From e1b574a4bc329beabb1b1b2c05136b83c48823f2 Mon Sep 17 00:00:00 2001
From: YR Chen <stevapple@icloud.com>
Date: Fri, 29 Mar 2024 17:29:07 +0800
Subject: [PATCH] Add `runtimeClassName` in Kubernetes backend options (#3474)

Resolves #3473

---------

Co-authored-by: Thomas Anderson <127358482+zc-devs@users.noreply.github.com>
---
 docs/docs/30-administration/22-backends/40-kubernetes.md | 5 +++++
 pipeline/backend/kubernetes/backend_options.go           | 1 +
 pipeline/backend/kubernetes/pod.go                       | 1 +
 pipeline/backend/kubernetes/pod_test.go                  | 3 +++
 pipeline/frontend/yaml/linter/schema/schema.json         | 4 ++++
 5 files changed, 14 insertions(+)

diff --git a/docs/docs/30-administration/22-backends/40-kubernetes.md b/docs/docs/30-administration/22-backends/40-kubernetes.md
index e878b6a4f..262ce4c5f 100644
--- a/docs/docs/30-administration/22-backends/40-kubernetes.md
+++ b/docs/docs/30-administration/22-backends/40-kubernetes.md
@@ -40,6 +40,11 @@ steps:
 
 You can use [Limit Ranges](https://kubernetes.io/docs/concepts/policy/limit-range/) if you want to set the limits by per-namespace basis.
 
+### Runtime class
+
+`runtimeClassName` specifies the name of the RuntimeClass which will be used to run this pod. If no `runtimeClassName` is specified, the default RuntimeHandler will be used.
+See the [kubernetes documentation](https://kubernetes.io/docs/concepts/containers/runtime-class/) for more information on specifying runtime classes.
+
 ### Service account
 
 `serviceAccountName` specifies the name of the ServiceAccount which the pod will mount. This service account must be created externally.
diff --git a/pipeline/backend/kubernetes/backend_options.go b/pipeline/backend/kubernetes/backend_options.go
index 689f835fe..3b1109a2c 100644
--- a/pipeline/backend/kubernetes/backend_options.go
+++ b/pipeline/backend/kubernetes/backend_options.go
@@ -9,6 +9,7 @@ import (
 // BackendOptions defines all the advanced options for the kubernetes backend
 type BackendOptions struct {
 	Resources          Resources         `mapstructure:"resources"`
+	RuntimeClassName   *string           `mapstructure:"runtimeClassName"`
 	ServiceAccountName string            `mapstructure:"serviceAccountName"`
 	NodeSelector       map[string]string `mapstructure:"nodeSelector"`
 	Tolerations        []Toleration      `mapstructure:"tolerations"`
diff --git a/pipeline/backend/kubernetes/pod.go b/pipeline/backend/kubernetes/pod.go
index 6c9d8529c..331efae92 100644
--- a/pipeline/backend/kubernetes/pod.go
+++ b/pipeline/backend/kubernetes/pod.go
@@ -117,6 +117,7 @@ func podSpec(step *types.Step, config *config, options BackendOptions) (v1.PodSp
 	var err error
 	spec := v1.PodSpec{
 		RestartPolicy:      v1.RestartPolicyNever,
+		RuntimeClassName:   options.RuntimeClassName,
 		ServiceAccountName: options.ServiceAccountName,
 		ImagePullSecrets:   imagePullSecretsReferences(config.ImagePullSecretNames),
 		HostAliases:        hostAliases(step.ExtraHosts),
diff --git a/pipeline/backend/kubernetes/pod_test.go b/pipeline/backend/kubernetes/pod_test.go
index bf0972743..bf4f35a41 100644
--- a/pipeline/backend/kubernetes/pod_test.go
+++ b/pipeline/backend/kubernetes/pod_test.go
@@ -245,6 +245,7 @@ func TestFullPod(t *testing.T) {
 			"nodeSelector": {
 				"storage": "ssd"
 			},
+			"runtimeClassName": "runc",
 			"serviceAccountName": "wp-svc-acc",
 			"securityContext": {
 				"runAsUser": 101,
@@ -289,6 +290,7 @@ func TestFullPod(t *testing.T) {
 		"status": {}
 	}`
 
+	runtimeClass := "runc"
 	hostAliases := []types.HostAlias{
 		{Name: "cloudflare", IP: "1.1.1.1"},
 		{Name: "cf.v6", IP: "2606:4700:4700::64"},
@@ -333,6 +335,7 @@ func TestFullPod(t *testing.T) {
 		SecurityContext:      SecurityContextConfig{RunAsNonRoot: false},
 	}, "wp-01he8bebctabr3kgk0qj36d2me-0", "linux/amd64", BackendOptions{
 		NodeSelector:       map[string]string{"storage": "ssd"},
+		RuntimeClassName:   &runtimeClass,
 		ServiceAccountName: "wp-svc-acc",
 		Tolerations:        []Toleration{{Key: "net-port", Value: "100Mbit", Effect: TaintEffectNoSchedule}},
 		Resources: Resources{
diff --git a/pipeline/frontend/yaml/linter/schema/schema.json b/pipeline/frontend/yaml/linter/schema/schema.json
index 15b9f0f36..13d7af690 100644
--- a/pipeline/frontend/yaml/linter/schema/schema.json
+++ b/pipeline/frontend/yaml/linter/schema/schema.json
@@ -696,6 +696,10 @@
         },
         "securityContext": {
           "$ref": "#/definitions/step_backend_kubernetes_security_context"
+        },
+        "runtimeClassName": {
+          "description": "Read more: https://woodpecker-ci.org/docs/administration/backends/kubernetes#runtimeclassname",
+          "type": "string"
         }
       }
     },