Skip to content

Commit

Permalink
Feat: Add PAT handling with secrets, initContainers, extraVolumeMount…
Browse files Browse the repository at this point in the history 
…s, extraVolumes and additionalEnv (#18)

Signed-off-by: Engin Diri <[email protected]>
  • Loading branch information
Engin Diri authored Jan 9, 2022
1 parent 92d6211 commit 70ded6c
Show file tree
Hide file tree
Showing 4 changed files with 137 additions and 35 deletions.
43 changes: 24 additions & 19 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,24 +38,29 @@ $ helm upgrade --install azure-pipelines-agent emberstack/azure-pipelines-agent

You can customize the values of the helm deployment by using the following Values:

| Parameter | Description | Default |
| ------------------------------------ | ----------------------------------------------------------- | ------------------------------------------------------- |
| `nameOverride` | Overrides release name | `""` |
| `fullnameOverride` | Overrides release fullname | `""` |
| `image.repository` | Container image repository | `emberstack/azure-pipelines-agent` |
| `image.tag` | Container image tag | `""` (same version as the chart) |
| `image.pullPolicy` | Container image pull policy | `Always` if `image.tag` is `latest`, else `IfNotPresent`|
| `pipelines.url` | The Azure base URL for your organization | `""` |
| `pipelines.pat` | Personal Access Token (PAT) used by the agent to connect. | `""` |
| `pipelines.pool` | Agent pool to which the Agent should register. | `""` |
| `pipelines.agent.mountDocker` | Enable to mount the host `docker.sock` | `false` |
| `pipelines.agent.workDir` | The work directory the agent should use | `_work` |
| `serviceAccount.create` | Create ServiceAccount | `true` |
| `serviceAccount.name` | ServiceAccount name | _release name_ |
| `serviceAccount.clusterAdmin` | Sets the service account as a cluster admin | _release name_ |
| `resources` | Resource limits | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Toleration labels for pod assignment | `[]` |
| `affinity` | Node affinity for pod assignment | `{}` |
| Parameter | Description | Default |
|-------------------------------|---------------------------------------------------------------------------------------------------|----------------------------------------------------------|
| `nameOverride` | Overrides release name | `""` |
| `fullnameOverride` | Overrides release fullname | `""` |
| `image.repository` | Container image repository | `emberstack/azure-pipelines-agent` |
| `image.tag` | Container image tag | `""` (same version as the chart) |
| `image.pullPolicy` | Container image pull policy | `Always` if `image.tag` is `latest`, else `IfNotPresent` |
| `pipelines.url` | The Azure base URL for your organization | `""` |
| `pipelines.pat.value` | Personal Access Token (PAT) used by the agent to connect. | `""` |
| `pipelines.pat.secretRef` | The reference to the secret storing the Personal Access Token (PAT) used by the agent to connect. | `""` |
| `pipelines.pool` | Agent pool to which the Agent should register. | `""` |
| `pipelines.agent.mountDocker` | Enable to mount the host `docker.sock` | `false` |
| `pipelines.agent.workDir` | The work directory the agent should use | `_work` |
| `serviceAccount.create` | Create ServiceAccount | `true` |
| `serviceAccount.name` | ServiceAccount name | _release name_ |
| `serviceAccount.clusterAdmin` | Sets the service account as a cluster admin | _release name_ |
| `resources` | Resource limits | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Toleration labels for pod assignment | `[]` |
| `affinity` | Node affinity for pod assignment | `{}` |
| `additionalEnv` | Additional environment variables for the agent container. | `[]` |
| `extraVolumes` | Additional volumes for the agent pod. | `[]` |
| `extraVolumeMounts` | Additional volume mounts for the agent container. | `[]` |
| `initContainers` | InitContainers for the agent pod. | `[]` |

> Find us on [Artifact Hub](https://artifacthub.io/packages/helm/emberstack/azure-pipelines-agent)
38 changes: 38 additions & 0 deletions src/helm/azure-pipelines-agent/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,3 +60,41 @@ Create the name of the service account to use
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

{{/*
Add volumes to the agent pod.
*/}}
{{- define "azure-pipelines-agent.volumes" -}}
{{- if or .Values.pipelines.agent.mountDocker .Values.extraVolumes -}}
volumes:
{{- if .Values.extraVolumes }}
{{- with .Values.extraVolumes }}
{{ toYaml . }}
{{- end }}
{{- end }}
{{- if .Values.pipelines.agent.mountDocker }}
- name: dockersock
hostPath:
path: /var/run/docker.sock
{{- end }}
{{- end }}
{{- end }}


{{/*
Add volume mounts to the agent container.
*/}}
{{- define "azure-pipelines-agent.volumeMounts" -}}
{{- if or .Values.pipelines.agent.mountDocker .Values.extraVolumeMounts -}}
volumeMounts:
{{- if .Values.pipelines.agent.mountDocker }}
- name: dockersock
mountPath: /var/run/docker.sock
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- with .Values.extraVolumeMounts }}
{{ toYaml . }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
30 changes: 18 additions & 12 deletions src/helm/azure-pipelines-agent/templates/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,10 @@ spec:
serviceAccountName: {{ include "azure-pipelines-agent.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- with .Values.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- if .Values.pipelines.agent.mountDocker }}
Expand Down Expand Up @@ -58,20 +62,22 @@ spec:
- name: AZP_WORK
value: {{ .Values.pipelines.agent.workDir | quote }}
- name: AZP_TOKEN
value: {{ .Values.pipelines.pat | quote }}
{{- if .Values.pipelines.agent.mountDocker }}
volumeMounts:
- name: dockersock
mountPath: "/var/run/docker.sock"
{{- end }}
{{- if .Values.pipelines.pat.secretRef }}
{{- with .Values.pipelines.pat.secretRef }}
valueFrom:
secretKeyRef:
{{- toYaml . | nindent 18 }}
{{- end }}
{{- else }}
value: {{ .Values.pipelines.pat.value | quote }}
{{- end }}
{{- with .Values.additionalEnv }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- if .Values.pipelines.agent.mountDocker }}
volumes:
- name: dockersock
hostPath:
path: /var/run/docker.sock
{{- end }}
{{- include "azure-pipelines-agent.volumeMounts" . | nindent 10 -}}
{{- include "azure-pipelines-agent.volumes" . | nindent 6 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand Down
61 changes: 57 additions & 4 deletions src/helm/azure-pipelines-agent/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,21 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""


# Pat: Can be either a string or a reference to a secret.
# If it is a string, it is used as the value of the secret:
#
# value: "my-secret"
#
# If it is a reference to a secret:
# secretRef:
# name: my-secret
# key: my-key
pipelines:
url: ""
pat: ""
pat:
value: ""
#secretRef: {}
pool: "Default"
agent:
name: ""
Expand All @@ -33,15 +45,15 @@ serviceAccount:
name: ""

podSecurityContext: {}
# fsGroup: 2000
# fsGroup: 2000

securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
# runAsUser: 1000


resources: {}
Expand All @@ -54,10 +66,51 @@ resources: {}
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# memory: 128Mi

nodeSelector: {}

tolerations: []

affinity: {}

# Additional environment variables for the agent container.
# Like:
# - name: XXX
# value: "YYY"
#
# or reference to a secret or configmap:
# - name: SPECIAL_LEVEL_KEY
# valueFrom:
# configMapKeyRef:
# name: special-config
# key: special.how
#
# - name: SECRET_KEY
# valueFrom:
# secretKeyRef:
# name: secret-name
# key: secret.key
additionalEnv: []

# Additional volumes for the agent pod.
# extraVolumes:
# - name: config-volume
# configMap:
# name: special-config
extraVolumes: []

# Additional volume mounts for the agent container.
# extraVolumeMounts:
# - name: config-volume
# mountPath: /etc/special
# readOnly: true
extraVolumeMounts: []

# InitContainers for the agent pod.
#
# initContainers:
# - name: init-container
# image: busybox
# command: ["/bin/sh", "-c", "echo Hello World"]
initContainers: []

0 comments on commit 70ded6c

Please sign in to comment.