This folder contains all the deployment files for the Kubernetes cluster. A deployment is a discrete group of runners that can have unique hardware, scaling functions, or scope (repository, organization, or enterprise wide. These are defined by actions-runner-controller and there's more information in the linked documentation.
More details as noted:
- The Docker image in use here is public, but in order to avoid rate-limiting in public registries, the
imagePullSecrets
is still set to a secret in therunners
namespace. You will have to set this for private registries. - Docker-in-Docker presents some unique networking challenges, outlined in more detail here. MTU is one of the more common challenges.
- Docker-in-Docker relies on
--privileged
execution to mountprocfs
andsysfs
. Running the rootless container provides an additional layer of security by disallowing privileged execution within the pod and running the nested Docker instance in rootless mode, but the runner container is still privileged. - The
volumes
andvolumeMounts
blocks give each pod read-only access to a hosted tool cache. This allows users to call pre-made Actions, likeactions/setup-python
, without needing to download and install Python at every job run if the version of what the user wants is already in cache. More about this here. - Resource requests and limits are how Kubernetes controls the compute resources any pod in a cluster gets. There's more about this from the official documentation and a helpful Google blog post here if you'd like to learn more.
- Labels are used by your users in GitHub to specify what type of compute to dispatch the job to. One runner can have many labels. In this case, this runner is labeled with "docker", "ubuntu", and "focal". There's a lot more to read about this in the official documentation.
dependabot
is a special label that allows Dependabot to use this runner to generate pull requests. More about this feature is here - note that this label should be applied to Linux-based runners that can run Docker containers. Becausedependabot
runners will pull a giant Docker container (4+ GB) on each run, that label is not included in the deployments here.- When you're using GitHub.com, try to not use
ubuntu-latest
or any of the other labels used by GitHub's hosted runners (list) so that you can either ensure that the job does or does not go to the self-hosted runners. When using GitHub AE or GitHub Enterprise Server, feel free to use these labels as there's no conflict.