mirror of
https://github.com/actions/actions-runner-controller.git
synced 2025-12-11 03:57:01 +00:00
Add missing job-related permissions to runner pods with k8s container mode
This commit is contained in:
Yusuke Kuoka
@@ -285,6 +285,8 @@ rules:
|
|||||||
- get
|
- get
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.rbac.allowGrantingKubernetesContainerModePermissions }}
|
{{- if .Values.rbac.allowGrantingKubernetesContainerModePermissions }}
|
||||||
|
{{/* These permissions are required by ARC to create RBAC resources for the runner pod to use the kubernetes container mode. */}}
|
||||||
|
{{/* See https://github.com/actions-runner-controller/actions-runner-controller/pull/1268/files#r917331632 */}}
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
resources:
|
resources:
|
||||||
@@ -300,6 +302,15 @@ rules:
|
|||||||
- get
|
- get
|
||||||
- list
|
- list
|
||||||
- watch
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- "batch"
|
||||||
|
resources:
|
||||||
|
- jobs
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
resources:
|
resources:
|
||||||
|
|||||||
@@ -304,6 +304,11 @@ func (r *RunnerReconciler) processRunnerCreation(ctx context.Context, runner v1a
|
|||||||
Resources: []string{"pods/log"},
|
Resources: []string{"pods/log"},
|
||||||
Verbs: []string{"get", "list", "watch"},
|
Verbs: []string{"get", "list", "watch"},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
APIGroups: []string{"batch"},
|
||||||
|
Resources: []string{"jobs"},
|
||||||
|
Verbs: []string{"get", "list", "create", "delete"},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
APIGroups: []string{""},
|
APIGroups: []string{""},
|
||||||
Resources: []string{"secrets"},
|
Resources: []string{"secrets"},
|
||||||
|
|||||||
Reference in New Issue
Block a user