mirror of
https://github.com/actions/actions-runner-controller.git
synced 2025-12-11 03:57:01 +00:00
Include custom annotations and labels to all resources created by gha-runner-scale-set chart (#3934)
This commit is contained in:
Nikola Jokic
18
.github/workflows/gha-validate-chart.yaml
vendored
18
.github/workflows/gha-validate-chart.yaml
vendored
@@ -18,7 +18,7 @@ on:
|
||||
workflow_dispatch:
|
||||
env:
|
||||
KUBE_SCORE_VERSION: 1.16.1
|
||||
HELM_VERSION: v3.8.0
|
||||
HELM_VERSION: v3.17.0
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
@@ -46,22 +46,6 @@ jobs:
|
||||
with:
|
||||
version: ${{ env.HELM_VERSION }}
|
||||
|
||||
- name: Set up kube-score
|
||||
run: |
|
||||
wget https://github.com/zegl/kube-score/releases/download/v${{ env.KUBE_SCORE_VERSION }}/kube-score_${{ env.KUBE_SCORE_VERSION }}_linux_amd64 -O kube-score
|
||||
chmod 755 kube-score
|
||||
|
||||
- name: Kube-score generated manifests
|
||||
run: helm template --values charts/.ci/values-kube-score.yaml charts/* | ./kube-score score -
|
||||
--ignore-test pod-networkpolicy
|
||||
--ignore-test deployment-has-poddisruptionbudget
|
||||
--ignore-test deployment-has-host-podantiaffinity
|
||||
--ignore-test container-security-context
|
||||
--ignore-test pod-probes
|
||||
--ignore-test container-image-tag
|
||||
--enable-optional-test container-security-context-privileged
|
||||
--enable-optional-test container-security-context-readonlyrootfilesystem
|
||||
|
||||
# python is a requirement for the chart-testing action below (supports yamllint among other tests)
|
||||
- uses: actions/setup-python@v5
|
||||
with:
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
{{- $hasCustomResourceMeta := (and .Values.resourceMeta .Values.resourceMeta.autoscalingRunnerSet) }}
|
||||
apiVersion: actions.github.com/v1alpha1
|
||||
kind: AutoscalingRunnerSet
|
||||
metadata:
|
||||
@@ -10,9 +11,25 @@ metadata:
|
||||
name: {{ include "gha-runner-scale-set.scale-set-name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- with .Values.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $hasCustomResourceMeta }}
|
||||
{{- with .Values.resourceMeta.autoscalingRunnerSet.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/component: "autoscaling-runner-set"
|
||||
{{- include "gha-runner-scale-set.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{- with .Values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $hasCustomResourceMeta }}
|
||||
{{- with .Values.resourceMeta.autoscalingRunnerSet.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
actions.github.com/values-hash: {{ toJson .Values | sha256sum | trunc 63 }}
|
||||
{{- $containerMode := .Values.containerMode }}
|
||||
{{- if not (kindIs "string" .Values.githubConfigSecret) }}
|
||||
|
||||
@@ -1,11 +1,29 @@
|
||||
{{- if not (kindIs "string" .Values.githubConfigSecret) }}
|
||||
{{- $hasCustomResourceMeta := (and .Values.resourceMeta .Values.resourceMeta.githubConfigSecret) }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "gha-runner-scale-set.githubsecret" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- with .Values.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $hasCustomResourceMeta }}
|
||||
{{- with .Values.resourceMeta.githubConfigSecret.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- include "gha-runner-scale-set.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{- with .Values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $hasCustomResourceMeta }}
|
||||
{{- with .Values.resourceMeta.githubConfigSecret.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
finalizers:
|
||||
- actions.github.com/cleanup-protection
|
||||
data:
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
{{- $containerMode := .Values.containerMode }}
|
||||
{{- $hasCustomResourceMeta := (and .Values.resourceMeta .Values.resourceMeta.kubernetesModeRole) }}
|
||||
{{- if and (eq $containerMode.type "kubernetes") (not .Values.template.spec.serviceAccountName) }}
|
||||
# default permission for runner pod service account in kubernetes mode (container hook)
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
@@ -6,6 +7,25 @@ kind: Role
|
||||
metadata:
|
||||
name: {{ include "gha-runner-scale-set.kubeModeRoleName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- with .Values.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $hasCustomResourceMeta }}
|
||||
{{- with .Values.resourceMeta.kubernetesModeRole.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- include "gha-runner-scale-set.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{- with .Values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $hasCustomResourceMeta }}
|
||||
{{- with .Values.resourceMeta.kubernetesModeRole.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
finalizers:
|
||||
- actions.github.com/cleanup-protection
|
||||
rules:
|
||||
|
||||
@@ -1,10 +1,31 @@
|
||||
{{- $containerMode := .Values.containerMode }}
|
||||
{{- $hasCustomResourceMeta := (and .Values.resourceMeta .Values.resourceMeta.kubernetesModeRoleBinding) }}
|
||||
{{- if and (eq $containerMode.type "kubernetes") (not .Values.template.spec.serviceAccountName) }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ include "gha-runner-scale-set.kubeModeRoleBindingName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- with .Values.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $hasCustomResourceMeta }}
|
||||
{{- with .Values.resourceMeta.kubernetesModeRoleBinding.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- include "gha-runner-scale-set.labels" . | nindent 4 }}
|
||||
|
||||
annotations:
|
||||
{{- with .Values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $hasCustomResourceMeta }}
|
||||
{{- with .Values.resourceMeta.kubernetesModeRoleBinding.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
finalizers:
|
||||
- actions.github.com/cleanup-protection
|
||||
roleRef:
|
||||
|
||||
@@ -1,18 +1,34 @@
|
||||
{{- $containerMode := .Values.containerMode }}
|
||||
{{- $hasCustomResourceMeta := (and .Values.resourceMeta .Values.resourceMeta.kubernetesModeServiceAccount) }}
|
||||
{{- if and (eq $containerMode.type "kubernetes") (not .Values.template.spec.serviceAccountName) }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "gha-runner-scale-set.kubeModeServiceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- if .Values.containerMode.kubernetesModeServiceAccount }}
|
||||
{{- with .Values.containerMode.kubernetesModeServiceAccount.annotations }}
|
||||
|
||||
{{- if or .Values.annotations $hasCustomResourceMeta }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $hasCustomResourceMeta }}
|
||||
{{- with .Values.resourceMeta.kubernetesModeServiceAccount.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- with .Values.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $hasCustomResourceMeta }}
|
||||
{{- with .Values.resourceMeta.kubernetesModeServiceAccount.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- include "gha-runner-scale-set.labels" . | nindent 4 }}
|
||||
|
||||
finalizers:
|
||||
- actions.github.com/cleanup-protection
|
||||
labels:
|
||||
{{- include "gha-runner-scale-set.labels" . | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,11 +1,29 @@
|
||||
{{- $hasCustomResourceMeta := (and .Values.resourceMeta .Values.resourceMeta.managerRole) }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "gha-runner-scale-set.managerRoleName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- with .Values.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $hasCustomResourceMeta }}
|
||||
{{- with .Values.resourceMeta.managerRole.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- include "gha-runner-scale-set.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: manager-role
|
||||
annotations:
|
||||
{{- with .Values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $hasCustomResourceMeta }}
|
||||
{{- with .Values.resourceMeta.managerRole.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
finalizers:
|
||||
- actions.github.com/cleanup-protection
|
||||
rules:
|
||||
|
||||
@@ -1,11 +1,29 @@
|
||||
{{- $hasCustomResourceMeta := (and .Values.resourceMeta .Values.resourceMeta.managerRoleBinding) }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ include "gha-runner-scale-set.managerRoleBindingName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- with .Values.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $hasCustomResourceMeta }}
|
||||
{{- with .Values.resourceMeta.managerRoleBinding.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- include "gha-runner-scale-set.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: manager-role-binding
|
||||
annotations:
|
||||
{{- with .Values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $hasCustomResourceMeta }}
|
||||
{{- with .Values.resourceMeta.managerRoleBinding.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
finalizers:
|
||||
- actions.github.com/cleanup-protection
|
||||
roleRef:
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
{{- $hasCustomResourceMeta := (and .Values.resourceMeta .Values.resourceMeta.noPermissionServiceAccount) }}
|
||||
{{- $containerMode := .Values.containerMode }}
|
||||
{{- if and (ne $containerMode.type "kubernetes") (not .Values.template.spec.serviceAccountName) }}
|
||||
apiVersion: v1
|
||||
@@ -6,7 +7,24 @@ metadata:
|
||||
name: {{ include "gha-runner-scale-set.noPermissionServiceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- with .Values.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $hasCustomResourceMeta }}
|
||||
{{- with .Values.resourceMeta.noPermissionServiceAccount.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- include "gha-runner-scale-set.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{- with .Values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $hasCustomResourceMeta }}
|
||||
{{- with .Values.resourceMeta.noPermissionServiceAccount.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
finalizers:
|
||||
- actions.github.com/cleanup-protection
|
||||
{{- end }}
|
||||
|
||||
@@ -742,37 +742,6 @@ func TestTemplateRenderedAutoScalingRunnerSet_DinD_ExtraInitContainers(t *testin
|
||||
assert.Equal(t, "ls", ars.Spec.Template.Spec.InitContainers[2].Command[0], "InitContainers[2] Command[0] should be ls")
|
||||
}
|
||||
|
||||
func TestTemplateRenderedKubernetesModeServiceAccountAnnotations(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
// Path to the helm chart we will test
|
||||
helmChartPath, err := filepath.Abs("../../gha-runner-scale-set")
|
||||
require.NoError(t, err)
|
||||
|
||||
testValuesPath, err := filepath.Abs("../tests/values_kubernetes_mode_service_account_annotations.yaml")
|
||||
require.NoError(t, err)
|
||||
|
||||
releaseName := "test-runners"
|
||||
namespaceName := "test-" + strings.ToLower(random.UniqueId())
|
||||
|
||||
options := &helm.Options{
|
||||
Logger: logger.Discard,
|
||||
SetValues: map[string]string{
|
||||
"controllerServiceAccount.name": "arc",
|
||||
"controllerServiceAccount.namespace": "arc-system",
|
||||
},
|
||||
ValuesFiles: []string{testValuesPath},
|
||||
KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
|
||||
}
|
||||
|
||||
output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/kube_mode_serviceaccount.yaml"})
|
||||
|
||||
var sa corev1.ServiceAccount
|
||||
helm.UnmarshalK8SYaml(t, output, &sa)
|
||||
|
||||
assert.Equal(t, "arn:aws:iam::123456789012:role/sample-role", sa.Annotations["eks.amazonaws.com/role-arn"], "Annotations should be arn:aws:iam::123456789012:role/sample-role")
|
||||
}
|
||||
|
||||
func TestTemplateRenderedAutoScalingRunnerSet_DinD_ExtraVolumes(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
@@ -2143,3 +2112,206 @@ func TestAutoscalingRunnerSetAnnotationValuesHash(t *testing.T) {
|
||||
assert.NotEqual(t, firstHash, secondHash)
|
||||
assert.LessOrEqual(t, len(secondHash), 63)
|
||||
}
|
||||
|
||||
func TestCustomLabels(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
// Path to the helm chart we will test
|
||||
helmChartPath, err := filepath.Abs("../../gha-runner-scale-set")
|
||||
require.NoError(t, err)
|
||||
|
||||
releaseName := "test-runners"
|
||||
namespaceName := "test-" + strings.ToLower(random.UniqueId())
|
||||
|
||||
options := &helm.Options{
|
||||
Logger: logger.Discard,
|
||||
SetValues: map[string]string{
|
||||
"githubConfigUrl": "https://github.com/actions",
|
||||
"githubConfigSecret.github_token": "gh_token12345",
|
||||
"controllerServiceAccount.name": "arc",
|
||||
"containerMode.type": "kubernetes",
|
||||
"controllerServiceAccount.namespace": "arc-system",
|
||||
`labels.argocd\.argoproj\.io/sync-wave`: `"1"`,
|
||||
`labels.app\.kubernetes\.io/part-of`: "no-override", // this shouldn't be overwritten
|
||||
"resourceMeta.autoscalingRunnerSet.labels.ars-custom": "ars-custom-value",
|
||||
"resourceMeta.githubConfigSecret.labels.gh-custom": "gh-custom-value",
|
||||
"resourceMeta.kubernetesModeRole.labels.kmr-custom": "kmr-custom-value",
|
||||
"resourceMeta.kubernetesModeRoleBinding.labels.kmrb-custom": "kmrb-custom-value",
|
||||
"resourceMeta.kubernetesModeServiceAccount.labels.kmsa-custom": "kmsa-custom-value",
|
||||
"resourceMeta.managerRole.labels.mr-custom": "mr-custom-value",
|
||||
"resourceMeta.managerRoleBinding.labels.mrb-custom": "mrb-custom-value",
|
||||
},
|
||||
KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
|
||||
}
|
||||
|
||||
output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/githubsecret.yaml"})
|
||||
|
||||
const targetLabel = "argocd.argoproj.io/sync-wave"
|
||||
const wantCustomValue = `"1"`
|
||||
const reservedLabel = "app.kubernetes.io/part-of"
|
||||
const wantReservedValue = "gha-rs"
|
||||
|
||||
var githubSecret corev1.Secret
|
||||
helm.UnmarshalK8SYaml(t, output, &githubSecret)
|
||||
assert.Equal(t, wantCustomValue, githubSecret.Labels[targetLabel])
|
||||
assert.Equal(t, wantReservedValue, githubSecret.Labels[reservedLabel])
|
||||
assert.Equal(t, "gh-custom-value", githubSecret.Labels["gh-custom"])
|
||||
|
||||
output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/kube_mode_role.yaml"})
|
||||
var role rbacv1.Role
|
||||
helm.UnmarshalK8SYaml(t, output, &role)
|
||||
assert.Equal(t, wantCustomValue, role.Labels[targetLabel])
|
||||
assert.Equal(t, wantReservedValue, role.Labels[reservedLabel])
|
||||
assert.Equal(t, "kmr-custom-value", role.Labels["kmr-custom"])
|
||||
|
||||
output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/kube_mode_role_binding.yaml"})
|
||||
var roleBinding rbacv1.RoleBinding
|
||||
helm.UnmarshalK8SYaml(t, output, &roleBinding)
|
||||
assert.Equal(t, wantCustomValue, roleBinding.Labels[targetLabel])
|
||||
assert.Equal(t, wantReservedValue, roleBinding.Labels[reservedLabel])
|
||||
assert.Equal(t, "kmrb-custom-value", roleBinding.Labels["kmrb-custom"])
|
||||
|
||||
output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/autoscalingrunnerset.yaml"})
|
||||
var ars v1alpha1.AutoscalingRunnerSet
|
||||
helm.UnmarshalK8SYaml(t, output, &ars)
|
||||
assert.Equal(t, wantCustomValue, ars.Labels[targetLabel])
|
||||
assert.Equal(t, wantReservedValue, ars.Labels[reservedLabel])
|
||||
assert.Equal(t, "ars-custom-value", ars.Labels["ars-custom"])
|
||||
|
||||
output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/kube_mode_serviceaccount.yaml"})
|
||||
var serviceAccount corev1.ServiceAccount
|
||||
helm.UnmarshalK8SYaml(t, output, &serviceAccount)
|
||||
assert.Equal(t, wantCustomValue, serviceAccount.Labels[targetLabel])
|
||||
assert.Equal(t, wantReservedValue, serviceAccount.Labels[reservedLabel])
|
||||
assert.Equal(t, "kmsa-custom-value", serviceAccount.Labels["kmsa-custom"])
|
||||
|
||||
output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/manager_role.yaml"})
|
||||
var managerRole rbacv1.Role
|
||||
helm.UnmarshalK8SYaml(t, output, &managerRole)
|
||||
assert.Equal(t, wantCustomValue, managerRole.Labels[targetLabel])
|
||||
assert.Equal(t, wantReservedValue, managerRole.Labels[reservedLabel])
|
||||
assert.Equal(t, "mr-custom-value", managerRole.Labels["mr-custom"])
|
||||
|
||||
output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/manager_role_binding.yaml"})
|
||||
var managerRoleBinding rbacv1.RoleBinding
|
||||
helm.UnmarshalK8SYaml(t, output, &managerRoleBinding)
|
||||
assert.Equal(t, wantCustomValue, managerRoleBinding.Labels[targetLabel])
|
||||
assert.Equal(t, wantReservedValue, managerRoleBinding.Labels[reservedLabel])
|
||||
assert.Equal(t, "mrb-custom-value", managerRoleBinding.Labels["mrb-custom"])
|
||||
|
||||
options = &helm.Options{
|
||||
Logger: logger.Discard,
|
||||
SetValues: map[string]string{
|
||||
"githubConfigUrl": "https://github.com/actions",
|
||||
"githubConfigSecret.github_token": "gh_token12345",
|
||||
"controllerServiceAccount.name": "arc",
|
||||
"controllerServiceAccount.namespace": "arc-system",
|
||||
`labels.argocd\.argoproj\.io/sync-wave`: `"1"`,
|
||||
"resourceMeta.noPermissionServiceAccount.labels.npsa-custom": "npsa-custom-value",
|
||||
},
|
||||
KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
|
||||
}
|
||||
|
||||
output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/no_permission_serviceaccount.yaml"})
|
||||
var noPermissionServiceAccount corev1.ServiceAccount
|
||||
helm.UnmarshalK8SYaml(t, output, &noPermissionServiceAccount)
|
||||
assert.Equal(t, wantCustomValue, noPermissionServiceAccount.Labels[targetLabel])
|
||||
assert.Equal(t, wantReservedValue, noPermissionServiceAccount.Labels[reservedLabel])
|
||||
assert.Equal(t, "npsa-custom-value", noPermissionServiceAccount.Labels["npsa-custom"])
|
||||
}
|
||||
|
||||
func TestCustomAnnotations(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
// Path to the helm chart we will test
|
||||
helmChartPath, err := filepath.Abs("../../gha-runner-scale-set")
|
||||
require.NoError(t, err)
|
||||
|
||||
releaseName := "test-runners"
|
||||
namespaceName := "test-" + strings.ToLower(random.UniqueId())
|
||||
|
||||
options := &helm.Options{
|
||||
Logger: logger.Discard,
|
||||
SetValues: map[string]string{
|
||||
"githubConfigUrl": "https://github.com/actions",
|
||||
"githubConfigSecret.github_token": "gh_token12345",
|
||||
"containerMode.type": "kubernetes",
|
||||
"controllerServiceAccount.name": "arc",
|
||||
"controllerServiceAccount.namespace": "arc-system",
|
||||
`annotations.argocd\.argoproj\.io/sync-wave`: `"1"`,
|
||||
"resourceMeta.autoscalingRunnerSet.annotations.ars-custom": "ars-custom-value",
|
||||
"resourceMeta.githubConfigSecret.annotations.gh-custom": "gh-custom-value",
|
||||
"resourceMeta.kubernetesModeRole.annotations.kmr-custom": "kmr-custom-value",
|
||||
"resourceMeta.kubernetesModeRoleBinding.annotations.kmrb-custom": "kmrb-custom-value",
|
||||
"resourceMeta.kubernetesModeServiceAccount.annotations.kmsa-custom": "kmsa-custom-value",
|
||||
"resourceMeta.managerRole.annotations.mr-custom": "mr-custom-value",
|
||||
"resourceMeta.managerRoleBinding.annotations.mrb-custom": "mrb-custom-value",
|
||||
},
|
||||
KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
|
||||
}
|
||||
|
||||
const targetAnnotations = "argocd.argoproj.io/sync-wave"
|
||||
const wantCustomValue = `"1"`
|
||||
|
||||
output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/githubsecret.yaml"})
|
||||
|
||||
var githubSecret corev1.Secret
|
||||
helm.UnmarshalK8SYaml(t, output, &githubSecret)
|
||||
assert.Equal(t, wantCustomValue, githubSecret.Annotations[targetAnnotations])
|
||||
assert.Equal(t, "gh-custom-value", githubSecret.Annotations["gh-custom"])
|
||||
|
||||
output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/kube_mode_role.yaml"})
|
||||
var role rbacv1.Role
|
||||
helm.UnmarshalK8SYaml(t, output, &role)
|
||||
assert.Equal(t, wantCustomValue, role.Annotations[targetAnnotations])
|
||||
assert.Equal(t, "kmr-custom-value", role.Annotations["kmr-custom"])
|
||||
|
||||
output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/kube_mode_role_binding.yaml"})
|
||||
var roleBinding rbacv1.RoleBinding
|
||||
helm.UnmarshalK8SYaml(t, output, &roleBinding)
|
||||
assert.Equal(t, wantCustomValue, roleBinding.Annotations[targetAnnotations])
|
||||
assert.Equal(t, "kmrb-custom-value", roleBinding.Annotations["kmrb-custom"])
|
||||
|
||||
output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/autoscalingrunnerset.yaml"})
|
||||
var ars v1alpha1.AutoscalingRunnerSet
|
||||
helm.UnmarshalK8SYaml(t, output, &ars)
|
||||
assert.Equal(t, wantCustomValue, ars.Annotations[targetAnnotations])
|
||||
assert.Equal(t, "ars-custom-value", ars.Annotations["ars-custom"])
|
||||
|
||||
output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/kube_mode_serviceaccount.yaml"})
|
||||
var serviceAccount corev1.ServiceAccount
|
||||
helm.UnmarshalK8SYaml(t, output, &serviceAccount)
|
||||
assert.Equal(t, wantCustomValue, serviceAccount.Annotations[targetAnnotations])
|
||||
assert.Equal(t, "kmsa-custom-value", serviceAccount.Annotations["kmsa-custom"])
|
||||
|
||||
output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/manager_role.yaml"})
|
||||
var managerRole rbacv1.Role
|
||||
helm.UnmarshalK8SYaml(t, output, &managerRole)
|
||||
assert.Equal(t, wantCustomValue, managerRole.Annotations[targetAnnotations])
|
||||
assert.Equal(t, "mr-custom-value", managerRole.Annotations["mr-custom"])
|
||||
|
||||
output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/manager_role_binding.yaml"})
|
||||
var managerRoleBinding rbacv1.RoleBinding
|
||||
helm.UnmarshalK8SYaml(t, output, &managerRoleBinding)
|
||||
assert.Equal(t, wantCustomValue, managerRoleBinding.Annotations[targetAnnotations])
|
||||
assert.Equal(t, "mrb-custom-value", managerRoleBinding.Annotations["mrb-custom"])
|
||||
|
||||
options = &helm.Options{
|
||||
Logger: logger.Discard,
|
||||
SetValues: map[string]string{
|
||||
"githubConfigUrl": "https://github.com/actions",
|
||||
"githubConfigSecret.github_token": "gh_token12345",
|
||||
"controllerServiceAccount.name": "arc",
|
||||
"controllerServiceAccount.namespace": "arc-system",
|
||||
`annotations.argocd\.argoproj\.io/sync-wave`: `"1"`,
|
||||
"resourceMeta.noPermissionServiceAccount.annotations.npsa-custom": "npsa-custom-value",
|
||||
},
|
||||
KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
|
||||
}
|
||||
|
||||
output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/no_permission_serviceaccount.yaml"})
|
||||
var noPermissionServiceAccount corev1.ServiceAccount
|
||||
helm.UnmarshalK8SYaml(t, output, &noPermissionServiceAccount)
|
||||
assert.Equal(t, wantCustomValue, noPermissionServiceAccount.Annotations[targetAnnotations])
|
||||
assert.Equal(t, "npsa-custom-value", noPermissionServiceAccount.Annotations["npsa-custom"])
|
||||
}
|
||||
|
||||
@@ -1,8 +0,0 @@
|
||||
githubConfigUrl: https://github.com/actions/actions-runner-controller
|
||||
githubConfigSecret:
|
||||
github_token: test
|
||||
containerMode:
|
||||
type: kubernetes
|
||||
kubernetesModeServiceAccount:
|
||||
annotations:
|
||||
eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/sample-role
|
||||
@@ -4,15 +4,15 @@ githubConfigUrl: ""
|
||||
|
||||
## githubConfigSecret is the k8s secret information to use when authenticating via the GitHub API.
|
||||
## You can choose to supply:
|
||||
## A) a PAT token,
|
||||
## B) a GitHub App, or
|
||||
## A) a PAT token,
|
||||
## B) a GitHub App, or
|
||||
## C) a pre-defined Kubernetes secret.
|
||||
## The syntax for each of these variations is documented below.
|
||||
## (Variation A) When using a PAT token, the syntax is as follows:
|
||||
githubConfigSecret:
|
||||
# Example:
|
||||
# Example:
|
||||
# github_token: "ghp_sampleSampleSampleSampleSampleSample"
|
||||
github_token: ""
|
||||
github_token: ""
|
||||
#
|
||||
## (Variation B) When using a GitHub App, the syntax is as follows:
|
||||
# githubConfigSecret:
|
||||
@@ -100,8 +100,7 @@ githubConfigSecret:
|
||||
# resources:
|
||||
# requests:
|
||||
# storage: 1Gi
|
||||
# kubernetesModeServiceAccount:
|
||||
# annotations:
|
||||
#
|
||||
|
||||
## listenerTemplate is the PodSpec for each listener Pod
|
||||
## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec
|
||||
@@ -216,3 +215,63 @@ template:
|
||||
# controllerServiceAccount:
|
||||
# namespace: arc-system
|
||||
# name: test-arc-gha-runner-scale-set-controller
|
||||
|
||||
## Optional annotations and labels applied to all resources created by helm installation
|
||||
##
|
||||
## Annotations applied to all resources created by this helm chart. Annotations will not override the default ones, so make sure
|
||||
## the custom annotation is not reserved.
|
||||
# annotations:
|
||||
# key: value
|
||||
##
|
||||
## Labels applied to all resources created by this helm chart. Labels will not override the default ones, so make sure
|
||||
## the custom label is not reserved.
|
||||
# labels:
|
||||
# key: value
|
||||
|
||||
## If you want more fine-grained control over annotations applied to particular resource created by this chart,
|
||||
## you can use `resourceMeta`.
|
||||
## Order of applying labels and annotations is:
|
||||
## 1. Apply labels/annotations globally, using `annotations` and `labels` field
|
||||
## 2. Apply `resourceMeta` labels/annotations
|
||||
## 3. Apply reserved labels/annotations
|
||||
# resourceMeta:
|
||||
# autoscalingRunnerSet:
|
||||
# labels:
|
||||
# key: value
|
||||
# annotations:
|
||||
# key: value
|
||||
# githubConfigSecret:
|
||||
# labels:
|
||||
# key: value
|
||||
# annotations:
|
||||
# key: value
|
||||
# kubernetesModeRole:
|
||||
# labels:
|
||||
# key: value
|
||||
# annotations:
|
||||
# key: value
|
||||
# kubernetesModeRoleBinding:
|
||||
# labels:
|
||||
# key: value
|
||||
# annotations:
|
||||
# key: value
|
||||
# kubernetesModeServiceAccount:
|
||||
# labels:
|
||||
# key: value
|
||||
# annotations:
|
||||
# key: value
|
||||
# managerRole:
|
||||
# labels:
|
||||
# key: value
|
||||
# annotations:
|
||||
# key: value
|
||||
# managerRoleBinding:
|
||||
# labels:
|
||||
# key: value
|
||||
# annotations:
|
||||
# key: value
|
||||
# noPermissionServiceAccount:
|
||||
# labels:
|
||||
# key: value
|
||||
# annotations:
|
||||
# key: value
|
||||
|
||||
Reference in New Issue
Block a user