feat: Docker registry mirror (actions#478)

Changes:

- Switched to use `jq` in startup.sh
- Enable docker registry mirror configuration which is useful when e.g. avoiding the Docker Hub rate-limiting

Check actions#478 for how this feature is tested and supposed to be used.

CONTRIBUTING.md

@@ -1,6 +1,6 @@
 # Contributing
 
-### Helm Verison Bumps
+### Helm Version Bumps
 
 **Chart Version :** When bumping the chart version follow semantic versioning https://semver.org/<br />
 **App Version :** When bumping the app version you will also need to bump the chart verison too. Again, follow semantic verisoning when bumping the chart.

README.md

@@ -591,6 +591,8 @@ spec:
       # false (default) = Docker support is provided by a sidecar container deployed in the runner pod.
       # true = No docker sidecar container is deployed in the runner pod but docker can be used within teh runner container instead. The image summerwind/actions-runner-dind is used by default.
       dockerdWithinRunnerContainer: true
+      # Optional Docker registry mirror, only applicable if dockerdWithinRunnerContainer = true
+      dockerRegistryMirror: https://mirror.gcr.io/
       # Docker sidecar container image tweaks examples below, only applicable if dockerdWithinRunnerContainer = false
       dockerdContainerResources:
         limits:

api/v1alpha1/runner_types.go

@@ -18,6 +18,7 @@ package v1alpha1
 
 import (
 	"errors"
+
 	"k8s.io/apimachinery/pkg/api/resource"
 
 	corev1 "k8s.io/api/core/v1"
@@ -98,6 +99,8 @@ type RunnerSpec struct {
 	// +optional
 	DockerMTU *int64 `json:"dockerMTU,omitempty"`
 	// +optional
+	DockerRegistryMirror *string `json:"dockerRegistryMirror,omitempty"`
+	// +optional
 	HostAliases []corev1.HostAlias `json:"hostAliases,omitempty"`
 	// +optional
 	VolumeSizeLimit *resource.Quantity `json:"volumeSizeLimit,omitempty"`

charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml

@@ -436,6 +436,8 @@ spec:
                     dockerMTU:
                       format: int64
                       type: integer
+                    dockerRegistryMirror:
+                      type: string
                     dockerVolumeMounts:
                       items:
                         description: VolumeMount describes a mounting of a Volume within a container.

charts/actions-runner-controller/crds/actions.summerwind.dev_runnerreplicasets.yaml

@@ -436,6 +436,8 @@ spec:
                     dockerMTU:
                       format: int64
                       type: integer
+                    dockerRegistryMirror:
+                      type: string
                     dockerVolumeMounts:
                       items:
                         description: VolumeMount describes a mounting of a Volume within a container.

charts/actions-runner-controller/crds/actions.summerwind.dev_runners.yaml

@@ -401,6 +401,8 @@ spec:
             dockerMTU:
               format: int64
               type: integer
+            dockerRegistryMirror:
+              type: string
             dockerVolumeMounts:
               items:
                 description: VolumeMount describes a mounting of a Volume within a container.

config/crd/bases/actions.summerwind.dev_runnerdeployments.yaml

@@ -436,6 +436,8 @@ spec:
                     dockerMTU:
                       format: int64
                       type: integer
+                    dockerRegistryMirror:
+                      type: string
                     dockerVolumeMounts:
                       items:
                         description: VolumeMount describes a mounting of a Volume within a container.

config/crd/bases/actions.summerwind.dev_runnerreplicasets.yaml

@@ -436,6 +436,8 @@ spec:
                     dockerMTU:
                       format: int64
                       type: integer
+                    dockerRegistryMirror:
+                      type: string
                     dockerVolumeMounts:
                       items:
                         description: VolumeMount describes a mounting of a Volume within a container.

config/crd/bases/actions.summerwind.dev_runners.yaml

@@ -401,6 +401,8 @@ spec:
             dockerMTU:
               format: int64
               type: integer
+            dockerRegistryMirror:
+              type: string
             dockerVolumeMounts:
               items:
                 description: VolumeMount describes a mounting of a Volume within a container.

controllers/runner_controller.go

@@ -635,6 +635,15 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 		}...)
 	}
 
+	if mirror := runner.Spec.DockerRegistryMirror; mirror != nil && dockerdInRunner {
+		pod.Spec.Containers[0].Env = append(pod.Spec.Containers[0].Env, []corev1.EnvVar{
+			{
+				Name:  "DOCKER_REGISTRY_MIRROR",
+				Value: *runner.Spec.DockerRegistryMirror,
+			},
+		}...)
+	}
+
 	//
 	// /runner must be generated on runtime from /runnertmp embedded in the container image.
 	//
@@ -758,6 +767,11 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 			)
 		}
 
+		if mirror := runner.Spec.DockerRegistryMirror; mirror != nil {
+			pod.Spec.Containers[1].Args = append(pod.Spec.Containers[1].Args,
+				fmt.Sprintf("--registry-mirror=%s", *runner.Spec.DockerRegistryMirror),
+			)
+		}
 	}
 
 	if len(runner.Spec.Containers) != 0 {

runner/startup.sh

@@ -20,21 +20,17 @@ function wait_for_process () {
 sudo /bin/bash <<SCRIPT
 mkdir -p /etc/docker
 
-cat <<EOS > /etc/docker/daemon.json
-{
-EOS
+echo "{}" > /etc/docker/daemon.json
 
 if [ -n "${MTU}" ]; then
-cat <<EOS >> /etc/docker/daemon.json
-  "mtu": ${MTU}
-EOS
+jq ".\"mtu\" = ${MTU}" /etc/docker/daemon.json > /tmp/.daemon.json && mv /tmp/.daemon.json /etc/docker/daemon.json
 # See https://docs.docker.com/engine/security/rootless/
 echo "environment=DOCKERD_ROOTLESS_ROOTLESSKIT_MTU=${MTU}" >> /etc/supervisor/conf.d/dockerd.conf
 fi
 
-cat <<EOS >> /etc/docker/daemon.json
-}
-EOS
+if [ -n "${DOCKER_REGISTRY_MIRROR}" ]; then
+jq ".\"registry-mirrors\"[0] = \"${DOCKER_REGISTRY_MIRROR}\"" /etc/docker/daemon.json > /tmp/.daemon.json && mv /tmp/.daemon.json /etc/docker/daemon.json
+fi
 SCRIPT
 
 INFO "Using /etc/docker/daemon.json with the following content"