Update Chart for SSH reruns open preview

CircleCI-Public · Dec 8, 2023 · 83b81b2 · 83b81b2
1 parent 47f6ea9
commit 83b81b2
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 23 deletions.
diff --git a/Chart.yaml b/Chart.yaml
@@ -4,5 +4,5 @@ description: For deploying a CircleCI Container Agent
 icon: https://raw.githubusercontent.com/circleci/media/master/logo/build/horizontal_dark.1.png
 type: application
 
-version: "101.0.16"
+version: "101.0.17"
 appVersion: "3"
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 For deploying a CircleCI Container Agent
 
-![Version: 101.0.16](https://img.shields.io/badge/Version-101.0.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3](https://img.shields.io/badge/AppVersion-3-informational?style=flat-square)
+![Version: 101.0.17](https://img.shields.io/badge/Version-101.0.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3](https://img.shields.io/badge/AppVersion-3-informational?style=flat-square)
 
 ## Contributing
 
@@ -83,12 +83,12 @@ The command removes all the Kubernetes objects associated with the chart and del
 | agent.resourceClasses | object | `{}` | Resource class settings. The tokens specified here will be used to claim tasks & the tasks will be launched with the configured configs Ref: https://circleci.com/docs/container-runner/#resource-class-configuration-custom-pod |
 | agent.resources | object | `{}` | Agent pod resource configuration Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
 | agent.runnerAPI | string | `"https://runner.circleci.com"` | CircleCI Runner API URL |
-| agent.ssh.controllerName | string | `"gateway.envoyproxy.io/gatewayclass-controller"` | The name of the infrastructure provider for the SSH rerun Gateway (see: https://gateway-api.sigs.k8s.io/implementations/). SSH reruns depend on the TCPRoute resource, so only implementations that support it are compatible at this time. Please consult the documentation for your preferred Gateway implementation for guidance on setting it up in your cluster. The Envoy Gateway has been successfully tested for SSH reruns (see: https://gateway.envoyproxy.io/latest/user/tcp-routing/). |
-| agent.ssh.enabled | bool | `false` | Controls whether to enable SSH reruns (see: https://circleci.com/docs/ssh-access-jobs/). Note that enabling SSH reruns will install additional resources to your cluster. Notably, SSH reruns requires the Kubernetes Gateway API (see: https://gateway-api.sigs.k8s.io/). |
-| agent.ssh.existingGatewayClassName | string | `""` | Alternatively, you can provide an existing GatewayClass name instead of creating a new one. The GatewayClass resource is a cluster-scoped resource defined by the infrastructure provider, so you may want to manage this resource externally. Note: Configuration specific to SSH reruns is defined in the namespace-scoped Gateway resource. For more information, see: https://gateway-api.sigs.k8s.io/api-types/gatewayclass/#gatewayclass |
-| agent.ssh.numPorts | int | `20` |  |
-| agent.ssh.parametersRef | object | `{}` | Specify controller-specific configuration for the Gateway. For more information, see: https://gateway-api.sigs.k8s.io/api-types/gatewayclass/#gatewayclass-parameters |
-| agent.ssh.startPort | int | `54782` | Specify the port range that is approved for SSH connections. Note that the number of concurrent jobs rerun with SSH is limited by the number of ports in this range. |
+| agent.ssh.controllerName | string | `"gateway.envoyproxy.io/gatewayclass-controller"` | The name of the [Gateway controller](https://gateway-api.sigs.k8s.io/guides/#installing-a-gateway-controller). The rerun jobs with SSH feature relies on [Gateway API](https://gateway-api.sigs.k8s.io/) and its [TCPRoute](https://gateway-api.sigs.k8s.io/guides/tcp/) resource for SSH access, which requires additional setup of a compatible Gateway controller that supports TCP routing. CircleCI currently recommends [Envoy Gateway](https://gateway.envoyproxy.io/) as a Gateway Controller for this. To set it up, [read the docs](https://circleci.com/docs/container-runner-installation/#1-install-envoy-gateway-to-your-cluster). |
+| agent.ssh.enabled | bool | `false` | Enable [rerunning jobs with SSH](https://circleci.com/docs/ssh-access-jobs/). For instructions on how to set up this feature, [read the docs](https://circleci.com/docs/container-runner-installation/#enable-rerun-job-with-ssh). |
+| agent.ssh.existingGatewayClassName | string | `""` | Option to use an existing GatewayClass instead of creating a new one. The GatewayClass is a cluster-scoped resource defined by the infrastructure provider, which you may wish to manage externally. Note that the configuration specific to SSH routing is defined in the namespace-scoped Gateway resource. For further information, see the [Gateway API reference](https://gateway-api.sigs.k8s.io/api-types/gatewayclass/#gatewayclass), and the documentation for the Gateway controller specified by `agent.ssh.controllerName`. |
+| agent.ssh.numPorts | int | `20` | Specify the total number of ports for SSH. This, along with `agent.ssh.startPort`, sets the port range. Note that the number of concurrent jobs rerun using SSH will be limited by the size of this range. |
+| agent.ssh.parametersRef | object | `{}` | Specify controller-specific configuration for the GatewayClass. For details, refer to the [Gateway API reference](https://gateway-api.sigs.k8s.io/api-types/gatewayclass/#gatewayclass-parameters), and the documentation for the Gateway controller specified by `agent.ssh.controllerName`. |
+| agent.ssh.startPort | int | `54782` | Define the start port for SSH. This, combined with `agent.ssh.numPorts`, is used to define a range of ports. Be aware that you may need to configure your firewall or security groups to allow this port range. |
 | agent.terminationGracePeriodSeconds | int | `18300` | Tasks are drained during the termination grace period, so this should be sufficiently long relative to the maximum run time to ensure graceful shutdown |
 | agent.tolerations | list | `[]` | Node tolerations for agent scheduling to nodes with taints Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ |
 | logging | object | `{"image":{"registry":"","repository":"circleci/logging-collector","tag":3},"rbac":{"create":true,"role":{"name":"logging-collector","rules":[]}},"serviceAccount":{"annotations":{},"create":true,"name":"logging-collector","secret":{"name":"logging-collector-token"}}}` | Configuration values for the logging containers. These containers run alongside service containers and stream their logs to the CircleCI UI |

diff --git a/changelog.md b/changelog.md
@@ -2,6 +2,10 @@
 
 This is the Container Agent Helm Chart changelog
 
+# 101.0.17
+
+- [#37](https://github.com/CircleCI-Public/container-runner-helm-chart/pull/37) Update the values file and README for the SSH reruns [open preview](https://circleci.com/docs/container-runner-installation/#enable-rerun-job-with-ssh).
+
 # 101.0.16
 
 - [#36](https://github.com/CircleCI-Public/container-runner-helm-chart/pull/36) Add field to set arbitrary environment variables for container-agent

diff --git a/values.yaml b/values.yaml
@@ -208,28 +208,36 @@ agent:
     interval: 15m
 
   ssh:
-    # -- Controls whether to enable SSH reruns (see: https://circleci.com/docs/ssh-access-jobs/).
-    # Note that enabling SSH reruns will install additional resources to your cluster. Notably,
-    # SSH reruns requires the Kubernetes Gateway API (see: https://gateway-api.sigs.k8s.io/).
+    # -- Enable [rerunning jobs with SSH](https://circleci.com/docs/ssh-access-jobs/).
+    # For instructions on how to set up this feature, [read the docs](https://circleci.com/docs/container-runner-installation/#enable-rerun-job-with-ssh).
     enabled: false
 
-    # -- The name of the infrastructure provider for the SSH rerun Gateway (see: https://gateway-api.sigs.k8s.io/implementations/).
-    # SSH reruns depend on the TCPRoute resource, so only implementations that support it are compatible at this time.
-    # Please consult the documentation for your preferred Gateway implementation for guidance on setting it up in your cluster.
-    # The Envoy Gateway has been successfully tested for SSH reruns (see: https://gateway.envoyproxy.io/latest/user/tcp-routing/).
+    # -- The name of the [Gateway controller](https://gateway-api.sigs.k8s.io/guides/#installing-a-gateway-controller).
+    # The rerun jobs with SSH feature relies on [Gateway API](https://gateway-api.sigs.k8s.io/)
+    # and its [TCPRoute](https://gateway-api.sigs.k8s.io/guides/tcp/) resource for SSH access,
+    # which requires additional setup of a compatible Gateway controller that supports TCP routing.
+    # CircleCI currently recommends [Envoy Gateway](https://gateway.envoyproxy.io/) as a Gateway Controller for this.
+    # To set it up, [read the docs](https://circleci.com/docs/container-runner-installation/#1-install-envoy-gateway-to-your-cluster).
     controllerName: "gateway.envoyproxy.io/gatewayclass-controller"
-    # -- Specify controller-specific configuration for the Gateway.
-    # For more information, see: https://gateway-api.sigs.k8s.io/api-types/gatewayclass/#gatewayclass-parameters
+
+    # -- Specify controller-specific configuration for the GatewayClass.
+    # For details, refer to the [Gateway API reference](https://gateway-api.sigs.k8s.io/api-types/gatewayclass/#gatewayclass-parameters),
+    # and the documentation for the Gateway controller specified by `agent.ssh.controllerName`.
     parametersRef: {}
-    # -- Alternatively, you can provide an existing GatewayClass name instead of creating a new one. The GatewayClass resource is a
-    # cluster-scoped resource defined by the infrastructure provider, so you may want to manage this resource externally.
-    # Note: Configuration specific to SSH reruns is defined in the namespace-scoped Gateway resource.
-    # For more information, see: https://gateway-api.sigs.k8s.io/api-types/gatewayclass/#gatewayclass
+
+    # -- Option to use an existing GatewayClass instead of creating a new one.
+    # The GatewayClass is a cluster-scoped resource defined by the infrastructure provider, which you may wish to manage externally.
+    # Note that the configuration specific to SSH routing is defined in the namespace-scoped Gateway resource.
+    # For further information, see the [Gateway API reference](https://gateway-api.sigs.k8s.io/api-types/gatewayclass/#gatewayclass),
+    # and the documentation for the Gateway controller specified by `agent.ssh.controllerName`.
     existingGatewayClassName: ""
 
-    # -- Specify the port range that is approved for SSH connections.
-    # Note that the number of concurrent jobs rerun with SSH is limited by the number of ports in this range.
+    # -- Define the start port for SSH. This, combined with `agent.ssh.numPorts`, is used to define a range of ports.
+    # Be aware that you may need to configure your firewall or security groups to allow this port range.
     startPort: 54782
+
+    # -- Specify the total number of ports for SSH. This, along with `agent.ssh.startPort`, sets the port range.
+    # Note that the number of concurrent jobs rerun using SSH will be limited by the size of this range.
     numPorts: 20
 
 # -- Kubernetes service account settings