mirror of
https://github.com/actions/actions-runner-controller.git
synced 2025-12-20 06:56:51 +00:00
Delay role/rolebinding creation to gha-runner-scale-set installation time (#2363)
This commit is contained in:
Tingluo Huang
@@ -72,12 +72,20 @@ Create the name of the service account to use
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "gha-runner-scale-set-controller.managerRoleName" -}}
|
||||
{{- include "gha-runner-scale-set-controller.fullname" . }}-manager-role
|
||||
{{- define "gha-runner-scale-set-controller.managerClusterRoleName" -}}
|
||||
{{- include "gha-runner-scale-set-controller.fullname" . }}-manager-cluster-role
|
||||
{{- end }}
|
||||
|
||||
{{- define "gha-runner-scale-set-controller.managerRoleBinding" -}}
|
||||
{{- include "gha-runner-scale-set-controller.fullname" . }}-manager-rolebinding
|
||||
{{- define "gha-runner-scale-set-controller.managerClusterRoleBinding" -}}
|
||||
{{- include "gha-runner-scale-set-controller.fullname" . }}-manager-cluster-rolebinding
|
||||
{{- end }}
|
||||
|
||||
{{- define "gha-runner-scale-set-controller.managerListenerRoleName" -}}
|
||||
{{- include "gha-runner-scale-set-controller.fullname" . }}-manager-listener-role
|
||||
{{- end }}
|
||||
|
||||
{{- define "gha-runner-scale-set-controller.managerListenerRoleBinding" -}}
|
||||
{{- include "gha-runner-scale-set-controller.fullname" . }}-manager-listener-rolebinding
|
||||
{{- end }}
|
||||
|
||||
{{- define "gha-runner-scale-set-controller.leaderElectionRoleName" -}}
|
||||
|
||||
@@ -5,6 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gha-runner-scale-set-controller.labels" . | nindent 4 }}
|
||||
actions.github.com/controller-service-account-namespace: {{ .Release.Namespace }}
|
||||
actions.github.com/controller-service-account-name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }}
|
||||
spec:
|
||||
replicas: {{ default 1 .Values.replicaCount }}
|
||||
selector:
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ include "gha-runner-scale-set-controller.managerRoleName" . }}
|
||||
name: {{ include "gha-runner-scale-set-controller.managerClusterRoleName" . }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- actions.github.com
|
||||
@@ -112,43 +112,13 @@ rules:
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods/status
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- serviceaccounts
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
@@ -156,10 +126,6 @@ rules:
|
||||
resources:
|
||||
- rolebindings
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- update
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
@@ -167,9 +133,5 @@ rules:
|
||||
resources:
|
||||
- roles
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- update
|
||||
- list
|
||||
- watch
|
||||
@@ -1,11 +1,11 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ include "gha-runner-scale-set-controller.managerRoleBinding" . }}
|
||||
name: {{ include "gha-runner-scale-set-controller.managerClusterRoleBinding" . }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ include "gha-runner-scale-set-controller.managerRoleName" . }}
|
||||
name: {{ include "gha-runner-scale-set-controller.managerClusterRoleName" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }}
|
||||
@@ -0,0 +1,40 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "gha-runner-scale-set-controller.managerListenerRoleName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods/status
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- serviceaccounts
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
@@ -0,0 +1,13 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ include "gha-runner-scale-set-controller.managerListenerRoleBinding" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ include "gha-runner-scale-set-controller.managerListenerRoleName" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
Reference in New Issue
Block a user