From 6b30c42a343207b5dcf7d53b821462738541b024 Mon Sep 17 00:00:00 2001 From: Andrea Stacchiotti Date: Tue, 4 Mar 2025 01:02:26 +0100 Subject: [PATCH 1/5] Allow static agents to be deployed as a StatefulSet And as a DaemonSet. Support specifying volumeClaimTemplates, which allow static agents to keep their identity at restart Documentation has been updated. --- gocd/Chart.yaml | 2 +- gocd/README.md | 84 +++++++++++++------ ...oyment.yaml => gocd-agent-controller.yaml} | 24 +++++- gocd/templates/gocd-agent-homego-pvc.yaml | 4 +- gocd/templates/gocd-agent-service.yaml | 22 +++++ gocd/values.yaml | 25 +++++- 6 files changed, 128 insertions(+), 33 deletions(-) rename gocd/templates/{gocd-agent-deployment.yaml => gocd-agent-controller.yaml} (91%) create mode 100644 gocd/templates/gocd-agent-service.yaml diff --git a/gocd/Chart.yaml b/gocd/Chart.yaml index 0e217d3..54598de 100644 --- a/gocd/Chart.yaml +++ b/gocd/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: gocd home: https://www.gocd.org/ -version: 2.12.1 +version: 2.13.0 appVersion: 25.1.0 description: GoCD is an open-source continuous delivery server to model and visualize complex workflows with ease. icon: https://gocd.github.io/assets/images/go-icon-black-192x192.png diff --git a/gocd/README.md b/gocd/README.md index 8147f6e..21a058f 100644 --- a/gocd/README.md +++ b/gocd/README.md @@ -74,7 +74,7 @@ The following tables list the configurable parameters of the GoCD chart and thei |----------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------| | `server.enabled` | Enable GoCD Server. Supported values are `true`, `false`. When enabled, the GoCD server deployment is done on helm install. | `true` | | `server.annotations.deployment` | GoCD server Deployment annotations. | `{}` | -| `server.annotations.pod ` | GoCD server Pod annotations. | `{}` | +| `server.annotations.pod` | GoCD server Pod annotations. | `{}` | | `server.shouldPreconfigure` | Preconfigure GoCD Server to have a default elastic agent profile and Kubernetes elastic agent plugin settings. Supported values are `true`, `false`. | `true` | | `server.preconfigureCommand` | Preconfigure GOCD Server with a custom command (shell,python, etc ...). Supported value is a list. | `["/bin/bash", "/preconfigure_server.sh"]` | | `server.preStop` | Perform cleanup and backup before stopping the gocd server. Supported value is a list. | `nil` | @@ -178,13 +178,17 @@ $ kubectl create secret generic gocd-server-ssh \ | Parameter | Description | Default | |---------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------| +| `agent.enabled` | Enable GoCD Agents. Supported values are `true`, `false`. | `true` | +| `agent.kind` | Controller used to deploy GoCD Agents. Use either `Deployment` (default), `StatefulSet` or `DaemonSet`. | `Deployment` | +| `agent.deployment.labels` | GoCD Agent Deployment labels. | `{}` | +| `agent.pod.labels` | GoCD Agent Pod labels. | `{}` | | `agent.annotations.deployment` | GoCD Agent Deployment annotations. | `{}` | -| `agent.annotations.pod ` | GoCD Agent Pod annotations. | `{}` | +| `agent.annotations.pod` | GoCD Agent Pod annotations. | `{}` | | `agent.replicaCount` | GoCD Agent replicas Count. By default, no agents are provided. | `0` | -| `agent.preStop ` | Perform cleanup and backup before stopping the gocd server. Supported value is a list. | `nil` | +| `agent.preStop` | Perform cleanup and backup before stopping the gocd server. Supported value is a list. | `nil` | | `agent.postStart` | Commands to run after agent startup. | `nil` | | `agent.terminationGracePeriodSeconds` | Optional duration in seconds the gocd agent pods need to terminate gracefully. | `nil` | -| `agent.deployStrategy` | GoCD Agent [deployment strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy). | `{}` | +| `agent.deployStrategy` | GoCD Agent [Deployment strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) or update strategy for StatefulSet/DaemonSet. | `{}` | | `agent.image.repository` | GoCD agent image | `gocd/gocd-agent-wolfi` | | `agent.image.tag` | GoCD agent image tag | `.Chart.appVersion` | | `agent.image.pullPolicy` | Image pull policy | `IfNotPresent` | @@ -268,7 +272,7 @@ The value pvSelector must be specified so that the right persistence volume will 2. Create the PersistentVolumeClaim 3. Install the chart -``` +```bash $ helm install --name gocd_app --set server.persistence.existingClaim=PVC_NAME stable/gocd ``` @@ -277,7 +281,7 @@ $ helm install --name gocd_app --set server.persistence.existingClaim=PVC_NAME s Additional volumes, such as `ConfigMaps` and `secrets`, can be mounted on the server and agent deployments. To mount a `secret`: -``` +```yaml persistence: enabled: true extraVolumeMounts: @@ -292,7 +296,7 @@ To mount a `secret`: ``` To mount a `ConfigMap` containing `/docker-entrypoint.d/` scripts: -``` +```yaml persistence: enabled: true name: @@ -344,11 +348,13 @@ property for your GoCD agents if necessary), further [documented here](https://k | `agent.persistence.accessMode` | The PVC access mode | `ReadWriteOnce` | | `agent.persistence.size` | The size of the PVC | `1Gi` | | `agent.persistence.storageClass` | The PVC storage class name | `nil` | -| `agent.persistence.pvSelector` | The godata Persistence Volume Selectors | `nil` | +| `agent.persistence.existingClaim` | Name of an existing PVC for gohome | `nil` | +| `agent.persistence.pvSelector` | The gohome Persistence Volume Selectors | `nil` | | `agent.persistence.name.dockerEntryPoint` | The Persitence Volume to mount at /docker-entrypoint.d/ | `goagent-vol` | | `agent.persistence.subpath.homego` | The /home/go path on Persistence Volume | `homego` | | `agent.persistence.subpath.dockerEntryPoint` | The /docker-entrypoint.d path on Persistence Volume | `scripts` | | `agent.persistence.extraVolumes` | Additional agent volumes | `[]` | +| `agent.persistence.volumeClaimTemplates` | Additional claim templates, if using a StatefulSet | `[]` | | `agent.persistence.extraVolumeMounts` | Additional agent volumeMounts | `[]` | ##### Note: @@ -358,11 +364,38 @@ property for your GoCD agents if necessary), further [documented here](https://k 1. That packages being cached here is shared between all the agents. 2. That all the agents sharing this directory are privy to all the secrets in `/home/go` +#### Achieve static agent identity persistence + +To persist the identity of an agent when the pod restarts, one needs to have the `/godata/config` to be hosted on a mount point. +If multiple agents need to be deployed, the best way to achieve it is to use the `volumeClaimTemplate` feature of `StatefulSet`, +then mounting the PVC at (or above) that path. + +Mounting the whole `/godata` also allows the pipelines and logs to be persisted, below is an example setup: + +```yaml +agent: + controller: + kind: "StatefulSet" + persistence: + volumeClaimTemplates: + - metadata: + name: godata + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: SIZE + storageClassName: NAME + extraVolumeMounts: + - name: godata + mountPath: /godata +``` + ## Init containers The GoCD helm chart supports specifying init containers for server and agents. This can for example be used to download `kubectl` or any other necessary ressources before starting GoCD: -``` +```yaml agent: persistence: extraVolumes: @@ -382,7 +415,6 @@ agent: workingDir: /download args: - 'curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x ./kubectl' -u ``` Depending on how long the init containers take to complete, it might be necessary to tweak the values of `server.healthCheck.initialDelaySeconds` or `agent.healthCheck.initialDelaySeconds`. @@ -419,11 +451,10 @@ If RBAC is enabled, If `rbac.create=false`, the service account that will be used, either the default or one that's created, will not have the cluster scope or pod privileges to use with the Kubernetes EA plugin. A cluster role binding must be created like below: -``` +```bash kubectl create clusterrolebinding clusterRoleBinding \ --clusterrole=CLUSTER_ROLE_WITH_NECESSARY_PRIVILEGES \ --serviceaccount=NAMESPACED_SERVICE_ACCOUNT - ``` #### Existing role references: @@ -438,10 +469,11 @@ helm install --namespace gocd --name gocd_app --set rbac.roleRef=ROLE_NAME stabl Service account can be configured specifically for agents. This configuration also allows for the reuse of the top level service account that is used to configure the server pod. The various settings and their possible states are described below: -| Parameter | Description | Default | -|----------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------| -| `agent.serviceAccount.reuseTopLevelServiceAccount` | Specifies whether the top level service account (also used by the server) should be reused as the service account for gocd agents | false | -| `agent.serviceAccount.name` | If reuseTopLevelServiceAccount is false, this field specifies the name of an existing service account to be associated with gocd agents. By default (name field is empty), no service account is created for gocd agents | `nil` | +| Parameter | Description | Default | +|-----------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------| +| `agent.serviceAccount.reuseTopLevelServiceAccount` | Specifies whether the top level service account (also used by the server) should be reused as the service account for gocd agents | false | +| `agent.serviceAccount.name` | If reuseTopLevelServiceAccount is false, this field specifies the name of an existing service account to be associated with gocd agents. By default (name field is empty), no service account is created for gocd agents | `nil` | +| `agent.serviceAccount.automountServiceAccountToken` | Specifies whether to automount the service account token in the GoCD Agent pods | false | Possible states: @@ -467,7 +499,7 @@ A basic [chart test](https://helm.sh/docs/topics/chart_tests/) is included in th - Add the .jar file link from the releases section in the plugin's repo to the env.extraEnvVars section as a new environment variable. The environment variable name must have GOCD_PLUGIN_INSTALL prefixed to it like the following section -``` +```yaml env: extraEnvVars: - name: GOCD_PLUGIN_INSTALL_email-notifier @@ -487,15 +519,15 @@ You can secure an Ingress by specifying a `secret` that contains a TLS private k Please refer to [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) about how to configure TLS. Many ingress controllers make configuring TLS easy with the use of annotations. You can use ingress annotations to configure some of the TLS parameters like a managed SSL certificate, redirecting http to https, etc. -| Parameter | Description | -|---------------------------------------------|-----------------------------------------------------------------------------------------------| -| ingress.kubernetes.io/force-ssl-redirect | Redirect non-TLS requests to TLS even when TLS is not configured. | -| kubernetes.io/ingress.allow-http | Whether to accept non-TLS HTTP connections. Supported on GCE. Default: true | -| alb.ingress.kubernetes.io/backend-protocol | Specifies the protocol used when route traffic to pods on EKS. | -| ingress.kubernetes.io/proxy-pass-params | Parameters for proxy-pass directives. | -| kubernetes.io/ingress.global-static-ip-name | Name of the static global IP address in GCP to use when provisioning the HTTPS load balancer. | -| networking.gke.io/managed-certificates | Name of the ManagedCertificate on GCP | -| alb.ingress.kubernetes.io/certificate-arn | Certificate arn on AWS Cert Manager | +| Parameter | Description | +|-----------------------------------------------|-----------------------------------------------------------------------------------------------| +| `ingress.kubernetes.io/force-ssl-redirect` | Redirect non-TLS requests to TLS even when TLS is not configured. | +| `kubernetes.io/ingress.allow-http` | Whether to accept non-TLS HTTP connections. Supported on GCE. Default: true | +| `alb.ingress.kubernetes.io/backend-protocol` | Specifies the protocol used when route traffic to pods on EKS. | +| `ingress.kubernetes.io/proxy-pass-params` | Parameters for proxy-pass directives. | +| `kubernetes.io/ingress.global-static-ip-name` | Name of the static global IP address in GCP to use when provisioning the HTTPS load balancer. | +| `networking.gke.io/managed-certificates` | Name of the ManagedCertificate on GCP | +| `alb.ingress.kubernetes.io/certificate-arn` | Certificate arn on AWS Cert Manager | Popular managed Kubernetes offerings like GKE, EKS, AKS etc provide a default ingress controller which supports many more annotations. diff --git a/gocd/templates/gocd-agent-deployment.yaml b/gocd/templates/gocd-agent-controller.yaml similarity index 91% rename from gocd/templates/gocd-agent-deployment.yaml rename to gocd/templates/gocd-agent-controller.yaml index e13dcc6..b13e1a0 100644 --- a/gocd/templates/gocd-agent-deployment.yaml +++ b/gocd/templates/gocd-agent-controller.yaml @@ -1,5 +1,6 @@ +{{- if .Values.agent.enabled -}} apiVersion: apps/v1 -kind: Deployment +kind: {{ .Values.agent.kind }} metadata: name: {{ template "gocd.fullname" . }}-agent labels: @@ -16,10 +17,22 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: + {{- if (eq .Values.agent.kind "StatefulSet") }} + serviceName: {{ template "gocd.fullname" . }}-agent + {{- end }} + {{- if not (eq .Values.agent.kind "DaemonSet") }} replicas: {{ .Values.agent.replicaCount }} - {{- if .Values.agent.deployStrategy }} + {{- end }} + {{- with .Values.agent.deployStrategy }} + {{- if (eq .Values.agent.kind "Deployment") }} strategy: -{{ toYaml .Values.agent.deployStrategy | indent 4 }} + {{- else }} + updateStrategy: + {{- end }} +{{ toYaml . | indent 4 }} + {{- end }} + {{- if (eq .Values.agent.kind "StatefulSet") }} + podManagementPolicy: Parallel {{- end }} selector: matchLabels: @@ -190,3 +203,8 @@ spec: hostAliases: {{ toYaml .Values.agent.hostAliases | indent 8 }} {{- end }} +{{- if and (eq .Values.agent.kind "StatefulSet") .Values.agent.persistence.volumeClaimTemplates }} + volumeClaimTemplates: +{{ toYaml .Values.agent.persistence.volumeClaimTemplates | indent 4 }} +{{- end }} +{{- end -}} diff --git a/gocd/templates/gocd-agent-homego-pvc.yaml b/gocd/templates/gocd-agent-homego-pvc.yaml index 1a3133f..a885315 100644 --- a/gocd/templates/gocd-agent-homego-pvc.yaml +++ b/gocd/templates/gocd-agent-homego-pvc.yaml @@ -1,6 +1,6 @@ -{{- if and .Values.agent.persistence.enabled (not .Values.agent.persistence.existingClaim) -}} -kind: PersistentVolumeClaim +{{- if and .Values.agent.enabled .Values.agent.persistence.enabled (not .Values.agent.persistence.existingClaim) -}} apiVersion: v1 +kind: PersistentVolumeClaim metadata: name: {{ template "gocd.fullname" . }}-agent labels: diff --git a/gocd/templates/gocd-agent-service.yaml b/gocd/templates/gocd-agent-service.yaml new file mode 100644 index 0000000..989e4bf --- /dev/null +++ b/gocd/templates/gocd-agent-service.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.agent.enabled (eq .Values.agent.kind "StatefulSet") -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "gocd.fullname" . }}-agent + labels: + app: {{ template "gocd.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + component: agent +spec: + clusterIP: None + ports: + - protocol: TCP + port: 8152 + targetPort: 8152 + selector: + app: {{ template "gocd.name" . }} + release: {{ .Release.Name | quote }} + component: agent +{{- end }} diff --git a/gocd/values.yaml b/gocd/values.yaml index 34fa9f1..987fa0e 100644 --- a/gocd/values.yaml +++ b/gocd/values.yaml @@ -255,6 +255,11 @@ server: defaultMode: agent: + # agent.enabled is the toggle to deploy static GoCD Agents. Change to false for Server Only Deployment. + enabled: true + # agent.kind is the type of controller used to deploy Agents. Use either Deployment (default), StatefulSet or DaemonSet + kind: "Deployment" + # specifies overrides for agent specific service account creation serviceAccount: # specifies whether the top level service account (also used by the server) should be reused as the service account for gocd agents @@ -262,6 +267,7 @@ agent: # if reuseTopLevelServiceAccount is false, this field specifies the name of an existing service account to be associated with gocd agents # If field is empty, the service account "default" will be used. name: + # agent.serviceAccount.automountServiceAccountToken specifies whether to automount the service account token in the GoCD Agent pods automountServiceAccountToken: false # agent.deployment.labels is the labels for the GoCD Agent Deployment @@ -298,10 +304,13 @@ agent: # postStart: # - "/bin/bash" # - "/agent_startup.sh" - # agent.deployStrategy is the strategy explained in detail at https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy # agent.terminationGracePeriodSeconds is the optional duration in seconds the gocd agent pods need to terminate gracefully. # Note: SIGTERM is issued immediately after the pod deletion request is sent. If the pod doesn't terminate, k8s waits for terminationGracePeriodSeconds before issuing SIGKILL. # terminationGracePeriodSeconds: 60 + # agent.deployStrategy depends on the controller kind, for deployments it's: + # https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + # and for StatefulSets it's: + # https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies deployStrategy: {} image: # agent.image.repository is the GoCD Agent image name @@ -370,8 +379,22 @@ agent: # secretName: github-key # defaultMode: 0744 + # agent.persistence.volumeClaimTemplates additional volumes dedicated to each replica + # when deployed as a StatefulSet + volumeClaimTemplates: [] + # - metadata: + # name: godata + # spec: + # accessModes: ["ReadWriteOnce"] + # resources: + # requests: + # storage: 1Gi + # storageClassName: storageClassName + # agent.persistence.extraVolumeMounts additional agent volumeMounts extraVolumeMounts: [] + # - name: godata + # mountPath: /godata # - name: github-key # mountPath: /etc/config/keys/ # readOnly: true From c3038bc055ca52d904366caa24e2ef11987b1eaa Mon Sep 17 00:00:00 2001 From: Chad Wilson Date: Thu, 6 Mar 2025 23:16:43 +0800 Subject: [PATCH 2/5] Clarify agent persistence docs --- gocd/README.md | 125 ++++++++++++++++++++++++------------------------- 1 file changed, 62 insertions(+), 63 deletions(-) diff --git a/gocd/README.md b/gocd/README.md index 21a058f..83b1881 100644 --- a/gocd/README.md +++ b/gocd/README.md @@ -76,7 +76,7 @@ The following tables list the configurable parameters of the GoCD chart and thei | `server.annotations.deployment` | GoCD server Deployment annotations. | `{}` | | `server.annotations.pod` | GoCD server Pod annotations. | `{}` | | `server.shouldPreconfigure` | Preconfigure GoCD Server to have a default elastic agent profile and Kubernetes elastic agent plugin settings. Supported values are `true`, `false`. | `true` | -| `server.preconfigureCommand` | Preconfigure GOCD Server with a custom command (shell,python, etc ...). Supported value is a list. | `["/bin/bash", "/preconfigure_server.sh"]` | +| `server.preconfigureCommand` | Preconfigure GoCD Server with a custom command (shell,python, etc ...). Supported value is a list. | `["/bin/bash", "/preconfigure_server.sh"]` | | `server.preStop` | Perform cleanup and backup before stopping the gocd server. Supported value is a list. | `nil` | | `server.terminationGracePeriodSeconds` | Optional duration in seconds the gocd server pod needs to terminate gracefully. | `nil` | | `server.image.repository` | GoCD server image | `gocd/gocd-server` | @@ -176,51 +176,51 @@ $ kubectl create secret generic gocd-server-ssh \ *Note: This is only for static gocd agents brought up in the cluster via the helm chart. The elastic agent pods need to be separately configured using [elastic agent profiles](https://docs.gocd.org/current/configuration/elastic_agents.html#elastic-agent-profile)* -| Parameter | Description | Default | -|---------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------| -| `agent.enabled` | Enable GoCD Agents. Supported values are `true`, `false`. | `true` | -| `agent.kind` | Controller used to deploy GoCD Agents. Use either `Deployment` (default), `StatefulSet` or `DaemonSet`. | `Deployment` | -| `agent.deployment.labels` | GoCD Agent Deployment labels. | `{}` | -| `agent.pod.labels` | GoCD Agent Pod labels. | `{}` | -| `agent.annotations.deployment` | GoCD Agent Deployment annotations. | `{}` | -| `agent.annotations.pod` | GoCD Agent Pod annotations. | `{}` | -| `agent.replicaCount` | GoCD Agent replicas Count. By default, no agents are provided. | `0` | -| `agent.preStop` | Perform cleanup and backup before stopping the gocd server. Supported value is a list. | `nil` | -| `agent.postStart` | Commands to run after agent startup. | `nil` | -| `agent.terminationGracePeriodSeconds` | Optional duration in seconds the gocd agent pods need to terminate gracefully. | `nil` | -| `agent.deployStrategy` | GoCD Agent [Deployment strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) or update strategy for StatefulSet/DaemonSet. | `{}` | -| `agent.image.repository` | GoCD agent image | `gocd/gocd-agent-wolfi` | -| `agent.image.tag` | GoCD agent image tag | `.Chart.appVersion` | -| `agent.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `agent.image.pullSecrets` | Image pull secrets for private registries | `[]` | -| `agent.resources` | GoCD agent resource requests and limits | `{}` | -| `agent.initContainers` | GoCD agent init containers | `[]` | -| `agent.restartPolicy` | GoCD agent restart policy | `Always` | -| `agent.nodeSelector` | GoCD agent nodeSelector for pod labels | `{}` | -| `agent.affinity` | GoCD agent affinity | `{}` | -| `agent.tolerations` | GoCD agent tolerations | `{}` | -| `agent.env.goServerUrl` | GoCD Server Url. If nil, discovers the GoCD server service if its available on the Kubernetes cluster | `nil` | -| `agent.env.agentAutoRegisterKey` | GoCD Agent autoregister key | `nil` | -| `agent.env.agentAutoRegisterResources` | Comma separated list of GoCD Agent resources | `nil` | -| `agent.env.agentAutoRegisterEnvironments` | Comma separated list of GoCD Agent environments | `nil` | -| `agent.env.agentAutoRegisterHostname` | GoCD Agent hostname | `nil` | -| `agent.env.goAgentBootstrapperArgs` | GoCD Agent Bootstrapper Args. It can be used to [Configure end-to-end transport security](https://docs.gocd.org/current/installation/ssl_tls/end_to_end_transport_security.html) | `nil` | -| `agent.env.goAgentBootstrapperJvmArgs` | GoCD Agent Bootstrapper JVM Args. | `nil` | -| `agent.env.goAgentJvmOpts` | GoCD Agent JVM arguments | `nil` | -| `agent.env.extraEnvVars` | GoCD Agent extra Environment variables | `nil` | -| `agent.privileged` | Run container in privileged mode (needed for DinD, Docker-in-Docker agents) | `false` | -| `agent.healthCheck.enabled` | Enable use of GoCD agent health checks. | `false` | -| `agent.healthCheck.initialDelaySeconds` | GoCD agent start up time. | `60` | -| `agent.healthCheck.periodSeconds` | GoCD agent health check interval period. | `60` | -| `agent.healthCheck.failureThreshold` | GoCD agent health check failure threshold. Number of unsuccessful attempts made to the GoCD server health check endpoint before restarting. | `60` | -| `agent.hostAliases` | Aliases for IPs in /etc/hosts | `[]` | -| `agent.security.ssh.enabled` | Enable the use of SSH keys for GoCD agent | `false` | -| `agent.security.ssh.secretName` | The name of the secret holding the SSH keys | `gocd-agent-ssh` | -| `agent.security.ssh.defaultMode` | Permissions of files in ~/.ssh directory | `256` | -| `agent.securityContext.runAsUser` | The container user for all the GoCD agent pods. | `1000` | -| `agent.securityContext.runAsGroup` | The container group for all the GoCD agent pods. | `0` | -| `agent.securityContext.fsGroup` | The container supplementary group for all the GoCD agent pods. | `0` | -| `agent.securityContext.fsGroupChangePolicy` | The policy for checking fsGroup permissions on GoCD agent pods | `OnRootMismatch` | +| Parameter | Description | Default | +|---------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------| +| `agent.enabled` | Enable GoCD static (non-elastic) agents. Supported values are `true`, `false`. | `true` | +| `agent.kind` | Controller used to deploy GoCD Agents. Use either `Deployment` (default), `StatefulSet` or `DaemonSet`. | `Deployment` | +| `agent.deployment.labels` | GoCD Agent Deployment labels. | `{}` | +| `agent.pod.labels` | GoCD Agent Pod labels. | `{}` | +| `agent.annotations.deployment` | GoCD Agent Deployment annotations. | `{}` | +| `agent.annotations.pod` | GoCD Agent Pod annotations. | `{}` | +| `agent.replicaCount` | GoCD Agent replicas Count. By default, no agents are provided. | `0` | +| `agent.preStop` | Perform cleanup and backup before stopping the gocd server. Supported value is a list. | `nil` | +| `agent.postStart` | Commands to run after agent startup. | `nil` | +| `agent.terminationGracePeriodSeconds` | Optional duration in seconds the gocd agent pods need to terminate gracefully. | `nil` | +| `agent.deployStrategy` | GoCD Agent [`Deployment` strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) or [`StatefulSet`/`DaemonSet` updateStrategy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies) depending on `agemt.kind`. | `{}` | +| `agent.image.repository` | GoCD agent image | `gocd/gocd-agent-wolfi` | +| `agent.image.tag` | GoCD agent image tag | `.Chart.appVersion` | +| `agent.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `agent.image.pullSecrets` | Image pull secrets for private registries | `[]` | +| `agent.resources` | GoCD agent resource requests and limits | `{}` | +| `agent.initContainers` | GoCD agent init containers | `[]` | +| `agent.restartPolicy` | GoCD agent restart policy | `Always` | +| `agent.nodeSelector` | GoCD agent nodeSelector for pod labels | `{}` | +| `agent.affinity` | GoCD agent affinity | `{}` | +| `agent.tolerations` | GoCD agent tolerations | `{}` | +| `agent.env.goServerUrl` | GoCD Server Url. If nil, discovers the GoCD server service if its available on the Kubernetes cluster | `nil` | +| `agent.env.agentAutoRegisterKey` | GoCD Agent autoregister key | `nil` | +| `agent.env.agentAutoRegisterResources` | Comma separated list of GoCD Agent resources | `nil` | +| `agent.env.agentAutoRegisterEnvironments` | Comma separated list of GoCD Agent environments | `nil` | +| `agent.env.agentAutoRegisterHostname` | GoCD Agent hostname | `nil` | +| `agent.env.goAgentBootstrapperArgs` | GoCD Agent Bootstrapper Args. It can be used to [Configure end-to-end transport security](https://docs.gocd.org/current/installation/ssl_tls/end_to_end_transport_security.html) | `nil` | +| `agent.env.goAgentBootstrapperJvmArgs` | GoCD Agent Bootstrapper JVM Args. | `nil` | +| `agent.env.goAgentJvmOpts` | GoCD Agent JVM arguments | `nil` | +| `agent.env.extraEnvVars` | GoCD Agent extra Environment variables | `nil` | +| `agent.privileged` | Run container in privileged mode (needed for DinD, Docker-in-Docker agents) | `false` | +| `agent.healthCheck.enabled` | Enable use of GoCD agent health checks. | `false` | +| `agent.healthCheck.initialDelaySeconds` | GoCD agent start up time. | `60` | +| `agent.healthCheck.periodSeconds` | GoCD agent health check interval period. | `60` | +| `agent.healthCheck.failureThreshold` | GoCD agent health check failure threshold. Number of unsuccessful attempts made to the GoCD server health check endpoint before restarting. | `60` | +| `agent.hostAliases` | Aliases for IPs in /etc/hosts | `[]` | +| `agent.security.ssh.enabled` | Enable the use of SSH keys for GoCD agent | `false` | +| `agent.security.ssh.secretName` | The name of the secret holding the SSH keys | `gocd-agent-ssh` | +| `agent.security.ssh.defaultMode` | Permissions of files in ~/.ssh directory | `256` | +| `agent.securityContext.runAsUser` | The container user for all the GoCD agent pods. | `1000` | +| `agent.securityContext.runAsGroup` | The container group for all the GoCD agent pods. | `0` | +| `agent.securityContext.fsGroup` | The container supplementary group for all the GoCD agent pods. | `0` | +| `agent.securityContext.fsGroupChangePolicy` | The policy for checking fsGroup permissions on GoCD agent pods | `OnRootMismatch` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. @@ -342,26 +342,26 @@ property for your GoCD agents if necessary), further [documented here](https://k ### Agent persistence Values -| Parameter | Description | Default | -|----------------------------------------------|---------------------------------------------------------|-----------------| -| `agent.persistence.enabled` | Enable the use of a GoCD agent PVC | `false` | -| `agent.persistence.accessMode` | The PVC access mode | `ReadWriteOnce` | -| `agent.persistence.size` | The size of the PVC | `1Gi` | -| `agent.persistence.storageClass` | The PVC storage class name | `nil` | -| `agent.persistence.existingClaim` | Name of an existing PVC for gohome | `nil` | -| `agent.persistence.pvSelector` | The gohome Persistence Volume Selectors | `nil` | -| `agent.persistence.name.dockerEntryPoint` | The Persitence Volume to mount at /docker-entrypoint.d/ | `goagent-vol` | -| `agent.persistence.subpath.homego` | The /home/go path on Persistence Volume | `homego` | -| `agent.persistence.subpath.dockerEntryPoint` | The /docker-entrypoint.d path on Persistence Volume | `scripts` | -| `agent.persistence.extraVolumes` | Additional agent volumes | `[]` | -| `agent.persistence.volumeClaimTemplates` | Additional claim templates, if using a StatefulSet | `[]` | -| `agent.persistence.extraVolumeMounts` | Additional agent volumeMounts | `[]` | +| Parameter | Description | Default | +|----------------------------------------------|------------------------------------------------------------------|-----------------| +| `agent.persistence.enabled` | Enable the use of a GoCD agent PVC for home directory (/home/go) | `false` | +| `agent.persistence.accessMode` | `/home/go` PVC access mode | `ReadWriteOnce` | +| `agent.persistence.size` | `/home/go` PVC size | `1Gi` | +| `agent.persistence.storageClass` | `/home/go` PVC storage class name | `nil` | +| `agent.persistence.existingClaim` | `/home/go` Name of an existing PVC to re-use | `nil` | +| `agent.persistence.pvSelector` | `/home/go` Persistence Volume Selectors | `nil` | +| `agent.persistence.name.dockerEntryPoint` | Name of the PV to mount at /docker-entrypoint.d/ | `goagent-vol` | +| `agent.persistence.subpath.homego` | The `/home/go` path on Persistence Volume | `homego` | +| `agent.persistence.subpath.dockerEntryPoint` | The /docker-entrypoint.d path on Persistence Volume | `scripts` | +| `agent.persistence.extraVolumes` | Additional agent volumes | `[]` | +| `agent.persistence.extraVolumeMounts` | Additional agent volumeMounts | `[]` | +| `agent.persistence.volumeClaimTemplates` | Additional claim templates, if using agent.kind=StatefulSet | `[]` | ##### Note: `/home/go` directory shared between multiple agents implies: -1. That packages being cached here is shared between all the agents. +1. That packages being cached here are shared between all the agents. 2. That all the agents sharing this directory are privy to all the secrets in `/home/go` #### Achieve static agent identity persistence @@ -374,8 +374,7 @@ Mounting the whole `/godata` also allows the pipelines and logs to be persisted, ```yaml agent: - controller: - kind: "StatefulSet" + kind: "StatefulSet" persistence: volumeClaimTemplates: - metadata: From 64a35a74d8827e557c6aab0f6e52bd73a9d16bf5 Mon Sep 17 00:00:00 2001 From: Chad Wilson Date: Thu, 6 Mar 2025 23:29:13 +0800 Subject: [PATCH 3/5] Remove unnecessary service --- gocd/templates/gocd-agent-service.yaml | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 gocd/templates/gocd-agent-service.yaml diff --git a/gocd/templates/gocd-agent-service.yaml b/gocd/templates/gocd-agent-service.yaml deleted file mode 100644 index 989e4bf..0000000 --- a/gocd/templates/gocd-agent-service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and .Values.agent.enabled (eq .Values.agent.kind "StatefulSet") -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "gocd.fullname" . }}-agent - labels: - app: {{ template "gocd.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - component: agent -spec: - clusterIP: None - ports: - - protocol: TCP - port: 8152 - targetPort: 8152 - selector: - app: {{ template "gocd.name" . }} - release: {{ .Release.Name | quote }} - component: agent -{{- end }} From 75a4dafb67f2dc27f32335aa0da1083c1d198593 Mon Sep 17 00:00:00 2001 From: Chad Wilson Date: Thu, 6 Mar 2025 23:30:28 +0800 Subject: [PATCH 4/5] Add changelog --- gocd/CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gocd/CHANGELOG.md b/gocd/CHANGELOG.md index c4de1e4..dbfb62c 100644 --- a/gocd/CHANGELOG.md +++ b/gocd/CHANGELOG.md @@ -1,3 +1,5 @@ +### 2.13.0 +* Add support for modelling static agents as StatefulSets (thanks to @12345ieee) ### 2.12.1 * Bump pre-installed plugins to latest patched versions (thanks to @chadlwilson) ### 2.12.0 From d1a67fa7587b41522ff6cb4592b3211b18dc09b3 Mon Sep 17 00:00:00 2001 From: Chad Wilson Date: Thu, 6 Mar 2025 23:45:43 +0800 Subject: [PATCH 5/5] Correct bug in use of `strategy`/`updateStrategy` --- gocd/templates/gocd-agent-controller.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gocd/templates/gocd-agent-controller.yaml b/gocd/templates/gocd-agent-controller.yaml index b13e1a0..5000280 100644 --- a/gocd/templates/gocd-agent-controller.yaml +++ b/gocd/templates/gocd-agent-controller.yaml @@ -24,7 +24,7 @@ spec: replicas: {{ .Values.agent.replicaCount }} {{- end }} {{- with .Values.agent.deployStrategy }} - {{- if (eq .Values.agent.kind "Deployment") }} + {{- if (eq $.Values.agent.kind "Deployment") }} strategy: {{- else }} updateStrategy: