In this post, i will guide you to install self-hosted github action runner, then setup a simple workflow to run some command on that runner. To setup github action self-hosted runner, we will use action-runner-controller. I will use minikube and create a private repository on github for demo purpose. The runner controller will use Personal Access Token to authenticate with Github API.
1. Create Personal Access Token (PAT).
Go to https://github.com/settings/tokens?type=beta and create a PAT with the following repository permission.
- Read access to discussions, issues, merge queues, metadata, repository hooks, and secrets
- Read and Write access to actions, administration, code, commit statuses, deployments, environments, pull requests, and workflows
![](https://blog.shiftasia.com/content/images/2023/02/Screenshot-2023-02-07-at-20.44.45.png)
2. Setup Action Runner Controller
For this part, we will use helm
and follow this instruction. Run the following command to install controller and their dependency.
2.1 Install cert-manager in your cluster
Add the Helm repository
helm repo add jetstack https://charts.jetstack.io
Update your local Helm chart repository cache:
helm repo update
Install cert-manager
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.11.0 \
--set installCRDs=true
![](https://blog.shiftasia.com/content/images/2023/02/Screenshot-2023-02-07-at-14.25.40.png)
2.2 Install Action Runner Controller
Add the helm repository
helm repo add actions-runner-controller https://actions-runner-controller.github.io/actions-runner-controller
Update local chart
helm repo update
Install controller, replace your PAT.
helm upgrade --install --namespace actions-runner-system --create-namespace\
--set=authSecret.create=true\
--set=authSecret.github_token="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"\
--wait actions-runner-controller actions-runner-controller/actions-runner-controller
![](https://blog.shiftasia.com/content/images/2023/02/Screenshot-2023-02-07-at-14.30.08-1.png)
2.3 Create Runner Deployment
Create service account for runner. For demo purpose, i will create a service account and binding cluster admin role to this service account. The content of service-account.yaml
is same as below.
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: default
name: github-runner-api-sa
automountServiceAccountToken: true
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: github-runner-api-cluster-role-binding
namespace: default
subjects:
- kind: ServiceAccount
name: github-runner-api-sa
namespace: default
apiGroup: ""
roleRef:
kind: ClusterRole
name: admin
apiGroup: rbac.authorization.k8s.io
kubectl create -f service-account.yaml
![](https://blog.shiftasia.com/content/images/2023/02/image.png)
Create RunnerDeployment
resource. The content for runner.yaml
is same as below.
You need to modify repository
and labels
to match with your repository.
apiVersion: actions.summerwind.dev/v1alpha1
kind: RunnerDeployment
metadata:
name: github-runner-api
namespace: default
spec:
replicas: 1
template:
spec:
serviceAccountName: github-runner-api-sa
automountServiceAccountToken: true
image: summerwind/actions-runner-dind
dockerdWithinRunnerContainer: true
labels:
- k8s-api
repository: prjmpkcopper/k8s-runner-test
workVolumeClaimTemplate:
storageClassName: "standard"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
env: []
kubectl create -f runner.yaml
![](https://blog.shiftasia.com/content/images/2023/02/Screenshot-2023-02-07-at-14.42.00.png)
2.4 Check runner status
Run the below command to list and check status of this runner.
kubectl get runner
![](https://blog.shiftasia.com/content/images/2023/02/Screenshot-2023-02-07-at-14.43.12.png)
After waiting for a while, you will see our self-hosted runner on GitHub. Our runner has k8s-api
label, we will use this in workflows.
![](https://blog.shiftasia.com/content/images/2023/02/image-1.png)
3. Setup demo workflows
I will create a simple workflows, we will have one job to list all pod on k8s cluster. The content is same as below.
name: Auto Build/Deploy
on:
push:
branches:
- "*"
jobs:
build:
name: Build
runs-on:
- self-hosted
- k8s-api
steps:
- name: Get Pods
run: |
set -ex
cd $HOME
wget https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl
chmod +x ./kubectl
./kubectl auth can-i get pods
./kubectl get pods -A
Push code to Github and open action tab, you will see our runner is running.
![](https://blog.shiftasia.com/content/images/2023/02/Screenshot-2023-02-07-at-14.57.24.png)
View the Build
job.
![](https://blog.shiftasia.com/content/images/2023/02/Screenshot-2023-02-07-at-14.57.50.png)
Check the get pods
step.
![](https://blog.shiftasia.com/content/images/2023/02/Screenshot-2023-02-07-at-14.58.07.png)
That is, we already able to create GitHub action self-hosted runner. Thank for reading.