actions-runner-controller: v0.20 Problem with authentication on controller-manager
Describe the bug It seems that controller-manager deployment from yaml is not using environment variables correctly.
Checks
- My actions-runner-controller version (v0.x.y) does support the feature
- I’m using an unreleased version of the controller I built from HEAD of the default branch
To Reproduce Steps to reproduce the behavior:
- deploy actions-runner-controller v0.20.0 from release page
- deploy secret with github app key and ids
- Try deploying any runner
- Get error in controller-manager saying that key file has length 0
Expected behavior Github runner should be registered
Environment (please complete the following information):
- Controller Version: 0.20.0
- Deployment Method:
kubectl apply
Additional context I have created a workaround by manually providing required arguments to /manager binary, see below:
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: controller-manager
name: controller-manager
namespace: actions-runner-system
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
template:
metadata:
labels:
control-plane: controller-manager
spec:
containers:
- name: manager
command:
- "/manager"
args:
- --metrics-addr=127.0.0.1:8080
- --enable-leader-election
- --sync-period=10m
- "-github-app-private-key"
- $(GITHUB_APP_PRIVATE_KEY)
- "-github-app-id"
- $(GITHUB_APP_ID)
- "-github-app-installation-id"
- $(GITHUB_APP_INSTALLATION_ID)
env:
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
key: github_token
name: controller-manager
optional: true
- name: GITHUB_APP_ID
valueFrom:
secretKeyRef:
key: github_app_id
name: controller-manager
optional: true
- name: GITHUB_APP_INSTALLATION_ID
valueFrom:
secretKeyRef:
key: github_app_installation_id
name: controller-manager
optional: true
- name: GITHUB_APP_PRIVATE_KEY
value: /etc/actions-runner-controller/github_app_private_key
image: summerwind/actions-runner-controller:v0.20.0
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 100m
memory: 20Mi
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
- mountPath: /etc/actions-runner-controller
name: controller-manager
readOnly: true
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=10
image: quay.io/brancz/kube-rbac-proxy:v0.10.0
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
defaultMode: 420
secretName: webhook-server-cert
- name: controller-manager
secret:
secretName: controller-manager
---
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 25
Commits related to this issue
- Fail with detailed message on envvar parse error Ref #829 — committed to actions/actions-runner-controller by mumoshu 3 years ago
- Add how-to for testing controller built from PR (#908) We occasionally ask you to help testing actions-runner-controller built from a pull requested branch, like in https://github.com/actions-runner-... — committed to actions/actions-runner-controller by mumoshu 3 years ago
- Fail with detailed message on envvar parse error (#907) Ref #829 — committed to actions/actions-runner-controller by mumoshu 3 years ago
I had the same issue. Adding a
%vexposed the exact error:fmt.Fprintln(os.Stderr, fmt.Sprintf("Error: Environment variable read failed: %v", err)). In my case it was bad helm yaml values, the app failed to parse thegithub_app_installation_idproperty because it was not quoted. Ensure your integers are quoted, example: