diff --git a/README.md b/README.md index 18af1e86..50f31b9f 100644 --- a/README.md +++ b/README.md @@ -38,24 +38,29 @@ $ helm upgrade --install azure-pipelines-agent emberstack/azure-pipelines-agent You can customize the values of the helm deployment by using the following Values: -| Parameter | Description | Default | -| ------------------------------------ | ----------------------------------------------------------- | ------------------------------------------------------- | -| `nameOverride` | Overrides release name | `""` | -| `fullnameOverride` | Overrides release fullname | `""` | -| `image.repository` | Container image repository | `emberstack/azure-pipelines-agent` | -| `image.tag` | Container image tag | `""` (same version as the chart) | -| `image.pullPolicy` | Container image pull policy | `Always` if `image.tag` is `latest`, else `IfNotPresent`| -| `pipelines.url` | The Azure base URL for your organization | `""` | -| `pipelines.pat` | Personal Access Token (PAT) used by the agent to connect. | `""` | -| `pipelines.pool` | Agent pool to which the Agent should register. | `""` | -| `pipelines.agent.mountDocker` | Enable to mount the host `docker.sock` | `false` | -| `pipelines.agent.workDir` | The work directory the agent should use | `_work` | -| `serviceAccount.create` | Create ServiceAccount | `true` | -| `serviceAccount.name` | ServiceAccount name | _release name_ | -| `serviceAccount.clusterAdmin` | Sets the service account as a cluster admin | _release name_ | -| `resources` | Resource limits | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Toleration labels for pod assignment | `[]` | -| `affinity` | Node affinity for pod assignment | `{}` | +| Parameter | Description | Default | +|-------------------------------|---------------------------------------------------------------------------------------------------|----------------------------------------------------------| +| `nameOverride` | Overrides release name | `""` | +| `fullnameOverride` | Overrides release fullname | `""` | +| `image.repository` | Container image repository | `emberstack/azure-pipelines-agent` | +| `image.tag` | Container image tag | `""` (same version as the chart) | +| `image.pullPolicy` | Container image pull policy | `Always` if `image.tag` is `latest`, else `IfNotPresent` | +| `pipelines.url` | The Azure base URL for your organization | `""` | +| `pipelines.pat.value` | Personal Access Token (PAT) used by the agent to connect. | `""` | +| `pipelines.pat.secretRef` | The reference to the secret storing the Personal Access Token (PAT) used by the agent to connect. | `""` | +| `pipelines.pool` | Agent pool to which the Agent should register. | `""` | +| `pipelines.agent.mountDocker` | Enable to mount the host `docker.sock` | `false` | +| `pipelines.agent.workDir` | The work directory the agent should use | `_work` | +| `serviceAccount.create` | Create ServiceAccount | `true` | +| `serviceAccount.name` | ServiceAccount name | _release name_ | +| `serviceAccount.clusterAdmin` | Sets the service account as a cluster admin | _release name_ | +| `resources` | Resource limits | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `affinity` | Node affinity for pod assignment | `{}` | +| `additionalEnv` | Additional environment variables for the agent container. | `[]` | +| `extraVolumes` | Additional volumes for the agent pod. | `[]` | +| `extraVolumeMounts` | Additional volume mounts for the agent container. | `[]` | +| `initContainers` | InitContainers for the agent pod. | `[]` | > Find us on [Artifact Hub](https://artifacthub.io/packages/helm/emberstack/azure-pipelines-agent) diff --git a/src/helm/azure-pipelines-agent/templates/_helpers.tpl b/src/helm/azure-pipelines-agent/templates/_helpers.tpl index f57eca42..14c670cd 100644 --- a/src/helm/azure-pipelines-agent/templates/_helpers.tpl +++ b/src/helm/azure-pipelines-agent/templates/_helpers.tpl @@ -60,3 +60,41 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Add volumes to the agent pod. +*/}} +{{- define "azure-pipelines-agent.volumes" -}} +{{- if or .Values.pipelines.agent.mountDocker .Values.extraVolumes -}} +volumes: +{{- if .Values.extraVolumes }} +{{- with .Values.extraVolumes }} +{{ toYaml . }} +{{- end }} +{{- end }} +{{- if .Values.pipelines.agent.mountDocker }} +- name: dockersock + hostPath: + path: /var/run/docker.sock +{{- end }} +{{- end }} +{{- end }} + + +{{/* +Add volume mounts to the agent container. +*/}} +{{- define "azure-pipelines-agent.volumeMounts" -}} +{{- if or .Values.pipelines.agent.mountDocker .Values.extraVolumeMounts -}} +volumeMounts: +{{- if .Values.pipelines.agent.mountDocker }} +- name: dockersock + mountPath: /var/run/docker.sock +{{- end }} +{{- if .Values.extraVolumeMounts }} +{{- with .Values.extraVolumeMounts }} +{{ toYaml . }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/src/helm/azure-pipelines-agent/templates/statefulset.yaml b/src/helm/azure-pipelines-agent/templates/statefulset.yaml index abbbbe36..fdaa7b3f 100644 --- a/src/helm/azure-pipelines-agent/templates/statefulset.yaml +++ b/src/helm/azure-pipelines-agent/templates/statefulset.yaml @@ -27,6 +27,10 @@ spec: serviceAccountName: {{ include "azure-pipelines-agent.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- with .Values.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Chart.Name }} {{- if .Values.pipelines.agent.mountDocker }} @@ -58,20 +62,22 @@ spec: - name: AZP_WORK value: {{ .Values.pipelines.agent.workDir | quote }} - name: AZP_TOKEN - value: {{ .Values.pipelines.pat | quote }} - {{- if .Values.pipelines.agent.mountDocker }} - volumeMounts: - - name: dockersock - mountPath: "/var/run/docker.sock" - {{- end }} + {{- if .Values.pipelines.pat.secretRef }} + {{- with .Values.pipelines.pat.secretRef }} + valueFrom: + secretKeyRef: + {{- toYaml . | nindent 18 }} + {{- end }} + {{- else }} + value: {{ .Values.pipelines.pat.value | quote }} + {{- end }} + {{- with .Values.additionalEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} - {{- if .Values.pipelines.agent.mountDocker }} - volumes: - - name: dockersock - hostPath: - path: /var/run/docker.sock - {{- end }} + {{- include "azure-pipelines-agent.volumeMounts" . | nindent 10 -}} + {{- include "azure-pipelines-agent.volumes" . | nindent 6 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/src/helm/azure-pipelines-agent/values.yaml b/src/helm/azure-pipelines-agent/values.yaml index 98df7057..b87a2f17 100644 --- a/src/helm/azure-pipelines-agent/values.yaml +++ b/src/helm/azure-pipelines-agent/values.yaml @@ -14,9 +14,21 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" + +# Pat: Can be either a string or a reference to a secret. +# If it is a string, it is used as the value of the secret: +# +# value: "my-secret" +# +# If it is a reference to a secret: +# secretRef: +# name: my-secret +# key: my-key pipelines: url: "" - pat: "" + pat: + value: "" + #secretRef: {} pool: "Default" agent: name: "" @@ -33,7 +45,7 @@ serviceAccount: name: "" podSecurityContext: {} - # fsGroup: 2000 +# fsGroup: 2000 securityContext: {} # capabilities: @@ -41,7 +53,7 @@ securityContext: {} # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true - # runAsUser: 1000 +# runAsUser: 1000 resources: {} @@ -54,10 +66,51 @@ resources: {} # memory: 128Mi # requests: # cpu: 100m - # memory: 128Mi +# memory: 128Mi nodeSelector: {} tolerations: [] affinity: {} + +# Additional environment variables for the agent container. +# Like: +# - name: XXX +# value: "YYY" +# +# or reference to a secret or configmap: +# - name: SPECIAL_LEVEL_KEY +# valueFrom: +# configMapKeyRef: +# name: special-config +# key: special.how +# +# - name: SECRET_KEY +# valueFrom: +# secretKeyRef: +# name: secret-name +# key: secret.key +additionalEnv: [] + +# Additional volumes for the agent pod. +# extraVolumes: +# - name: config-volume +# configMap: +# name: special-config +extraVolumes: [] + +# Additional volume mounts for the agent container. +# extraVolumeMounts: +# - name: config-volume +# mountPath: /etc/special +# readOnly: true +extraVolumeMounts: [] + +# InitContainers for the agent pod. +# +# initContainers: +# - name: init-container +# image: busybox +# command: ["/bin/sh", "-c", "echo Hello World"] +initContainers: [] \ No newline at end of file