allow for easier dind setups without messing with MTU. At-least for those who don't care about network seperation.

splitice avatar Jun 30 '22 03:06 splitice

@splitice Hey! Could you try RunnerSet, which should already have the support for hostNetwork customization as it's based on K8s StatefulSet?

mumoshu avatar Jun 30 '22 04:06 mumoshu

.. hi @mumoshu, indeed, RunnerSet seems to allow to set dnsPolicy. Could you explain why it's possible on runnerset but not on runnerdeployment? Thx!

maigl avatar Jul 14 '22 14:07 maigl

@mumoshu

While I undestand that it can be done that way we are running individual runners with specific permissions scopes and resources. While single runnersets are possible, honestly I havent had time to look into them yet.

It was quicker for us just to bring down the docker in docker in docker mtu (yeah I know, but it's how the yocto bitbake builder works) for now.

splitice avatar Jul 14 '22 14:07 splitice