Revert docker socket path to /var/run/docker.sock

Add documentation legacy modes warning and links to new docs (#3199 )
Prepare 0.8.1 release (#3184 )
2025-12-10 11:41:27 +00:00 · 2024-01-20 20:12:31 +00:00 · 2024-01-05 19:56:31 +01:00 · 2023-12-21 17:14:33 +01:00 · 2023-12-21 15:35:36 +01:00 · 2023-12-20 11:16:56 +01:00
209 changed files with 29987 additions and 3341 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1 @@
 *.png filter=lfs diff=lfs merge=lfs -text
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,5 +1,8 @@
 blank_issues_enabled: false
 contact_links:
 - name: Feature requests for the gha-runner-scale-set (actions.github.com API group)
  about: Feature requests associated with the actions.github.com group should be posted on the GitHub Community Support Forum
  url: https://github.com/orgs/community/discussions/categories/actions
 - name: Sponsor ARC Maintainers
  about: If your business relies on the continued maintainance of actions-runner-controller, please consider sponsoring the project and the maintainers.
  url: https://github.com/actions/actions-runner-controller/tree/master/CODEOWNERS
--- a/.github/ISSUE_TEMPLATE/github_bug_report.yaml
+++ b/.github/ISSUE_TEMPLATE/github_bug_report.yaml
@@ -0,0 +1,113 @@
 name: Bug Report (actions.github.com API group)
 description: File a bug report for actions.github.com API group
 title: "<Please write what didn't work for you here>"
 labels: ["bug", "needs triage", "gha-runner-scale-set"]
 body:
 - type: checkboxes
  id: read-troubleshooting-guide
  attributes:
    label: Checks
    description: Please check all the boxes below before submitting
    options:
    - label: I've already read https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors and I'm sure my issue is not covered in the troubleshooting guide.
      required: true
    - label: I am using charts that are officially provided
 - type: input
  id: controller-version
  attributes:
    label: Controller Version
    description: Refers to semver-like release tags for controller versions. Any release tags prefixed with `gha-runner-scale-set-` are releases associated with this API group
    placeholder: ex. 0.6.1
  validations:
    required: true
 - type: dropdown
  id: deployment-method
  attributes:
    label: Deployment Method
    description: Which deployment method did you use to install ARC?
    options:
      - Helm
      - Kustomize
      - ArgoCD
      - Other
  validations:
    required: true
 - type: checkboxes
  id: checks
  attributes:
    label: Checks
    description: Please check all the boxes below before submitting
    options:
    - label: This isn't a question or user support case (For Q&A and community support, go to [Discussions](https://github.com/actions/actions-runner-controller/discussions)).
      required: true
    - label: I've read the [Changelog](https://github.com/actions/actions-runner-controller/blob/master/docs/gha-runner-scale-set-controller/README.md#changelog) before submitting this issue and I'm sure it's not due to any recently-introduced backward-incompatible changes
      required: true
 - type: textarea
  id: reproduction-steps
  attributes:
    label: To Reproduce
    description: "Steps to reproduce the behavior"
    render: markdown
    placeholder: |
      1. Go to '...'
      2. Click on '....'
      3. Scroll down to '....'
      4. See error
  validations:
    required: true
 - type: textarea
  id: actual-behavior
  attributes:
    label: Describe the bug
    description: Also tell us, what did happen?
    placeholder: A clear and concise description of what happened.
  validations:
    required: true
 - type: textarea
  id: expected-behavior
  attributes:
    label: Describe the expected behavior
    description: Also tell us, what did you expect to happen?
    placeholder: A clear and concise description of what the expected behavior is.
  validations:
    required: true
 - type: textarea
  id: additional-context
  attributes:
    label: Additional Context
    render: yaml
    description: |
      Provide `values.yaml` files that are relevant for this issue. PLEASE REDACT ANY INFORMATION THAT SHOULD NOT BE PUBLICALY AVAILABLE, LIKE GITHUB TOKEN FOR EXAMPLE.
    placeholder: |
      PLEASE REDACT ANY INFORMATION THAT SHOULD NOT BE PUBLICALY AVAILABLE, LIKE GITHUB TOKEN FOR EXAMPLE.
  validations:
    required: true
 - type: textarea
  id: controller-logs
  attributes:
    label: Controller Logs
    description: "NEVER EVER OMIT THIS! Include complete logs from `actions-runner-controller`'s controller-manager pod."
    render: shell
    placeholder: |
      PROVIDE THE LOGS VIA A GIST LINK (https://gist.github.com/), NOT DIRECTLY IN THIS TEXT AREA
      To grab controller logs:
      kubectl logs -n $NAMESPACE deployments/$CONTROLLER_DEPLOYMENT
  validations:
    required: true
 - type: textarea
  id: runner-pod-logs
  attributes:
    label: Runner Pod Logs
    description: "Include logs and kubectl describe output from runner pod(s)."
    render: shell
    placeholder: |
      PROVIDE THE WHOLE LOGS VIA A GIST LINK (https://gist.github.com/), NOT DIRECTLY IN THIS TEXT AREA
  validations:
    required: true
--- a/.github/ISSUE_TEMPLATE/summerwind_bug_report.yaml
+++ b/.github/ISSUE_TEMPLATE/summerwind_bug_report.yaml
@@ -1,7 +1,7 @@
-name: Bug Report
+name: Bug Report (actions.summerwind.net API group)
-description: File a bug report
+description: File a bug report for actions.summerwind.net API group
 title: "<Please write what didn't work for you here>"
-labels: ["bug", "needs triage"]
+labels: ["bug", "needs triage", "community"]
 body:
 - type: checkboxes
  id: read-troubleshooting-guide
--- a/.github/ISSUE_TEMPLATE/summerwind_feature_request.md
+++ b/.github/ISSUE_TEMPLATE/summerwind_feature_request.md
@@ -1,7 +1,7 @@
 ---
-name: Feature request
+name: Feature request (actions.summerwind.net API group)
 about: Suggest an idea for this project
-labels: ["enhancement", "needs triage"]
+labels: ["enhancement", "needs triage", "community"]
 title: ''
 assignees: ''
 ---
--- a/.github/actions/execute-assert-arc-e2e/action.yaml
+++ b/.github/actions/execute-assert-arc-e2e/action.yaml
@@ -23,6 +23,14 @@ inputs:
  arc-controller-namespace:
    description: 'The namespace of the configured gha-runner-scale-set-controller'
    required: true
  wait-to-finish:
    description: 'Wait for the workflow run to finish'
    required: true
    default: "true"
  wait-to-running:
    description: 'Wait for the workflow run to start running'
    required: true
    default: "false"
 runs:
  using: "composite"
@@ -118,7 +126,36 @@ runs:
        | ${{steps.query_workflow.outputs.workflow_run_url}} |
        EOF
    - name: Wait for workflow to start running
      if: inputs.wait-to-running == 'true' && inputs.wait-to-finish == 'false'
      uses: actions/github-script@v6
      with:
        script: |
          function sleep(ms) {
            return new Promise(resolve => setTimeout(resolve, ms))
          }
          const owner = '${{inputs.repo-owner}}'
          const repo = '${{inputs.repo-name}}'
          const workflow_run_id = ${{steps.query_workflow.outputs.workflow_run}}
          const workflow_job_id = ${{steps.query_workflow.outputs.workflow_job}}
          let count = 0
          while (count++<10) {
            await sleep(30 * 1000);
            let getRunResponse = await github.rest.actions.getWorkflowRun({
              owner: owner,
              repo: repo,
              run_id: workflow_run_id
            })
            console.log(`${getRunResponse.data.html_url}: ${getRunResponse.data.status} (${getRunResponse.data.conclusion})`);
            if (getRunResponse.data.status == 'in_progress') {
              console.log(`Workflow run is in progress.`)
              return
            }
          }
          core.setFailed(`The triggered workflow run didn't start properly using ${{inputs.arc-name}}`)
    - name: Wait for workflow to finish successfully
      if: inputs.wait-to-finish == 'true'
      uses: actions/github-script@v6
      with:
        script: |
@@ -151,10 +188,15 @@ runs:
          }
          core.setFailed(`The triggered workflow run didn't finish properly using ${{inputs.arc-name}}`)
    - name: cleanup
      if: inputs.wait-to-finish == 'true'
      shell: bash
      run: |
        helm uninstall ${{ inputs.arc-name }} --namespace ${{inputs.arc-namespace}} --debug
        kubectl wait --timeout=30s --for=delete AutoScalingRunnerSet -n ${{inputs.arc-namespace}} -l app.kubernetes.io/instance=${{ inputs.arc-name }}
    - name: Gather logs and cleanup
      shell: bash
      if: always()
      run: |
-        helm uninstall ${{ inputs.arc-name }} --namespace ${{inputs.arc-namespace}} --debug
+        kubectl logs deployment/arc-gha-rs-controller -n ${{inputs.arc-controller-namespace}}
        kubectl wait --timeout=10s --for=delete AutoScalingRunnerSet -n ${{inputs.arc-name}} -l app.kubernetes.io/instance=${{ inputs.arc-name }}
        kubectl logs deployment/arc-gha-runner-scale-set-controller -n ${{inputs.arc-controller-namespace}}
--- a/.github/workflows/arc-publish-chart.yaml
+++ b/.github/workflows/arc-publish-chart.yaml
@@ -1,4 +1,4 @@
-name: Publish Helm Chart
+name: Publish ARC Helm Charts
 # Revert to https://github.com/actions-runner-controller/releases#releases
 # for details on why we use this approach
@@ -8,7 +8,7 @@ on:
    - master
    paths:
    - 'charts/**'
-    - '.github/workflows/publish-chart.yaml'
+    - '.github/workflows/arc-publish-chart.yaml'
    - '!charts/actions-runner-controller/docs/**'
    - '!charts/gha-runner-scale-set-controller/**'
    - '!charts/gha-runner-scale-set/**'
@@ -28,6 +28,10 @@ env:
 permissions:
  contents: write
 concurrency:
  group: ${{ github.workflow }}
  cancel-in-progress: true
 jobs:
  lint-chart:
    name: Lint Chart
@@ -59,14 +63,14 @@ jobs:
        python-version: '3.11'
    - name: Set up chart-testing
-      uses: helm/chart-testing-action@v2.3.1
+      uses: helm/chart-testing-action@v2.6.0
    - name: Run chart-testing (list-changed)
      id: list-changed
      run: |
        changed=$(ct list-changed --config charts/.ci/ct-config.yaml)
        if [[ -n "$changed" ]]; then
-          echo "::set-output name=changed::true"
+          echo "changed=true" >> $GITHUB_OUTPUT
        fi
    - name: Run chart-testing (lint)
@@ -171,6 +175,7 @@ jobs:
          --owner "$(echo ${{ github.repository }} | cut -d '/' -f 1)" \
          --git-repo "$(echo ${{ github.repository }} | cut -d '/' -f 2)" \
          --index-path ${{ github.workspace }}/index.yaml \
          --token ${{ secrets.GITHUB_TOKEN }} \
          --push \
          --pages-branch 'gh-pages' \
          --pages-index-path 'index.yaml'
--- a/.github/workflows/arc-publish.yaml
+++ b/.github/workflows/arc-publish.yaml
@@ -1,4 +1,4 @@
-name: Publish ARC
+name: Publish ARC Image
 # Revert to https://github.com/actions-runner-controller/releases#releases
 # for details on why we use this approach
@@ -25,6 +25,10 @@ env:
  TARGET_ORG: actions-runner-controller
  TARGET_REPO: actions-runner-controller
 concurrency:
  group: ${{ github.workflow }}
  cancel-in-progress: true
 jobs:
  release-controller:
    name: Release
@@ -37,9 +41,9 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v3
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v4
        with:
-          go-version: '1.18.2'
+          go-version-file: 'go.mod'
      - name: Install tools
        run: |
--- a/.github/workflows/arc-release-runners.yaml
+++ b/.github/workflows/arc-release-runners.yaml
@@ -1,4 +1,4 @@
-name: Runners
+name: Release ARC Runner Images
 # Revert to https://github.com/actions-runner-controller/releases#releases
 # for details on why we use this approach
@@ -10,15 +10,18 @@ on:
      - 'master'
    paths:
      - 'runner/VERSION'
-      - '.github/workflows/release-runners.yaml'
+      - '.github/workflows/arc-release-runners.yaml'
 env:
  # Safeguard to prevent pushing images to registeries after build
  PUSH_TO_REGISTRIES: true
  TARGET_ORG: actions-runner-controller
  TARGET_WORKFLOW: release-runners.yaml
-  DOCKER_VERSION: 20.10.23
+  DOCKER_VERSION: 24.0.7
-  RUNNER_CONTAINER_HOOKS_VERSION: 0.2.0
+
 concurrency:
  group: ${{ github.workflow }}
  cancel-in-progress: true
 jobs:
  build-runners:
@@ -27,10 +30,12 @@ jobs:
    steps:
      - uses: actions/checkout@v3
      - name: Get runner version
-        id: runner_version
+        id: versions
        run: |
-          version=$(echo -n $(cat runner/VERSION))
+          runner_current_version="$(echo -n $(cat runner/VERSION | grep 'RUNNER_VERSION=' | cut -d '=' -f2))"
-          echo runner_version=$version >> $GITHUB_OUTPUT
+          container_hooks_current_version="$(echo -n $(cat runner/VERSION | grep 'RUNNER_CONTAINER_HOOKS_VERSION=' | cut -d '=' -f2))"
          echo runner_version=$runner_current_version >> $GITHUB_OUTPUT
          echo container_hooks_version=$container_hooks_current_version >> $GITHUB_OUTPUT
      - name: Get Token
        id: get_workflow_token
@@ -42,7 +47,8 @@ jobs:
      - name: Trigger Build And Push Runner Images To Registries
        env:
-          RUNNER_VERSION: ${{ steps.runner_version.outputs.runner_version }}
+          RUNNER_VERSION: ${{ steps.versions.outputs.runner_version }}
          CONTAINER_HOOKS_VERSION: ${{ steps.versions.outputs.container_hooks_version }}
        run: |
          # Authenticate
          gh auth login --with-token <<< ${{ steps.get_workflow_token.outputs.token }}
@@ -51,20 +57,21 @@ jobs:
          gh workflow run ${{ env.TARGET_WORKFLOW }} -R ${{ env.TARGET_ORG }}/releases \
            -f runner_version=${{ env.RUNNER_VERSION }} \
            -f docker_version=${{ env.DOCKER_VERSION }} \
-            -f runner_container_hooks_version=${{ env.RUNNER_CONTAINER_HOOKS_VERSION }} \
+            -f runner_container_hooks_version=${{ env.CONTAINER_HOOKS_VERSION }} \
            -f sha='${{ github.sha }}' \
            -f push_to_registries=${{ env.PUSH_TO_REGISTRIES }}
      - name: Job summary
        env:
-          RUNNER_VERSION: ${{ steps.runner_version.outputs.runner_version }}
+          RUNNER_VERSION: ${{ steps.versions.outputs.runner_version }}
          CONTAINER_HOOKS_VERSION: ${{ steps.versions.outputs.container_hooks_version }}
        run: |
          echo "The [release-runners.yaml](https://github.com/actions-runner-controller/releases/blob/main/.github/workflows/release-runners.yaml) workflow has been triggered!" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY
          echo "- runner_version: ${{ env.RUNNER_VERSION }}" >> $GITHUB_STEP_SUMMARY
          echo "- docker_version: ${{ env.DOCKER_VERSION }}" >> $GITHUB_STEP_SUMMARY
-          echo "- runner_container_hooks_version: ${{ env.RUNNER_CONTAINER_HOOKS_VERSION }}" >> $GITHUB_STEP_SUMMARY
+          echo "- runner_container_hooks_version: ${{ env.CONTAINER_HOOKS_VERSION }}" >> $GITHUB_STEP_SUMMARY
          echo "- sha: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
          echo "- push_to_registries: ${{ env.PUSH_TO_REGISTRIES }}" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
--- a/.github/workflows/arc-update-runners-scheduled.yaml
+++ b/.github/workflows/arc-update-runners-scheduled.yaml
@@ -0,0 +1,149 @@
 # This workflows polls releases from actions/runner and in case of a new one it
 # updates files containing runner version and opens a pull request.
 name: Runner Updates Check (Scheduled Job)
 on:
  schedule:
    # run daily
    - cron: "0 9 * * *"
  workflow_dispatch:
 jobs:
  # check_versions compares our current version and the latest available runner
  # version and sets them as outputs.
  check_versions:
    runs-on: ubuntu-latest
    env:
      GH_TOKEN: ${{ github.token }}
    outputs:
      runner_current_version: ${{ steps.runner_versions.outputs.runner_current_version }}
      runner_latest_version: ${{ steps.runner_versions.outputs.runner_latest_version }}
      container_hooks_current_version: ${{ steps.container_hooks_versions.outputs.container_hooks_current_version }}
      container_hooks_latest_version: ${{ steps.container_hooks_versions.outputs.container_hooks_latest_version }}
    steps:
      - uses: actions/checkout@v3
      - name: Get runner current and latest versions
        id: runner_versions
        run: |
          CURRENT_VERSION="$(echo -n $(cat runner/VERSION | grep 'RUNNER_VERSION=' | cut -d '=' -f2))"
          echo "Current version: $CURRENT_VERSION"
          echo runner_current_version=$CURRENT_VERSION >> $GITHUB_OUTPUT
          LATEST_VERSION=$(gh release list --exclude-drafts --exclude-pre-releases --limit 1 -R actions/runner | grep -oP '(?<=v)[0-9.]+' | head -1)
          echo "Latest version: $LATEST_VERSION"
          echo runner_latest_version=$LATEST_VERSION >> $GITHUB_OUTPUT
      - name: Get container-hooks current and latest versions
        id: container_hooks_versions
        run: |
          CURRENT_VERSION="$(echo -n $(cat runner/VERSION | grep 'RUNNER_CONTAINER_HOOKS_VERSION=' | cut -d '=' -f2))"
          echo "Current version: $CURRENT_VERSION"
          echo container_hooks_current_version=$CURRENT_VERSION >> $GITHUB_OUTPUT
          LATEST_VERSION=$(gh release list --exclude-drafts --exclude-pre-releases --limit 1 -R actions/runner-container-hooks | grep -oP '(?<=v)[0-9.]+' | head -1)
          echo "Latest version: $LATEST_VERSION"
          echo container_hooks_latest_version=$LATEST_VERSION >> $GITHUB_OUTPUT
  # check_pr checks if a PR for the same update already exists. It only runs if
  # runner latest version != our current version. If no existing PR is found,
  # it sets a PR name as output.
  check_pr:
    runs-on: ubuntu-latest
    needs: check_versions
    if: needs.check_versions.outputs.runner_current_version != needs.check_versions.outputs.runner_latest_version || needs.check_versions.outputs.container_hooks_current_version != needs.check_versions.outputs.container_hooks_latest_version
    outputs:
      pr_name: ${{ steps.pr_name.outputs.pr_name }}
    env:
      GH_TOKEN: ${{ github.token }}
    steps:
      - name: debug
        run:
          echo "RUNNER_CURRENT_VERSION=${{ needs.check_versions.outputs.runner_current_version }}"
          echo "RUNNER_LATEST_VERSION=${{ needs.check_versions.outputs.runner_latest_version }}"
          echo "CONTAINER_HOOKS_CURRENT_VERSION=${{ needs.check_versions.outputs.container_hooks_current_version }}"
          echo "CONTAINER_HOOKS_LATEST_VERSION=${{ needs.check_versions.outputs.container_hooks_latest_version }}"
      - uses: actions/checkout@v3
      - name: PR Name
        id: pr_name
        env:
          RUNNER_CURRENT_VERSION: ${{ needs.check_versions.outputs.runner_current_version }}
          RUNNER_LATEST_VERSION: ${{ needs.check_versions.outputs.runner_latest_version }}
          CONTAINER_HOOKS_CURRENT_VERSION: ${{ needs.check_versions.outputs.container_hooks_current_version }}
          CONTAINER_HOOKS_LATEST_VERSION: ${{ needs.check_versions.outputs.container_hooks_latest_version }}
        # Generate a PR name with the following title:
        # Updates: runner to v2.304.0 and container-hooks to v0.3.1
        run: |
          RUNNER_MESSAGE="runner to v${RUNNER_LATEST_VERSION}"
          CONTAINER_HOOKS_MESSAGE="container-hooks to v${CONTAINER_HOOKS_LATEST_VERSION}"
          PR_NAME="Updates:"
          if [ "$RUNNER_CURRENT_VERSION" != "$RUNNER_LATEST_VERSION" ]
          then
            PR_NAME="$PR_NAME $RUNNER_MESSAGE"
          fi
          if [ "$CONTAINER_HOOKS_CURRENT_VERSION" != "$CONTAINER_HOOKS_LATEST_VERSION" ]
          then
            PR_NAME="$PR_NAME $CONTAINER_HOOKS_MESSAGE"
          fi
          result=$(gh pr list --search "$PR_NAME" --json number --jq ".[].number" --limit 1)
          if [ -z "$result" ]
          then
            echo "No existing PRs found, setting output with pr_name=$PR_NAME"
            echo pr_name=$PR_NAME >> $GITHUB_OUTPUT
          else
            echo "Found a PR with title '$PR_NAME' already existing: ${{ github.server_url }}/${{ github.repository }}/pull/$result"
          fi
  # update_version updates runner version in the files listed below, commits
  # the changes and opens a pull request as `github-actions` bot.
  update_version:
    runs-on: ubuntu-latest
    needs:
      - check_versions
      - check_pr
    if: needs.check_pr.outputs.pr_name
    permissions:
      pull-requests: write
      contents: write
      actions: write
    env:
      GH_TOKEN: ${{ github.token }}
      RUNNER_CURRENT_VERSION: ${{ needs.check_versions.outputs.runner_current_version }}
      RUNNER_LATEST_VERSION: ${{ needs.check_versions.outputs.runner_latest_version }}
      CONTAINER_HOOKS_CURRENT_VERSION: ${{ needs.check_versions.outputs.container_hooks_current_version }}
      CONTAINER_HOOKS_LATEST_VERSION: ${{ needs.check_versions.outputs.container_hooks_latest_version }}
      PR_NAME: ${{ needs.check_pr.outputs.pr_name }}
    steps:
      - uses: actions/checkout@v3
      - name: New branch
        run: git checkout -b update-runner-"$(date +%Y-%m-%d)"
      - name: Update files
        run: |
          sed -i "s/$RUNNER_CURRENT_VERSION/$RUNNER_LATEST_VERSION/g" runner/VERSION
          sed -i "s/$RUNNER_CURRENT_VERSION/$RUNNER_LATEST_VERSION/g" runner/Makefile
          sed -i "s/$RUNNER_CURRENT_VERSION/$RUNNER_LATEST_VERSION/g" Makefile
          sed -i "s/$RUNNER_CURRENT_VERSION/$RUNNER_LATEST_VERSION/g" test/e2e/e2e_test.go
          sed -i "s/$CONTAINER_HOOKS_CURRENT_VERSION/$CONTAINER_HOOKS_LATEST_VERSION/g" runner/VERSION
          sed -i "s/$CONTAINER_HOOKS_CURRENT_VERSION/$CONTAINER_HOOKS_LATEST_VERSION/g" runner/Makefile
          sed -i "s/$CONTAINER_HOOKS_CURRENT_VERSION/$CONTAINER_HOOKS_LATEST_VERSION/g" Makefile
          sed -i "s/$CONTAINER_HOOKS_CURRENT_VERSION/$CONTAINER_HOOKS_LATEST_VERSION/g" test/e2e/e2e_test.go
      - name: Commit changes
        run: |
          # from https://github.com/orgs/community/discussions/26560
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git config user.name "github-actions[bot]"
          git add .
          git commit -m "$PR_NAME"
          git push -u origin HEAD
      - name: Create pull request
        run: gh pr create -f -l "runners update"
--- a/.github/workflows/arc-validate-chart.yaml
+++ b/.github/workflows/arc-validate-chart.yaml
@@ -6,7 +6,7 @@ on:
      - master
    paths:
      - 'charts/**'
-      - '.github/workflows/validate-chart.yaml'
+      - '.github/workflows/arc-validate-chart.yaml'
      - '!charts/actions-runner-controller/docs/**'
      - '!**.md'
      - '!charts/gha-runner-scale-set-controller/**'
@@ -14,7 +14,7 @@ on:
  push:
    paths:
      - 'charts/**'
-      - '.github/workflows/validate-chart.yaml'
+      - '.github/workflows/arc-validate-chart.yaml'
      - '!charts/actions-runner-controller/docs/**'
      - '!**.md'
      - '!charts/gha-runner-scale-set-controller/**'
@@ -27,6 +27,13 @@ env:
 permissions:
  contents: read
 concurrency:
  # This will make sure we only apply the concurrency limits on pull requests
  # but not pushes to master branch by making the concurrency group name unique
  # for pushes
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  validate-chart:
    name: Lint Chart
@@ -62,17 +69,17 @@ jobs:
      # python is a requirement for the chart-testing action below (supports yamllint among other tests)
      - uses: actions/setup-python@v4
        with:
-          python-version: '3.7'
+          python-version: '3.11'
      - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.3.1
+        uses: helm/chart-testing-action@v2.6.0
      - name: Run chart-testing (list-changed)
        id: list-changed
        run: |
          changed=$(ct list-changed --config charts/.ci/ct-config.yaml)
          if [[ -n "$changed" ]]; then
-            echo "::set-output name=changed::true"
+            echo "changed=true" >> $GITHUB_OUTPUT
          fi
      - name: Run chart-testing (lint)
--- a/.github/workflows/arc-validate-runners.yaml
+++ b/.github/workflows/arc-validate-runners.yaml
@@ -1,4 +1,4 @@
-name: Validate Runners
+name: Validate ARC Runners
 on:
  pull_request:
@@ -12,6 +12,13 @@ on:
 permissions:
  contents: read
 concurrency:
  # This will make sure we only apply the concurrency limits on pull requests 
  # but not pushes to master branch by making the concurrency group name unique
  # for pushes
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  shellcheck:
    name: runner / shellcheck
--- a/.github/workflows/e2e-test-linux-vm.yaml
+++ b/.github/workflows/e2e-test-linux-vm.yaml
@@ -1,4 +1,4 @@
-name: CI ARC E2E Linux VM Test
+name: (gha) E2E Tests
 on:
  push:
@@ -16,7 +16,14 @@ env:
  TARGET_ORG: actions-runner-controller
  TARGET_REPO: arc_e2e_test_dummy
  IMAGE_NAME: "arc-test-image"
-  IMAGE_VERSION: "0.4.0"
+  IMAGE_VERSION: "0.8.1"
 concurrency:
  # This will make sure we only apply the concurrency limits on pull requests
  # but not pushes to master branch by making the concurrency group name unique
  # for pushes
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  default-setup:
@@ -51,21 +58,21 @@ jobs:
          --debug
          count=0
          while true; do
-            POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-runner-scale-set-controller -o name)
+            POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name)
            if [ -n "$POD_NAME" ]; then
              echo "Pod found: $POD_NAME"
              break
            fi
            if [ "$count" -ge 60 ]; then
-              echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-runner-scale-set-controller"
+              echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller"
              exit 1
            fi
            sleep 1
            count=$((count+1))
          done
-          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-runner-scale-set-controller
+          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller
          kubectl get pod -n arc-systems
-          kubectl describe deployment arc-gha-runner-scale-set-controller -n arc-systems
+          kubectl describe deployment arc-gha-rs-controller -n arc-systems
      - name: Install gha-runner-scale-set
        id: install_arc
@@ -142,21 +149,21 @@ jobs:
          --debug
          count=0
          while true; do
-            POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-runner-scale-set-controller -o name)
+            POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name)
            if [ -n "$POD_NAME" ]; then
              echo "Pod found: $POD_NAME"
              break
            fi
            if [ "$count" -ge 60 ]; then
-              echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-runner-scale-set-controller"
+              echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller"
              exit 1
            fi
            sleep 1
            count=$((count+1))
          done
-          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-runner-scale-set-controller
+          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller
          kubectl get pod -n arc-systems
-          kubectl describe deployment arc-gha-runner-scale-set-controller -n arc-systems
+          kubectl describe deployment arc-gha-rs-controller -n arc-systems
      - name: Install gha-runner-scale-set
        id: install_arc
@@ -231,21 +238,21 @@ jobs:
          --debug
          count=0
          while true; do
-            POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-runner-scale-set-controller -o name)
+            POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name)
            if [ -n "$POD_NAME" ]; then
              echo "Pod found: $POD_NAME"
              break
            fi
            if [ "$count" -ge 60 ]; then
-              echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-runner-scale-set-controller"
+              echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller"
              exit 1
            fi
            sleep 1
            count=$((count+1))
          done
-          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-runner-scale-set-controller
+          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller
          kubectl get pod -n arc-systems
-          kubectl describe deployment arc-gha-runner-scale-set-controller -n arc-systems
+          kubectl describe deployment arc-gha-rs-controller -n arc-systems
      - name: Install gha-runner-scale-set
        id: install_arc
@@ -326,21 +333,21 @@ jobs:
          --debug
          count=0
          while true; do
-            POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-runner-scale-set-controller -o name)
+            POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name)
            if [ -n "$POD_NAME" ]; then
              echo "Pod found: $POD_NAME"
              break
            fi
            if [ "$count" -ge 60 ]; then
-              echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-runner-scale-set-controller"
+              echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller"
              exit 1
            fi
            sleep 1
            count=$((count+1))
          done
-          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-runner-scale-set-controller
+          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller
          kubectl get pod -n arc-systems
-          kubectl describe deployment arc-gha-runner-scale-set-controller -n arc-systems
+          kubectl describe deployment arc-gha-rs-controller -n arc-systems
          kubectl wait --timeout=30s --for=condition=ready pod -n openebs -l name=openebs-localpv-provisioner
      - name: Install gha-runner-scale-set
@@ -420,21 +427,21 @@ jobs:
          --debug
          count=0
          while true; do
-            POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-runner-scale-set-controller -o name)
+            POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name)
            if [ -n "$POD_NAME" ]; then
              echo "Pod found: $POD_NAME"
              break
            fi
            if [ "$count" -ge 60 ]; then
-              echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-runner-scale-set-controller"
+              echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller"
              exit 1
            fi
            sleep 1
            count=$((count+1))
          done
-          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-runner-scale-set-controller
+          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller
          kubectl get pod -n arc-systems
-          kubectl describe deployment arc-gha-runner-scale-set-controller -n arc-systems
+          kubectl describe deployment arc-gha-rs-controller -n arc-systems
      - name: Install gha-runner-scale-set
        id: install_arc
@@ -521,21 +528,21 @@ jobs:
          --debug
          count=0
          while true; do
-            POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-runner-scale-set-controller -o name)
+            POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name)
            if [ -n "$POD_NAME" ]; then
              echo "Pod found: $POD_NAME"
              break
            fi
            if [ "$count" -ge 60 ]; then
-              echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-runner-scale-set-controller"
+              echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller"
              exit 1
            fi
            sleep 1
            count=$((count+1))
          done
-          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-runner-scale-set-controller
+          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller
          kubectl get pod -n arc-systems
-          kubectl describe deployment arc-gha-runner-scale-set-controller -n arc-systems
+          kubectl describe deployment arc-gha-rs-controller -n arc-systems
      - name: Install gha-runner-scale-set
        id: install_arc
@@ -616,21 +623,21 @@ jobs:
          --debug
          count=0
          while true; do
-            POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-runner-scale-set-controller -o name)
+            POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name)
            if [ -n "$POD_NAME" ]; then
              echo "Pod found: $POD_NAME"
              break
            fi
            if [ "$count" -ge 60 ]; then
-              echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-runner-scale-set-controller"
+              echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller"
              exit 1
            fi
            sleep 1
            count=$((count+1))
          done
-          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-runner-scale-set-controller
+          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller
          kubectl get pod -n arc-systems
-          kubectl describe deployment arc-gha-runner-scale-set-controller -n arc-systems
+          kubectl describe deployment arc-gha-rs-controller -n arc-systems
      - name: Install gha-runner-scale-set
        id: install_arc
@@ -703,3 +710,268 @@ jobs:
          arc-name: ${{steps.install_arc.outputs.ARC_NAME}}
          arc-namespace: "arc-runners"
          arc-controller-namespace: "arc-systems"
  update-strategy-tests:
    runs-on: ubuntu-latest
    timeout-minutes: 20
    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.id == github.repository_id
    env:
      WORKFLOW_FILE: "arc-test-sleepy-matrix.yaml"
    steps:
      - uses: actions/checkout@v3
        with:
          ref: ${{github.head_ref}}
      - uses: ./.github/actions/setup-arc-e2e
        id: setup
        with:
          app-id: ${{secrets.E2E_TESTS_ACCESS_APP_ID}}
          app-pk: ${{secrets.E2E_TESTS_ACCESS_PK}}
          image-name: ${{env.IMAGE_NAME}}
          image-tag: ${{env.IMAGE_VERSION}}
          target-org: ${{env.TARGET_ORG}}
      - name: Install gha-runner-scale-set-controller
        id: install_arc_controller
        run: |
          helm install arc \
          --namespace "arc-systems" \
          --create-namespace \
          --set image.repository=${{ env.IMAGE_NAME }} \
          --set image.tag=${{ env.IMAGE_VERSION }} \
          --set flags.updateStrategy="eventual" \
          ./charts/gha-runner-scale-set-controller \
          --debug
          count=0
          while true; do
            POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name)
            if [ -n "$POD_NAME" ]; then
              echo "Pod found: $POD_NAME"
              break
            fi
            if [ "$count" -ge 60 ]; then
              echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller"
              exit 1
            fi
            sleep 1
            count=$((count+1))
          done
          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller
          kubectl get pod -n arc-systems
          kubectl describe deployment arc-gha-rs-controller -n arc-systems
      - name: Install gha-runner-scale-set
        id: install_arc
        run: |
          ARC_NAME=${{github.job}}-$(date +'%M%S')$((($RANDOM + 100) % 100 + 1))
          helm install "$ARC_NAME" \
          --namespace "arc-runners" \
          --create-namespace \
          --set githubConfigUrl="https://github.com/${{ env.TARGET_ORG }}/${{env.TARGET_REPO}}" \
          --set githubConfigSecret.github_token="${{ steps.setup.outputs.token }}" \
          ./charts/gha-runner-scale-set \
          --debug
          echo "ARC_NAME=$ARC_NAME" >> $GITHUB_OUTPUT
          count=0
          while true; do
            POD_NAME=$(kubectl get pods -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME -o name)
            if [ -n "$POD_NAME" ]; then
              echo "Pod found: $POD_NAME"
              break
            fi
            if [ "$count" -ge 60 ]; then
              echo "Timeout waiting for listener pod with label actions.github.com/scale-set-name=$ARC_NAME"
              exit 1
            fi
            sleep 1
            count=$((count+1))
          done
          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME
          kubectl get pod -n arc-systems
      - name: Trigger long running jobs and wait for runners to pick them up
        uses: ./.github/actions/execute-assert-arc-e2e
        timeout-minutes: 10
        with:
          auth-token: ${{ steps.setup.outputs.token }}
          repo-owner: ${{ env.TARGET_ORG }}
          repo-name: ${{env.TARGET_REPO}}
          workflow-file: ${{env.WORKFLOW_FILE}}
          arc-name: ${{steps.install_arc.outputs.ARC_NAME}}
          arc-namespace: "arc-runners"
          arc-controller-namespace: "arc-systems"
          wait-to-running: "true"
          wait-to-finish: "false"
      - name: Upgrade the gha-runner-scale-set
        shell: bash
        run: |
          helm upgrade --install "${{ steps.install_arc.outputs.ARC_NAME }}" \
            --namespace "arc-runners" \
            --create-namespace \
            --set githubConfigUrl="https://github.com/${{ env.TARGET_ORG }}/${{ env.TARGET_REPO }}" \
            --set githubConfigSecret.github_token="${{ steps.setup.outputs.token }}" \
            --set template.spec.containers[0].name="runner" \
            --set template.spec.containers[0].image="ghcr.io/actions/actions-runner:latest" \
            --set template.spec.containers[0].command={"/home/runner/run.sh"} \
            --set template.spec.containers[0].env[0].name="TEST" \
            --set template.spec.containers[0].env[0].value="E2E TESTS" \
            ./charts/gha-runner-scale-set \
            --debug
      - name: Assert that the listener is deleted while jobs are running
        shell: bash
        run: |
          count=0
          while true; do
            LISTENER_COUNT="$(kubectl get pods -l actions.github.com/scale-set-name=${{ steps.install_arc.outputs.ARC_NAME }} -n arc-systems --field-selector=status.phase=Running -o=jsonpath='{.items}' | jq 'length')"
            RUNNERS_COUNT="$(kubectl get pods -l app.kubernetes.io/component=runner -n arc-runners --field-selector=status.phase=Running -o=jsonpath='{.items}' | jq 'length')"
            RESOURCES="$(kubectl get pods -A)"
            if [ "$LISTENER_COUNT" -eq 0 ]; then
              echo "Listener has been deleted"
              echo "$RESOURCES"
              exit 0
            fi
            if [ "$count" -ge 60 ]; then
              echo "Timeout waiting for listener to be deleted"
              echo "$RESOURCES"
              exit 1
            fi
            echo "Waiting for listener to be deleted"
            echo "Listener count: $LISTENER_COUNT target: 0 | Runners count: $RUNNERS_COUNT target: 3"
            sleep 1
            count=$((count+1))
          done
      - name: Assert that the listener goes back up after the jobs are done
        shell: bash
        run: |
          count=0
          while true; do
            LISTENER_COUNT="$(kubectl get pods -l actions.github.com/scale-set-name=${{ steps.install_arc.outputs.ARC_NAME }} -n arc-systems --field-selector=status.phase=Running -o=jsonpath='{.items}' | jq 'length')"
            RUNNERS_COUNT="$(kubectl get pods -l app.kubernetes.io/component=runner -n arc-runners --field-selector=status.phase=Running -o=jsonpath='{.items}' | jq 'length')"
            RESOURCES="$(kubectl get pods -A)"
            if [ "$LISTENER_COUNT" -eq 1 ]; then
              echo "Listener is up!"
              echo "$RESOURCES"
              exit 0
            fi
            if [ "$count" -ge 120 ]; then
              echo "Timeout waiting for listener to be recreated"
              echo "$RESOURCES"
              exit 1
            fi
            echo "Waiting for listener to be recreated"
            echo "Listener count: $LISTENER_COUNT target: 1 | Runners count: $RUNNERS_COUNT target: 0"
            sleep 1
            count=$((count+1))
          done
      - name: Gather logs and cleanup
        shell: bash
        if: always()
        run: |
          helm uninstall "${{ steps.install_arc.outputs.ARC_NAME }}" --namespace "arc-runners" --debug
          kubectl wait --timeout=10s --for=delete AutoScalingRunnerSet -n "${{ steps.install_arc.outputs.ARC_NAME }}" -l app.kubernetes.io/instance="${{ steps.install_arc.outputs.ARC_NAME }}"
          kubectl logs deployment/arc-gha-rs-controller -n "arc-systems"
  init-with-min-runners:
    runs-on: ubuntu-latest
    timeout-minutes: 20
    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.id == github.repository_id
    env:
      WORKFLOW_FILE: arc-test-workflow.yaml
    steps:
      - uses: actions/checkout@v3
        with:
          ref: ${{ github.head_ref }}
      - uses: ./.github/actions/setup-arc-e2e
        id: setup
        with:
          app-id: ${{secrets.E2E_TESTS_ACCESS_APP_ID}}
          app-pk: ${{secrets.E2E_TESTS_ACCESS_PK}}
          image-name: ${{env.IMAGE_NAME}}
          image-tag: ${{env.IMAGE_VERSION}}
          target-org: ${{env.TARGET_ORG}}
      - name: Install gha-runner-scale-set-controller
        id: install_arc_controller
        run: |
          helm install arc \
          --namespace "arc-systems" \
          --create-namespace \
          --set image.repository=${{ env.IMAGE_NAME }} \
          --set image.tag=${{ env.IMAGE_VERSION }} \
          --set flags.updateStrategy="eventual" \
          ./charts/gha-runner-scale-set-controller \
          --debug
          count=0
          while true; do
            POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name)
            if [ -n "$POD_NAME" ]; then
              echo "Pod found: $POD_NAME"
              break
            fi
            if [ "$count" -ge 60 ]; then
              echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller"
              exit 1
            fi
            sleep 1
            count=$((count+1))
          done
          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller
          kubectl get pod -n arc-systems
          kubectl describe deployment arc-gha-rs-controller -n arc-systems
      - name: Install gha-runner-scale-set
        id: install_arc
        run: |
          ARC_NAME=${{github.job}}-$(date +'%M%S')$((($RANDOM + 100) % 100 + 1))
          helm install "$ARC_NAME" \
          --namespace "arc-runners" \
          --create-namespace \
          --set githubConfigUrl="https://github.com/${{ env.TARGET_ORG }}/${{env.TARGET_REPO}}" \
          --set githubConfigSecret.github_token="${{ steps.setup.outputs.token }}" \
          --set minRunners=5 \
          ./charts/gha-runner-scale-set \
          --debug
          echo "ARC_NAME=$ARC_NAME" >> $GITHUB_OUTPUT
          count=0
          while true; do
            POD_NAME=$(kubectl get pods -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME -o name)
            if [ -n "$POD_NAME" ]; then
              echo "Pod found: $POD_NAME"
              break
            fi
            if [ "$count" -ge 60 ]; then
              echo "Timeout waiting for listener pod with label actions.github.com/scale-set-name=$ARC_NAME"
              exit 1
            fi
            sleep 1
            count=$((count+1))
          done
          kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME
          kubectl get pod -n arc-systems
      - name: Ensure 5 runners are up
        run: |
          count=0
          while true; do
            pod_count=$(kubectl get pods -n arc-runners --no-headers | wc -l)
            if [[ "$pod_count" = 5 ]]; then
              echo "5 pods are up!"
              break
            fi
            if [[ "$count" -ge 12 ]]; then
              echo "Timeout waiting for 5 pods to be created"
              exit 1
            fi
            sleep 1
            count=$((count+1))
          done
--- a/.github/workflows/publish-runner-scale-set.yaml
+++ b/.github/workflows/publish-runner-scale-set.yaml
@@ -1,4 +1,4 @@
-name: Publish Runner Scale Set Controller Charts
+name: (gha) Publish Helm Charts
 on:
  workflow_dispatch:
@@ -33,7 +33,11 @@ env:
  HELM_VERSION: v3.8.0
 permissions:
- packages: write
+  packages: write
 concurrency:
  group: ${{ github.workflow }}
  cancel-in-progress: true
 jobs:
  build-push-image:
@@ -101,7 +105,7 @@ jobs:
      - name: Job summary
        run: |
-          echo "The [publish-runner-scale-set.yaml](https://github.com/actions/actions-runner-controller/blob/main/.github/workflows/publish-runner-scale-set.yaml) workflow run was completed successfully!" >> $GITHUB_STEP_SUMMARY
+          echo "The [gha-publish-chart.yaml](https://github.com/actions/actions-runner-controller/blob/main/.github/workflows/gha-publish-chart.yaml) workflow run was completed successfully!" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY
          echo "- Ref: ${{ steps.resolve_parameters.outputs.resolvedRef }}" >> $GITHUB_STEP_SUMMARY
--- a/.github/workflows/gha-validate-chart.yaml
+++ b/.github/workflows/gha-validate-chart.yaml
@@ -1,4 +1,4 @@
-name: Validate Helm Chart (gha-runner-scale-set-controller and gha-runner-scale-set)
+name: (gha) Validate Helm Charts
 on:
  pull_request:
@@ -6,13 +6,13 @@ on:
      - master
    paths:
      - 'charts/**'
-      - '.github/workflows/validate-gha-chart.yaml'
+      - '.github/workflows/gha-validate-chart.yaml'
      - '!charts/actions-runner-controller/**'
      - '!**.md'
  push:
    paths:
      - 'charts/**'
-      - '.github/workflows/validate-gha-chart.yaml'
+      - '.github/workflows/gha-validate-chart.yaml'
      - '!charts/actions-runner-controller/**'
      - '!**.md'
  workflow_dispatch:
@@ -23,6 +23,13 @@ env:
 permissions:
  contents: read
 concurrency:
  # This will make sure we only apply the concurrency limits on pull requests
  # but not pushes to master branch by making the concurrency group name unique
  # for pushes
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  validate-chart:
    name: Lint Chart
@@ -58,26 +65,10 @@ jobs:
      # python is a requirement for the chart-testing action below (supports yamllint among other tests)
      - uses: actions/setup-python@v4
        with:
-          python-version: '3.7'
+          python-version: '3.11'
      - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.3.1
+        uses: helm/chart-testing-action@v2.6.0
      - name: Set up latest version chart-testing
        run: |
          echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | sudo tee /etc/apt/sources.list.d/goreleaser.list
          sudo apt update
          sudo apt install goreleaser
          git clone https://github.com/helm/chart-testing
          cd chart-testing
          unset CT_CONFIG_DIR
          goreleaser build --clean --skip-validate
          ./dist/chart-testing_linux_amd64_v1/ct version
          echo 'Adding ct directory to PATH...'
          echo "$RUNNER_TEMP/chart-testing/dist/chart-testing_linux_amd64_v1" >> "$GITHUB_PATH"
          echo 'Setting CT_CONFIG_DIR...'
          echo "CT_CONFIG_DIR=$RUNNER_TEMP/chart-testing/etc" >> "$GITHUB_ENV"
        working-directory: ${{ runner.temp }}
      - name: Run chart-testing (list-changed)
        id: list-changed
@@ -85,7 +76,7 @@ jobs:
          ct version
          changed=$(ct list-changed --config charts/.ci/ct-config-gha.yaml)
          if [[ -n "$changed" ]]; then
-            echo "::set-output name=changed::true"
+            echo "changed=true" >> $GITHUB_OUTPUT
          fi
      - name: Run chart-testing (lint)
--- a/.github/workflows/global-publish-canary.yaml
+++ b/.github/workflows/global-publish-canary.yaml
@@ -1,4 +1,4 @@
-name: Publish Canary Image
+name: Publish Canary Images
 # Revert to https://github.com/actions-runner-controller/releases#releases
 # for details on why we use this approach
@@ -11,19 +11,19 @@ on:
      - '.github/actions/**'
      - '.github/ISSUE_TEMPLATE/**'
      - '.github/workflows/e2e-test-dispatch-workflow.yaml'
-      - '.github/workflows/e2e-test-linux-vm.yaml'
+      - '.github/workflows/gha-e2e-tests.yaml'
-      - '.github/workflows/publish-arc.yaml'
+      - '.github/workflows/arc-publish.yaml'
-      - '.github/workflows/publish-chart.yaml'
+      - '.github/workflows/arc-publish-chart.yaml'
-      - '.github/workflows/publish-runner-scale-set.yaml'
+      - '.github/workflows/gha-publish-chart.yaml'
-      - '.github/workflows/release-runners.yaml'
+      - '.github/workflows/arc-release-runners.yaml'
-      - '.github/workflows/run-codeql.yaml'
+      - '.github/workflows/global-run-codeql.yaml'
-      - '.github/workflows/run-first-interaction.yaml'
+      - '.github/workflows/global-run-first-interaction.yaml'
-      - '.github/workflows/run-stale.yaml'
+      - '.github/workflows/global-run-stale.yaml'
-      - '.github/workflows/update-runners.yaml'
+      - '.github/workflows/arc-update-runners-scheduled.yaml'
      - '.github/workflows/validate-arc.yaml'
-      - '.github/workflows/validate-chart.yaml'
+      - '.github/workflows/arc-validate-chart.yaml'
-      - '.github/workflows/validate-gha-chart.yaml'
+      - '.github/workflows/gha-validate-chart.yaml'
-      - '.github/workflows/validate-runners.yaml'
+      - '.github/workflows/arc-validate-runners.yaml'
      - '.github/dependabot.yml'
      - '.github/RELEASE_NOTE_TEMPLATE.md'
      - 'runner/**'
@@ -37,6 +37,10 @@ permissions:
  contents: read
  packages: write
 concurrency:
  group: ${{ github.workflow }}
  cancel-in-progress: true
 env:
  # Safeguard to prevent pushing images to registeries after build
  PUSH_TO_REGISTRIES: true
@@ -120,7 +124,7 @@ jobs:
          context: .
          file: ./Dockerfile
          platforms: linux/amd64,linux/arm64
-          build-args: VERSION=canary-"${{ github.ref }}"
+          build-args: VERSION=canary-${{ steps.resolve_parameters.outputs.short_sha }}
          push: ${{ env.PUSH_TO_REGISTRIES }}
          tags: |
            ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/gha-runner-scale-set-controller:canary
--- a/.github/workflows/global-run-codeql.yaml
+++ b/.github/workflows/global-run-codeql.yaml
@@ -10,6 +10,13 @@ on:
  schedule:
    - cron: '30 1 * * 0'
 concurrency:
  # This will make sure we only apply the concurrency limits on pull requests
  # but not pushes to master branch by making the concurrency group name unique
  # for pushes
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  analyze:
    name: Analyze
@@ -20,6 +27,11 @@ jobs:
      - name: Checkout repository
        uses: actions/checkout@v3
      - name: Install Go
        uses: actions/setup-go@v4
        with:
          go-version-file: go.mod
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v2
        with:
--- a/.github/workflows/global-run-first-interaction.yaml
+++ b/.github/workflows/global-run-first-interaction.yaml
@@ -1,4 +1,4 @@
-name: first-interaction
+name: First Interaction
 on:
  issues:
--- a/.github/workflows/global-run-stale.yaml
+++ b/.github/workflows/global-run-stale.yaml
--- a/.github/workflows/go.yaml
+++ b/.github/workflows/go.yaml
@@ -8,7 +8,6 @@ on:
      - '**.go'
      - 'go.mod'
      - 'go.sum'
  pull_request:
    paths:
      - '.github/workflows/go.yaml'
@@ -19,6 +18,13 @@ on:
 permissions:
  contents: read
 concurrency:
  # This will make sure we only apply the concurrency limits on pull requests
  # but not pushes to master branch by making the concurrency group name unique
  # for pushes
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  fmt:
    runs-on: ubuntu-latest
@@ -45,7 +51,7 @@ jobs:
        uses: golangci/golangci-lint-action@v3
        with:
          only-new-issues: true
-          version: v1.51.1
+          version: v1.55.2
  generate:
    runs-on: ubuntu-latest
@@ -72,9 +78,11 @@ jobs:
        run: git diff --exit-code
      - name: Install kubebuilder
        run: |
-          curl -L -O https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_linux_amd64.tar.gz
+          curl -D headers.txt -fsL "https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-1.26.1-linux-amd64.tar.gz" -o kubebuilder-tools
-          tar zxvf kubebuilder_2.3.2_linux_amd64.tar.gz
+          echo "$(grep -i etag headers.txt -m 1 | cut -d'"' -f2) kubebuilder-tools" > sum
-          sudo mv kubebuilder_2.3.2_linux_amd64 /usr/local/kubebuilder
+          md5sum -c sum
          tar -zvxf kubebuilder-tools
          sudo mv kubebuilder /usr/local/
      - name: Run go tests
        run: |
          go test -short `go list ./... | grep -v ./test_e2e_arc`
--- a/.github/workflows/update-runners.yaml
+++ b/.github/workflows/update-runners.yaml
@@ -1,109 +0,0 @@
 # This workflows polls releases from actions/runner and in case of a new one it
 # updates files containing runner version and opens a pull request.
 name: Update runners
 on:
  schedule:
    # run daily
    - cron: "0 9 * * *"
  workflow_dispatch:
 jobs:
  # check_versions compares our current version and the latest available runner
  # version and sets them as outputs.
  check_versions:
    runs-on: ubuntu-latest
    env:
      GH_TOKEN: ${{ github.token }}
    outputs:
      current_version: ${{ steps.versions.outputs.current_version }}
      latest_version: ${{ steps.versions.outputs.latest_version }}
    steps:
      - uses: actions/checkout@v3
      - name: Get current and latest versions
        id: versions
        run: |
          CURRENT_VERSION=$(echo -n $(cat runner/VERSION))
          echo "Current version: $CURRENT_VERSION"
          echo current_version=$CURRENT_VERSION >> $GITHUB_OUTPUT
          LATEST_VERSION=$(gh release list --exclude-drafts --exclude-pre-releases --limit 1 -R actions/runner | grep -oP '(?<=v)[0-9.]+' | head -1)
          echo "Latest version: $LATEST_VERSION"
          echo latest_version=$LATEST_VERSION >> $GITHUB_OUTPUT
  # check_pr checks if a PR for the same update already exists. It only runs if
  # runner latest version != our current version. If no existing PR is found,
  # it sets a PR name as output.
  check_pr:
    runs-on: ubuntu-latest
    needs: check_versions
    if: needs.check_versions.outputs.current_version != needs.check_versions.outputs.latest_version
    outputs:
      pr_name: ${{ steps.pr_name.outputs.pr_name }}
    env:
      GH_TOKEN: ${{ github.token }}
    steps:
      - name: debug
        run:
          echo ${{ needs.check_versions.outputs.current_version }}
          echo ${{ needs.check_versions.outputs.latest_version }}
      - uses: actions/checkout@v3
      - name: PR Name
        id: pr_name
        env:
          LATEST_VERSION: ${{ needs.check_versions.outputs.latest_version }}
        run: |
          PR_NAME="Update runner to version ${LATEST_VERSION}"
          result=$(gh pr list --search "$PR_NAME" --json number --jq ".[].number" --limit 1)
          if [ -z "$result" ]
          then
            echo "No existing PRs found, setting output with pr_name=$PR_NAME"
            echo pr_name=$PR_NAME >> $GITHUB_OUTPUT
          else
            echo "Found a PR with title '$PR_NAME' already existing: ${{ github.server_url }}/${{ github.repository }}/pull/$result"
          fi
  # update_version updates runner version in the files listed below, commits
  # the changes and opens a pull request as `github-actions` bot.
  update_version:
    runs-on: ubuntu-latest
    needs:
      - check_versions
      - check_pr
    if: needs.check_pr.outputs.pr_name
    permissions:
      pull-requests: write
      contents: write
      actions: write
    env:
      GH_TOKEN: ${{ github.token }}
      CURRENT_VERSION: ${{ needs.check_versions.outputs.current_version }}
      LATEST_VERSION: ${{ needs.check_versions.outputs.latest_version }}
      PR_NAME: ${{ needs.check_pr.outputs.pr_name }}
    steps:
      - uses: actions/checkout@v3
      - name: New branch
        run: git checkout -b update-runner-$LATEST_VERSION
      - name: Update files
        run: |
          sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" runner/VERSION
          sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" runner/Makefile
          sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" Makefile
          sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" test/e2e/e2e_test.go
          sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" .github/workflows/e2e-test-linux-vm.yaml
      - name: Commit changes
        run: |
          # from https://github.com/orgs/community/discussions/26560
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git config user.name "github-actions[bot]"
          git add .
          git commit -m "$PR_NAME"
          git push -u origin HEAD
      - name: Create pull request
        run: gh pr create -f
--- a/.gitignore
+++ b/.gitignore
@@ -35,5 +35,4 @@ bin
 .DS_STORE
 /test-assets
 /.tools
--- a/2
+++ b/2
@@ -1,2 +1,2 @@
 # actions-runner-controller maintainers
-* @mumoshu @toast-gear @actions/actions-runtime @nikola-jokic
+* @mumoshu @toast-gear @actions/actions-launch @nikola-jokic
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -15,6 +15,13 @@
    - [Opening the Pull Request](#opening-the-pull-request)
  - [Helm Version Changes](#helm-version-changes)
  - [Testing Controller Built from a Pull Request](#testing-controller-built-from-a-pull-request)
  - [Release process](#release-process)
    - [Workflow structure](#workflow-structure)
      - [Releasing legacy actions-runner-controller image and helm charts](#releasing-legacy-actions-runner-controller-image-and-helm-charts)
      - [Release actions-runner-controller runner images](#release-actions-runner-controller-runner-images)
      - [Release gha-runner-scale-set-controller image and helm charts](#release-gha-runner-scale-set-controller-image-and-helm-charts)
      - [Release actions/runner image](#release-actionsrunner-image)
      - [Canary releases](#canary-releases)
 ## Welcome
@@ -25,14 +32,13 @@ reviewed and merged.
 ## Before contributing code
-We welcome code patches, but to make sure things are well coordinated you should  discuss any significant change before starting the work.
+We welcome code patches, but to make sure things are well coordinated you should discuss any significant change before starting the work. The maintainers ask that you signal your intention to contribute to the project using the issue tracker. If there is an existing issue that you want to work on, please let us know so we can get it assigned to you. If you noticed a bug or want to add a new feature, there are issue templates you can fill out.
 The maintainers ask that you signal your intention to contribute to the project using the issue tracker. 
 If there is an existing issue that you want to work on, please let us know so we can get it assigned to you.
 If you noticed a bug or want to add a new feature, there are issue templates you can fill out.
 When filing a feature request, the maintainers will review the change and give you a decision on whether we are willing to accept the feature into the project.
 For significantly large and/or complex features, we may request that you write up an architectural decision record ([ADR](https://github.blog/2020-08-13-why-write-adrs/)) detailing the change.
-Please use the [template](/adrs/0000-TEMPLATE.md) as guidance.
+
 Please use the [template](/docs/adrs/yyyy-mm-dd-TEMPLATE) as guidance.
 <!-- 
  TODO: Add a pre-requisite section describing what developers should
@@ -45,6 +51,7 @@ Depending on what you are patching depends on how you should go about it.
 Below are some guides on how to test patches locally as well as develop the controller and runners.
 When submitting a PR for a change please provide evidence that your change works as we still need to work on improving the CI of the project.
 Some resources are provided for helping achieve this, see this guide for details.
 ### Developing the Controller
@@ -66,7 +73,7 @@ To make your development cycle faster, use the below command to update deploy an
 # Makefile
 VERSION=controller1 \
  RUNNER_TAG=runner1 \
-  make acceptance/pull acceptance/kind docker-build acceptance/load acceptance/deploy
+  make acceptance/pull acceptance/kind docker-buildx acceptance/load acceptance/deploy
 ```
 If you've already deployed actions-runner-controller and only want to recreate pods to use the newer image, you can run:
@@ -130,7 +137,7 @@ GINKGO_FOCUS='[It] should create a new Runner resource from the specified templa
 >
 > If you want to stick with `snap`-provided `docker`, do not forget to set `TMPDIR` to somewhere under `$HOME`.
 > Otherwise `kind load docker-image` fail while running `docker save`.
-> See https://kind.sigs.k8s.io/docs/user/known-issues/#docker-installed-with-snap for more information.
+> See <https://kind.sigs.k8s.io/docs/user/known-issues/#docker-installed-with-snap> for more information.
 To test your local changes against both PAT and App based authentication please run the `acceptance` make target with the authentication configuration details provided:
@@ -186,7 +193,7 @@ Before shipping your PR, please check the following items to make sure CI passes
 - Run `go mod tidy` if you made changes to dependencies.
 - Format the code using `gofmt`
 - Run the `golangci-lint` tool locally.
-  -  We recommend you use `make lint` to run the tool using a Docker container matching the CI version.
+  - We recommend you use `make lint` to run the tool using a Docker container matching the CI version.
 ### Opening the Pull Request
@@ -217,3 +224,146 @@ Please also note that you need to replace `$DOCKER_USER` with your own DockerHub
 Only the maintainers can release a new version of actions-runner-controller, publish a new version of the helm charts, and runner images.
 All release workflows have been moved to [actions-runner-controller/releases](https://github.com/actions-runner-controller/releases) since the packages are owned by the former organization.
 ### Workflow structure
 Following the migration of actions-runner-controller into GitHub actions, all the workflows had to be modified to accommodate the move to a new organization. The following table describes the workflows, their purpose and dependencies.
 | Filename                          | Workflow name                        | Purpose                                                                                                                                                                                                                                                         |
 |-----------------------------------|--------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | gha-e2e-tests.yaml                | (gha) E2E Tests                      | Tests the Autoscaling Runner Set mode end to end. Coverage is restricted to this mode. Legacy modes are not tested.                                                                                                                                          |
 | go.yaml                           | Format, Lint, Unit Tests             | Formats, lints and runs unit tests for the entire codebase.                                                                                                                                                                                                     |
 | arc-publish.yaml                  | Publish ARC Image                    | Uploads release/actions-runner-controller.yaml as an artifact to the newly created release and triggers the [build and publication of the controller image](https://github.com/actions-runner-controller/releases/blob/main/.github/workflows/publish-arc.yaml) |
 | global-publish-canary.yaml        | Publish Canary Images                | Builds and publishes canary controller container images for both new and legacy modes.                                                                                                                                                                          |
 | arc-publish-chart.yaml            | Publish ARC Helm Charts              | Packages and publishes charts/actions-runner-controller (via GitHub Pages)                                                                                                                                                                                      |
 | gha-publish-chart.yaml            | (gha) Publish Helm Charts            | Packages and publishes charts/gha-runner-scale-set-controller and charts/gha-runner-scale-set charts (OCI to GHCR)                                                                                                                                              |
 | arc-release-runners.yaml          | Release ARC Runner Images            | Triggers [release-runners.yaml](https://github.com/actions-runner-controller/releases/blob/main/.github/workflows/release-runners.yaml) which will build and push new runner images used with the legacy ARC modes.                                             |
 | global-run-codeql.yaml            | Run CodeQL                           | Run CodeQL on all the codebase                                                                                                                                                                                                                                  |
 | global-run-first-interaction.yaml | First Interaction                    | Informs first time contributors what to expect when they open a new issue / PR                                                                                                                                                                                  |
 | global-run-stale.yaml             | Run Stale Bot                        | Closes issues / PRs without activity                                                                                                                                                                                                                            |
 | arc-update-runners-scheduled.yaml | Runner Updates Check (Scheduled Job) | Polls [actions/runner](https://github.com/actions/runner) and [actions/runner-container-hooks](https://github.com/actions/runner-container-hooks) for new releases. If found, a PR is created to publish new runner images                                      |
 | arc-validate-chart.yaml           | Validate Helm Chart                  | Run helm chart validators for charts/actions-runner-controller                                                                                                                                                                                                  |
 | gha-validate-chart.yaml           | (gha) Validate Helm Charts           | Run helm chart validators for charts/gha-runner-scale-set-controller and charts/gha-runner-scale-set charts                                                                                                                                                     |
 | arc-validate-runners.yaml         | Validate ARC Runners                 | Run validators for runners                                                                                                                                                                                                                                      |
 There are 7 components that we release regularly:
 1. legacy [actions-runner-controller controller image](https://github.com/actions-runner-controller/actions-runner-controller/pkgs/container/actions-runner-controller)
 2. legacy [actions-runner-controller helm charts](https://actions-runner-controller.github.io/actions-runner-controller/)
 3. legacy actions-runner-controller runner images
   1. [ubuntu-20.04](https://github.com/actions-runner-controller/actions-runner-controller/pkgs/container/actions-runner-controller%2Factions-runner)
   2. [ubuntu-22.04](https://github.com/actions-runner-controller/actions-runner-controller/pkgs/container/actions-runner-controller%2Factions-runner)
   3. [dind-ubuntu-20.04](https://github.com/actions-runner-controller/actions-runner-controller/pkgs/container/actions-runner-controller%2Factions-runner-dind)
   4. [dind-ubuntu-22.04](https://github.com/actions-runner-controller/actions-runner-controller/pkgs/container/actions-runner-controller%2Factions-runner-dind)
   5. [dind-rootless-ubuntu-20.04](https://github.com/actions-runner-controller/actions-runner-controller/pkgs/container/actions-runner-controller%2Factions-runner-dind-rootless)
   6. [dind-rootless-ubuntu-22.04](https://github.com/actions-runner-controller/actions-runner-controller/pkgs/container/actions-runner-controller%2Factions-runner-dind-rootless)
 4. [gha-runner-scale-set-controller image](https://github.com/actions/actions-runner-controller/pkgs/container/gha-runner-scale-set-controller)
 5. [gha-runner-scale-set-controller helm charts](https://github.com/actions/actions-runner-controller/pkgs/container/actions-runner-controller-charts%2Fgha-runner-scale-set-controller)
 6. [gha-runner-scale-set runner helm charts](https://github.com/actions/actions-runner-controller/pkgs/container/actions-runner-controller-charts%2Fgha-runner-scale-set)
 7. [actions/runner image](https://github.com/actions/actions-runner-controller/pkgs/container/actions-runner-controller%2Factions-runner)
 #### Releasing legacy actions-runner-controller image and helm charts
 1. Start by making sure the master branch is stable and all CI jobs are passing
 2. Create a new release in <https://github.com/actions/actions-runner-controller/releases> (Draft a new release)
 3. Bump up the `version` and `appVersion` in charts/actions-runner-controller/Chart.yaml - make sure the `version` matches the release version you just created. (Example: <https://github.com/actions/actions-runner-controller/pull/2577>)
 4. When the workflows finish execution, you will see:
   1. A new controller image published to: <https://github.com/actions-runner-controller/actions-runner-controller/pkgs/container/actions-runner-controller>
   2. Helm charts published to: <https://github.com/actions-runner-controller/actions-runner-controller.github.io/tree/master/actions-runner-controller> (the index.yaml file is updated)
 When a new release is created, the [Publish ARC Image](https://github.com/actions/actions-runner-controller/blob/master/.github/workflows/arc-publish.yaml) workflow is triggered.
 ```mermaid
 flowchart LR
    subgraph repository: actions/actions-runner-controller
    event_a{{"release: published"}} -- triggers --> workflow_a["arc-publish.yaml"]
    event_b{{"workflow_dispatch"}} -- triggers --> workflow_a["arc-publish.yaml"]
    workflow_a["arc-publish.yaml"] -- uploads --> package["actions-runner-controller.tar.gz"]
    end
    subgraph repository: actions-runner-controller/releases
    workflow_a["arc-publish.yaml"] -- triggers --> event_d{{"repository_dispatch"}} --> workflow_b["publish-arc.yaml"]
    workflow_b["publish-arc.yaml"] -- push --> A["GHCR: \nactions-runner-controller/actions-runner-controller:*"]
    workflow_b["publish-arc.yaml"] -- push --> B["DockerHub: \nsummerwind/actions-runner-controller:*"]
    end
 ```
 #### Release actions-runner-controller runner images
 **Manual steps:**
 1. Navigate to the [actions-runner-controller/releases](https://github.com/actions-runner-controller/releases) repository
 2. Trigger [the release-runners.yaml](https://github.com/actions-runner-controller/releases/actions/workflows/release-runners.yaml) workflow.
   1. The list of input prameters for this workflow is defined in the table below (always inspect the workflow file for the latest version)
 <!-- Table of Paramters -->
 | Parameter                        | Description                                                                                                                                                                                                                         | Default       |
 |----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|
 | `runner_version`                 | The version of the [actions/runner](https://github.com/actions/runner) to use                                                                                                                                                       | `2.300.2`     |
 | `docker_version`                 | The version of docker to use                                                                                                                                                                                                        | `20.10.12`    |
 | `runner_container_hooks_version` | The version of [actions/runner-container-hooks](https://github.com/actions/runner-container-hooks) to use                                                                                                                           | `0.2.0`       |
 | `sha`                            | The commit sha from [actions/actions-runner-controller](https://github.com/actions/actions-runner-controller) to be used to build the runner images. This will be provided to `actions/checkout` & used to tag the container images | Empty string. |
 | `push_to_registries`             | Whether to push the images to the registries. Use false to test the build                                                                                                                                                           | false         |
 **Automated steps:**
 ```mermaid
 flowchart LR
    workflow["release-runners.yaml"] -- workflow_dispatch* --> workflow_b["release-runners.yaml"]
    subgraph repository: actions/actions-runner-controller
    runner_updates_check["arc-update-runners-scheduled.yaml"] -- "polls (daily)" --> runner_releases["actions/runner/releases"]
    runner_updates_check -- creates --> runner_update_pr["PR: update /runner/VERSION"]****
    runner_update_pr --> runner_update_pr_merge{{"merge"}}
    runner_update_pr_merge -- triggers --> workflow["release-runners.yaml"]
    end
    subgraph repository: actions-runner-controller/releases
    workflow_b["release-runners.yaml"] -- push --> A["GHCR: \n actions-runner-controller/actions-runner:* \n actions-runner-controller/actions-runner-dind:* \n actions-runner-controller/actions-runner-dind-rootless:*"]
    workflow_b["release-runners.yaml"] -- push --> B["DockerHub: \n summerwind/actions-runner:* \n summerwind/actions-runner-dind:* \n summerwind/actions-runner-dind-rootless:*"]
    event_b{{"workflow_dispatch"}} -- triggers --> workflow_b["release-runners.yaml"]
    end
 ```
 #### Release gha-runner-scale-set-controller image and helm charts
 1. Make sure the master branch is stable and all CI jobs are passing
 1. Prepare a release PR (example: <https://github.com/actions/actions-runner-controller/pull/2467>)
   1. Bump up the version of the chart in: charts/gha-runner-scale-set-controller/Chart.yaml
   2. Bump up the version of the chart in: charts/gha-runner-scale-set/Chart.yaml
      1. Make sure that `version`, `appVersion` of both charts are always the same. These versions cannot diverge.
   3. Update the quickstart guide to reflect the latest versions: docs/preview/gha-runner-scale-set-controller/README.md
   4. Add changelog to the PR as well as the quickstart guide
 1. Merge the release PR
 1. Manually trigger the [(gha) Publish Helm Charts](https://github.com/actions/actions-runner-controller/actions/workflows/gha-publish-chart.yaml) workflow
 1. Manually create a tag and release in [actions/actions-runner-controller](https://github.com/actions/actions-runner-controller/releases) with the format: `gha-runner-scale-set-x.x.x` where the version (x.x.x) matches that of the Helm chart
 | Parameter                                       | Description                                                                                            | Default        |
 |-------------------------------------------------|--------------------------------------------------------------------------------------------------------|----------------|
 | `ref`                                           | The branch, tag or SHA to cut a release from.                                                          | default branch |
 | `release_tag_name`                              | The tag of the controller image. This is not a git tag.                                                | canary         |
 | `push_to_registries`                            | Push images to registries. Use false to test the build process.                                        | false          |
 | `publish_gha_runner_scale_set_controller_chart` | Publish new helm chart for gha-runner-scale-set-controller. This will push the new OCI archive to GHCR | false          |
 | `publish_gha_runner_scale_set_chart`            | Publish new helm chart for gha-runner-scale-set. This will push the new OCI archive to GHCR            | false          |
 #### Release actions/runner image
 A new runner image is built and published to <https://github.com/actions/runner/pkgs/container/actions-runner> whenever a new runner binary has been released. There's nothing to do here.
 #### Canary releases
 We publish canary images for both the legacy actions-runner-controller and gha-runner-scale-set-controller images.
 ```mermaid
 flowchart LR
    subgraph org: actions
    event_a{{"push: [master]"}} -- triggers --> workflow_a["publish-canary.yaml"]
    end
    subgraph org: actions-runner-controller
    workflow_a["publish-canary.yaml"] -- triggers --> event_d{{"repository_dispatch"}} --> workflow_b["publish-canary.yaml"]
    workflow_b["publish-canary.yaml"] -- push --> A["GHCR: \nactions-runner-controller/actions-runner-controller:canary"]
    workflow_b["publish-canary.yaml"] -- push --> B["DockerHub: \nsummerwind/actions-runner-controller:canary"]
    end
 ```
 1. [actions-runner-controller canary image](https://github.com/actions-runner-controller/actions-runner-controller/pkgs/container/actions-runner-controller)
 2. [gha-runner-scale-set-controller image](https://github.com/actions/actions-runner-controller/pkgs/container/gha-runner-scale-set-controller)
 These canary images are automatically built and released on each push to the master branch.
--- a/10
+++ b/10
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM --platform=$BUILDPLATFORM golang:1.19.4 as builder
+FROM --platform=$BUILDPLATFORM golang:1.21.3 as builder
 WORKDIR /workspace
@@ -24,7 +24,7 @@ RUN go mod download
 # With the above commmand,
 # TARGETOS can be "linux", TARGETARCH can be "amd64", "arm64", and "arm", TARGETVARIANT can be "v7".
-ARG TARGETPLATFORM TARGETOS TARGETARCH TARGETVARIANT VERSION=dev
+ARG TARGETPLATFORM TARGETOS TARGETARCH TARGETVARIANT VERSION=dev COMMIT_SHA=dev
 # We intentionally avoid `--mount=type=cache,mode=0777,target=/go/pkg/mod` in the `go mod download` and the `go build` runs
 # to avoid https://github.com/moby/buildkit/issues/2334
@@ -36,8 +36,9 @@ ENV GOCACHE /build/${TARGETPLATFORM}/root/.cache/go-build
 RUN --mount=target=. \
  --mount=type=cache,mode=0777,target=${GOCACHE} \
  export GOOS=${TARGETOS} GOARCH=${TARGETARCH} GOARM=${TARGETVARIANT#v} && \
-  go build -trimpath -ldflags="-s -w -X 'github.com/actions/actions-runner-controller/build.Version=${VERSION}'" -o /out/manager main.go && \
+  go build -trimpath -ldflags="-s -w -X 'github.com/actions/actions-runner-controller/build.Version=${VERSION}' -X 'github.com/actions/actions-runner-controller/build.CommitSHA=${COMMIT_SHA}'" -o /out/manager main.go && \
-  go build -trimpath -ldflags="-s -w" -o /out/github-runnerscaleset-listener ./cmd/githubrunnerscalesetlistener && \
+  go build -trimpath -ldflags="-s -w -X 'github.com/actions/actions-runner-controller/build.Version=${VERSION}' -X 'github.com/actions/actions-runner-controller/build.CommitSHA=${COMMIT_SHA}'" -o /out/github-runnerscaleset-listener ./cmd/githubrunnerscalesetlistener && \
  go build -trimpath -ldflags="-s -w -X 'github.com/actions/actions-runner-controller/build.Version=${VERSION}' -X 'github.com/actions/actions-runner-controller/build.CommitSHA=${COMMIT_SHA}'" -o /out/ghalistener ./cmd/ghalistener && \
  go build -trimpath -ldflags="-s -w" -o /out/github-webhook-server ./cmd/githubwebhookserver && \
  go build -trimpath -ldflags="-s -w" -o /out/actions-metrics-server ./cmd/actionsmetricsserver && \
  go build -trimpath -ldflags="-s -w" -o /out/sleep ./cmd/sleep
@@ -52,6 +53,7 @@ COPY --from=builder /out/manager .
 COPY --from=builder /out/github-webhook-server .
 COPY --from=builder /out/actions-metrics-server .
 COPY --from=builder /out/github-runnerscaleset-listener .
 COPY --from=builder /out/ghalistener .
 COPY --from=builder /out/sleep .
 USER 65532:65532
--- a/11
+++ b/11
@@ -5,7 +5,8 @@ else
 endif
 DOCKER_USER ?= $(shell echo ${DOCKER_IMAGE_NAME} | cut -d / -f1)
 VERSION ?= dev
-RUNNER_VERSION ?= 2.304.0
+COMMIT_SHA = $(shell git rev-parse HEAD)
 RUNNER_VERSION ?= 2.311.0
 TARGETPLATFORM ?= $(shell arch)
 RUNNER_NAME ?= ${DOCKER_USER}/actions-runner
 RUNNER_TAG  ?= ${VERSION}
@@ -67,7 +68,7 @@ endif
 all: manager
 lint:
-	docker run --rm -v $(PWD):/app -w /app golangci/golangci-lint:v1.49.0 golangci-lint run
+	docker run --rm -v $(PWD):/app -w /app golangci/golangci-lint:v1.55.2 golangci-lint run
 GO_TEST_ARGS ?= -short
@@ -95,7 +96,8 @@ run: generate fmt vet manifests
 run-scaleset: generate fmt vet
 	CONTROLLER_MANAGER_POD_NAMESPACE=default \
 	CONTROLLER_MANAGER_CONTAINER_IMAGE="${DOCKER_IMAGE_NAME}:${VERSION}" \
-	go run ./main.go --auto-scaling-runner-set-only
+	go run -ldflags="-s -w -X 'github.com/actions/actions-runner-controller/build.Version=$(VERSION)'" \
 	./main.go --auto-scaling-runner-set-only
 # Install CRDs into a cluster
 install: manifests
@@ -214,6 +216,7 @@ docker-buildx:
 		--build-arg RUNNER_VERSION=${RUNNER_VERSION} \
 		--build-arg DOCKER_VERSION=${DOCKER_VERSION} \
 		--build-arg VERSION=${VERSION} \
 		--build-arg COMMIT_SHA=${COMMIT_SHA} \
 		-t "${DOCKER_IMAGE_NAME}:${VERSION}" \
 		-f Dockerfile \
 		. ${PUSH_ARG}
@@ -317,7 +320,7 @@ ifeq (, $(wildcard $(GOBIN)/controller-gen))
 	CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\
 	cd $$CONTROLLER_GEN_TMP_DIR ;\
 	go mod init tmp ;\
-	go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.7.0 ;\
+	go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.13.0 ;\
 	rm -rf $$CONTROLLER_GEN_TMP_DIR ;\
 	}
 endif
--- a/README.md
+++ b/README.md
@@ -4,39 +4,40 @@
 [![awesome-runners](https://img.shields.io/badge/listed%20on-awesome--runners-blue.svg)](https://github.com/jonico/awesome-runners)
 [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/actions-runner-controller)](https://artifacthub.io/packages/search?repo=actions-runner-controller)
 ## About
 Actions Runner Controller (ARC) is a Kubernetes operator that orchestrates and scales self-hosted runners for GitHub Actions.
 With ARC, you can create runner scale sets that automatically scale based on the number of workflows running in your repository, organization, or enterprise. Because controlled runners can be ephemeral and based on containers, new runner instances can scale up or down rapidly and cleanly. For more information about autoscaling, see ["Autoscaling with self-hosted runners."](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners)
 You can set up ARC on Kubernetes using Helm, then create and run a workflow that uses runner scale sets. For more information about runner scale sets, see ["Deploying runner scale sets with Actions Runner Controller."](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller#runner-scale-set)
 ## People
-`actions-runner-controller` is an open-source project currently developed and maintained in collaboration with the GitHub Actions team, external maintainers @mumoshu and @toast-gear, various [contributors](https://github.com/actions/actions-runner-controller/graphs/contributors), and the [awesome community](https://github.com/actions/actions-runner-controller/discussions).
+Actions Runner Controller (ARC) is an open-source project currently developed and maintained in collaboration with the GitHub Actions team, external maintainers @mumoshu and @toast-gear, various [contributors](https://github.com/actions/actions-runner-controller/graphs/contributors), and the [awesome community](https://github.com/actions/actions-runner-controller/discussions).
 If you think the project is awesome and is adding value to your business, please consider directly sponsoring [community maintainers](https://github.com/sponsors/actions-runner-controller) and individual contributors via GitHub Sponsors.
 In case you are already the employer of one of contributors, sponsoring via GitHub Sponsors might not be an option. Just support them in other means!
 See [the sponsorship dashboard](https://github.com/sponsors/actions-runner-controller) for the former and the current sponsors.
 ## Status
 Even though actions-runner-controller is used in production environments, it is still in its early stage of development, hence versioned 0.x.
 actions-runner-controller complies to Semantic Versioning 2.0.0 in which v0.x means that there could be backward-incompatible changes for every release.
 The documentation is kept inline with master@HEAD, we do our best to highlight any features that require a specific ARC version or higher however this is not always easily done due to there being many moving parts. Additionally, we actively do not retain compatibly with every GitHub Enterprise Server version nor every Kubernetes version so you will need to ensure you stay current within a reasonable timespan.
 ## About
 [GitHub Actions](https://github.com/features/actions) is a very useful tool for automating development. GitHub Actions jobs are run in the cloud by default, but you may want to run your jobs in your environment. [Self-hosted runner](https://github.com/actions/runner) can be used for such use cases, but requires the provisioning and configuration of a virtual machine instance. Instead if you already have a Kubernetes cluster, it makes more sense to run the self-hosted runner on top of it.
 **actions-runner-controller** makes that possible. Just create a *Runner* resource on your Kubernetes, and it will run and operate the self-hosted runner for the specified repository. Combined with Kubernetes RBAC, you can also build simple Self-hosted runners as a Service.
 ## Getting Started
 To give ARC a try with just a handful of commands, Please refer to the [Quickstart guide](/docs/quickstart.md). 
-For an overview of ARC, please refer to [About ARC](https://github.com/actions/actions-runner-controller/blob/master/docs/about-arc.md)
+To give ARC a try with just a handful of commands, Please refer to the [Quickstart guide](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller).
-For more information, please refer to detailed documentation below!
+For an overview of ARC, please refer to [About ARC](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/about-actions-runner-controller)
-## Documentation
+With the introduction of [autoscaling runner scale sets](https://github.com/actions/actions-runner-controller/discussions/2775), the existing [autoscaling modes](./docs/automatically-scaling-runners.md) are now legacy. The legacy modes have certain use cases and will continue to be maintained by the community only.
 For further information on what is supported by GitHub and what's managed by the community, please refer to [this announcement discussion.](https://github.com/actions/actions-runner-controller/discussions/2775)
 ### Documentation
 ARC documentation is available on [docs.github.com](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller).
 ### Legacy documentation
 The following documentation is for the legacy autoscaling modes that continue to be maintained by the community
 - [Quickstart guide](/docs/quickstart.md)
 - [About ARC](/docs/about-arc.md)
--- a/TROUBLESHOOTING.md
+++ b/TROUBLESHOOTING.md
@@ -304,3 +304,27 @@ If you noticed that it takes several minutes for sidecar dind container to be cr
 **Solution**
 The solution is to switch to using faster storage, if you are experiencing this issue you are probably using HDD storage. Switching to SSD storage fixed the problem in my case. Most cloud providers have a list of storage options to use just pick something faster that your current disk, for on prem clusters you will need to invest in some SSDs.
 ### Dockerd no space left on device
 **Problem**
 If you are running many containers on your runner you might encounter an issue where docker daemon is unable to start new containers and you see error `no space left on device`.  
 **Solution**
 Add a `dockerVarRunVolumeSizeLimit` key in your runner's spec with a higher size limit (the default is 1M) For instance:
 ```yaml
 apiVersion: actions.summerwind.dev/v1alpha1
 kind: RunnerDeployment
 metadata:
  name: github-runner
  namespace: github-system
 spec:
  replicas: 6
  template:
    spec:
      dockerVarRunVolumeSizeLimit: 50M
      env: []
 ```
--- a/apis/actions.github.com/v1alpha1/autoscalinglistener_types.go
+++ b/apis/actions.github.com/v1alpha1/autoscalinglistener_types.go
@@ -52,9 +52,6 @@ type AutoscalingListenerSpec struct {
 	// Required
 	Image string `json:"image,omitempty"`
 	// Required
 	ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"`
 	// Required
 	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
@@ -63,6 +60,9 @@ type AutoscalingListenerSpec struct {
 	// +optional
 	GitHubServerTLS *GitHubServerTLSConfig `json:"githubServerTLS,omitempty"`
 	// +optional
 	Template *corev1.PodTemplateSpec `json:"template,omitempty"`
 }
 // AutoscalingListenerStatus defines the observed state of AutoscalingListener
--- a/apis/actions.github.com/v1alpha1/autoscalingrunnerset_types.go
+++ b/apis/actions.github.com/v1alpha1/autoscalingrunnerset_types.go
@@ -74,6 +74,9 @@ type AutoscalingRunnerSetSpec struct {
 	// Required
 	Template corev1.PodTemplateSpec `json:"template,omitempty"`
 	// +optional
 	ListenerTemplate *corev1.PodTemplateSpec `json:"listenerTemplate,omitempty"`
 	// +optional
 	// +kubebuilder:validation:Minimum:=0
 	MaxRunners *int `json:"maxRunners,omitempty"`
--- a/apis/actions.github.com/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/actions.github.com/v1alpha1/zz_generated.deepcopy.go
@@ -1,5 +1,4 @@
 //go:build !ignore_autogenerated
 // +build !ignore_autogenerated
 /*
 Copyright 2020 The actions-runner-controller authors.
@@ -103,6 +102,11 @@ func (in *AutoscalingListenerSpec) DeepCopyInto(out *AutoscalingListenerSpec) {
 		*out = new(GitHubServerTLSConfig)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.Template != nil {
 		in, out := &in.Template, &out.Template
 		*out = new(v1.PodTemplateSpec)
 		(*in).DeepCopyInto(*out)
 	}
 }
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoscalingListenerSpec.
@@ -203,6 +207,11 @@ func (in *AutoscalingRunnerSetSpec) DeepCopyInto(out *AutoscalingRunnerSetSpec)
 		(*in).DeepCopyInto(*out)
 	}
 	in.Template.DeepCopyInto(&out.Template)
 	if in.ListenerTemplate != nil {
 		in, out := &in.ListenerTemplate, &out.ListenerTemplate
 		*out = new(v1.PodTemplateSpec)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.MaxRunners != nil {
 		in, out := &in.MaxRunners, &out.MaxRunners
 		*out = new(int)
--- a/apis/actions.summerwind.net/v1alpha1/horizontalrunnerautoscaler_types.go
+++ b/apis/actions.summerwind.net/v1alpha1/horizontalrunnerautoscaler_types.go
@@ -22,7 +22,7 @@ import (
 // HorizontalRunnerAutoscalerSpec defines the desired state of HorizontalRunnerAutoscaler
 type HorizontalRunnerAutoscalerSpec struct {
-	// ScaleTargetRef sis the reference to scaled resource like RunnerDeployment
+	// ScaleTargetRef is the reference to scaled resource like RunnerDeployment
 	ScaleTargetRef ScaleTargetRef `json:"scaleTargetRef,omitempty"`
 	// MinReplicas is the minimum number of replicas the deployment is allowed to scale
--- a/apis/actions.summerwind.net/v1alpha1/runner_types.go
+++ b/apis/actions.summerwind.net/v1alpha1/runner_types.go
@@ -70,6 +70,8 @@ type RunnerConfig struct {
 	// +optional
 	DockerRegistryMirror *string `json:"dockerRegistryMirror,omitempty"`
 	// +optional
 	DockerVarRunVolumeSizeLimit *resource.Quantity `json:"dockerVarRunVolumeSizeLimit,omitempty"`
 	// +optional
 	VolumeSizeLimit *resource.Quantity `json:"volumeSizeLimit,omitempty"`
 	// +optional
 	VolumeStorageMedium *string `json:"volumeStorageMedium,omitempty"`
--- a/apis/actions.summerwind.net/v1alpha1/runner_webhook.go
+++ b/apis/actions.summerwind.net/v1alpha1/runner_webhook.go
@@ -23,6 +23,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 // log is for logging in this package.
@@ -48,20 +49,20 @@ func (r *Runner) Default() {
 var _ webhook.Validator = &Runner{}
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type
-func (r *Runner) ValidateCreate() error {
+func (r *Runner) ValidateCreate() (admission.Warnings, error) {
 	runnerLog.Info("validate resource to be created", "name", r.Name)
-	return r.Validate()
+	return nil, r.Validate()
 }
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
-func (r *Runner) ValidateUpdate(old runtime.Object) error {
+func (r *Runner) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
 	runnerLog.Info("validate resource to be updated", "name", r.Name)
-	return r.Validate()
+	return nil, r.Validate()
 }
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type
-func (r *Runner) ValidateDelete() error {
+func (r *Runner) ValidateDelete() (admission.Warnings, error) {
-	return nil
+	return nil, nil
 }
 // Validate validates resource spec.
--- a/apis/actions.summerwind.net/v1alpha1/runnerdeployment_webhook.go
+++ b/apis/actions.summerwind.net/v1alpha1/runnerdeployment_webhook.go
@@ -23,6 +23,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 // log is for logging in this package.
@@ -48,20 +49,20 @@ func (r *RunnerDeployment) Default() {
 var _ webhook.Validator = &RunnerDeployment{}
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type
-func (r *RunnerDeployment) ValidateCreate() error {
+func (r *RunnerDeployment) ValidateCreate() (admission.Warnings, error) {
 	runnerDeploymentLog.Info("validate resource to be created", "name", r.Name)
-	return r.Validate()
+	return nil, r.Validate()
 }
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
-func (r *RunnerDeployment) ValidateUpdate(old runtime.Object) error {
+func (r *RunnerDeployment) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
 	runnerDeploymentLog.Info("validate resource to be updated", "name", r.Name)
-	return r.Validate()
+	return nil, r.Validate()
 }
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type
-func (r *RunnerDeployment) ValidateDelete() error {
+func (r *RunnerDeployment) ValidateDelete() (admission.Warnings, error) {
-	return nil
+	return nil, nil
 }
 // Validate validates resource spec.
--- a/apis/actions.summerwind.net/v1alpha1/runnerreplicaset_webhook.go
+++ b/apis/actions.summerwind.net/v1alpha1/runnerreplicaset_webhook.go
@@ -23,6 +23,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 // log is for logging in this package.
@@ -48,20 +49,20 @@ func (r *RunnerReplicaSet) Default() {
 var _ webhook.Validator = &RunnerReplicaSet{}
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type
-func (r *RunnerReplicaSet) ValidateCreate() error {
+func (r *RunnerReplicaSet) ValidateCreate() (admission.Warnings, error) {
 	runnerReplicaSetLog.Info("validate resource to be created", "name", r.Name)
-	return r.Validate()
+	return nil, r.Validate()
 }
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
-func (r *RunnerReplicaSet) ValidateUpdate(old runtime.Object) error {
+func (r *RunnerReplicaSet) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
 	runnerReplicaSetLog.Info("validate resource to be updated", "name", r.Name)
-	return r.Validate()
+	return nil, r.Validate()
 }
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type
-func (r *RunnerReplicaSet) ValidateDelete() error {
+func (r *RunnerReplicaSet) ValidateDelete() (admission.Warnings, error) {
-	return nil
+	return nil, nil
 }
 // Validate validates resource spec.
--- a/apis/actions.summerwind.net/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/actions.summerwind.net/v1alpha1/zz_generated.deepcopy.go
@@ -1,5 +1,4 @@
 //go:build !ignore_autogenerated
 // +build !ignore_autogenerated
 /*
 Copyright 2020 The actions-runner-controller authors.
@@ -436,6 +435,11 @@ func (in *RunnerConfig) DeepCopyInto(out *RunnerConfig) {
 		*out = new(string)
 		**out = **in
 	}
 	if in.DockerVarRunVolumeSizeLimit != nil {
 		in, out := &in.DockerVarRunVolumeSizeLimit, &out.DockerVarRunVolumeSizeLimit
 		x := (*in).DeepCopy()
 		*out = &x
 	}
 	if in.VolumeSizeLimit != nil {
 		in, out := &in.VolumeSizeLimit, &out.VolumeSizeLimit
 		x := (*in).DeepCopy()
--- a/build/version.go
+++ b/build/version.go
@@ -2,3 +2,5 @@ package build
 // This is overridden at build-time using go-build ldflags. dev is the fallback value
 var Version = "NA"
 var CommitSHA = "NA"
--- a/charts/actions-runner-controller/Chart.yaml
+++ b/charts/actions-runner-controller/Chart.yaml
@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.23.2
+version: 0.23.7
 # Used as the default manager tag value when no tag property is provided in the values.yaml
-appVersion: 0.27.3
+appVersion: 0.27.6
 home: https://github.com/actions/actions-runner-controller
--- a/charts/actions-runner-controller/README.md
+++ b/charts/actions-runner-controller/README.md
@@ -8,149 +8,156 @@ All additional docs are kept in the `docs/` folder, this README is solely for do
 > _Default values are the defaults set in the charts `values.yaml`, some properties have default configurations in the code for when the property is omitted or invalid_
-| Key                                                      | Description                                                                                                                               | Default                                                                                         |
+| Key                                                       | Description                                                                                                                               | Default                                                                                         |
-|----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------|
+|-----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------|
-| `labels`                                                 | Set labels to apply to all resources in the chart                                                                                         |                                                                                                 |
+| `labels`                                                  | Set labels to apply to all resources in the chart                                                                                         |                                                                                                 |
-| `replicaCount`                                           | Set the number of controller pods                                                                                                         | 1                                                                                               |
+| `replicaCount`                                            | Set the number of controller pods                                                                                                         | 1                                                                                               |
-| `webhookPort`                                            | Set the containerPort for the webhook Pod                                                                                                 | 9443                                                                                            |
+| `webhookPort`                                             | Set the containerPort for the webhook Pod                                                                                                 | 9443                                                                                            |
-| `syncPeriod`                                             | Set the period in which the controller reconciles the desired runners count                                                               | 1m                                                                                              |
+| `syncPeriod`                                              | Set the period in which the controller reconciles the desired runners count                                                               | 1m                                                                                              |
-| `enableLeaderElection`                                   | Enable election configuration                                                                                                             | true                                                                                            |
+| `enableLeaderElection`                                    | Enable election configuration                                                                                                             | true                                                                                            |
-| `leaderElectionId`                                       | Set the election ID for the controller group                                                                                              |                                                                                                 |
+| `leaderElectionId`                                        | Set the election ID for the controller group                                                                                              |                                                                                                 |
-| `githubEnterpriseServerURL`                              | Set the URL for a self-hosted GitHub Enterprise Server                                                                                    |                                                                                                 |
+| `githubEnterpriseServerURL`                               | Set the URL for a self-hosted GitHub Enterprise Server                                                                                    |                                                                                                 |
-| `githubURL`                                              | Override GitHub URL to be used for GitHub API calls                                                                                       |                                                                                                 |
+| `githubURL`                                               | Override GitHub URL to be used for GitHub API calls                                                                                       |                                                                                                 |
-| `githubUploadURL`                                        | Override GitHub Upload URL to be used for GitHub API calls                                                                                |                                                                                                 |
+| `githubUploadURL`                                         | Override GitHub Upload URL to be used for GitHub API calls                                                                                |                                                                                                 |
-| `runnerGithubURL`                                        | Override GitHub URL to be used by runners during registration                                                                             |                                                                                                 |
+| `runnerGithubURL`                                         | Override GitHub URL to be used by runners during registration                                                                             |                                                                                                 |
-| `logLevel`                                               | Set the log level of the controller container                                                                                             |                                                                                                 |
+| `logLevel`                                                | Set the log level of the controller container                                                                                             |                                                                                                 |
-| `logFormat`                                              | Set the log format of the controller. Valid options are "text" and "json"                                                                 | text                                                                                            |
+| `logFormat`                                               | Set the log format of the controller. Valid options are "text" and "json"                                                                 | text                                                                                            |
-| `additionalVolumes`                                      | Set additional volumes to add to the manager container                                                                                    |                                                                                                 |
+| `additionalVolumes`                                       | Set additional volumes to add to the manager container                                                                                    |                                                                                                 |
-| `additionalVolumeMounts`                                 | Set additional volume mounts to add to the manager container                                                                              |                                                                                                 |
+| `additionalVolumeMounts`                                  | Set additional volume mounts to add to the manager container                                                                              |                                                                                                 |
-| `authSecret.create`                                      | Deploy the controller auth secret                                                                                                         | false                                                                                           |
+| `authSecret.create`                                       | Deploy the controller auth secret                                                                                                         | false                                                                                           |
-| `authSecret.name`                                        | Set the name of the auth secret                                                                                                           | controller-manager                                                                              |
+| `authSecret.name`                                         | Set the name of the auth secret                                                                                                           | controller-manager                                                                              |
-| `authSecret.annotations`                                 | Set annotations for the auth Secret                                                                                                       |                                                                                                 |
+| `authSecret.annotations`                                  | Set annotations for the auth Secret                                                                                                       |                                                                                                 |
-| `authSecret.github_app_id`                               | The ID of your GitHub App. **This can't be set at the same time as `authSecret.github_token`**                                            |                                                                                                 |
+| `authSecret.github_app_id`                                | The ID of your GitHub App. **This can't be set at the same time as `authSecret.github_token`**                                            |                                                                                                 |
-| `authSecret.github_app_installation_id`                  | The ID of your GitHub App installation. **This can't be set at the same time as `authSecret.github_token`**                               |                                                                                                 |
+| `authSecret.github_app_installation_id`                   | The ID of your GitHub App installation. **This can't be set at the same time as `authSecret.github_token`**                               |                                                                                                 |
-| `authSecret.github_app_private_key`                      | The multiline string of your GitHub App's private key. **This can't be set at the same time as `authSecret.github_token`**                |                                                                                                 |
+| `authSecret.github_app_private_key`                       | The multiline string of your GitHub App's private key. **This can't be set at the same time as `authSecret.github_token`**                |                                                                                                 |
-| `authSecret.github_token`                                | Your chosen GitHub PAT token. **This can't be set at the same time as the `authSecret.github_app_*`**                                     |                                                                                                 |
+| `authSecret.github_token`                                 | Your chosen GitHub PAT token. **This can't be set at the same time as the `authSecret.github_app_*`**                                     |                                                                                                 |
-| `authSecret.github_basicauth_username`                   | Username for GitHub basic auth to use instead of PAT or GitHub APP in case it's running behind a proxy API                                |                                                                                                 |
+| `authSecret.github_basicauth_username`                    | Username for GitHub basic auth to use instead of PAT or GitHub APP in case it's running behind a proxy API                                |                                                                                                 |
-| `authSecret.github_basicauth_password`                   | Password for GitHub basic auth to use instead of PAT or GitHub APP in case it's running behind a proxy API                                |                                                                                                 |
+| `authSecret.github_basicauth_password`                    | Password for GitHub basic auth to use instead of PAT or GitHub APP in case it's running behind a proxy API                                |                                                                                                 |
-| `dockerRegistryMirror`                                   | The default Docker Registry Mirror used by runners.                                                                                       |                                                                                                 |
+| `dockerRegistryMirror`                                    | The default Docker Registry Mirror used by runners.                                                                                       |                                                                                                 |
-| `hostNetwork`                                            | The "hostNetwork" of the controller container                                                                                             | false                                                                                           |
+| `hostNetwork`                                             | The "hostNetwork" of the controller container                                                                                             | false                                                                                           |
-| `image.repository`                                       | The "repository/image" of the controller container                                                                                        | summerwind/actions-runner-controller                                                            |
+| `dnsPolicy`                                               | The "dnsPolicy" of the controller container                                                                                               | ClusterFirst                                                                                    |
-| `image.tag`                                              | The tag of the controller container                                                                                                       |                                                                                                 |
+| `image.repository`                                        | The "repository/image" of the controller container                                                                                        | summerwind/actions-runner-controller                                                            |
-| `image.actionsRunnerRepositoryAndTag`                    | The "repository/image" of the actions runner container                                                                                    | summerwind/actions-runner:latest                                                                |
+| `image.tag`                                               | The tag of the controller container                                                                                                       |                                                                                                 |
-| `image.actionsRunnerImagePullSecrets`                    | Optional image pull secrets to be included in the runner pod's ImagePullSecrets                                                           |                                                                                                 |
+| `image.actionsRunnerRepositoryAndTag`                     | The "repository/image" of the actions runner container                                                                                    | summerwind/actions-runner:latest                                                                |
-| `image.dindSidecarRepositoryAndTag`                      | The "repository/image" of the dind sidecar container                                                                                      | docker:dind                                                                                     |
+| `image.actionsRunnerImagePullSecrets`                     | Optional image pull secrets to be included in the runner pod's ImagePullSecrets                                                           |                                                                                                 |
-| `image.pullPolicy`                                       | The pull policy of the controller image                                                                                                   | IfNotPresent                                                                                    |
+| `image.dindSidecarRepositoryAndTag`                       | The "repository/image" of the dind sidecar container                                                                                      | docker:dind                                                                                     |
-| `metrics.serviceMonitor`                                 | Deploy serviceMonitor kind for for use with prometheus-operator CRDs                                                                      | false                                                                                           |
+| `image.pullPolicy`                                        | The pull policy of the controller image                                                                                                   | IfNotPresent                                                                                    |
-| `metrics.serviceAnnotations`                             | Set annotations for the provisioned metrics service resource                                                                              |                                                                                                 |
+| `metrics.serviceMonitor.enable`                           | Deploy serviceMonitor kind for for use with prometheus-operator CRDs                                                                      | false                                                                                           |
-| `metrics.port`                                           | Set port of metrics service                                                                                                               | 8443                                                                                            |
+| `metrics.serviceMonitor.interval`                         | Configure the interval that Prometheus should scrap the controller's metrics                                                              | 1m                                                                                              |
-| `metrics.proxy.enabled`                                  | Deploy kube-rbac-proxy container in controller pod                                                                                        | true                                                                                            |
+| `metrics.serviceMonitor.namespace                         | Namespace which Prometheus is running in                                                                                                  | `Release.Namespace` (the default namespace of the helm chart).                                  |
-| `metrics.proxy.image.repository`                         | The "repository/image" of the kube-proxy container                                                                                        | quay.io/brancz/kube-rbac-proxy                                                                  |
+| `metrics.serviceMonitor.timeout`                          | Configure the timeout the timeout of Prometheus scrapping.                                                                                | 30s                                                                                             |
-| `metrics.proxy.image.tag`                                | The tag of the kube-proxy image to use when pulling the container                                                                         | v0.13.1                                                                                         |
+| `metrics.serviceAnnotations`                              | Set annotations for the provisioned metrics service resource                                                                              |                                                                                                 |
-| `metrics.serviceMonitorLabels`                           | Set labels to apply to ServiceMonitor resources                                                                                           |                                                                                                 |
+| `metrics.port`                                            | Set port of metrics service                                                                                                               | 8443                                                                                            |
-| `imagePullSecrets`                                       | Specifies the secret to be used when pulling the controller pod containers                                                                |                                                                                                 |
+| `metrics.proxy.enabled`                                   | Deploy kube-rbac-proxy container in controller pod                                                                                        | true                                                                                            |
-| `fullnameOverride`                                       | Override the full resource names	                                                                                                       |                                                                                                 |
+| `metrics.proxy.image.repository`                          | The "repository/image" of the kube-proxy container                                                                                        | quay.io/brancz/kube-rbac-proxy                                                                  |
-| `nameOverride`                                           | Override the resource name prefix	                                                                                                       |                                                                                                 |
+| `metrics.proxy.image.tag`                                 | The tag of the kube-proxy image to use when pulling the container                                                                         | v0.13.1                                                                                         |
-| `serviceAccount.annotations`                             | Set annotations to the service account                                                                                                    |                                                                                                 |
+| `metrics.serviceMonitorLabels`                            | Set labels to apply to ServiceMonitor resources                                                                                           |                                                                                                 |
-| `serviceAccount.create`                                  | Deploy the controller pod under a service account                                                                                         | true                                                                                            |
+| `imagePullSecrets`                                        | Specifies the secret to be used when pulling the controller pod containers                                                                |                                                                                                 |
-| `podAnnotations`                                         | Set annotations for the controller pod                                                                                                    |                                                                                                 |
+| `fullnameOverride`                                        | Override the full resource names	                                                                                                        |                                                                                                 |
-| `podLabels`                                              | Set labels for the controller pod                                                                                                         |                                                                                                 |
+| `nameOverride`                                            | Override the resource name prefix	                                                                                                        |                                                                                                 |
-| `serviceAccount.name`                                    | Set the name of the service account                                                                                                       |                                                                                                 |
+| `serviceAccount.annotations`                              | Set annotations to the service account                                                                                                    |                                                                                                 |
-| `securityContext`                                        | Set the security context for each container in the controller pod                                                                         |                                                                                                 |
+| `serviceAccount.create`                                   | Deploy the controller pod under a service account                                                                                         | true                                                                                            |
-| `podSecurityContext`                                     | Set the security context to controller pod                                                                                                |                                                                                                 |
+| `podAnnotations`                                          | Set annotations for the controller pod                                                                                                    |                                                                                                 |
-| `service.annotations`                                    | Set annotations for the provisioned webhook service resource                                                                              |                                                                                                 |
+| `podLabels`                                               | Set labels for the controller pod                                                                                                         |                                                                                                 |
-| `service.port`                                           | Set controller service ports                                                                                                              |                                                                                                 |
+| `serviceAccount.name`                                     | Set the name of the service account                                                                                                       |                                                                                                 |
-| `service.type`                                           | Set controller service type                                                                                                               |                                                                                                 |
+| `securityContext`                                         | Set the security context for each container in the controller pod                                                                         |                                                                                                 |
-| `topologySpreadConstraints`                              | Set the controller pod topologySpreadConstraints                                                                                          |                                                                                                 |
+| `podSecurityContext`                                      | Set the security context to controller pod                                                                                                |                                                                                                 |
-| `nodeSelector`                                           | Set the controller pod nodeSelector                                                                                                       |                                                                                                 |
+| `service.annotations`                                     | Set annotations for the provisioned webhook service resource                                                                              |                                                                                                 |
-| `resources`                                              | Set the controller pod resources                                                                                                          |                                                                                                 |
+| `service.port`                                            | Set controller service ports                                                                                                              |                                                                                                 |
-| `affinity`                                               | Set the controller pod affinity rules                                                                                                     |                                                                                                 |
+| `service.type`                                            | Set controller service type                                                                                                               |                                                                                                 |
-| `podDisruptionBudget.enabled`                            | Enables a PDB to ensure HA of controller pods                                                                                             |      false                                                                                      |
+| `topologySpreadConstraints`                               | Set the controller pod topologySpreadConstraints                                                                                          |                                                                                                 |
-| `podDisruptionBudget.minAvailable`                       | Minimum number of pods that must be available after eviction                                                                              |                                                                                                 |
+| `nodeSelector`                                            | Set the controller pod nodeSelector                                                                                                       |                                                                                                 |
-| `podDisruptionBudget.maxUnavailable`                     | Maximum number of pods that can be unavailable after eviction. Kubernetes 1.7+ required.                                                  |                                                                                                 |
+| `resources`                                               | Set the controller pod resources                                                                                                          |                                                                                                 |
-| `tolerations`                                            | Set the controller pod tolerations                                                                                                        |                                                                                                 |
+| `affinity`                                                | Set the controller pod affinity rules                                                                                                     |                                                                                                 |
-| `env`                                                    | Set environment variables for the controller container                                                                                    |                                                                                                 |
+| `podDisruptionBudget.enabled`                             | Enables a PDB to ensure HA of controller pods                                                                                             | false                                                                                      |
-| `priorityClassName`                                      | Set the controller pod priorityClassName                                                                                                  |                                                                                                 |
+| `podDisruptionBudget.minAvailable`                        | Minimum number of pods that must be available after eviction                                                                              |                                                                                                 |
-| `scope.watchNamespace`                                   | Tells the controller and the github webhook server which namespace to watch if `scope.singleNamespace` is true                            | `Release.Namespace` (the default namespace of the helm chart).                                  |
+| `podDisruptionBudget.maxUnavailable`                      | Maximum number of pods that can be unavailable after eviction. Kubernetes 1.7+ required.                                                  |                                                                                                 |
-| `scope.singleNamespace`                                  | Limit the controller to watch a single namespace                                                                                          | false                                                                                           |
+| `tolerations`                                             | Set the controller pod tolerations                                                                                                        |                                                                                                 |
-| `certManagerEnabled`                                     | Enable cert-manager. If disabled you must set admissionWebHooks.caBundle and create TLS secrets manually                                  | true                                                                                            |
+| `env`                                                     | Set environment variables for the controller container                                                                                    |                                                                                                 |
-| `runner.statusUpdateHook.enabled`                        | Use custom RBAC for runners (role, role binding and service account), this will enable reporting runner statuses                          | false                                                                                           |
+| `priorityClassName`                                       | Set the controller pod priorityClassName                                                                                                  |                                                                                                 |
-| `admissionWebHooks.caBundle`                             | Base64-encoded PEM bundle containing the CA that signed the webhook's serving certificate                                                 |                                                                                                 |
+| `scope.watchNamespace`                                    | Tells the controller and the github webhook server which namespace to watch if `scope.singleNamespace` is true                            | `Release.Namespace` (the default namespace of the helm chart).                                  |
-| `githubWebhookServer.logLevel`                           | Set the log level of the githubWebhookServer container                                                                                    |                                                                                                 |
+| `scope.singleNamespace`                                   | Limit the controller to watch a single namespace                                                                                          | false                                                                                           |
-| `githubWebhookServer.logFormat`                          | Set the log format of the githubWebhookServer controller. Valid options are "text" and "json"                                             | text                                                                                            |
+| `certManagerEnabled`                                      | Enable cert-manager. If disabled you must set admissionWebHooks.caBundle and create TLS secrets manually                                  | true                                                                                            |
-| `githubWebhookServer.replicaCount`                       | Set the number of webhook server pods                                                                                                     | 1                                                                                               |
+| `runner.statusUpdateHook.enabled`                         | Use custom RBAC for runners (role, role binding and service account), this will enable reporting runner statuses                          | false                                                                                           |
-| `githubWebhookServer.useRunnerGroupsVisibility`          | Enable supporting runner groups with custom visibility, you also need to set `githubWebhookServer.secret.enabled` to enable this feature. | false                                                                                           |
+| `admissionWebHooks.caBundle`                              | Base64-encoded PEM bundle containing the CA that signed the webhook's serving certificate                                                 |                                                                                                 |
-| `githubWebhookServer.enabled`                            | Deploy the webhook server pod                                                                                                             | false                                                                                           |
+| `githubWebhookServer.logLevel`                            | Set the log level of the githubWebhookServer container                                                                                    |                                                                                                 |
-| `githubWebhookServer.queueLimit`                         | Set the queue size limit in the githubWebhookServer                                                                                       |                                                                                                 |
+| `githubWebhookServer.logFormat`                           | Set the log format of the githubWebhookServer controller. Valid options are "text" and "json"                                             | text                                                                                            |
-| `githubWebhookServer.secret.enabled`                     | Passes the webhook hook secret to the github-webhook-server                                                                               | false                                                                                           |
+| `githubWebhookServer.replicaCount`                        | Set the number of webhook server pods                                                                                                     | 1                                                                                               |
-| `githubWebhookServer.secret.create`                      | Deploy the webhook hook secret                                                                                                            | false                                                                                           |
+| `githubWebhookServer.useRunnerGroupsVisibility`           | Enable supporting runner groups with custom visibility, you also need to set `githubWebhookServer.secret.enabled` to enable this feature. | false                                                                                           |
-| `githubWebhookServer.secret.name`                        | Set the name of the webhook hook secret                                                                                                   | github-webhook-server                                                                           |
+| `githubWebhookServer.enabled`                             | Deploy the webhook server pod                                                                                                             | false                                                                                           |
-| `githubWebhookServer.secret.github_webhook_secret_token` | Set the webhook secret token value                                                                                                        |                                                                                                 |
+| `githubWebhookServer.queueLimit`                          | Set the queue size limit in the githubWebhookServer                                                                                       |                                                                                                 |
-| `githubWebhookServer.imagePullSecrets`                   | Specifies the secret to be used when pulling the githubWebhookServer pod containers                                                       |                                                                                                 |
+| `githubWebhookServer.secret.enabled`                      | Passes the webhook hook secret to the github-webhook-server                                                                               | false                                                                                           |
-| `githubWebhookServer.nameOverride`                       | Override the resource name prefix	                                                                                                       |                                                                                                 |
+| `githubWebhookServer.secret.create`                       | Deploy the webhook hook secret                                                                                                            | false                                                                                           |
-| `githubWebhookServer.fullnameOverride`                   | Override the full resource names	                                                                                                       |                                                                                                 |
+| `githubWebhookServer.secret.name`                         | Set the name of the webhook hook secret                                                                                                   | github-webhook-server                                                                           |
-| `githubWebhookServer.serviceAccount.create`              | Deploy the githubWebhookServer under a service account                                                                                    | true                                                                                            |
+| `githubWebhookServer.secret.github_webhook_secret_token`  | Set the webhook secret token value                                                                                                        |                                                                                                 |
-| `githubWebhookServer.serviceAccount.annotations`         | Set annotations for the service account                                                                                                   |                                                                                                 |
+| `githubWebhookServer.imagePullSecrets`                    | Specifies the secret to be used when pulling the githubWebhookServer pod containers                                                       |                                                                                                 |
-| `githubWebhookServer.serviceAccount.name`                | Set the service account name                                                                                                              |                                                                                                 |
+| `githubWebhookServer.nameOverride`                        | Override the resource name prefix	                                                                                                        |                                                                                                 |
-| `githubWebhookServer.podAnnotations`                     | Set annotations for the githubWebhookServer pod                                                                                           |                                                                                                 |
+| `githubWebhookServer.fullnameOverride`                    | Override the full resource names	                                                                                                        |                                                                                                 |
-| `githubWebhookServer.podLabels`                          | Set labels for the githubWebhookServer pod                                                                                                |                                                                                                 |
+| `githubWebhookServer.serviceAccount.create`               | Deploy the githubWebhookServer under a service account                                                                                    | true                                                                                            |
-| `githubWebhookServer.podSecurityContext`                 | Set the security context to githubWebhookServer pod                                                                                       |                                                                                                 |
+| `githubWebhookServer.serviceAccount.annotations`          | Set annotations for the service account                                                                                                   |                                                                                                 |
-| `githubWebhookServer.securityContext`                    | Set the security context for each container in the githubWebhookServer pod                                                                |                                                                                                 |
+| `githubWebhookServer.serviceAccount.name`                 | Set the service account name                                                                                                              |                                                                                                 |
-| `githubWebhookServer.resources`                          | Set the githubWebhookServer pod resources                                                                                                 |                                                                                                 |
+| `githubWebhookServer.podAnnotations`                      | Set annotations for the githubWebhookServer pod                                                                                           |                                                                                                 |
-| `githubWebhookServer.topologySpreadConstraints`          | Set the githubWebhookServer pod topologySpreadConstraints                                                                                 |                                                                                                 |
+| `githubWebhookServer.podLabels`                           | Set labels for the githubWebhookServer pod                                                                                                |                                                                                                 |
-| `githubWebhookServer.nodeSelector`                       | Set the githubWebhookServer pod nodeSelector                                                                                              |                                                                                                 |
+| `githubWebhookServer.podSecurityContext`                  | Set the security context to githubWebhookServer pod                                                                                       |                                                                                                 |
-| `githubWebhookServer.tolerations`                        | Set the githubWebhookServer pod tolerations                                                                                               |                                                                                                 |
+| `githubWebhookServer.securityContext`                     | Set the security context for each container in the githubWebhookServer pod                                                                |                                                                                                 |
-| `githubWebhookServer.affinity`                           | Set the githubWebhookServer pod affinity rules                                                                                            |                                                                                                 |
+| `githubWebhookServer.resources`                           | Set the githubWebhookServer pod resources                                                                                                 |                                                                                                 |
-| `githubWebhookServer.priorityClassName`                  | Set the githubWebhookServer pod priorityClassName                                                                                         |                                                                                                 |
+| `githubWebhookServer.topologySpreadConstraints`           | Set the githubWebhookServer pod topologySpreadConstraints                                                                                 |                                                                                                 |
-| `githubWebhookServer.terminationGracePeriodSeconds`      | Set the githubWebhookServer pod terminationGracePeriodSeconds. Useful when using preStop hooks to drain/sleep.                            | `10`                                                                                            |
+| `githubWebhookServer.nodeSelector`                        | Set the githubWebhookServer pod nodeSelector                                                                                              |                                                                                                 |
-| `githubWebhookServer.lifecycle`                          | Set the githubWebhookServer pod lifecycle hooks                                                                                           | `{}`                                                                                            |
+| `githubWebhookServer.tolerations`                         | Set the githubWebhookServer pod tolerations                                                                                               |                                                                                                 |
-| `githubWebhookServer.service.type`                       | Set githubWebhookServer service type                                                                                                      |                                                                                                 |
+| `githubWebhookServer.affinity`                            | Set the githubWebhookServer pod affinity rules                                                                                            |                                                                                                 |
-| `githubWebhookServer.service.ports`                      | Set githubWebhookServer service ports                                                                                                     | `[{"port":80, "targetPort:"http", "protocol":"TCP", "name":"http"}]`                            |
+| `githubWebhookServer.priorityClassName`                   | Set the githubWebhookServer pod priorityClassName                                                                                         |                                                                                                 |
-| `githubWebhookServer.service.loadBalancerSourceRanges`   | Set githubWebhookServer loadBalancerSourceRanges for restricting loadBalancer type services                                               | `[]`                                                                                            |
+| `githubWebhookServer.terminationGracePeriodSeconds`       | Set the githubWebhookServer pod terminationGracePeriodSeconds. Useful when using preStop hooks to drain/sleep.                            | `10`                                                                                            |
-| `githubWebhookServer.ingress.enabled`                    | Deploy an ingress kind for the githubWebhookServer                                                                                        | false                                                                                           |
+| `githubWebhookServer.lifecycle`                           | Set the githubWebhookServer pod lifecycle hooks                                                                                           | `{}`                                                                                            |
-| `githubWebhookServer.ingress.annotations`                | Set annotations for the ingress kind                                                                                                      |                                                                                                 |
+| `githubWebhookServer.service.type`                        | Set githubWebhookServer service type                                                                                                      |                                                                                                 |
-| `githubWebhookServer.ingress.hosts`                      | Set hosts configuration for ingress                                                                                                       | `[{"host": "chart-example.local", "paths": []}]`                                                |
+| `githubWebhookServer.service.ports`                       | Set githubWebhookServer service ports                                                                                                     | `[{"port":80, "targetPort:"http", "protocol":"TCP", "name":"http"}]`                            |
-| `githubWebhookServer.ingress.tls`                        | Set tls configuration for ingress                                                                                                         |                                                                                                 |
+| `githubWebhookServer.service.loadBalancerSourceRanges`    | Set githubWebhookServer loadBalancerSourceRanges for restricting loadBalancer type services                                               | `[]`                                                                                            |
-| `githubWebhookServer.ingress.ingressClassName`           | Set ingress class name                                                                                                                    |                                                                                                 |
+| `githubWebhookServer.ingress.enabled`                     | Deploy an ingress kind for the githubWebhookServer                                                                                        | false                                                                                           |
-| `githubWebhookServer.podDisruptionBudget.enabled`        | Enables a PDB to ensure HA of githubwebhook pods                                                                                          | false                                                                                           |
+| `githubWebhookServer.ingress.annotations`                 | Set annotations for the ingress kind                                                                                                      |                                                                                                 |
-| `githubWebhookServer.podDisruptionBudget.minAvailable`   | Minimum number of pods that must be available after eviction                                                                              |                                                                                                 |
+| `githubWebhookServer.ingress.hosts`                       | Set hosts configuration for ingress                                                                                                       | `[{"host": "chart-example.local", "paths": []}]`                                                |
-| `githubWebhookServer.podDisruptionBudget.maxUnavailable` | Maximum number of pods that can be unavailable after eviction. Kubernetes 1.7+ required.                                                  |                                                                                                 |
+| `githubWebhookServer.ingress.tls`                         | Set tls configuration for ingress                                                                                                         |                                                                                                 |
-| `actionsMetricsServer.logLevel`                           | Set the log level of the actionsMetricsServer container                                                                                    |                                                                                                 |
+| `githubWebhookServer.ingress.ingressClassName`            | Set ingress class name                                                                                                                    |                                                                                                 |
-| `actionsMetricsServer.logFormat`                          | Set the log format of the actionsMetricsServer controller. Valid options are "text" and "json"                                             | text                                                                                            |
+| `githubWebhookServer.podDisruptionBudget.enabled`         | Enables a PDB to ensure HA of githubwebhook pods                                                                                          | false                                                                                           |
-| `actionsMetricsServer.enabled`                            | Deploy the actions metrics server pod                                                                                                             | false                                                                                           |
+| `githubWebhookServer.podDisruptionBudget.minAvailable`    | Minimum number of pods that must be available after eviction                                                                              |                                                                                                 |
 | `githubWebhookServer.podDisruptionBudget.maxUnavailable`  | Maximum number of pods that can be unavailable after eviction. Kubernetes 1.7+ required.                                                  |                                                                                                 |
 | `actionsMetricsServer.logLevel`                           | Set the log level of the actionsMetricsServer container                                                                                   |                                                                                                 |
 | `actionsMetricsServer.logFormat`                          | Set the log format of the actionsMetricsServer controller. Valid options are "text" and "json"                                            | text                                                                                            |
 | `actionsMetricsServer.enabled`                            | Deploy the actions metrics server pod                                                                                                     | false                                                                                           |
 | `actionsMetricsServer.secret.enabled`                     | Passes the webhook hook secret to the actions-metrics-server                                                                              | false                                                                                           |
 | `actionsMetricsServer.secret.create`                      | Deploy the webhook hook secret                                                                                                            | false                                                                                           |
-| `actionsMetricsServer.secret.name`                        | Set the name of the webhook hook secret                                                                                                   | actions-metrics-server                                                                           |
+| `actionsMetricsServer.secret.name`                        | Set the name of the webhook hook secret                                                                                                   | actions-metrics-server                                                                          |
 | `actionsMetricsServer.secret.github_webhook_secret_token` | Set the webhook secret token value                                                                                                        |                                                                                                 |
-| `actionsMetricsServer.imagePullSecrets`                   | Specifies the secret to be used when pulling the actionsMetricsServer pod containers                                                       |                                                                                                 |
+| `actionsMetricsServer.imagePullSecrets`                   | Specifies the secret to be used when pulling the actionsMetricsServer pod containers                                                      |                                                                                                 |
-| `actionsMetricsServer.nameOverride`                       | Override the resource name prefix	                                                                                                       |                                                                                                 |
+| `actionsMetricsServer.nameOverride`                       | Override the resource name prefix	                                                                                                        |                                                                                                 |
-| `actionsMetricsServer.fullnameOverride`                   | Override the full resource names	                                                                                                       |                                                                                                 |
+| `actionsMetricsServer.fullnameOverride`                   | Override the full resource names	                                                                                                        |                                                                                                 |
-| `actionsMetricsServer.serviceAccount.create`              | Deploy the actionsMetricsServer under a service account                                                                                    | true                                                                                            |
+| `actionsMetricsServer.serviceAccount.create`              | Deploy the actionsMetricsServer under a service account                                                                                   | true                                                                                            |
 | `actionsMetricsServer.serviceAccount.annotations`         | Set annotations for the service account                                                                                                   |                                                                                                 |
 | `actionsMetricsServer.serviceAccount.name`                | Set the service account name                                                                                                              |                                                                                                 |
-| `actionsMetricsServer.podAnnotations`                     | Set annotations for the actionsMetricsServer pod                                                                                           |                                                                                                 |
+| `actionsMetricsServer.podAnnotations`                     | Set annotations for the actionsMetricsServer pod                                                                                          |                                                                                                 |
-| `actionsMetricsServer.podLabels`                          | Set labels for the actionsMetricsServer pod                                                                                                |                                                                                                 |
+| `actionsMetricsServer.podLabels`                          | Set labels for the actionsMetricsServer pod                                                                                               |                                                                                                 |
-| `actionsMetricsServer.podSecurityContext`                 | Set the security context to actionsMetricsServer pod                                                                                       |                                                                                                 |
+| `actionsMetricsServer.podSecurityContext`                 | Set the security context to actionsMetricsServer pod                                                                                      |                                                                                                 |
-| `actionsMetricsServer.securityContext`                    | Set the security context for each container in the actionsMetricsServer pod                                                                |                                                                                                 |
+| `actionsMetricsServer.securityContext`                    | Set the security context for each container in the actionsMetricsServer pod                                                               |                                                                                                 |
-| `actionsMetricsServer.resources`                          | Set the actionsMetricsServer pod resources                                                                                                 |                                                                                                 |
+| `actionsMetricsServer.resources`                          | Set the actionsMetricsServer pod resources                                                                                                |                                                                                                 |
-| `actionsMetricsServer.topologySpreadConstraints`          | Set the actionsMetricsServer pod topologySpreadConstraints                                                                                 |                                                                                                 |
+| `actionsMetricsServer.topologySpreadConstraints`          | Set the actionsMetricsServer pod topologySpreadConstraints                                                                                |                                                                                                 |
-| `actionsMetricsServer.nodeSelector`                       | Set the actionsMetricsServer pod nodeSelector                                                                                              |                                                                                                 |
+| `actionsMetricsServer.nodeSelector`                       | Set the actionsMetricsServer pod nodeSelector                                                                                             |                                                                                                 |
-| `actionsMetricsServer.tolerations`                        | Set the actionsMetricsServer pod tolerations                                                                                               |                                                                                                 |
+| `actionsMetricsServer.tolerations`                        | Set the actionsMetricsServer pod tolerations                                                                                              |                                                                                                 |
-| `actionsMetricsServer.affinity`                           | Set the actionsMetricsServer pod affinity rules                                                                                            |                                                                                                 |
+| `actionsMetricsServer.affinity`                           | Set the actionsMetricsServer pod affinity rules                                                                                           |                                                                                                 |
-| `actionsMetricsServer.priorityClassName`                  | Set the actionsMetricsServer pod priorityClassName                                                                                         |                                                                                                 |
+| `actionsMetricsServer.priorityClassName`                  | Set the actionsMetricsServer pod priorityClassName                                                                                        |                                                                                                 |
 | `actionsMetricsServer.terminationGracePeriodSeconds`      | Set the actionsMetricsServer pod terminationGracePeriodSeconds. Useful when using preStop hooks to drain/sleep.                           | `10`                                                                                            |
 | `actionsMetricsServer.lifecycle`                          | Set the actionsMetricsServer pod lifecycle hooks                                                                                          | `{}`                                                                                            |
-| `actionsMetricsServer.service.type`                       | Set actionsMetricsServer service type                                                                                                      |                                                                                                 |
+| `actionsMetricsServer.service.type`                       | Set actionsMetricsServer service type                                                                                                     |                                                                                                 |
-| `actionsMetricsServer.service.ports`                      | Set actionsMetricsServer service ports                                                                                                     | `[{"port":80, "targetPort:"http", "protocol":"TCP", "name":"http"}]`                            |
+| `actionsMetricsServer.service.ports`                      | Set actionsMetricsServer service ports                                                                                                    | `[{"port":80, "targetPort:"http", "protocol":"TCP", "name":"http"}]`                            |
 | `actionsMetricsServer.service.loadBalancerSourceRanges`   | Set actionsMetricsServer loadBalancerSourceRanges for restricting loadBalancer type services                                              | `[]`                                                                                            |
-| `actionsMetricsServer.ingress.enabled`                    | Deploy an ingress kind for the actionsMetricsServer                                                                                        | false                                                                                           |
+| `actionsMetricsServer.ingress.enabled`                    | Deploy an ingress kind for the actionsMetricsServer                                                                                       | false                                                                                           |
 | `actionsMetricsServer.ingress.annotations`                | Set annotations for the ingress kind                                                                                                      |                                                                                                 |
 | `actionsMetricsServer.ingress.hosts`                      | Set hosts configuration for ingress                                                                                                       | `[{"host": "chart-example.local", "paths": []}]`                                                |
 | `actionsMetricsServer.ingress.tls`                        | Set tls configuration for ingress                                                                                                         |                                                                                                 |
 | `actionsMetricsServer.ingress.ingressClassName`           | Set ingress class name                                                                                                                    |                                                                                                 |
-| `actionsMetrics.serviceMonitor`                           | Deploy serviceMonitor kind for for use with prometheus-operator CRDs                                                                      | false                                                                                           |
+| `actionsMetrics.serviceMonitor.enable`                    | Deploy serviceMonitor kind for for use with prometheus-operator CRDs                                                                      | false                                                                                           |
-| `actionsMetrics.serviceAnnotations`                       | Set annotations for the provisioned actions metrics service resource                                                                              |                                                                                                 |
+| `actionsMetrics.serviceMonitor.interval`                  | Configure the interval that Prometheus should scrap the controller's metrics                                                              | 1m                                                                                              |
-| `actionsMetrics.port`                                     | Set port of actions metrics service                                                                                                               | 8443                                                                                            |
+| `actionsMetrics.serviceMonitor.namespace`                 | Namespace which Prometheus is running in.                                                                                                 | `Release.Namespace` (the default namespace of the helm chart).                                  |
 | `actionsMetrics.serviceMonitor.timeout`                   | Configure the timeout the timeout of Prometheus scrapping.                                                                                | 30s                                                                                             |
 | `actionsMetrics.serviceAnnotations`                       | Set annotations for the provisioned actions metrics service resource                                                                      |                                                                                                 |
 | `actionsMetrics.port`                                     | Set port of actions metrics service                                                                                                       | 8443                                                                                            |
 | `actionsMetrics.proxy.enabled`                            | Deploy kube-rbac-proxy container in controller pod                                                                                        | true                                                                                            |
 | `actionsMetrics.proxy.image.repository`                   | The "repository/image" of the kube-proxy container                                                                                        | quay.io/brancz/kube-rbac-proxy                                                                  |
 | `actionsMetrics.proxy.image.tag`                          | The tag of the kube-proxy image to use when pulling the container                                                                         | v0.13.1                                                                                         |
--- a/charts/actions-runner-controller/crds/actions.summerwind.dev_horizontalrunnerautoscalers.yaml
+++ b/charts/actions-runner-controller/crds/actions.summerwind.dev_horizontalrunnerautoscalers.yaml
@@ -1,9 +1,9 @@
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
+    controller-gen.kubebuilder.io/version: v0.13.0
  creationTimestamp: null
  name: horizontalrunnerautoscalers.actions.summerwind.dev
 spec:
  group: actions.summerwind.dev
@@ -113,7 +113,7 @@ spec:
                  description: ScaleDownDelaySecondsAfterScaleUp is the approximate delay for a scale down followed by a scale up Used to prevent flapping (down->up->down->... loop)
                  type: integer
                scaleTargetRef:
-                  description: ScaleTargetRef sis the reference to scaled resource like RunnerDeployment
+                  description: ScaleTargetRef is the reference to scaled resource like RunnerDeployment
                  properties:
                    kind:
                      description: Kind is the type of resource being referenced
@@ -251,9 +251,3 @@ spec:
      subresources:
        status: {}
  preserveUnknownFields: false
 status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []
--- a/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml
+++ b/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml
--- a/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerreplicasets.yaml
+++ b/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerreplicasets.yaml
--- a/charts/actions-runner-controller/crds/actions.summerwind.dev_runners.yaml
+++ b/charts/actions-runner-controller/crds/actions.summerwind.dev_runners.yaml
--- a/charts/actions-runner-controller/crds/actions.summerwind.dev_runnersets.yaml
+++ b/charts/actions-runner-controller/crds/actions.summerwind.dev_runnersets.yaml
@@ -1,9 +1,9 @@
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
+    controller-gen.kubebuilder.io/version: v0.13.0
  creationTimestamp: null
  name: runnersets.actions.summerwind.dev
 spec:
  group: actions.summerwind.dev
@@ -55,6 +55,12 @@ spec:
                  type: integer
                dockerRegistryMirror:
                  type: string
                dockerVarRunVolumeSizeLimit:
                  anyOf:
                    - type: integer
                    - type: string
                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                  x-kubernetes-int-or-string: true
                dockerdWithinRunnerContainer:
                  type: boolean
                effectiveTime:
@@ -90,10 +96,10 @@ spec:
                  format: int32
                  type: integer
                ordinals:
-                  description: ordinals controls the numbering of replica indices in a StatefulSet. The default ordinals behavior assigns a "0" index to the first replica and increments the index by one for each additional replica requested. Using the ordinals field requires the StatefulSetStartOrdinal feature gate to be enabled, which is alpha.
+                  description: ordinals controls the numbering of replica indices in a StatefulSet. The default ordinals behavior assigns a "0" index to the first replica and increments the index by one for each additional replica requested. Using the ordinals field requires the StatefulSetStartOrdinal feature gate to be enabled, which is beta.
                  properties:
                    start:
-                      description: 'start is the number representing the first replica''s index. It may be used to number replicas from an alternate index (eg: 1-indexed) over the default 0-indexed names, or to orchestrate progressive movement of replicas from one StatefulSet to another. If set, replica indices will be in the range:   [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas). If unset, defaults to 0. Replica indices will be in the range:   [0, .spec.replicas).'
+                      description: 'start is the number representing the first replica''s index. It may be used to number replicas from an alternate index (eg: 1-indexed) over the default 0-indexed names, or to orchestrate progressive movement of replicas from one StatefulSet to another. If set, replica indices will be in the range: [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas). If unset, defaults to 0. Replica indices will be in the range: [0, .spec.replicas).'
                      format: int32
                      type: integer
                  type: object
@@ -154,13 +160,14 @@ spec:
                      description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                      type: object
                  type: object
                  x-kubernetes-map-type: atomic
                serviceAccountName:
                  type: string
                serviceName:
                  description: 'serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller.'
                  type: string
                template:
-                  description: template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet. Each pod will be named with the format <statefulsetname>-<podindex>. For example, a pod in a StatefulSet named "web" with index number "3" would be named "web-3".
+                  description: template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet. Each pod will be named with the format <statefulsetname>-<podindex>. For example, a pod in a StatefulSet named "web" with index number "3" would be named "web-3". The only allowed template.spec.restartPolicy value is "Always".
                  properties:
                    metadata:
                      description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
@@ -246,6 +253,7 @@ spec:
                                              type: object
                                            type: array
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      weight:
                                        description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
                                        format: int32
@@ -306,10 +314,12 @@ spec:
                                              type: object
                                            type: array
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      type: array
                                  required:
                                    - nodeSelectorTerms
                                  type: object
                                  x-kubernetes-map-type: atomic
                              type: object
                            podAffinity:
                              description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
@@ -352,6 +362,7 @@ spec:
                                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                                type: object
                                            type: object
                                            x-kubernetes-map-type: atomic
                                          namespaceSelector:
                                            description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
                                            properties:
@@ -382,6 +393,7 @@ spec:
                                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                                type: object
                                            type: object
                                            x-kubernetes-map-type: atomic
                                          namespaces:
                                            description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
                                            items:
@@ -437,6 +449,7 @@ spec:
                                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                            type: object
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      namespaceSelector:
                                        description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
                                        properties:
@@ -467,6 +480,7 @@ spec:
                                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                            type: object
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      namespaces:
                                        description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
                                        items:
@@ -521,6 +535,7 @@ spec:
                                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                                type: object
                                            type: object
                                            x-kubernetes-map-type: atomic
                                          namespaceSelector:
                                            description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
                                            properties:
@@ -551,6 +566,7 @@ spec:
                                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                                type: object
                                            type: object
                                            x-kubernetes-map-type: atomic
                                          namespaces:
                                            description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
                                            items:
@@ -606,6 +622,7 @@ spec:
                                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                            type: object
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      namespaceSelector:
                                        description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
                                        properties:
@@ -636,6 +653,7 @@ spec:
                                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                            type: object
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      namespaces:
                                        description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
                                        items:
@@ -697,6 +715,7 @@ spec:
                                          required:
                                            - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        fieldRef:
                                          description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.'
                                          properties:
@@ -709,6 +728,7 @@ spec:
                                          required:
                                            - fieldPath
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        resourceFieldRef:
                                          description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.'
                                          properties:
@@ -728,6 +748,7 @@ spec:
                                          required:
                                            - resource
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        secretKeyRef:
                                          description: Selects a key of a secret in the pod's namespace
                                          properties:
@@ -743,6 +764,7 @@ spec:
                                          required:
                                            - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                      type: object
                                  required:
                                    - name
@@ -763,6 +785,7 @@ spec:
                                          description: Specify whether the ConfigMap must be defined
                                          type: boolean
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    prefix:
                                      description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
                                      type: string
@@ -776,6 +799,7 @@ spec:
                                          description: Specify whether the Secret must be defined
                                          type: boolean
                                      type: object
                                      x-kubernetes-map-type: atomic
                                  type: object
                                type: array
                              image:
@@ -811,7 +835,7 @@ spec:
                                              description: HTTPHeader describes a custom header to be used in HTTP probes
                                              properties:
                                                name:
-                                                  description: The header field name
+                                                  description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                                  type: string
                                                value:
                                                  description: The header field value
@@ -876,7 +900,7 @@ spec:
                                              description: HTTPHeader describes a custom header to be used in HTTP probes
                                              properties:
                                                name:
-                                                  description: The header field name
+                                                  description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                                  type: string
                                                value:
                                                  description: The header field value
@@ -935,7 +959,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -959,7 +983,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -1071,7 +1095,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -1095,7 +1119,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -1156,11 +1180,28 @@ spec:
                                    format: int32
                                    type: integer
                                type: object
                              resizePolicy:
                                description: Resources resize policy for the container.
                                items:
                                  description: ContainerResizePolicy represents resource resize policy for the container.
                                  properties:
                                    resourceName:
                                      description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
                                      type: string
                                    restartPolicy:
                                      description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
                                      type: string
                                  required:
                                    - resourceName
                                    - restartPolicy
                                  type: object
                                type: array
                                x-kubernetes-list-type: atomic
                              resources:
                                description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                properties:
                                  claims:
-                                    description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
+                                    description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
                                    items:
                                      description: ResourceClaim references one entry in PodSpec.ResourceClaims.
                                      properties:
@@ -1187,9 +1228,12 @@ spec:
                                        - type: string
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      x-kubernetes-int-or-string: true
-                                    description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                    description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                    type: object
                                type: object
                              restartPolicy:
                                description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
                                type: string
                              securityContext:
                                description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                properties:
@@ -1252,7 +1296,7 @@ spec:
                                    description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
                                    properties:
                                      localhostProfile:
-                                        description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+                                        description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
                                        type: string
                                      type:
                                        description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
@@ -1270,7 +1314,7 @@ spec:
                                        description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
                                        type: string
                                      hostProcess:
-                                        description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                        description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
                                        type: boolean
                                      runAsUserName:
                                        description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
@@ -1294,7 +1338,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -1318,7 +1362,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -1521,6 +1565,7 @@ spec:
                                          required:
                                            - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        fieldRef:
                                          description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.'
                                          properties:
@@ -1533,6 +1578,7 @@ spec:
                                          required:
                                            - fieldPath
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        resourceFieldRef:
                                          description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.'
                                          properties:
@@ -1552,6 +1598,7 @@ spec:
                                          required:
                                            - resource
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        secretKeyRef:
                                          description: Selects a key of a secret in the pod's namespace
                                          properties:
@@ -1567,6 +1614,7 @@ spec:
                                          required:
                                            - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                      type: object
                                  required:
                                    - name
@@ -1587,6 +1635,7 @@ spec:
                                          description: Specify whether the ConfigMap must be defined
                                          type: boolean
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    prefix:
                                      description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
                                      type: string
@@ -1600,6 +1649,7 @@ spec:
                                          description: Specify whether the Secret must be defined
                                          type: boolean
                                      type: object
                                      x-kubernetes-map-type: atomic
                                  type: object
                                type: array
                              image:
@@ -1635,7 +1685,7 @@ spec:
                                              description: HTTPHeader describes a custom header to be used in HTTP probes
                                              properties:
                                                name:
-                                                  description: The header field name
+                                                  description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                                  type: string
                                                value:
                                                  description: The header field value
@@ -1700,7 +1750,7 @@ spec:
                                              description: HTTPHeader describes a custom header to be used in HTTP probes
                                              properties:
                                                name:
-                                                  description: The header field name
+                                                  description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                                  type: string
                                                value:
                                                  description: The header field value
@@ -1759,7 +1809,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -1783,7 +1833,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -1895,7 +1945,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -1919,7 +1969,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -1980,11 +2030,28 @@ spec:
                                    format: int32
                                    type: integer
                                type: object
                              resizePolicy:
                                description: Resources resize policy for the container.
                                items:
                                  description: ContainerResizePolicy represents resource resize policy for the container.
                                  properties:
                                    resourceName:
                                      description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
                                      type: string
                                    restartPolicy:
                                      description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
                                      type: string
                                  required:
                                    - resourceName
                                    - restartPolicy
                                  type: object
                                type: array
                                x-kubernetes-list-type: atomic
                              resources:
                                description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
                                properties:
                                  claims:
-                                    description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
+                                    description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
                                    items:
                                      description: ResourceClaim references one entry in PodSpec.ResourceClaims.
                                      properties:
@@ -2011,9 +2078,12 @@ spec:
                                        - type: string
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      x-kubernetes-int-or-string: true
-                                    description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                    description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                    type: object
                                type: object
                              restartPolicy:
                                description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
                                type: string
                              securityContext:
                                description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
                                properties:
@@ -2076,7 +2146,7 @@ spec:
                                    description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
                                    properties:
                                      localhostProfile:
-                                        description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+                                        description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
                                        type: string
                                      type:
                                        description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
@@ -2094,7 +2164,7 @@ spec:
                                        description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
                                        type: string
                                      hostProcess:
-                                        description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                        description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
                                        type: boolean
                                      runAsUserName:
                                        description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
@@ -2118,7 +2188,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -2142,7 +2212,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -2311,6 +2381,7 @@ spec:
                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                type: string
                            type: object
                            x-kubernetes-map-type: atomic
                          type: array
                        initContainers:
                          description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
@@ -2356,6 +2427,7 @@ spec:
                                          required:
                                            - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        fieldRef:
                                          description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.'
                                          properties:
@@ -2368,6 +2440,7 @@ spec:
                                          required:
                                            - fieldPath
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        resourceFieldRef:
                                          description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.'
                                          properties:
@@ -2387,6 +2460,7 @@ spec:
                                          required:
                                            - resource
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        secretKeyRef:
                                          description: Selects a key of a secret in the pod's namespace
                                          properties:
@@ -2402,6 +2476,7 @@ spec:
                                          required:
                                            - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                      type: object
                                  required:
                                    - name
@@ -2422,6 +2497,7 @@ spec:
                                          description: Specify whether the ConfigMap must be defined
                                          type: boolean
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    prefix:
                                      description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
                                      type: string
@@ -2435,6 +2511,7 @@ spec:
                                          description: Specify whether the Secret must be defined
                                          type: boolean
                                      type: object
                                      x-kubernetes-map-type: atomic
                                  type: object
                                type: array
                              image:
@@ -2470,7 +2547,7 @@ spec:
                                              description: HTTPHeader describes a custom header to be used in HTTP probes
                                              properties:
                                                name:
-                                                  description: The header field name
+                                                  description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                                  type: string
                                                value:
                                                  description: The header field value
@@ -2535,7 +2612,7 @@ spec:
                                              description: HTTPHeader describes a custom header to be used in HTTP probes
                                              properties:
                                                name:
-                                                  description: The header field name
+                                                  description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                                  type: string
                                                value:
                                                  description: The header field value
@@ -2594,7 +2671,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -2618,7 +2695,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -2730,7 +2807,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -2754,7 +2831,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -2815,11 +2892,28 @@ spec:
                                    format: int32
                                    type: integer
                                type: object
                              resizePolicy:
                                description: Resources resize policy for the container.
                                items:
                                  description: ContainerResizePolicy represents resource resize policy for the container.
                                  properties:
                                    resourceName:
                                      description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
                                      type: string
                                    restartPolicy:
                                      description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
                                      type: string
                                  required:
                                    - resourceName
                                    - restartPolicy
                                  type: object
                                type: array
                                x-kubernetes-list-type: atomic
                              resources:
                                description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                properties:
                                  claims:
-                                    description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
+                                    description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
                                    items:
                                      description: ResourceClaim references one entry in PodSpec.ResourceClaims.
                                      properties:
@@ -2846,9 +2940,12 @@ spec:
                                        - type: string
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      x-kubernetes-int-or-string: true
-                                    description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                    description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                    type: object
                                type: object
                              restartPolicy:
                                description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
                                type: string
                              securityContext:
                                description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                properties:
@@ -2911,7 +3008,7 @@ spec:
                                    description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
                                    properties:
                                      localhostProfile:
-                                        description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+                                        description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
                                        type: string
                                      type:
                                        description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
@@ -2929,7 +3026,7 @@ spec:
                                        description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
                                        type: string
                                      hostProcess:
-                                        description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                        description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
                                        type: boolean
                                      runAsUserName:
                                        description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
@@ -2953,7 +3050,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -2977,7 +3074,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -3168,7 +3265,7 @@ spec:
                                    description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
                                    type: string
                                  resourceClaimTemplateName:
-                                    description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). \n An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
+                                    description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
                                    type: string
                                type: object
                            required:
@@ -3179,7 +3276,7 @@ spec:
                            - name
                          x-kubernetes-list-type: map
                        restartPolicy:
-                          description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
+                          description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
                          type: string
                        runtimeClassName:
                          description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod.  If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
@@ -3188,7 +3285,7 @@ spec:
                          description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
                          type: string
                        schedulingGates:
-                          description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info:  https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. \n This is an alpha-level feature enabled by PodSchedulingReadiness feature gate."
+                          description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. \n SchedulingGates can only be set at pod creation time, and be removed only afterwards. \n This is a beta feature enabled by the PodSchedulingReadiness feature gate."
                          items:
                            description: PodSchedulingGate is associated to a Pod to guard its scheduling.
                            properties:
@@ -3243,7 +3340,7 @@ spec:
                              description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
                              properties:
                                localhostProfile:
-                                  description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+                                  description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
                                  type: string
                                type:
                                  description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
@@ -3283,7 +3380,7 @@ spec:
                                  description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
                                  type: string
                                hostProcess:
-                                  description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                  description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
                                  type: boolean
                                runAsUserName:
                                  description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
@@ -3367,8 +3464,9 @@ spec:
                                    description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                    type: object
                                type: object
                                x-kubernetes-map-type: atomic
                              matchLabelKeys:
-                                description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
+                                description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
                                items:
                                  type: string
                                type: array
@@ -3391,7 +3489,7 @@ spec:
                                description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
                                type: string
                              whenUnsatisfiable:
-                                description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location,   but giving higher precedence to topologies that would help reduce the   skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P |   P   |   P   | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.'
+                                description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P |   P   |   P   | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.'
                                type: string
                            required:
                              - maxSkew
@@ -3492,6 +3590,7 @@ spec:
                                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                        type: string
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  user:
                                    description: 'user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                    type: string
@@ -3514,6 +3613,7 @@ spec:
                                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                        type: string
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  volumeID:
                                    description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                    type: string
@@ -3554,6 +3654,7 @@ spec:
                                    description: optional specify whether the ConfigMap or its keys must be defined
                                    type: boolean
                                type: object
                                x-kubernetes-map-type: atomic
                              csi:
                                description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
                                properties:
@@ -3570,6 +3671,7 @@ spec:
                                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                        type: string
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  readOnly:
                                    description: readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
                                    type: boolean
@@ -3605,6 +3707,7 @@ spec:
                                          required:
                                            - fieldPath
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        mode:
                                          description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                          format: int32
@@ -3631,6 +3734,7 @@ spec:
                                          required:
                                            - resource
                                          type: object
                                          x-kubernetes-map-type: atomic
                                      required:
                                        - path
                                      type: object
@@ -3646,12 +3750,12 @@ spec:
                                    anyOf:
                                      - type: integer
                                      - type: string
-                                    description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+                                    description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                    x-kubernetes-int-or-string: true
                                type: object
                              ephemeral:
-                                description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity    tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through    a PersistentVolumeClaim (see EphemeralVolumeSource for more    information on the connection between this volume type    and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time."
+                                description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time."
                                properties:
                                  volumeClaimTemplate:
                                    description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod.  The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil."
@@ -3700,8 +3804,9 @@ spec:
                                              - kind
                                              - name
                                            type: object
                                            x-kubernetes-map-type: atomic
                                          dataSourceRef:
-                                            description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef   allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef   preserves all values, and generates an error if a disallowed value is   specified. * While dataSource only allows local objects, dataSourceRef allows objects   in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.'
+                                            description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.'
                                            properties:
                                              apiGroup:
                                                description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
@@ -3723,7 +3828,7 @@ spec:
                                            description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                            properties:
                                              claims:
-                                                description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
+                                                description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
                                                items:
                                                  description: ResourceClaim references one entry in PodSpec.ResourceClaims.
                                                  properties:
@@ -3750,7 +3855,7 @@ spec:
                                                    - type: string
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
-                                                description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                                description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                type: object
                                            type: object
                                          selector:
@@ -3783,6 +3888,7 @@ spec:
                                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                                type: object
                                            type: object
                                            x-kubernetes-map-type: atomic
                                          storageClassName:
                                            description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                            type: string
@@ -3845,6 +3951,7 @@ spec:
                                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                        type: string
                                    type: object
                                    x-kubernetes-map-type: atomic
                                required:
                                  - driver
                                type: object
@@ -3960,6 +4067,7 @@ spec:
                                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                        type: string
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  targetPortal:
                                    description: targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
                                    type: string
@@ -4068,6 +4176,7 @@ spec:
                                              description: optional specify whether the ConfigMap or its keys must be defined
                                              type: boolean
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        downwardAPI:
                                          description: downwardAPI information about the downwardAPI data to project
                                          properties:
@@ -4088,6 +4197,7 @@ spec:
                                                    required:
                                                      - fieldPath
                                                    type: object
                                                    x-kubernetes-map-type: atomic
                                                  mode:
                                                    description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                                    format: int32
@@ -4114,6 +4224,7 @@ spec:
                                                    required:
                                                      - resource
                                                    type: object
                                                    x-kubernetes-map-type: atomic
                                                required:
                                                  - path
                                                type: object
@@ -4149,6 +4260,7 @@ spec:
                                              description: optional field specify whether the Secret or its key must be defined
                                              type: boolean
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        serviceAccountToken:
                                          description: serviceAccountToken is information about the serviceAccountToken data to project
                                          properties:
@@ -4223,6 +4335,7 @@ spec:
                                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                        type: string
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  user:
                                    description: 'user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                    type: string
@@ -4252,6 +4365,7 @@ spec:
                                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                        type: string
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  sslEnabled:
                                    description: sslEnabled Flag enable/disable SSL communication with Gateway, default false
                                    type: boolean
@@ -4322,6 +4436,7 @@ spec:
                                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                        type: string
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  volumeName:
                                    description: volumeName is the human-readable name of the StorageOS volume.  Volume names are only unique within a namespace.
                                    type: string
@@ -4431,8 +4546,9 @@ spec:
                              - kind
                              - name
                            type: object
                            x-kubernetes-map-type: atomic
                          dataSourceRef:
-                            description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef   allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef   preserves all values, and generates an error if a disallowed value is   specified. * While dataSource only allows local objects, dataSourceRef allows objects   in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.'
+                            description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.'
                            properties:
                              apiGroup:
                                description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
@@ -4454,7 +4570,7 @@ spec:
                            description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                            properties:
                              claims:
-                                description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
+                                description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
                                items:
                                  description: ResourceClaim references one entry in PodSpec.ResourceClaims.
                                  properties:
@@ -4481,7 +4597,7 @@ spec:
                                    - type: string
                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                  x-kubernetes-int-or-string: true
-                                description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                type: object
                            type: object
                          selector:
@@ -4514,6 +4630,7 @@ spec:
                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                type: object
                            type: object
                            x-kubernetes-map-type: atomic
                          storageClassName:
                            description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                            type: string
@@ -4532,6 +4649,13 @@ spec:
                            items:
                              type: string
                            type: array
                          allocatedResourceStatuses:
                            additionalProperties:
                              description: When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource that it does not recognizes, then it should ignore that update and let other controllers handle it.
                              type: string
                            description: "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. \n ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\" When this field is not set, it means that no resize operation is in progress for the given PVC. \n A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature."
                            type: object
                            x-kubernetes-map-type: granular
                          allocatedResources:
                            additionalProperties:
                              anyOf:
@@ -4539,7 +4663,7 @@ spec:
                                - type: string
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
-                            description: allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+                            description: "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used. \n Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. \n A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC. \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature."
                            type: object
                          capacity:
                            additionalProperties:
@@ -4553,7 +4677,7 @@ spec:
                          conditions:
                            description: conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
                            items:
-                              description: PersistentVolumeClaimCondition contails details about state of pvc
+                              description: PersistentVolumeClaimCondition contains details about state of pvc
                              properties:
                                lastProbeTime:
                                  description: lastProbeTime is the time we probed the condition.
@@ -4582,9 +4706,6 @@ spec:
                          phase:
                            description: phase represents the current phase of PersistentVolumeClaim.
                            type: string
                          resizeStatus:
                            description: resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
                            type: string
                        type: object
                    type: object
                  type: array
@@ -4608,7 +4729,7 @@ spec:
                      description: ResourceRequirements describes the compute resource requirements.
                      properties:
                        claims:
-                          description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
+                          description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
                          items:
                            description: ResourceClaim references one entry in PodSpec.ResourceClaims.
                            properties:
@@ -4635,7 +4756,7 @@ spec:
                              - type: string
                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                            x-kubernetes-int-or-string: true
-                          description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                          description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                          type: object
                      type: object
                    storageClassName:
@@ -4674,9 +4795,3 @@ spec:
      subresources:
        status: {}
  preserveUnknownFields: false
 status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []
--- a/charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml
+++ b/charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml
@@ -36,8 +36,8 @@ spec:
      {{- end }}
      containers:
      - args:
-        {{- $metricsHost := .Values.metrics.proxy.enabled | ternary "127.0.0.1" "0.0.0.0" }}
+        {{- $metricsHost := .Values.actionsMetrics.proxy.enabled | ternary "127.0.0.1" "0.0.0.0" }}
-        {{- $metricsPort := .Values.metrics.proxy.enabled | ternary "8080" .Values.metrics.port }}
+        {{- $metricsPort := .Values.actionsMetrics.proxy.enabled | ternary "8080" .Values.actionsMetrics.port }}
        - "--metrics-addr={{ $metricsHost }}:{{ $metricsPort }}"
        {{- if .Values.actionsMetricsServer.logLevel }}
        - "--log-level={{ .Values.actionsMetricsServer.logLevel }}"
@@ -111,10 +111,14 @@ spec:
              name: {{ include "actions-runner-controller.secretName" . }}
              optional: true
        {{- end }}
        {{- if kindIs "slice" .Values.actionsMetricsServer.env }}
        {{- toYaml .Values.actionsMetricsServer.env | nindent 8 }}
        {{- else }}
        {{- range $key, $val := .Values.actionsMetricsServer.env }}
        - name: {{ $key }}
          value: {{ $val | quote }}
        {{- end }}
        {{- end }}
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag  | default (cat "v" .Chart.AppVersion | replace " " "") }}"
        name: actions-metrics-server
        imagePullPolicy: {{ .Values.image.pullPolicy }}
@@ -122,8 +126,8 @@ spec:
        - containerPort: 8000
          name: http
          protocol: TCP
-        {{- if not .Values.metrics.proxy.enabled }}
+        {{- if not .Values.actionsMetrics.proxy.enabled }}
-        - containerPort: {{ .Values.metrics.port }}
+        - containerPort: {{ .Values.actionsMetrics.port }}
          name: metrics-port
          protocol: TCP
        {{- end }}
@@ -131,17 +135,17 @@ spec:
          {{- toYaml .Values.actionsMetricsServer.resources | nindent 12 }}
        securityContext:
          {{- toYaml .Values.actionsMetricsServer.securityContext | nindent 12 }}
-      {{- if .Values.metrics.proxy.enabled }}
+      {{- if .Values.actionsMetrics.proxy.enabled }}
      - args:
-        - "--secure-listen-address=0.0.0.0:{{ .Values.metrics.port }}"
+        - "--secure-listen-address=0.0.0.0:{{ .Values.actionsMetrics.port }}"
        - "--upstream=http://127.0.0.1:8080/"
        - "--logtostderr=true"
        - "--v=10"
-        image: "{{ .Values.metrics.proxy.image.repository }}:{{ .Values.metrics.proxy.image.tag }}"
+        image: "{{ .Values.actionsMetrics.proxy.image.repository }}:{{ .Values.actionsMetrics.proxy.image.tag }}"
        name: kube-rbac-proxy
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        ports:
-        - containerPort: {{ .Values.metrics.port }}
+        - containerPort: {{ .Values.actionsMetrics.port }}
          name: metrics-port
        resources:
          {{- toYaml .Values.resources | nindent 12 }}
--- a/charts/actions-runner-controller/templates/actionsmetrics.service.yaml
+++ b/charts/actions-runner-controller/templates/actionsmetrics.service.yaml
@@ -16,9 +16,9 @@ spec:
    {{ range $_, $port := .Values.actionsMetricsServer.service.ports -}}
    - {{ $port | toYaml | nindent 6 }}
    {{- end }}
-    {{- if .Values.metrics.serviceMonitor }}
+    {{- if .Values.actionsMetrics.serviceMonitor.enable }}
    - name: metrics-port
-      port: {{ .Values.metrics.port }}
+      port: {{ .Values.actionsMetrics.port }}
      targetPort: metrics-port
    {{- end }}
  selector:
--- a/charts/actions-runner-controller/templates/actionsmetrics.servicemonitor.yaml.yml
+++ b/charts/actions-runner-controller/templates/actionsmetrics.servicemonitor.yaml.yml
@@ -1,14 +1,15 @@
-{{- if and .Values.actionsMetricsServer.enabled .Values.actionsMetrics.serviceMonitor }}
+{{- if and .Values.actionsMetricsServer.enabled .Values.actionsMetrics.serviceMonitor.enable }}
 {{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default .Release.Namespace }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  labels:
    {{- include "actions-runner-controller.labels" . | nindent 4 }}
-  {{- with .Values.actionsMetricsServer.serviceMonitorLabels }}
+  {{- with .Values.actionsMetrics.serviceMonitorLabels }}
    {{- toYaml . | nindent 4 }}
  {{- end }}
  name: {{ include "actions-runner-controller-actions-metrics-server.serviceMonitorName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ $servicemonitornamespace }}
 spec:
  endpoints:
    - path: /metrics
@@ -19,6 +20,8 @@ spec:
      tlsConfig:
        insecureSkipVerify: true
      {{- end }}
      interval: {{ .Values.actionsMetrics.serviceMonitor.interval }}
      scrapeTimeout: {{ .Values.actionsMetrics.serviceMonitor.timeout }}
  selector:
    matchLabels:
      {{- include "actions-runner-controller-actions-metrics-server.selectorLabels" . | nindent 6 }}
--- a/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml
+++ b/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.metrics.serviceMonitor }}
+{{- if .Values.metrics.serviceMonitor.enable }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
@@ -19,6 +19,8 @@ spec:
      tlsConfig:
        insecureSkipVerify: true
      {{- end }}
      interval: {{ .Values.metrics.serviceMonitor.interval }}
      scrapeTimeout: {{ .Values.metrics.serviceMonitor.timeout }}
  selector:
    matchLabels:
      {{- include "actions-runner-controller.selectorLabels" . | nindent 6 }}
--- a/charts/actions-runner-controller/templates/deployment.yaml
+++ b/charts/actions-runner-controller/templates/deployment.yaml
@@ -70,6 +70,9 @@ spec:
        {{- if .Values.logFormat  }}  
        - "--log-format={{ .Values.logFormat }}"
        {{- end }}
        {{- if .Values.dockerGID  }}
        - "--docker-gid={{ .Values.dockerGID }}"
        {{- end }}
        command:
        - "/manager"
        env:
@@ -211,3 +214,6 @@ spec:
      {{- if .Values.hostNetwork }}
      hostNetwork: {{ .Values.hostNetwork }}
      {{- end }}
      {{- if .Values.dnsPolicy }}
      dnsPolicy: {{ .Values.dnsPolicy }}
      {{- end }}
--- a/charts/actions-runner-controller/templates/githubwebhook.service.yaml
+++ b/charts/actions-runner-controller/templates/githubwebhook.service.yaml
@@ -5,7 +5,7 @@ metadata:
  name: {{ include "actions-runner-controller-github-webhook-server.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    {{- include "actions-runner-controller.labels" . | nindent 4 }}
+    {{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 4 }}
 {{- if .Values.githubWebhookServer.service.annotations }}
  annotations:
    {{ toYaml .Values.githubWebhookServer.service.annotations | nindent 4 }}
@@ -16,7 +16,7 @@ spec:
    {{ range $_, $port := .Values.githubWebhookServer.service.ports -}}
    - {{ $port | toYaml | nindent 6 }}
    {{- end }}
-    {{- if .Values.metrics.serviceMonitor }}
+    {{- if .Values.metrics.serviceMonitor.enable }}
    - name: metrics-port
      port: {{ .Values.metrics.port }}
      targetPort: metrics-port
--- a/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml
+++ b/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml
@@ -1,4 +1,5 @@
-{{- if and .Values.githubWebhookServer.enabled .Values.metrics.serviceMonitor }}
+{{- if and .Values.githubWebhookServer.enabled .Values.metrics.serviceMonitor.enable }}
 {{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default .Release.Namespace }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
@@ -8,7 +9,7 @@ metadata:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  name: {{ include "actions-runner-controller-github-webhook-server.serviceMonitorName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ $servicemonitornamespace }}
 spec:
  endpoints:
    - path: /metrics
@@ -19,6 +20,8 @@ spec:
      tlsConfig:
        insecureSkipVerify: true
      {{- end }}
      interval: {{ .Values.metrics.serviceMonitor.interval }}
      scrapeTimeout: {{ .Values.metrics.serviceMonitor.timeout }}
  selector:
    matchLabels:
      {{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 6 }}
--- a/charts/actions-runner-controller/templates/webhook_configs.yaml
+++ b/charts/actions-runner-controller/templates/webhook_configs.yaml
@@ -19,7 +19,7 @@ webhooks:
  {{- if .Values.scope.singleNamespace }}
  namespaceSelector:
    matchLabels:
-      name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
  {{- end }}
  clientConfig:
    {{- if .Values.admissionWebHooks.caBundle }}
@@ -50,7 +50,7 @@ webhooks:
  {{- if .Values.scope.singleNamespace }}
  namespaceSelector:
    matchLabels:
-      name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
  {{- end }}
  clientConfig:
    {{- if .Values.admissionWebHooks.caBundle }}
@@ -81,7 +81,7 @@ webhooks:
  {{- if .Values.scope.singleNamespace }}
  namespaceSelector:
    matchLabels:
-      name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
  {{- end }}
  clientConfig:
    {{- if .Values.admissionWebHooks.caBundle }}
@@ -112,7 +112,7 @@ webhooks:
  {{- if .Values.scope.singleNamespace }}
  namespaceSelector:
    matchLabels:
-      name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
  {{- end }}
  clientConfig:
    {{- if .Values.admissionWebHooks.caBundle }}
@@ -156,7 +156,7 @@ webhooks:
  {{- if .Values.scope.singleNamespace }}
  namespaceSelector:
    matchLabels:
-      name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
  {{- end }}
  clientConfig:
    {{- if .Values.admissionWebHooks.caBundle }}
@@ -187,7 +187,7 @@ webhooks:
  {{- if .Values.scope.singleNamespace }}
  namespaceSelector:
    matchLabels:
-      name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
  {{- end }}
  clientConfig:
    {{- if .Values.admissionWebHooks.caBundle }}
@@ -218,7 +218,7 @@ webhooks:
  {{- if .Values.scope.singleNamespace }}
  namespaceSelector:
    matchLabels:
-      name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
  {{- end }}
  clientConfig:
    {{- if .Values.admissionWebHooks.caBundle }}
--- a/charts/actions-runner-controller/values.yaml
+++ b/charts/actions-runner-controller/values.yaml
@@ -70,7 +70,7 @@ rbac:
  {}
  # # This allows ARC to dynamically create a ServiceAccount and a Role for each Runner pod that uses "kubernetes" container mode,
  # # by extending ARC's manager role to have the same permissions required by the pod runs the runner agent in "kubernetes" container mode.
-  # # Without this, Kubernetes blocks ARC to create the role to prevent a priviledge escalation.
+  # # Without this, Kubernetes blocks ARC to create the role to prevent a privilege escalation.
  # # See https://github.com/actions/actions-runner-controller/pull/1268/files#r917327010
  # allowGrantingKubernetesContainerModePermissions: true
@@ -109,7 +109,11 @@ service:
 # Metrics service resource
 metrics:
  serviceAnnotations: {}
-  serviceMonitor: false
+  serviceMonitor:
    enable: false
    namespace: ""
    timeout: 30s
    interval: 1m
  serviceMonitorLabels: {}
  port: 8443
  proxy:
@@ -148,8 +152,7 @@ podDisruptionBudget:
 # PriorityClass: system-cluster-critical
 priorityClassName: ""
-env:
+# env:
  {}
  # specify additional environment variables for the controller pod.
  # It's possible to specify either key vale pairs e.g.:
  # http_proxy: "proxy.com:8080"
@@ -189,9 +192,17 @@ admissionWebHooks:
 # https://github.com/actions/actions-runner-controller/issues/1005#issuecomment-993097155
 #hostNetwork: true
 # If you use `hostNetwork: true`, then you need dnsPolicy: ClusterFirstWithHostNet
 # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
 #dnsPolicy: ClusterFirst
 ## specify log format for actions runner controller.  Valid options are "text" and "json"
 logFormat: text
 # enable setting the docker group id for the runner container
 # https://github.com/actions/actions-runner-controller/pull/2499
 #dockerGID: 121
 githubWebhookServer:
  enabled: false
  replicaCount: 1
@@ -292,7 +303,7 @@ githubWebhookServer:
  #       key: GITHUB_WEBHOOK_SECRET_TOKEN
  #       name: prod-gha-controller-webhook-token
  #       optional: true
-  env: {}
+  # env:
 actionsMetrics:
  serviceAnnotations: {}
@@ -300,7 +311,11 @@ actionsMetrics:
  # as a part of the helm release.
  # Do note that you also need actionsMetricsServer.enabled=true
  # to deploy the actions-metrics-server whose k8s service is referenced by the service monitor.
-  serviceMonitor: false
+  serviceMonitor:
    enable: false
    namespace: ""
    timeout: 30s
    interval: 1m
  serviceMonitorLabels: {}
  port: 8443
  proxy:
@@ -308,6 +323,19 @@ actionsMetrics:
    image:
      repository: quay.io/brancz/kube-rbac-proxy
      tag: v0.13.1
  # specify additional environment variables for the webhook server pod.
  # It's possible to specify either key vale pairs e.g.:
  # my_env_var: "some value"
  # my_other_env_var: "other value"
  # or a list of complete environment variable definitions e.g.:
  # - name: GITHUB_WEBHOOK_SECRET_TOKEN
  #   valueFrom:
  #     secretKeyRef:
  #       key: GITHUB_WEBHOOK_SECRET_TOKEN
  #       name: prod-gha-controller-webhook-token
  #       optional: true
  # env:
 actionsMetricsServer:
  enabled: false
--- a/charts/gha-runner-scale-set-controller/Chart.yaml
+++ b/charts/gha-runner-scale-set-controller/Chart.yaml
@@ -15,13 +15,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.0
+version: 0.8.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.4.0"
+appVersion: "0.8.1"
 home: https://github.com/actions/actions-runner-controller
--- a/charts/gha-runner-scale-set-controller/crds/actions.github.com_autoscalinglisteners.yaml
+++ b/charts/gha-runner-scale-set-controller/crds/actions.github.com_autoscalinglisteners.yaml
--- a/charts/gha-runner-scale-set-controller/crds/actions.github.com_autoscalingrunnersets.yaml
+++ b/charts/gha-runner-scale-set-controller/crds/actions.github.com_autoscalingrunnersets.yaml
--- a/charts/gha-runner-scale-set-controller/crds/actions.github.com_ephemeralrunners.yaml
+++ b/charts/gha-runner-scale-set-controller/crds/actions.github.com_ephemeralrunners.yaml
@@ -1,9 +1,9 @@
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
+    controller-gen.kubebuilder.io/version: v0.13.0
  creationTimestamp: null
  name: ephemeralrunners.actions.github.com
 spec:
  group: actions.github.com
@@ -82,6 +82,7 @@ spec:
                          required:
                            - key
                          type: object
                          x-kubernetes-map-type: atomic
                      type: object
                  type: object
                metadata:
@@ -195,6 +196,7 @@ spec:
                                          type: object
                                        type: array
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  weight:
                                    description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
                                    format: int32
@@ -255,10 +257,12 @@ spec:
                                          type: object
                                        type: array
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  type: array
                              required:
                                - nodeSelectorTerms
                              type: object
                              x-kubernetes-map-type: atomic
                          type: object
                        podAffinity:
                          description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
@@ -301,6 +305,7 @@ spec:
                                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                            type: object
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      namespaceSelector:
                                        description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
                                        properties:
@@ -331,6 +336,7 @@ spec:
                                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                            type: object
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      namespaces:
                                        description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
                                        items:
@@ -386,6 +392,7 @@ spec:
                                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                        type: object
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  namespaceSelector:
                                    description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
                                    properties:
@@ -416,6 +423,7 @@ spec:
                                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                        type: object
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  namespaces:
                                    description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
                                    items:
@@ -470,6 +478,7 @@ spec:
                                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                            type: object
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      namespaceSelector:
                                        description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
                                        properties:
@@ -500,6 +509,7 @@ spec:
                                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                            type: object
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      namespaces:
                                        description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
                                        items:
@@ -555,6 +565,7 @@ spec:
                                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                        type: object
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  namespaceSelector:
                                    description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
                                    properties:
@@ -585,6 +596,7 @@ spec:
                                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                        type: object
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  namespaces:
                                    description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
                                    items:
@@ -646,6 +658,7 @@ spec:
                                      required:
                                        - key
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    fieldRef:
                                      description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.'
                                      properties:
@@ -658,6 +671,7 @@ spec:
                                      required:
                                        - fieldPath
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    resourceFieldRef:
                                      description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.'
                                      properties:
@@ -677,6 +691,7 @@ spec:
                                      required:
                                        - resource
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    secretKeyRef:
                                      description: Selects a key of a secret in the pod's namespace
                                      properties:
@@ -692,6 +707,7 @@ spec:
                                      required:
                                        - key
                                      type: object
                                      x-kubernetes-map-type: atomic
                                  type: object
                              required:
                                - name
@@ -712,6 +728,7 @@ spec:
                                      description: Specify whether the ConfigMap must be defined
                                      type: boolean
                                  type: object
                                  x-kubernetes-map-type: atomic
                                prefix:
                                  description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
                                  type: string
@@ -725,6 +742,7 @@ spec:
                                      description: Specify whether the Secret must be defined
                                      type: boolean
                                  type: object
                                  x-kubernetes-map-type: atomic
                              type: object
                            type: array
                          image:
@@ -760,7 +778,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -825,7 +843,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -884,7 +902,7 @@ spec:
                                format: int32
                                type: integer
                              grpc:
-                                description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                description: GRPC specifies an action involving a GRPC port.
                                properties:
                                  port:
                                    description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -908,7 +926,7 @@ spec:
                                      description: HTTPHeader describes a custom header to be used in HTTP probes
                                      properties:
                                        name:
-                                          description: The header field name
+                                          description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                          type: string
                                        value:
                                          description: The header field value
@@ -1020,7 +1038,7 @@ spec:
                                format: int32
                                type: integer
                              grpc:
-                                description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                description: GRPC specifies an action involving a GRPC port.
                                properties:
                                  port:
                                    description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -1044,7 +1062,7 @@ spec:
                                      description: HTTPHeader describes a custom header to be used in HTTP probes
                                      properties:
                                        name:
-                                          description: The header field name
+                                          description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                          type: string
                                        value:
                                          description: The header field value
@@ -1105,11 +1123,28 @@ spec:
                                format: int32
                                type: integer
                            type: object
                          resizePolicy:
                            description: Resources resize policy for the container.
                            items:
                              description: ContainerResizePolicy represents resource resize policy for the container.
                              properties:
                                resourceName:
                                  description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
                                  type: string
                                restartPolicy:
                                  description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
                                  type: string
                              required:
                                - resourceName
                                - restartPolicy
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                          resources:
                            description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            properties:
                              claims:
-                                description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
+                                description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
                                items:
                                  description: ResourceClaim references one entry in PodSpec.ResourceClaims.
                                  properties:
@@ -1136,9 +1171,12 @@ spec:
                                    - type: string
                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                  x-kubernetes-int-or-string: true
-                                description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                type: object
                            type: object
                          restartPolicy:
                            description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
                            type: string
                          securityContext:
                            description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                            properties:
@@ -1201,7 +1239,7 @@ spec:
                                description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
                                properties:
                                  localhostProfile:
-                                    description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+                                    description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
                                    type: string
                                  type:
                                    description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
@@ -1219,7 +1257,7 @@ spec:
                                    description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
                                    type: string
                                  hostProcess:
-                                    description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                    description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
                                    type: boolean
                                  runAsUserName:
                                    description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
@@ -1243,7 +1281,7 @@ spec:
                                format: int32
                                type: integer
                              grpc:
-                                description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                description: GRPC specifies an action involving a GRPC port.
                                properties:
                                  port:
                                    description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -1267,7 +1305,7 @@ spec:
                                      description: HTTPHeader describes a custom header to be used in HTTP probes
                                      properties:
                                        name:
-                                          description: The header field name
+                                          description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                          type: string
                                        value:
                                          description: The header field value
@@ -1470,6 +1508,7 @@ spec:
                                      required:
                                        - key
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    fieldRef:
                                      description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.'
                                      properties:
@@ -1482,6 +1521,7 @@ spec:
                                      required:
                                        - fieldPath
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    resourceFieldRef:
                                      description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.'
                                      properties:
@@ -1501,6 +1541,7 @@ spec:
                                      required:
                                        - resource
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    secretKeyRef:
                                      description: Selects a key of a secret in the pod's namespace
                                      properties:
@@ -1516,6 +1557,7 @@ spec:
                                      required:
                                        - key
                                      type: object
                                      x-kubernetes-map-type: atomic
                                  type: object
                              required:
                                - name
@@ -1536,6 +1578,7 @@ spec:
                                      description: Specify whether the ConfigMap must be defined
                                      type: boolean
                                  type: object
                                  x-kubernetes-map-type: atomic
                                prefix:
                                  description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
                                  type: string
@@ -1549,6 +1592,7 @@ spec:
                                      description: Specify whether the Secret must be defined
                                      type: boolean
                                  type: object
                                  x-kubernetes-map-type: atomic
                              type: object
                            type: array
                          image:
@@ -1584,7 +1628,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -1649,7 +1693,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -1708,7 +1752,7 @@ spec:
                                format: int32
                                type: integer
                              grpc:
-                                description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                description: GRPC specifies an action involving a GRPC port.
                                properties:
                                  port:
                                    description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -1732,7 +1776,7 @@ spec:
                                      description: HTTPHeader describes a custom header to be used in HTTP probes
                                      properties:
                                        name:
-                                          description: The header field name
+                                          description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                          type: string
                                        value:
                                          description: The header field value
@@ -1844,7 +1888,7 @@ spec:
                                format: int32
                                type: integer
                              grpc:
-                                description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                description: GRPC specifies an action involving a GRPC port.
                                properties:
                                  port:
                                    description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -1868,7 +1912,7 @@ spec:
                                      description: HTTPHeader describes a custom header to be used in HTTP probes
                                      properties:
                                        name:
-                                          description: The header field name
+                                          description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                          type: string
                                        value:
                                          description: The header field value
@@ -1929,11 +1973,28 @@ spec:
                                format: int32
                                type: integer
                            type: object
                          resizePolicy:
                            description: Resources resize policy for the container.
                            items:
                              description: ContainerResizePolicy represents resource resize policy for the container.
                              properties:
                                resourceName:
                                  description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
                                  type: string
                                restartPolicy:
                                  description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
                                  type: string
                              required:
                                - resourceName
                                - restartPolicy
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                          resources:
                            description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
                            properties:
                              claims:
-                                description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
+                                description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
                                items:
                                  description: ResourceClaim references one entry in PodSpec.ResourceClaims.
                                  properties:
@@ -1960,9 +2021,12 @@ spec:
                                    - type: string
                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                  x-kubernetes-int-or-string: true
-                                description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                type: object
                            type: object
                          restartPolicy:
                            description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
                            type: string
                          securityContext:
                            description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
                            properties:
@@ -2025,7 +2089,7 @@ spec:
                                description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
                                properties:
                                  localhostProfile:
-                                    description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+                                    description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
                                    type: string
                                  type:
                                    description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
@@ -2043,7 +2107,7 @@ spec:
                                    description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
                                    type: string
                                  hostProcess:
-                                    description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                    description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
                                    type: boolean
                                  runAsUserName:
                                    description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
@@ -2067,7 +2131,7 @@ spec:
                                format: int32
                                type: integer
                              grpc:
-                                description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                description: GRPC specifies an action involving a GRPC port.
                                properties:
                                  port:
                                    description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -2091,7 +2155,7 @@ spec:
                                      description: HTTPHeader describes a custom header to be used in HTTP probes
                                      properties:
                                        name:
-                                          description: The header field name
+                                          description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                          type: string
                                        value:
                                          description: The header field value
@@ -2260,6 +2324,7 @@ spec:
                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                            type: string
                        type: object
                        x-kubernetes-map-type: atomic
                      type: array
                    initContainers:
                      description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
@@ -2305,6 +2370,7 @@ spec:
                                      required:
                                        - key
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    fieldRef:
                                      description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.'
                                      properties:
@@ -2317,6 +2383,7 @@ spec:
                                      required:
                                        - fieldPath
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    resourceFieldRef:
                                      description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.'
                                      properties:
@@ -2336,6 +2403,7 @@ spec:
                                      required:
                                        - resource
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    secretKeyRef:
                                      description: Selects a key of a secret in the pod's namespace
                                      properties:
@@ -2351,6 +2419,7 @@ spec:
                                      required:
                                        - key
                                      type: object
                                      x-kubernetes-map-type: atomic
                                  type: object
                              required:
                                - name
@@ -2371,6 +2440,7 @@ spec:
                                      description: Specify whether the ConfigMap must be defined
                                      type: boolean
                                  type: object
                                  x-kubernetes-map-type: atomic
                                prefix:
                                  description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
                                  type: string
@@ -2384,6 +2454,7 @@ spec:
                                      description: Specify whether the Secret must be defined
                                      type: boolean
                                  type: object
                                  x-kubernetes-map-type: atomic
                              type: object
                            type: array
                          image:
@@ -2419,7 +2490,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -2484,7 +2555,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -2543,7 +2614,7 @@ spec:
                                format: int32
                                type: integer
                              grpc:
-                                description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                description: GRPC specifies an action involving a GRPC port.
                                properties:
                                  port:
                                    description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -2567,7 +2638,7 @@ spec:
                                      description: HTTPHeader describes a custom header to be used in HTTP probes
                                      properties:
                                        name:
-                                          description: The header field name
+                                          description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                          type: string
                                        value:
                                          description: The header field value
@@ -2679,7 +2750,7 @@ spec:
                                format: int32
                                type: integer
                              grpc:
-                                description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                description: GRPC specifies an action involving a GRPC port.
                                properties:
                                  port:
                                    description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -2703,7 +2774,7 @@ spec:
                                      description: HTTPHeader describes a custom header to be used in HTTP probes
                                      properties:
                                        name:
-                                          description: The header field name
+                                          description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                          type: string
                                        value:
                                          description: The header field value
@@ -2764,11 +2835,28 @@ spec:
                                format: int32
                                type: integer
                            type: object
                          resizePolicy:
                            description: Resources resize policy for the container.
                            items:
                              description: ContainerResizePolicy represents resource resize policy for the container.
                              properties:
                                resourceName:
                                  description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
                                  type: string
                                restartPolicy:
                                  description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
                                  type: string
                              required:
                                - resourceName
                                - restartPolicy
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                          resources:
                            description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            properties:
                              claims:
-                                description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
+                                description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
                                items:
                                  description: ResourceClaim references one entry in PodSpec.ResourceClaims.
                                  properties:
@@ -2795,9 +2883,12 @@ spec:
                                    - type: string
                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                  x-kubernetes-int-or-string: true
-                                description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                type: object
                            type: object
                          restartPolicy:
                            description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
                            type: string
                          securityContext:
                            description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                            properties:
@@ -2860,7 +2951,7 @@ spec:
                                description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
                                properties:
                                  localhostProfile:
-                                    description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+                                    description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
                                    type: string
                                  type:
                                    description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
@@ -2878,7 +2969,7 @@ spec:
                                    description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
                                    type: string
                                  hostProcess:
-                                    description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                    description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
                                    type: boolean
                                  runAsUserName:
                                    description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
@@ -2902,7 +2993,7 @@ spec:
                                format: int32
                                type: integer
                              grpc:
-                                description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                description: GRPC specifies an action involving a GRPC port.
                                properties:
                                  port:
                                    description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -2926,7 +3017,7 @@ spec:
                                      description: HTTPHeader describes a custom header to be used in HTTP probes
                                      properties:
                                        name:
-                                          description: The header field name
+                                          description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                          type: string
                                        value:
                                          description: The header field value
@@ -3117,7 +3208,7 @@ spec:
                                description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
                                type: string
                              resourceClaimTemplateName:
-                                description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). \n An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
+                                description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
                                type: string
                            type: object
                        required:
@@ -3128,7 +3219,7 @@ spec:
                        - name
                      x-kubernetes-list-type: map
                    restartPolicy:
-                      description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
+                      description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
                      type: string
                    runtimeClassName:
                      description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod.  If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
@@ -3137,7 +3228,7 @@ spec:
                      description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
                      type: string
                    schedulingGates:
-                      description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info:  https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. \n This is an alpha-level feature enabled by PodSchedulingReadiness feature gate."
+                      description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. \n SchedulingGates can only be set at pod creation time, and be removed only afterwards. \n This is a beta feature enabled by the PodSchedulingReadiness feature gate."
                      items:
                        description: PodSchedulingGate is associated to a Pod to guard its scheduling.
                        properties:
@@ -3192,7 +3283,7 @@ spec:
                          description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
                          properties:
                            localhostProfile:
-                              description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+                              description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
                              type: string
                            type:
                              description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
@@ -3232,7 +3323,7 @@ spec:
                              description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
                              type: string
                            hostProcess:
-                              description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                              description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
                              type: boolean
                            runAsUserName:
                              description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
@@ -3316,8 +3407,9 @@ spec:
                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                type: object
                            type: object
                            x-kubernetes-map-type: atomic
                          matchLabelKeys:
-                            description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
+                            description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
                            items:
                              type: string
                            type: array
@@ -3340,7 +3432,7 @@ spec:
                            description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
                            type: string
                          whenUnsatisfiable:
-                            description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location,   but giving higher precedence to topologies that would help reduce the   skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P |   P   |   P   | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.'
+                            description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P |   P   |   P   | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.'
                            type: string
                        required:
                          - maxSkew
@@ -3441,6 +3533,7 @@ spec:
                                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                    type: string
                                type: object
                                x-kubernetes-map-type: atomic
                              user:
                                description: 'user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                type: string
@@ -3463,6 +3556,7 @@ spec:
                                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                    type: string
                                type: object
                                x-kubernetes-map-type: atomic
                              volumeID:
                                description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                type: string
@@ -3503,6 +3597,7 @@ spec:
                                description: optional specify whether the ConfigMap or its keys must be defined
                                type: boolean
                            type: object
                            x-kubernetes-map-type: atomic
                          csi:
                            description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
                            properties:
@@ -3519,6 +3614,7 @@ spec:
                                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                    type: string
                                type: object
                                x-kubernetes-map-type: atomic
                              readOnly:
                                description: readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
                                type: boolean
@@ -3554,6 +3650,7 @@ spec:
                                      required:
                                        - fieldPath
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    mode:
                                      description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                      format: int32
@@ -3580,6 +3677,7 @@ spec:
                                      required:
                                        - resource
                                      type: object
                                      x-kubernetes-map-type: atomic
                                  required:
                                    - path
                                  type: object
@@ -3595,12 +3693,12 @@ spec:
                                anyOf:
                                  - type: integer
                                  - type: string
-                                description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+                                description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                x-kubernetes-int-or-string: true
                            type: object
                          ephemeral:
-                            description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity    tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through    a PersistentVolumeClaim (see EphemeralVolumeSource for more    information on the connection between this volume type    and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time."
+                            description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time."
                            properties:
                              volumeClaimTemplate:
                                description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod.  The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil."
@@ -3649,8 +3747,9 @@ spec:
                                          - kind
                                          - name
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      dataSourceRef:
-                                        description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef   allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef   preserves all values, and generates an error if a disallowed value is   specified. * While dataSource only allows local objects, dataSourceRef allows objects   in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.'
+                                        description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.'
                                        properties:
                                          apiGroup:
                                            description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
@@ -3672,7 +3771,7 @@ spec:
                                        description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                        properties:
                                          claims:
-                                            description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
+                                            description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
                                            items:
                                              description: ResourceClaim references one entry in PodSpec.ResourceClaims.
                                              properties:
@@ -3699,7 +3798,7 @@ spec:
                                                - type: string
                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                              x-kubernetes-int-or-string: true
-                                            description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                            description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            type: object
                                        type: object
                                      selector:
@@ -3732,6 +3831,7 @@ spec:
                                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                            type: object
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      storageClassName:
                                        description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                        type: string
@@ -3794,6 +3894,7 @@ spec:
                                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                    type: string
                                type: object
                                x-kubernetes-map-type: atomic
                            required:
                              - driver
                            type: object
@@ -3909,6 +4010,7 @@ spec:
                                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                    type: string
                                type: object
                                x-kubernetes-map-type: atomic
                              targetPortal:
                                description: targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
                                type: string
@@ -4017,6 +4119,7 @@ spec:
                                          description: optional specify whether the ConfigMap or its keys must be defined
                                          type: boolean
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    downwardAPI:
                                      description: downwardAPI information about the downwardAPI data to project
                                      properties:
@@ -4037,6 +4140,7 @@ spec:
                                                required:
                                                  - fieldPath
                                                type: object
                                                x-kubernetes-map-type: atomic
                                              mode:
                                                description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                                format: int32
@@ -4063,6 +4167,7 @@ spec:
                                                required:
                                                  - resource
                                                type: object
                                                x-kubernetes-map-type: atomic
                                            required:
                                              - path
                                            type: object
@@ -4098,6 +4203,7 @@ spec:
                                          description: optional field specify whether the Secret or its key must be defined
                                          type: boolean
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    serviceAccountToken:
                                      description: serviceAccountToken is information about the serviceAccountToken data to project
                                      properties:
@@ -4172,6 +4278,7 @@ spec:
                                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                    type: string
                                type: object
                                x-kubernetes-map-type: atomic
                              user:
                                description: 'user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                type: string
@@ -4201,6 +4308,7 @@ spec:
                                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                    type: string
                                type: object
                                x-kubernetes-map-type: atomic
                              sslEnabled:
                                description: sslEnabled Flag enable/disable SSL communication with Gateway, default false
                                type: boolean
@@ -4271,6 +4379,7 @@ spec:
                                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                    type: string
                                type: object
                                x-kubernetes-map-type: atomic
                              volumeName:
                                description: volumeName is the human-readable name of the StorageOS volume.  Volume names are only unique within a namespace.
                                type: string
@@ -4346,9 +4455,3 @@ spec:
      subresources:
        status: {}
  preserveUnknownFields: false
 status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []
--- a/charts/gha-runner-scale-set-controller/crds/actions.github.com_ephemeralrunnersets.yaml
+++ b/charts/gha-runner-scale-set-controller/crds/actions.github.com_ephemeralrunnersets.yaml
@@ -1,9 +1,9 @@
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
+    controller-gen.kubebuilder.io/version: v0.13.0
  creationTimestamp: null
  name: ephemeralrunnersets.actions.github.com
 spec:
  group: actions.github.com
@@ -76,6 +76,7 @@ spec:
                              required:
                                - key
                              type: object
                              x-kubernetes-map-type: atomic
                          type: object
                      type: object
                    metadata:
@@ -189,6 +190,7 @@ spec:
                                              type: object
                                            type: array
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      weight:
                                        description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
                                        format: int32
@@ -249,10 +251,12 @@ spec:
                                              type: object
                                            type: array
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      type: array
                                  required:
                                    - nodeSelectorTerms
                                  type: object
                                  x-kubernetes-map-type: atomic
                              type: object
                            podAffinity:
                              description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
@@ -295,6 +299,7 @@ spec:
                                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                                type: object
                                            type: object
                                            x-kubernetes-map-type: atomic
                                          namespaceSelector:
                                            description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
                                            properties:
@@ -325,6 +330,7 @@ spec:
                                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                                type: object
                                            type: object
                                            x-kubernetes-map-type: atomic
                                          namespaces:
                                            description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
                                            items:
@@ -380,6 +386,7 @@ spec:
                                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                            type: object
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      namespaceSelector:
                                        description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
                                        properties:
@@ -410,6 +417,7 @@ spec:
                                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                            type: object
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      namespaces:
                                        description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
                                        items:
@@ -464,6 +472,7 @@ spec:
                                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                                type: object
                                            type: object
                                            x-kubernetes-map-type: atomic
                                          namespaceSelector:
                                            description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
                                            properties:
@@ -494,6 +503,7 @@ spec:
                                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                                type: object
                                            type: object
                                            x-kubernetes-map-type: atomic
                                          namespaces:
                                            description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
                                            items:
@@ -549,6 +559,7 @@ spec:
                                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                            type: object
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      namespaceSelector:
                                        description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
                                        properties:
@@ -579,6 +590,7 @@ spec:
                                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                            type: object
                                        type: object
                                        x-kubernetes-map-type: atomic
                                      namespaces:
                                        description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
                                        items:
@@ -640,6 +652,7 @@ spec:
                                          required:
                                            - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        fieldRef:
                                          description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.'
                                          properties:
@@ -652,6 +665,7 @@ spec:
                                          required:
                                            - fieldPath
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        resourceFieldRef:
                                          description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.'
                                          properties:
@@ -671,6 +685,7 @@ spec:
                                          required:
                                            - resource
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        secretKeyRef:
                                          description: Selects a key of a secret in the pod's namespace
                                          properties:
@@ -686,6 +701,7 @@ spec:
                                          required:
                                            - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                      type: object
                                  required:
                                    - name
@@ -706,6 +722,7 @@ spec:
                                          description: Specify whether the ConfigMap must be defined
                                          type: boolean
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    prefix:
                                      description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
                                      type: string
@@ -719,6 +736,7 @@ spec:
                                          description: Specify whether the Secret must be defined
                                          type: boolean
                                      type: object
                                      x-kubernetes-map-type: atomic
                                  type: object
                                type: array
                              image:
@@ -754,7 +772,7 @@ spec:
                                              description: HTTPHeader describes a custom header to be used in HTTP probes
                                              properties:
                                                name:
-                                                  description: The header field name
+                                                  description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                                  type: string
                                                value:
                                                  description: The header field value
@@ -819,7 +837,7 @@ spec:
                                              description: HTTPHeader describes a custom header to be used in HTTP probes
                                              properties:
                                                name:
-                                                  description: The header field name
+                                                  description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                                  type: string
                                                value:
                                                  description: The header field value
@@ -878,7 +896,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -902,7 +920,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -1014,7 +1032,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -1038,7 +1056,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -1099,11 +1117,28 @@ spec:
                                    format: int32
                                    type: integer
                                type: object
                              resizePolicy:
                                description: Resources resize policy for the container.
                                items:
                                  description: ContainerResizePolicy represents resource resize policy for the container.
                                  properties:
                                    resourceName:
                                      description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
                                      type: string
                                    restartPolicy:
                                      description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
                                      type: string
                                  required:
                                    - resourceName
                                    - restartPolicy
                                  type: object
                                type: array
                                x-kubernetes-list-type: atomic
                              resources:
                                description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                properties:
                                  claims:
-                                    description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
+                                    description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
                                    items:
                                      description: ResourceClaim references one entry in PodSpec.ResourceClaims.
                                      properties:
@@ -1130,9 +1165,12 @@ spec:
                                        - type: string
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      x-kubernetes-int-or-string: true
-                                    description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                    description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                    type: object
                                type: object
                              restartPolicy:
                                description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
                                type: string
                              securityContext:
                                description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                properties:
@@ -1195,7 +1233,7 @@ spec:
                                    description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
                                    properties:
                                      localhostProfile:
-                                        description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+                                        description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
                                        type: string
                                      type:
                                        description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
@@ -1213,7 +1251,7 @@ spec:
                                        description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
                                        type: string
                                      hostProcess:
-                                        description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                        description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
                                        type: boolean
                                      runAsUserName:
                                        description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
@@ -1237,7 +1275,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -1261,7 +1299,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -1464,6 +1502,7 @@ spec:
                                          required:
                                            - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        fieldRef:
                                          description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.'
                                          properties:
@@ -1476,6 +1515,7 @@ spec:
                                          required:
                                            - fieldPath
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        resourceFieldRef:
                                          description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.'
                                          properties:
@@ -1495,6 +1535,7 @@ spec:
                                          required:
                                            - resource
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        secretKeyRef:
                                          description: Selects a key of a secret in the pod's namespace
                                          properties:
@@ -1510,6 +1551,7 @@ spec:
                                          required:
                                            - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                      type: object
                                  required:
                                    - name
@@ -1530,6 +1572,7 @@ spec:
                                          description: Specify whether the ConfigMap must be defined
                                          type: boolean
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    prefix:
                                      description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
                                      type: string
@@ -1543,6 +1586,7 @@ spec:
                                          description: Specify whether the Secret must be defined
                                          type: boolean
                                      type: object
                                      x-kubernetes-map-type: atomic
                                  type: object
                                type: array
                              image:
@@ -1578,7 +1622,7 @@ spec:
                                              description: HTTPHeader describes a custom header to be used in HTTP probes
                                              properties:
                                                name:
-                                                  description: The header field name
+                                                  description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                                  type: string
                                                value:
                                                  description: The header field value
@@ -1643,7 +1687,7 @@ spec:
                                              description: HTTPHeader describes a custom header to be used in HTTP probes
                                              properties:
                                                name:
-                                                  description: The header field name
+                                                  description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                                  type: string
                                                value:
                                                  description: The header field value
@@ -1702,7 +1746,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -1726,7 +1770,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -1838,7 +1882,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -1862,7 +1906,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -1923,11 +1967,28 @@ spec:
                                    format: int32
                                    type: integer
                                type: object
                              resizePolicy:
                                description: Resources resize policy for the container.
                                items:
                                  description: ContainerResizePolicy represents resource resize policy for the container.
                                  properties:
                                    resourceName:
                                      description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
                                      type: string
                                    restartPolicy:
                                      description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
                                      type: string
                                  required:
                                    - resourceName
                                    - restartPolicy
                                  type: object
                                type: array
                                x-kubernetes-list-type: atomic
                              resources:
                                description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
                                properties:
                                  claims:
-                                    description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
+                                    description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
                                    items:
                                      description: ResourceClaim references one entry in PodSpec.ResourceClaims.
                                      properties:
@@ -1954,9 +2015,12 @@ spec:
                                        - type: string
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      x-kubernetes-int-or-string: true
-                                    description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                    description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                    type: object
                                type: object
                              restartPolicy:
                                description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.
                                type: string
                              securityContext:
                                description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
                                properties:
@@ -2019,7 +2083,7 @@ spec:
                                    description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
                                    properties:
                                      localhostProfile:
-                                        description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+                                        description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
                                        type: string
                                      type:
                                        description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
@@ -2037,7 +2101,7 @@ spec:
                                        description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
                                        type: string
                                      hostProcess:
-                                        description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                        description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
                                        type: boolean
                                      runAsUserName:
                                        description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
@@ -2061,7 +2125,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -2085,7 +2149,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -2254,6 +2318,7 @@ spec:
                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                type: string
                            type: object
                            x-kubernetes-map-type: atomic
                          type: array
                        initContainers:
                          description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
@@ -2299,6 +2364,7 @@ spec:
                                          required:
                                            - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        fieldRef:
                                          description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.'
                                          properties:
@@ -2311,6 +2377,7 @@ spec:
                                          required:
                                            - fieldPath
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        resourceFieldRef:
                                          description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.'
                                          properties:
@@ -2330,6 +2397,7 @@ spec:
                                          required:
                                            - resource
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        secretKeyRef:
                                          description: Selects a key of a secret in the pod's namespace
                                          properties:
@@ -2345,6 +2413,7 @@ spec:
                                          required:
                                            - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                      type: object
                                  required:
                                    - name
@@ -2365,6 +2434,7 @@ spec:
                                          description: Specify whether the ConfigMap must be defined
                                          type: boolean
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    prefix:
                                      description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
                                      type: string
@@ -2378,6 +2448,7 @@ spec:
                                          description: Specify whether the Secret must be defined
                                          type: boolean
                                      type: object
                                      x-kubernetes-map-type: atomic
                                  type: object
                                type: array
                              image:
@@ -2413,7 +2484,7 @@ spec:
                                              description: HTTPHeader describes a custom header to be used in HTTP probes
                                              properties:
                                                name:
-                                                  description: The header field name
+                                                  description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                                  type: string
                                                value:
                                                  description: The header field value
@@ -2478,7 +2549,7 @@ spec:
                                              description: HTTPHeader describes a custom header to be used in HTTP probes
                                              properties:
                                                name:
-                                                  description: The header field name
+                                                  description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                                  type: string
                                                value:
                                                  description: The header field value
@@ -2537,7 +2608,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -2561,7 +2632,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -2673,7 +2744,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -2697,7 +2768,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -2758,11 +2829,28 @@ spec:
                                    format: int32
                                    type: integer
                                type: object
                              resizePolicy:
                                description: Resources resize policy for the container.
                                items:
                                  description: ContainerResizePolicy represents resource resize policy for the container.
                                  properties:
                                    resourceName:
                                      description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.'
                                      type: string
                                    restartPolicy:
                                      description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
                                      type: string
                                  required:
                                    - resourceName
                                    - restartPolicy
                                  type: object
                                type: array
                                x-kubernetes-list-type: atomic
                              resources:
                                description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                properties:
                                  claims:
-                                    description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
+                                    description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
                                    items:
                                      description: ResourceClaim references one entry in PodSpec.ResourceClaims.
                                      properties:
@@ -2789,9 +2877,12 @@ spec:
                                        - type: string
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      x-kubernetes-int-or-string: true
-                                    description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                    description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                    type: object
                                type: object
                              restartPolicy:
                                description: 'RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod''s restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.'
                                type: string
                              securityContext:
                                description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                properties:
@@ -2854,7 +2945,7 @@ spec:
                                    description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
                                    properties:
                                      localhostProfile:
-                                        description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+                                        description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
                                        type: string
                                      type:
                                        description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
@@ -2872,7 +2963,7 @@ spec:
                                        description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
                                        type: string
                                      hostProcess:
-                                        description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                        description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
                                        type: boolean
                                      runAsUserName:
                                        description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
@@ -2896,7 +2987,7 @@ spec:
                                    format: int32
                                    type: integer
                                  grpc:
-                                    description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
+                                    description: GRPC specifies an action involving a GRPC port.
                                    properties:
                                      port:
                                        description: Port number of the gRPC service. Number must be in the range 1 to 65535.
@@ -2920,7 +3011,7 @@ spec:
                                          description: HTTPHeader describes a custom header to be used in HTTP probes
                                          properties:
                                            name:
-                                              description: The header field name
+                                              description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
                                              type: string
                                            value:
                                              description: The header field value
@@ -3111,7 +3202,7 @@ spec:
                                    description: ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.
                                    type: string
                                  resourceClaimTemplateName:
-                                    description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). \n An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
+                                    description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim."
                                    type: string
                                type: object
                            required:
@@ -3122,7 +3213,7 @@ spec:
                            - name
                          x-kubernetes-list-type: map
                        restartPolicy:
-                          description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
+                          description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
                          type: string
                        runtimeClassName:
                          description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod.  If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
@@ -3131,7 +3222,7 @@ spec:
                          description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
                          type: string
                        schedulingGates:
-                          description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info:  https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. \n This is an alpha-level feature enabled by PodSchedulingReadiness feature gate."
+                          description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. \n SchedulingGates can only be set at pod creation time, and be removed only afterwards. \n This is a beta feature enabled by the PodSchedulingReadiness feature gate."
                          items:
                            description: PodSchedulingGate is associated to a Pod to guard its scheduling.
                            properties:
@@ -3186,7 +3277,7 @@ spec:
                              description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
                              properties:
                                localhostProfile:
-                                  description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+                                  description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
                                  type: string
                                type:
                                  description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
@@ -3226,7 +3317,7 @@ spec:
                                  description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
                                  type: string
                                hostProcess:
-                                  description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                  description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
                                  type: boolean
                                runAsUserName:
                                  description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
@@ -3310,8 +3401,9 @@ spec:
                                    description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                    type: object
                                type: object
                                x-kubernetes-map-type: atomic
                              matchLabelKeys:
-                                description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
+                                description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)."
                                items:
                                  type: string
                                type: array
@@ -3334,7 +3426,7 @@ spec:
                                description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
                                type: string
                              whenUnsatisfiable:
-                                description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location,   but giving higher precedence to topologies that would help reduce the   skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P |   P   |   P   | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.'
+                                description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P |   P   |   P   | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.'
                                type: string
                            required:
                              - maxSkew
@@ -3435,6 +3527,7 @@ spec:
                                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                        type: string
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  user:
                                    description: 'user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                    type: string
@@ -3457,6 +3550,7 @@ spec:
                                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                        type: string
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  volumeID:
                                    description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                    type: string
@@ -3497,6 +3591,7 @@ spec:
                                    description: optional specify whether the ConfigMap or its keys must be defined
                                    type: boolean
                                type: object
                                x-kubernetes-map-type: atomic
                              csi:
                                description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
                                properties:
@@ -3513,6 +3608,7 @@ spec:
                                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                        type: string
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  readOnly:
                                    description: readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
                                    type: boolean
@@ -3548,6 +3644,7 @@ spec:
                                          required:
                                            - fieldPath
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        mode:
                                          description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                          format: int32
@@ -3574,6 +3671,7 @@ spec:
                                          required:
                                            - resource
                                          type: object
                                          x-kubernetes-map-type: atomic
                                      required:
                                        - path
                                      type: object
@@ -3589,12 +3687,12 @@ spec:
                                    anyOf:
                                      - type: integer
                                      - type: string
-                                    description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+                                    description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                    x-kubernetes-int-or-string: true
                                type: object
                              ephemeral:
-                                description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity    tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through    a PersistentVolumeClaim (see EphemeralVolumeSource for more    information on the connection between this volume type    and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time."
+                                description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time."
                                properties:
                                  volumeClaimTemplate:
                                    description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod.  The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil."
@@ -3643,8 +3741,9 @@ spec:
                                              - kind
                                              - name
                                            type: object
                                            x-kubernetes-map-type: atomic
                                          dataSourceRef:
-                                            description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef   allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef   preserves all values, and generates an error if a disallowed value is   specified. * While dataSource only allows local objects, dataSourceRef allows objects   in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.'
+                                            description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.'
                                            properties:
                                              apiGroup:
                                                description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
@@ -3666,7 +3765,7 @@ spec:
                                            description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                            properties:
                                              claims:
-                                                description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
+                                                description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
                                                items:
                                                  description: ResourceClaim references one entry in PodSpec.ResourceClaims.
                                                  properties:
@@ -3693,7 +3792,7 @@ spec:
                                                    - type: string
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
-                                                description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                                                description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                type: object
                                            type: object
                                          selector:
@@ -3726,6 +3825,7 @@ spec:
                                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
                                                type: object
                                            type: object
                                            x-kubernetes-map-type: atomic
                                          storageClassName:
                                            description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                            type: string
@@ -3788,6 +3888,7 @@ spec:
                                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                        type: string
                                    type: object
                                    x-kubernetes-map-type: atomic
                                required:
                                  - driver
                                type: object
@@ -3903,6 +4004,7 @@ spec:
                                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                        type: string
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  targetPortal:
                                    description: targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
                                    type: string
@@ -4011,6 +4113,7 @@ spec:
                                              description: optional specify whether the ConfigMap or its keys must be defined
                                              type: boolean
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        downwardAPI:
                                          description: downwardAPI information about the downwardAPI data to project
                                          properties:
@@ -4031,6 +4134,7 @@ spec:
                                                    required:
                                                      - fieldPath
                                                    type: object
                                                    x-kubernetes-map-type: atomic
                                                  mode:
                                                    description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
                                                    format: int32
@@ -4057,6 +4161,7 @@ spec:
                                                    required:
                                                      - resource
                                                    type: object
                                                    x-kubernetes-map-type: atomic
                                                required:
                                                  - path
                                                type: object
@@ -4092,6 +4197,7 @@ spec:
                                              description: optional field specify whether the Secret or its key must be defined
                                              type: boolean
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        serviceAccountToken:
                                          description: serviceAccountToken is information about the serviceAccountToken data to project
                                          properties:
@@ -4166,6 +4272,7 @@ spec:
                                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                        type: string
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  user:
                                    description: 'user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                    type: string
@@ -4195,6 +4302,7 @@ spec:
                                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                        type: string
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  sslEnabled:
                                    description: sslEnabled Flag enable/disable SSL communication with Gateway, default false
                                    type: boolean
@@ -4265,6 +4373,7 @@ spec:
                                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
                                        type: string
                                    type: object
                                    x-kubernetes-map-type: atomic
                                  volumeName:
                                    description: volumeName is the human-readable name of the StorageOS volume.  Volume names are only unique within a namespace.
                                    type: string
@@ -4323,9 +4432,3 @@ spec:
      subresources:
        status: {}
  preserveUnknownFields: false
 status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []
--- a/charts/gha-runner-scale-set-controller/templates/NOTES.txt
+++ b/charts/gha-runner-scale-set-controller/templates/NOTES.txt
@@ -1,3 +1,4 @@
 Thank you for installing {{ .Chart.Name }}.
 Your release is named {{ .Release.Name }}.
--- a/charts/gha-runner-scale-set-controller/templates/_helpers.tpl
+++ b/charts/gha-runner-scale-set-controller/templates/_helpers.tpl
@@ -1,8 +1,14 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "gha-base-name" -}}
 gha-rs-controller
 {{- end }}
 {{- define "gha-runner-scale-set-controller.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- default (include "gha-base-name" .) .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
@@ -14,7 +20,7 @@ If release name contains chart name it will be used as a full name.
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- $name := default (include "gha-base-name" .) .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -27,7 +33,7 @@ If release name contains chart name it will be used as a full name.
 Create chart name and version as used by the chart label.
 */}}
 {{- define "gha-runner-scale-set-controller.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- printf "%s-%s" (include "gha-base-name" .) .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
@@ -39,10 +45,10 @@ helm.sh/chart: {{ include "gha-runner-scale-set-controller.chart" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
-app.kubernetes.io/part-of: gha-runner-scale-set-controller
+app.kubernetes.io/part-of: gha-rs-controller
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- range $k, $v := .Values.labels }}
-{{ $k }}: {{ $v }}
+{{ $k }}: {{ $v | quote }}
 {{- end }}
 {{- end }}
@@ -51,6 +57,7 @@ Selector labels
 */}}
 {{- define "gha-runner-scale-set-controller.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "gha-runner-scale-set-controller.name" . }}
 app.kubernetes.io/namespace: {{ .Release.Namespace }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
@@ -73,35 +80,43 @@ Create the name of the service account to use
 {{- end }}
 {{- define "gha-runner-scale-set-controller.managerClusterRoleName" -}}
-{{- include "gha-runner-scale-set-controller.fullname" . }}-manager-cluster-role
+{{- include "gha-runner-scale-set-controller.fullname" . }}
 {{- end }}
 {{- define "gha-runner-scale-set-controller.managerClusterRoleBinding" -}}
-{{- include "gha-runner-scale-set-controller.fullname" . }}-manager-cluster-rolebinding
+{{- include "gha-runner-scale-set-controller.fullname" . }}
 {{- end }}
 {{- define "gha-runner-scale-set-controller.managerSingleNamespaceRoleName" -}}
-{{- include "gha-runner-scale-set-controller.fullname" . }}-manager-single-namespace-role
+{{- include "gha-runner-scale-set-controller.fullname" . }}-single-namespace
 {{- end }}
 {{- define "gha-runner-scale-set-controller.managerSingleNamespaceRoleBinding" -}}
-{{- include "gha-runner-scale-set-controller.fullname" . }}-manager-single-namespace-rolebinding
+{{- include "gha-runner-scale-set-controller.fullname" . }}-single-namespace
 {{- end }}
 {{- define "gha-runner-scale-set-controller.managerSingleNamespaceWatchRoleName" -}}
 {{- include "gha-runner-scale-set-controller.fullname" . }}-single-namespace-watch
 {{- end }}
 {{- define "gha-runner-scale-set-controller.managerSingleNamespaceWatchRoleBinding" -}}
 {{- include "gha-runner-scale-set-controller.fullname" . }}-single-namespace-watch
 {{- end }}
 {{- define "gha-runner-scale-set-controller.managerListenerRoleName" -}}
-{{- include "gha-runner-scale-set-controller.fullname" . }}-manager-listener-role
+{{- include "gha-runner-scale-set-controller.fullname" . }}-listener
 {{- end }}
 {{- define "gha-runner-scale-set-controller.managerListenerRoleBinding" -}}
-{{- include "gha-runner-scale-set-controller.fullname" . }}-manager-listener-rolebinding
+{{- include "gha-runner-scale-set-controller.fullname" . }}-listener
 {{- end }}
 {{- define "gha-runner-scale-set-controller.leaderElectionRoleName" -}}
-{{- include "gha-runner-scale-set-controller.fullname" . }}-leader-election-role
+{{- include "gha-runner-scale-set-controller.fullname" . }}-leader-election
 {{- end }}
 {{- define "gha-runner-scale-set-controller.leaderElectionRoleBinding" -}}
-{{- include "gha-runner-scale-set-controller.fullname" . }}-leader-election-rolebinding
+{{- include "gha-runner-scale-set-controller.fullname" . }}-leader-election
 {{- end }}
 {{- define "gha-runner-scale-set-controller.imagePullSecretsNames" -}}
@@ -111,3 +126,7 @@ Create the name of the service account to use
 {{- end }}
 {{- $names | join ","}}
 {{- end }}
 {{- define "gha-runner-scale-set-controller.serviceMonitorName" -}}
 {{- include "gha-runner-scale-set-controller.fullname" . }}-service-monitor
 {{- end }}
--- a/charts/gha-runner-scale-set-controller/templates/deployment.yaml
+++ b/charts/gha-runner-scale-set-controller/templates/deployment.yaml
@@ -23,10 +23,13 @@ spec:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
-        app.kubernetes.io/part-of: gha-runner-scale-set-controller
+        app.kubernetes.io/part-of: gha-rs-controller
        app.kubernetes.io/component: controller-manager
        app.kubernetes.io/version: {{ .Chart.Version }}
        {{- include "gha-runner-scale-set-controller.selectorLabels" . | nindent 8 }}
        {{- with .Values.podLabels }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
@@ -56,11 +59,34 @@ spec:
        {{- with .Values.flags.logLevel }}
        - "--log-level={{ . }}"
        {{- end }}
        {{- with .Values.flags.logFormat }}
        - "--log-format={{ . }}"
        {{- end }}
        {{- with .Values.flags.watchSingleNamespace }}
        - "--watch-single-namespace={{ . }}"
        {{- end }}
        {{- with .Values.flags.updateStrategy }}
        - "--update-strategy={{ . }}"
        {{- end }}
        {{- if .Values.metrics }}
        {{- with .Values.metrics }}
        - "--listener-metrics-addr={{ .listenerAddr }}"
        - "--listener-metrics-endpoint={{ .listenerEndpoint }}"
        - "--metrics-addr={{ .controllerManagerAddr }}"
        {{- end }}
        {{- else }}
        - "--listener-metrics-addr=0"
        - "--listener-metrics-endpoint="
        - "--metrics-addr=0"
        {{- end }}
        command:
        - "/manager"
        {{- with .Values.metrics }}
        ports:
        - containerPort: {{regexReplaceAll ":([0-9]+)" .controllerManagerAddr "${1}"}}
          protocol: TCP
          name: metrics
        {{- end }}
        env:
        - name: CONTROLLER_MANAGER_CONTAINER_IMAGE
          value: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -68,8 +94,6 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: CONTROLLER_MANAGER_LISTENER_IMAGE_PULL_POLICY
          value: "{{ .Values.image.pullPolicy | default "IfNotPresent" }}"
        {{- with .Values.env }}
          {{- if kindIs "slice" . }}
            {{- toYaml . | nindent 8 }}
--- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role.yaml
+++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role.yaml
@@ -2,7 +2,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ include "gha-runner-scale-set-controller.managerSingleNamespaceRoleName" . }}
+  name: {{ include "gha-runner-scale-set-controller.managerSingleNamespaceWatchRoleName" . }}
  namespace: {{ .Values.flags.watchSingleNamespace }}
 rules:
 - apiGroups:
--- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role_binding.yaml
+++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role_binding.yaml
@@ -2,12 +2,12 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ include "gha-runner-scale-set-controller.managerSingleNamespaceRoleBinding" . }}
+  name: {{ include "gha-runner-scale-set-controller.managerSingleNamespaceWatchRoleBinding" . }}
  namespace: {{ .Values.flags.watchSingleNamespace }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
-  name: {{ include "gha-runner-scale-set-controller.managerSingleNamespaceRoleName" . }}
+  name: {{ include "gha-runner-scale-set-controller.managerSingleNamespaceWatchRoleName" . }}
 subjects:
 - kind: ServiceAccount
  name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }}
--- a/charts/gha-runner-scale-set-controller/tests/template_test.go
+++ b/charts/gha-runner-scale-set-controller/tests/template_test.go
@@ -1,6 +1,7 @@
 package tests
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
@@ -8,6 +9,7 @@ import (
 	"github.com/gruntwork-io/terratest/modules/helm"
 	"github.com/gruntwork-io/terratest/modules/k8s"
 	"github.com/gruntwork-io/terratest/modules/logger"
 	"github.com/gruntwork-io/terratest/modules/random"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -33,6 +35,7 @@ func TestTemplate_CreateServiceAccount(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"serviceAccount.create":          "true",
 			"serviceAccount.annotations.foo": "bar",
@@ -46,7 +49,7 @@ func TestTemplate_CreateServiceAccount(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &serviceAccount)
 	assert.Equal(t, namespaceName, serviceAccount.Namespace)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller", serviceAccount.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller", serviceAccount.Name)
 	assert.Equal(t, "bar", string(serviceAccount.Annotations["foo"]))
 }
@@ -61,6 +64,7 @@ func TestTemplate_CreateServiceAccount_OverwriteName(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"serviceAccount.create":          "true",
 			"serviceAccount.name":            "overwritten-name",
@@ -90,6 +94,7 @@ func TestTemplate_CreateServiceAccount_CannotUseDefaultServiceAccount(t *testing
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"serviceAccount.create":          "true",
 			"serviceAccount.name":            "default",
@@ -113,6 +118,7 @@ func TestTemplate_NotCreateServiceAccount(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"serviceAccount.create":          "false",
 			"serviceAccount.name":            "overwritten-name",
@@ -136,6 +142,7 @@ func TestTemplate_NotCreateServiceAccount_ServiceAccountNotSet(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"serviceAccount.create":          "false",
 			"serviceAccount.annotations.foo": "bar",
@@ -158,6 +165,7 @@ func TestTemplate_CreateManagerClusterRole(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger:         logger.Discard,
 		SetValues:      map[string]string{},
 		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 	}
@@ -168,7 +176,7 @@ func TestTemplate_CreateManagerClusterRole(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &managerClusterRole)
 	assert.Empty(t, managerClusterRole.Namespace, "ClusterRole should not have a namespace")
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller-manager-cluster-role", managerClusterRole.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller", managerClusterRole.Name)
 	assert.Equal(t, 16, len(managerClusterRole.Rules))
 	_, err = helm.RenderTemplateE(t, options, helmChartPath, releaseName, []string{"templates/manager_single_namespace_controller_role.yaml"})
@@ -189,6 +197,7 @@ func TestTemplate_ManagerClusterRoleBinding(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"serviceAccount.create": "true",
 		},
@@ -201,9 +210,9 @@ func TestTemplate_ManagerClusterRoleBinding(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &managerClusterRoleBinding)
 	assert.Empty(t, managerClusterRoleBinding.Namespace, "ClusterRoleBinding should not have a namespace")
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller-manager-cluster-rolebinding", managerClusterRoleBinding.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller", managerClusterRoleBinding.Name)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller-manager-cluster-role", managerClusterRoleBinding.RoleRef.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller", managerClusterRoleBinding.RoleRef.Name)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller", managerClusterRoleBinding.Subjects[0].Name)
+	assert.Equal(t, "test-arc-gha-rs-controller", managerClusterRoleBinding.Subjects[0].Name)
 	assert.Equal(t, namespaceName, managerClusterRoleBinding.Subjects[0].Namespace)
 	_, err = helm.RenderTemplateE(t, options, helmChartPath, releaseName, []string{"templates/manager_single_namespace_controller_role_binding.yaml"})
@@ -224,6 +233,7 @@ func TestTemplate_CreateManagerListenerRole(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger:         logger.Discard,
 		SetValues:      map[string]string{},
 		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 	}
@@ -234,7 +244,7 @@ func TestTemplate_CreateManagerListenerRole(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &managerListenerRole)
 	assert.Equal(t, namespaceName, managerListenerRole.Namespace, "Role should have a namespace")
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller-manager-listener-role", managerListenerRole.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller-listener", managerListenerRole.Name)
 	assert.Equal(t, 4, len(managerListenerRole.Rules))
 	assert.Equal(t, "pods", managerListenerRole.Rules[0].Resources[0])
 	assert.Equal(t, "pods/status", managerListenerRole.Rules[1].Resources[0])
@@ -253,6 +263,7 @@ func TestTemplate_ManagerListenerRoleBinding(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"serviceAccount.create": "true",
 		},
@@ -265,9 +276,9 @@ func TestTemplate_ManagerListenerRoleBinding(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &managerListenerRoleBinding)
 	assert.Equal(t, namespaceName, managerListenerRoleBinding.Namespace, "RoleBinding should have a namespace")
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller-manager-listener-rolebinding", managerListenerRoleBinding.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller-listener", managerListenerRoleBinding.Name)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller-manager-listener-role", managerListenerRoleBinding.RoleRef.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller-listener", managerListenerRoleBinding.RoleRef.Name)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller", managerListenerRoleBinding.Subjects[0].Name)
+	assert.Equal(t, "test-arc-gha-rs-controller", managerListenerRoleBinding.Subjects[0].Name)
 	assert.Equal(t, namespaceName, managerListenerRoleBinding.Subjects[0].Namespace)
 }
@@ -289,6 +300,7 @@ func TestTemplate_ControllerDeployment_Defaults(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"image.tag": "dev",
 		},
@@ -301,29 +313,29 @@ func TestTemplate_ControllerDeployment_Defaults(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &deployment)
 	assert.Equal(t, namespaceName, deployment.Namespace)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller", deployment.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller", deployment.Name)
-	assert.Equal(t, "gha-runner-scale-set-controller-"+chart.Version, deployment.Labels["helm.sh/chart"])
+	assert.Equal(t, "gha-rs-controller-"+chart.Version, deployment.Labels["helm.sh/chart"])
-	assert.Equal(t, "gha-runner-scale-set-controller", deployment.Labels["app.kubernetes.io/name"])
+	assert.Equal(t, "gha-rs-controller", deployment.Labels["app.kubernetes.io/name"])
 	assert.Equal(t, "test-arc", deployment.Labels["app.kubernetes.io/instance"])
 	assert.Equal(t, chart.AppVersion, deployment.Labels["app.kubernetes.io/version"])
 	assert.Equal(t, "Helm", deployment.Labels["app.kubernetes.io/managed-by"])
 	assert.Equal(t, namespaceName, deployment.Labels["actions.github.com/controller-service-account-namespace"])
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller", deployment.Labels["actions.github.com/controller-service-account-name"])
+	assert.Equal(t, "test-arc-gha-rs-controller", deployment.Labels["actions.github.com/controller-service-account-name"])
 	assert.NotContains(t, deployment.Labels, "actions.github.com/controller-watch-single-namespace")
-	assert.Equal(t, "gha-runner-scale-set-controller", deployment.Labels["app.kubernetes.io/part-of"])
+	assert.Equal(t, "gha-rs-controller", deployment.Labels["app.kubernetes.io/part-of"])
 	assert.Equal(t, int32(1), *deployment.Spec.Replicas)
-	assert.Equal(t, "gha-runner-scale-set-controller", deployment.Spec.Selector.MatchLabels["app.kubernetes.io/name"])
+	assert.Equal(t, "gha-rs-controller", deployment.Spec.Selector.MatchLabels["app.kubernetes.io/name"])
 	assert.Equal(t, "test-arc", deployment.Spec.Selector.MatchLabels["app.kubernetes.io/instance"])
-	assert.Equal(t, "gha-runner-scale-set-controller", deployment.Spec.Template.Labels["app.kubernetes.io/name"])
+	assert.Equal(t, "gha-rs-controller", deployment.Spec.Template.Labels["app.kubernetes.io/name"])
 	assert.Equal(t, "test-arc", deployment.Spec.Template.Labels["app.kubernetes.io/instance"])
 	assert.Equal(t, "manager", deployment.Spec.Template.Annotations["kubectl.kubernetes.io/default-container"])
 	assert.Len(t, deployment.Spec.Template.Spec.ImagePullSecrets, 0)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller", deployment.Spec.Template.Spec.ServiceAccountName)
+	assert.Equal(t, "test-arc-gha-rs-controller", deployment.Spec.Template.Spec.ServiceAccountName)
 	assert.Nil(t, deployment.Spec.Template.Spec.SecurityContext)
 	assert.Empty(t, deployment.Spec.Template.Spec.PriorityClassName)
 	assert.Equal(t, int64(10), *deployment.Spec.Template.Spec.TerminationGracePeriodSeconds)
@@ -345,20 +357,24 @@ func TestTemplate_ControllerDeployment_Defaults(t *testing.T) {
 	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Command, 1)
 	assert.Equal(t, "/manager", deployment.Spec.Template.Spec.Containers[0].Command[0])
-	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Args, 2)
+	expectedArgs := []string{
-	assert.Equal(t, "--auto-scaling-runner-set-only", deployment.Spec.Template.Spec.Containers[0].Args[0])
+		"--auto-scaling-runner-set-only",
-	assert.Equal(t, "--log-level=debug", deployment.Spec.Template.Spec.Containers[0].Args[1])
+		"--log-level=debug",
 		"--log-format=text",
 		"--update-strategy=immediate",
 		"--metrics-addr=0",
 		"--listener-metrics-addr=0",
 		"--listener-metrics-endpoint=",
 	}
 	assert.ElementsMatch(t, expectedArgs, deployment.Spec.Template.Spec.Containers[0].Args)
-	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Env, 3)
+	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Env, 2)
 	assert.Equal(t, "CONTROLLER_MANAGER_CONTAINER_IMAGE", deployment.Spec.Template.Spec.Containers[0].Env[0].Name)
 	assert.Equal(t, managerImage, deployment.Spec.Template.Spec.Containers[0].Env[0].Value)
 	assert.Equal(t, "CONTROLLER_MANAGER_POD_NAMESPACE", deployment.Spec.Template.Spec.Containers[0].Env[1].Name)
 	assert.Equal(t, "metadata.namespace", deployment.Spec.Template.Spec.Containers[0].Env[1].ValueFrom.FieldRef.FieldPath)
 	assert.Equal(t, "CONTROLLER_MANAGER_LISTENER_IMAGE_PULL_POLICY", deployment.Spec.Template.Spec.Containers[0].Env[2].Name)
 	assert.Equal(t, "IfNotPresent", deployment.Spec.Template.Spec.Containers[0].Env[2].Value) // default value. Needs to align with controllers/actions.github.com/resourcebuilder.go
 	assert.Empty(t, deployment.Spec.Template.Spec.Containers[0].Resources)
 	assert.Nil(t, deployment.Spec.Template.Spec.Containers[0].SecurityContext)
 	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].VolumeMounts, 1)
@@ -384,18 +400,21 @@ func TestTemplate_ControllerDeployment_Customize(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"labels.foo":                   "bar",
 			"labels.github":                "actions",
 			"labels.team":                  "GitHub Team",
 			"labels.teamMail":              "team@github.com",
 			"replicaCount":                 "1",
 			"image.pullPolicy":             "Always",
 			"image.tag":                    "dev",
 			"imagePullSecrets[0].name":     "dockerhub",
-			"nameOverride":                 "gha-runner-scale-set-controller-override",
+			"nameOverride":                 "gha-rs-controller-override",
-			"fullnameOverride":             "gha-runner-scale-set-controller-fullname-override",
+			"fullnameOverride":             "gha-rs-controller-fullname-override",
 			"env[0].name":                  "ENV_VAR_NAME_1",
 			"env[0].value":                 "ENV_VAR_VALUE_1",
-			"serviceAccount.name":          "gha-runner-scale-set-controller-sa",
+			"serviceAccount.name":          "gha-rs-controller-sa",
 			"podAnnotations.foo":           "bar",
 			"podSecurityContext.fsGroup":   "1000",
 			"securityContext.runAsUser":    "1000",
@@ -405,7 +424,10 @@ func TestTemplate_ControllerDeployment_Customize(t *testing.T) {
 			"tolerations[0].key":           "foo",
 			"affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key":      "foo",
 			"affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator": "bar",
-			"priorityClassName": "test-priority-class",
+			"priorityClassName":    "test-priority-class",
 			"flags.updateStrategy": "eventual",
 			"flags.logLevel":       "info",
 			"flags.logFormat":      "json",
 		},
 		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 	}
@@ -416,33 +438,35 @@ func TestTemplate_ControllerDeployment_Customize(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &deployment)
 	assert.Equal(t, namespaceName, deployment.Namespace)
-	assert.Equal(t, "gha-runner-scale-set-controller-fullname-override", deployment.Name)
+	assert.Equal(t, "gha-rs-controller-fullname-override", deployment.Name)
-	assert.Equal(t, "gha-runner-scale-set-controller-"+chart.Version, deployment.Labels["helm.sh/chart"])
+	assert.Equal(t, "gha-rs-controller-"+chart.Version, deployment.Labels["helm.sh/chart"])
-	assert.Equal(t, "gha-runner-scale-set-controller-override", deployment.Labels["app.kubernetes.io/name"])
+	assert.Equal(t, "gha-rs-controller-override", deployment.Labels["app.kubernetes.io/name"])
 	assert.Equal(t, "test-arc", deployment.Labels["app.kubernetes.io/instance"])
 	assert.Equal(t, chart.AppVersion, deployment.Labels["app.kubernetes.io/version"])
 	assert.Equal(t, "Helm", deployment.Labels["app.kubernetes.io/managed-by"])
-	assert.Equal(t, "gha-runner-scale-set-controller", deployment.Labels["app.kubernetes.io/part-of"])
+	assert.Equal(t, "gha-rs-controller", deployment.Labels["app.kubernetes.io/part-of"])
 	assert.Equal(t, "bar", deployment.Labels["foo"])
 	assert.Equal(t, "actions", deployment.Labels["github"])
 	assert.Equal(t, "GitHub Team", deployment.Labels["team"])
 	assert.Equal(t, "team@github.com", deployment.Labels["teamMail"])
 	assert.Equal(t, int32(1), *deployment.Spec.Replicas)
-	assert.Equal(t, "gha-runner-scale-set-controller-override", deployment.Spec.Selector.MatchLabels["app.kubernetes.io/name"])
+	assert.Equal(t, "gha-rs-controller-override", deployment.Spec.Selector.MatchLabels["app.kubernetes.io/name"])
 	assert.Equal(t, "test-arc", deployment.Spec.Selector.MatchLabels["app.kubernetes.io/instance"])
-	assert.Equal(t, "gha-runner-scale-set-controller-override", deployment.Spec.Template.Labels["app.kubernetes.io/name"])
+	assert.Equal(t, "gha-rs-controller-override", deployment.Spec.Template.Labels["app.kubernetes.io/name"])
 	assert.Equal(t, "test-arc", deployment.Spec.Template.Labels["app.kubernetes.io/instance"])
 	assert.Equal(t, "bar", deployment.Spec.Template.Annotations["foo"])
 	assert.Equal(t, "manager", deployment.Spec.Template.Annotations["kubectl.kubernetes.io/default-container"])
-	assert.Equal(t, "ENV_VAR_NAME_1", deployment.Spec.Template.Spec.Containers[0].Env[3].Name)
+	assert.Equal(t, "ENV_VAR_NAME_1", deployment.Spec.Template.Spec.Containers[0].Env[2].Name)
-	assert.Equal(t, "ENV_VAR_VALUE_1", deployment.Spec.Template.Spec.Containers[0].Env[3].Value)
+	assert.Equal(t, "ENV_VAR_VALUE_1", deployment.Spec.Template.Spec.Containers[0].Env[2].Value)
 	assert.Len(t, deployment.Spec.Template.Spec.ImagePullSecrets, 1)
 	assert.Equal(t, "dockerhub", deployment.Spec.Template.Spec.ImagePullSecrets[0].Name)
-	assert.Equal(t, "gha-runner-scale-set-controller-sa", deployment.Spec.Template.Spec.ServiceAccountName)
+	assert.Equal(t, "gha-rs-controller-sa", deployment.Spec.Template.Spec.ServiceAccountName)
 	assert.Equal(t, int64(1000), *deployment.Spec.Template.Spec.SecurityContext.FSGroup)
 	assert.Equal(t, "test-priority-class", deployment.Spec.Template.Spec.PriorityClassName)
 	assert.Equal(t, int64(10), *deployment.Spec.Template.Spec.TerminationGracePeriodSeconds)
@@ -470,24 +494,29 @@ func TestTemplate_ControllerDeployment_Customize(t *testing.T) {
 	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Command, 1)
 	assert.Equal(t, "/manager", deployment.Spec.Template.Spec.Containers[0].Command[0])
-	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Args, 3)
+	expectArgs := []string{
-	assert.Equal(t, "--auto-scaling-runner-set-only", deployment.Spec.Template.Spec.Containers[0].Args[0])
+		"--auto-scaling-runner-set-only",
-	assert.Equal(t, "--auto-scaler-image-pull-secrets=dockerhub", deployment.Spec.Template.Spec.Containers[0].Args[1])
+		"--auto-scaler-image-pull-secrets=dockerhub",
-	assert.Equal(t, "--log-level=debug", deployment.Spec.Template.Spec.Containers[0].Args[2])
+		"--log-level=info",
 		"--log-format=json",
 		"--update-strategy=eventual",
 		"--listener-metrics-addr=0",
 		"--listener-metrics-endpoint=",
 		"--metrics-addr=0",
 	}
-	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Env, 4)
+	assert.ElementsMatch(t, expectArgs, deployment.Spec.Template.Spec.Containers[0].Args)
 	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Env, 3)
 	assert.Equal(t, "CONTROLLER_MANAGER_CONTAINER_IMAGE", deployment.Spec.Template.Spec.Containers[0].Env[0].Name)
 	assert.Equal(t, managerImage, deployment.Spec.Template.Spec.Containers[0].Env[0].Value)
 	assert.Equal(t, "CONTROLLER_MANAGER_LISTENER_IMAGE_PULL_POLICY", deployment.Spec.Template.Spec.Containers[0].Env[2].Name)
 	assert.Equal(t, "Always", deployment.Spec.Template.Spec.Containers[0].Env[2].Value) // default value. Needs to align with controllers/actions.github.com/resourcebuilder.go
 	assert.Equal(t, "ENV_VAR_NAME_1", deployment.Spec.Template.Spec.Containers[0].Env[3].Name)
 	assert.Equal(t, "ENV_VAR_VALUE_1", deployment.Spec.Template.Spec.Containers[0].Env[3].Value)
 	assert.Equal(t, "CONTROLLER_MANAGER_POD_NAMESPACE", deployment.Spec.Template.Spec.Containers[0].Env[1].Name)
 	assert.Equal(t, "metadata.namespace", deployment.Spec.Template.Spec.Containers[0].Env[1].ValueFrom.FieldRef.FieldPath)
 	assert.Equal(t, "ENV_VAR_NAME_1", deployment.Spec.Template.Spec.Containers[0].Env[2].Name)
 	assert.Equal(t, "ENV_VAR_VALUE_1", deployment.Spec.Template.Spec.Containers[0].Env[2].Value)
 	assert.Equal(t, "500m", deployment.Spec.Template.Spec.Containers[0].Resources.Limits.Cpu().String())
 	assert.True(t, *deployment.Spec.Template.Spec.Containers[0].SecurityContext.RunAsNonRoot)
 	assert.Equal(t, int64(1000), *deployment.Spec.Template.Spec.Containers[0].SecurityContext.RunAsUser)
@@ -508,6 +537,7 @@ func TestTemplate_EnableLeaderElectionRole(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"replicaCount": "2",
 		},
@@ -519,7 +549,7 @@ func TestTemplate_EnableLeaderElectionRole(t *testing.T) {
 	var leaderRole rbacv1.Role
 	helm.UnmarshalK8SYaml(t, output, &leaderRole)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller-leader-election-role", leaderRole.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller-leader-election", leaderRole.Name)
 	assert.Equal(t, namespaceName, leaderRole.Namespace)
 }
@@ -534,6 +564,7 @@ func TestTemplate_EnableLeaderElectionRoleBinding(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"replicaCount": "2",
 		},
@@ -545,10 +576,10 @@ func TestTemplate_EnableLeaderElectionRoleBinding(t *testing.T) {
 	var leaderRoleBinding rbacv1.RoleBinding
 	helm.UnmarshalK8SYaml(t, output, &leaderRoleBinding)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller-leader-election-rolebinding", leaderRoleBinding.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller-leader-election", leaderRoleBinding.Name)
 	assert.Equal(t, namespaceName, leaderRoleBinding.Namespace)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller-leader-election-role", leaderRoleBinding.RoleRef.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller-leader-election", leaderRoleBinding.RoleRef.Name)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller", leaderRoleBinding.Subjects[0].Name)
+	assert.Equal(t, "test-arc-gha-rs-controller", leaderRoleBinding.Subjects[0].Name)
 }
 func TestTemplate_EnableLeaderElection(t *testing.T) {
@@ -562,6 +593,7 @@ func TestTemplate_EnableLeaderElection(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"replicaCount": "2",
 			"image.tag":    "dev",
@@ -575,7 +607,7 @@ func TestTemplate_EnableLeaderElection(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &deployment)
 	assert.Equal(t, namespaceName, deployment.Namespace)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller", deployment.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller", deployment.Name)
 	assert.Equal(t, int32(2), *deployment.Spec.Replicas)
@@ -587,11 +619,19 @@ func TestTemplate_EnableLeaderElection(t *testing.T) {
 	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Command, 1)
 	assert.Equal(t, "/manager", deployment.Spec.Template.Spec.Containers[0].Command[0])
-	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Args, 4)
+	expectedArgs := []string{
-	assert.Equal(t, "--auto-scaling-runner-set-only", deployment.Spec.Template.Spec.Containers[0].Args[0])
+		"--auto-scaling-runner-set-only",
-	assert.Equal(t, "--enable-leader-election", deployment.Spec.Template.Spec.Containers[0].Args[1])
+		"--enable-leader-election",
-	assert.Equal(t, "--leader-election-id=test-arc-gha-runner-scale-set-controller", deployment.Spec.Template.Spec.Containers[0].Args[2])
+		"--leader-election-id=test-arc-gha-rs-controller",
-	assert.Equal(t, "--log-level=debug", deployment.Spec.Template.Spec.Containers[0].Args[3])
+		"--log-level=debug",
 		"--log-format=text",
 		"--update-strategy=immediate",
 		"--listener-metrics-addr=0",
 		"--listener-metrics-endpoint=",
 		"--metrics-addr=0",
 	}
 	assert.ElementsMatch(t, expectedArgs, deployment.Spec.Template.Spec.Containers[0].Args)
 }
 func TestTemplate_ControllerDeployment_ForwardImagePullSecrets(t *testing.T) {
@@ -605,6 +645,7 @@ func TestTemplate_ControllerDeployment_ForwardImagePullSecrets(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"imagePullSecrets[0].name": "dockerhub",
 			"imagePullSecrets[1].name": "ghcr",
@@ -619,10 +660,18 @@ func TestTemplate_ControllerDeployment_ForwardImagePullSecrets(t *testing.T) {
 	assert.Equal(t, namespaceName, deployment.Namespace)
-	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Args, 3)
+	expectedArgs := []string{
-	assert.Equal(t, "--auto-scaling-runner-set-only", deployment.Spec.Template.Spec.Containers[0].Args[0])
+		"--auto-scaling-runner-set-only",
-	assert.Equal(t, "--auto-scaler-image-pull-secrets=dockerhub,ghcr", deployment.Spec.Template.Spec.Containers[0].Args[1])
+		"--auto-scaler-image-pull-secrets=dockerhub,ghcr",
-	assert.Equal(t, "--log-level=debug", deployment.Spec.Template.Spec.Containers[0].Args[2])
+		"--log-level=debug",
 		"--log-format=text",
 		"--update-strategy=immediate",
 		"--listener-metrics-addr=0",
 		"--listener-metrics-endpoint=",
 		"--metrics-addr=0",
 	}
 	assert.ElementsMatch(t, expectedArgs, deployment.Spec.Template.Spec.Containers[0].Args)
 }
 func TestTemplate_ControllerDeployment_WatchSingleNamespace(t *testing.T) {
@@ -643,6 +692,7 @@ func TestTemplate_ControllerDeployment_WatchSingleNamespace(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"image.tag":                  "dev",
 			"flags.watchSingleNamespace": "demo",
@@ -656,28 +706,28 @@ func TestTemplate_ControllerDeployment_WatchSingleNamespace(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &deployment)
 	assert.Equal(t, namespaceName, deployment.Namespace)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller", deployment.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller", deployment.Name)
-	assert.Equal(t, "gha-runner-scale-set-controller-"+chart.Version, deployment.Labels["helm.sh/chart"])
+	assert.Equal(t, "gha-rs-controller-"+chart.Version, deployment.Labels["helm.sh/chart"])
-	assert.Equal(t, "gha-runner-scale-set-controller", deployment.Labels["app.kubernetes.io/name"])
+	assert.Equal(t, "gha-rs-controller", deployment.Labels["app.kubernetes.io/name"])
 	assert.Equal(t, "test-arc", deployment.Labels["app.kubernetes.io/instance"])
 	assert.Equal(t, chart.AppVersion, deployment.Labels["app.kubernetes.io/version"])
 	assert.Equal(t, "Helm", deployment.Labels["app.kubernetes.io/managed-by"])
 	assert.Equal(t, namespaceName, deployment.Labels["actions.github.com/controller-service-account-namespace"])
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller", deployment.Labels["actions.github.com/controller-service-account-name"])
+	assert.Equal(t, "test-arc-gha-rs-controller", deployment.Labels["actions.github.com/controller-service-account-name"])
 	assert.Equal(t, "demo", deployment.Labels["actions.github.com/controller-watch-single-namespace"])
 	assert.Equal(t, int32(1), *deployment.Spec.Replicas)
-	assert.Equal(t, "gha-runner-scale-set-controller", deployment.Spec.Selector.MatchLabels["app.kubernetes.io/name"])
+	assert.Equal(t, "gha-rs-controller", deployment.Spec.Selector.MatchLabels["app.kubernetes.io/name"])
 	assert.Equal(t, "test-arc", deployment.Spec.Selector.MatchLabels["app.kubernetes.io/instance"])
-	assert.Equal(t, "gha-runner-scale-set-controller", deployment.Spec.Template.Labels["app.kubernetes.io/name"])
+	assert.Equal(t, "gha-rs-controller", deployment.Spec.Template.Labels["app.kubernetes.io/name"])
 	assert.Equal(t, "test-arc", deployment.Spec.Template.Labels["app.kubernetes.io/instance"])
 	assert.Equal(t, "manager", deployment.Spec.Template.Annotations["kubectl.kubernetes.io/default-container"])
 	assert.Len(t, deployment.Spec.Template.Spec.ImagePullSecrets, 0)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller", deployment.Spec.Template.Spec.ServiceAccountName)
+	assert.Equal(t, "test-arc-gha-rs-controller", deployment.Spec.Template.Spec.ServiceAccountName)
 	assert.Nil(t, deployment.Spec.Template.Spec.SecurityContext)
 	assert.Empty(t, deployment.Spec.Template.Spec.PriorityClassName)
 	assert.Equal(t, int64(10), *deployment.Spec.Template.Spec.TerminationGracePeriodSeconds)
@@ -699,21 +749,26 @@ func TestTemplate_ControllerDeployment_WatchSingleNamespace(t *testing.T) {
 	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Command, 1)
 	assert.Equal(t, "/manager", deployment.Spec.Template.Spec.Containers[0].Command[0])
-	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Args, 3)
+	expectedArgs := []string{
-	assert.Equal(t, "--auto-scaling-runner-set-only", deployment.Spec.Template.Spec.Containers[0].Args[0])
+		"--auto-scaling-runner-set-only",
-	assert.Equal(t, "--log-level=debug", deployment.Spec.Template.Spec.Containers[0].Args[1])
+		"--log-level=debug",
-	assert.Equal(t, "--watch-single-namespace=demo", deployment.Spec.Template.Spec.Containers[0].Args[2])
+		"--log-format=text",
 		"--watch-single-namespace=demo",
 		"--update-strategy=immediate",
 		"--listener-metrics-addr=0",
 		"--listener-metrics-endpoint=",
 		"--metrics-addr=0",
 	}
-	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Env, 3)
+	assert.ElementsMatch(t, expectedArgs, deployment.Spec.Template.Spec.Containers[0].Args)
 	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Env, 2)
 	assert.Equal(t, "CONTROLLER_MANAGER_CONTAINER_IMAGE", deployment.Spec.Template.Spec.Containers[0].Env[0].Name)
 	assert.Equal(t, managerImage, deployment.Spec.Template.Spec.Containers[0].Env[0].Value)
 	assert.Equal(t, "CONTROLLER_MANAGER_POD_NAMESPACE", deployment.Spec.Template.Spec.Containers[0].Env[1].Name)
 	assert.Equal(t, "metadata.namespace", deployment.Spec.Template.Spec.Containers[0].Env[1].ValueFrom.FieldRef.FieldPath)
 	assert.Equal(t, "CONTROLLER_MANAGER_LISTENER_IMAGE_PULL_POLICY", deployment.Spec.Template.Spec.Containers[0].Env[2].Name)
 	assert.Equal(t, "IfNotPresent", deployment.Spec.Template.Spec.Containers[0].Env[2].Value) // default value. Needs to align with controllers/actions.github.com/resourcebuilder.go
 	assert.Empty(t, deployment.Spec.Template.Spec.Containers[0].Resources)
 	assert.Nil(t, deployment.Spec.Template.Spec.Containers[0].SecurityContext)
 	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].VolumeMounts, 1)
@@ -732,6 +787,7 @@ func TestTemplate_ControllerContainerEnvironmentVariables(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"env[0].Name":                            "ENV_VAR_NAME_1",
 			"env[0].Value":                           "ENV_VAR_VALUE_1",
@@ -752,19 +808,19 @@ func TestTemplate_ControllerContainerEnvironmentVariables(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &deployment)
 	assert.Equal(t, namespaceName, deployment.Namespace)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller", deployment.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller", deployment.Name)
-	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Env, 7)
+	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].Env, 6)
-	assert.Equal(t, "ENV_VAR_NAME_1", deployment.Spec.Template.Spec.Containers[0].Env[3].Name)
+	assert.Equal(t, "ENV_VAR_NAME_1", deployment.Spec.Template.Spec.Containers[0].Env[2].Name)
-	assert.Equal(t, "ENV_VAR_VALUE_1", deployment.Spec.Template.Spec.Containers[0].Env[3].Value)
+	assert.Equal(t, "ENV_VAR_VALUE_1", deployment.Spec.Template.Spec.Containers[0].Env[2].Value)
-	assert.Equal(t, "ENV_VAR_NAME_2", deployment.Spec.Template.Spec.Containers[0].Env[4].Name)
+	assert.Equal(t, "ENV_VAR_NAME_2", deployment.Spec.Template.Spec.Containers[0].Env[3].Name)
-	assert.Equal(t, "secret-name", deployment.Spec.Template.Spec.Containers[0].Env[4].ValueFrom.SecretKeyRef.Name)
+	assert.Equal(t, "secret-name", deployment.Spec.Template.Spec.Containers[0].Env[3].ValueFrom.SecretKeyRef.Name)
-	assert.Equal(t, "ENV_VAR_NAME_2", deployment.Spec.Template.Spec.Containers[0].Env[4].ValueFrom.SecretKeyRef.Key)
+	assert.Equal(t, "ENV_VAR_NAME_2", deployment.Spec.Template.Spec.Containers[0].Env[3].ValueFrom.SecretKeyRef.Key)
-	assert.True(t, *deployment.Spec.Template.Spec.Containers[0].Env[4].ValueFrom.SecretKeyRef.Optional)
+	assert.True(t, *deployment.Spec.Template.Spec.Containers[0].Env[3].ValueFrom.SecretKeyRef.Optional)
-	assert.Equal(t, "ENV_VAR_NAME_3", deployment.Spec.Template.Spec.Containers[0].Env[5].Name)
+	assert.Equal(t, "ENV_VAR_NAME_3", deployment.Spec.Template.Spec.Containers[0].Env[4].Name)
-	assert.Empty(t, deployment.Spec.Template.Spec.Containers[0].Env[5].Value)
+	assert.Empty(t, deployment.Spec.Template.Spec.Containers[0].Env[4].Value)
-	assert.Equal(t, "ENV_VAR_NAME_4", deployment.Spec.Template.Spec.Containers[0].Env[6].Name)
+	assert.Equal(t, "ENV_VAR_NAME_4", deployment.Spec.Template.Spec.Containers[0].Env[5].Name)
-	assert.Empty(t, deployment.Spec.Template.Spec.Containers[0].Env[6].ValueFrom)
+	assert.Empty(t, deployment.Spec.Template.Spec.Containers[0].Env[5].ValueFrom)
 }
 func TestTemplate_WatchSingleNamespace_NotCreateManagerClusterRole(t *testing.T) {
@@ -778,6 +834,7 @@ func TestTemplate_WatchSingleNamespace_NotCreateManagerClusterRole(t *testing.T)
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"flags.watchSingleNamespace": "demo",
 		},
@@ -799,6 +856,7 @@ func TestTemplate_WatchSingleNamespace_NotManagerClusterRoleBinding(t *testing.T
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"serviceAccount.create":      "true",
 			"flags.watchSingleNamespace": "demo",
@@ -821,6 +879,7 @@ func TestTemplate_CreateManagerSingleNamespaceRole(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"flags.watchSingleNamespace": "demo",
 		},
@@ -832,7 +891,7 @@ func TestTemplate_CreateManagerSingleNamespaceRole(t *testing.T) {
 	var managerSingleNamespaceControllerRole rbacv1.Role
 	helm.UnmarshalK8SYaml(t, output, &managerSingleNamespaceControllerRole)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller-manager-single-namespace-role", managerSingleNamespaceControllerRole.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller-single-namespace", managerSingleNamespaceControllerRole.Name)
 	assert.Equal(t, namespaceName, managerSingleNamespaceControllerRole.Namespace)
 	assert.Equal(t, 10, len(managerSingleNamespaceControllerRole.Rules))
@@ -841,7 +900,7 @@ func TestTemplate_CreateManagerSingleNamespaceRole(t *testing.T) {
 	var managerSingleNamespaceWatchRole rbacv1.Role
 	helm.UnmarshalK8SYaml(t, output, &managerSingleNamespaceWatchRole)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller-manager-single-namespace-role", managerSingleNamespaceWatchRole.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller-single-namespace-watch", managerSingleNamespaceWatchRole.Name)
 	assert.Equal(t, "demo", managerSingleNamespaceWatchRole.Namespace)
 	assert.Equal(t, 14, len(managerSingleNamespaceWatchRole.Rules))
 }
@@ -857,6 +916,7 @@ func TestTemplate_ManagerSingleNamespaceRoleBinding(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"flags.watchSingleNamespace": "demo",
 		},
@@ -868,10 +928,10 @@ func TestTemplate_ManagerSingleNamespaceRoleBinding(t *testing.T) {
 	var managerSingleNamespaceControllerRoleBinding rbacv1.RoleBinding
 	helm.UnmarshalK8SYaml(t, output, &managerSingleNamespaceControllerRoleBinding)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller-manager-single-namespace-rolebinding", managerSingleNamespaceControllerRoleBinding.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller-single-namespace", managerSingleNamespaceControllerRoleBinding.Name)
 	assert.Equal(t, namespaceName, managerSingleNamespaceControllerRoleBinding.Namespace)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller-manager-single-namespace-role", managerSingleNamespaceControllerRoleBinding.RoleRef.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller-single-namespace", managerSingleNamespaceControllerRoleBinding.RoleRef.Name)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller", managerSingleNamespaceControllerRoleBinding.Subjects[0].Name)
+	assert.Equal(t, "test-arc-gha-rs-controller", managerSingleNamespaceControllerRoleBinding.Subjects[0].Name)
 	assert.Equal(t, namespaceName, managerSingleNamespaceControllerRoleBinding.Subjects[0].Namespace)
 	output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/manager_single_namespace_watch_role_binding.yaml"})
@@ -879,9 +939,81 @@ func TestTemplate_ManagerSingleNamespaceRoleBinding(t *testing.T) {
 	var managerSingleNamespaceWatchRoleBinding rbacv1.RoleBinding
 	helm.UnmarshalK8SYaml(t, output, &managerSingleNamespaceWatchRoleBinding)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller-manager-single-namespace-rolebinding", managerSingleNamespaceWatchRoleBinding.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller-single-namespace-watch", managerSingleNamespaceWatchRoleBinding.Name)
 	assert.Equal(t, "demo", managerSingleNamespaceWatchRoleBinding.Namespace)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller-manager-single-namespace-role", managerSingleNamespaceWatchRoleBinding.RoleRef.Name)
+	assert.Equal(t, "test-arc-gha-rs-controller-single-namespace-watch", managerSingleNamespaceWatchRoleBinding.RoleRef.Name)
-	assert.Equal(t, "test-arc-gha-runner-scale-set-controller", managerSingleNamespaceWatchRoleBinding.Subjects[0].Name)
+	assert.Equal(t, "test-arc-gha-rs-controller", managerSingleNamespaceWatchRoleBinding.Subjects[0].Name)
 	assert.Equal(t, namespaceName, managerSingleNamespaceWatchRoleBinding.Subjects[0].Namespace)
 }
 func TestControllerDeployment_MetricsPorts(t *testing.T) {
 	t.Parallel()
 	// Path to the helm chart we will test
 	helmChartPath, err := filepath.Abs("../../gha-runner-scale-set-controller")
 	require.NoError(t, err)
 	chartContent, err := os.ReadFile(filepath.Join(helmChartPath, "Chart.yaml"))
 	require.NoError(t, err)
 	chart := new(Chart)
 	err = yaml.Unmarshal(chartContent, chart)
 	require.NoError(t, err)
 	releaseName := "test-arc"
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"image.tag":                     "dev",
 			"metrics.controllerManagerAddr": ":8080",
 			"metrics.listenerAddr":          ":8081",
 			"metrics.listenerEndpoint":      "/metrics",
 		},
 		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 	}
 	output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/deployment.yaml"})
 	var deployment appsv1.Deployment
 	helm.UnmarshalK8SYaml(t, output, &deployment)
 	require.Len(t, deployment.Spec.Template.Spec.Containers, 1, "Expected one container")
 	container := deployment.Spec.Template.Spec.Containers[0]
 	assert.Len(t, container.Ports, 1)
 	port := container.Ports[0]
 	assert.Equal(t, corev1.Protocol("TCP"), port.Protocol)
 	assert.Equal(t, int32(8080), port.ContainerPort)
 	metricsFlags := map[string]*struct {
 		expect    string
 		frequency int
 	}{
 		"--listener-metrics-addr": {
 			expect: ":8081",
 		},
 		"--listener-metrics-endpoint": {
 			expect: "/metrics",
 		},
 		"--metrics-addr": {
 			expect: ":8080",
 		},
 	}
 	for _, cmd := range container.Args {
 		s := strings.Split(cmd, "=")
 		if len(s) != 2 {
 			continue
 		}
 		flag, ok := metricsFlags[s[0]]
 		if !ok {
 			continue
 		}
 		flag.frequency++
 		assert.Equal(t, flag.expect, s[1])
 	}
 	for key, value := range metricsFlags {
 		assert.Equal(t, value.frequency, 1, fmt.Sprintf("frequency of %q is not 1", key))
 	}
 }
--- a/charts/gha-runner-scale-set-controller/values.yaml
+++ b/charts/gha-runner-scale-set-controller/values.yaml
@@ -41,6 +41,8 @@ serviceAccount:
 podAnnotations: {}
 podLabels: {}
 podSecurityContext: {}
 # fsGroup: 2000
@@ -75,11 +77,41 @@ affinity: {}
 # PriorityClass: system-cluster-critical
 priorityClassName: ""
 ## If `metrics:` object is not provided, or commented out, the following flags 
 ## will be applied the controller-manager and listener pods with empty values: 
 ## `--metrics-addr`, `--listener-metrics-addr`, `--listener-metrics-endpoint`. 
 ## This will disable metrics.
 ##
 ## To enable metrics, uncomment the following lines.
 # metrics:
 #   controllerManagerAddr: ":8080"
 #   listenerAddr: ":8080"
 #   listenerEndpoint: "/metrics"
 flags:
-  # Log level can be set here with one of the following values: "debug", "info", "warn", "error".
+  ## Log level can be set here with one of the following values: "debug", "info", "warn", "error".
-  # Defaults to "debug".
+  ## Defaults to "debug".
  logLevel: "debug"
  ## Log format can be set with one of the following values: "text", "json"
  ## Defaults to "text"
  logFormat: "text"
  ## Restricts the controller to only watch resources in the desired namespace.
  ## Defaults to watch all namespaces when unset.
  # watchSingleNamespace: ""
  ## Defines how the controller should handle upgrades while having running jobs.
  ##
  ## The strategies available are:
  ## - "immediate": (default) The controller will immediately apply the change causing the
  ##   recreation of the listener and ephemeral runner set. This can lead to an
  ##   overprovisioning of runners, if there are pending / running jobs. This should not
  ##   be a problem at a small scale, but it could lead to a significant increase of
  ##   resources if you have a lot of jobs running concurrently.
  ##
  ## - "eventual": The controller will remove the listener and ephemeral runner set
  ##   immediately, but will not recreate them (to apply changes) until all
  ##   pending / running jobs have completed.
  ##   This can lead to a longer time to apply the change but it will ensure
  ##   that you don't have any overprovisioning of runners.
  updateStrategy: "immediate"
--- a/charts/gha-runner-scale-set/Chart.yaml
+++ b/charts/gha-runner-scale-set/Chart.yaml
@@ -15,18 +15,18 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.0
+version: 0.8.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.4.0"
+appVersion: "0.8.1"
-home: https://github.com/actions/dev-arc
+home: https://github.com/actions/actions-runner-controller
 sources:
-  - "https://github.com/actions/dev-arc"
+  - "https://github.com/actions/actions-runner-controller"
 maintainers:
  - name: actions
--- a/charts/gha-runner-scale-set/templates/_helpers.tpl
+++ b/charts/gha-runner-scale-set/templates/_helpers.tpl
@@ -1,8 +1,17 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "gha-base-name" -}}
 gha-rs
 {{- end }}
 {{- define "gha-runner-scale-set.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- default (include "gha-base-name" .) .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- define "gha-runner-scale-set.scale-set-name" -}}
 {{ .Values.runnerScaleSetName | default .Release.Name }}
 {{- end }}
 {{/*
@@ -11,15 +20,15 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "gha-runner-scale-set.fullname" -}}
-{{- $name := default .Chart.Name }}
+{{- $name := default (include "gha-base-name" .) }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- printf "%s-%s" (include "gha-runner-scale-set.scale-set-name" .) $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "gha-runner-scale-set.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- printf "%s-%s" (include "gha-base-name" .) .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
@@ -32,8 +41,8 @@ helm.sh/chart: {{ include "gha-runner-scale-set.chart" . }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
-app.kubernetes.io/part-of: gha-runner-scale-set
+app.kubernetes.io/part-of: gha-rs
-actions.github.com/scale-set-name: {{ .Release.Name }}
+actions.github.com/scale-set-name: {{ include "gha-runner-scale-set.scale-set-name" . }}
 actions.github.com/scale-set-namespace: {{ .Release.Namespace }}
 {{- end }}
@@ -41,8 +50,8 @@ actions.github.com/scale-set-namespace: {{ .Release.Namespace }}
 Selector labels
 */}}
 {{- define "gha-runner-scale-set.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "gha-runner-scale-set.name" . }}
+app.kubernetes.io/name: {{ include "gha-runner-scale-set.scale-set-name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/instance: {{ include "gha-runner-scale-set.scale-set-name" . }}
 {{- end }}
 {{- define "gha-runner-scale-set.githubsecret" -}}
@@ -58,19 +67,19 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{- define "gha-runner-scale-set.noPermissionServiceAccountName" -}}
-{{- include "gha-runner-scale-set.fullname" . }}-no-permission-service-account
+{{- include "gha-runner-scale-set.fullname" . }}-no-permission
 {{- end }}
 {{- define "gha-runner-scale-set.kubeModeRoleName" -}}
-{{- include "gha-runner-scale-set.fullname" . }}-kube-mode-role
+{{- include "gha-runner-scale-set.fullname" . }}-kube-mode
 {{- end }}
 {{- define "gha-runner-scale-set.kubeModeRoleBindingName" -}}
-{{- include "gha-runner-scale-set.fullname" . }}-kube-mode-role-binding
+{{- include "gha-runner-scale-set.fullname" . }}-kube-mode
 {{- end }}
 {{- define "gha-runner-scale-set.kubeModeServiceAccountName" -}}
-{{- include "gha-runner-scale-set.fullname" . }}-kube-mode-service-account
+{{- include "gha-runner-scale-set.fullname" . }}-kube-mode
 {{- end }}
 {{- define "gha-runner-scale-set.dind-init-container" -}}
@@ -88,19 +97,26 @@ volumeMounts:
 {{- define "gha-runner-scale-set.dind-container" -}}
 image: docker:dind
 args:
  - dockerd
  - --host=unix:///var/run/docker.sock
  - --group=$(DOCKER_GROUP_GID)
 env:
  - name: DOCKER_GROUP_GID
    value: "123"
 securityContext:
  privileged: true
 volumeMounts:
  - name: work
    mountPath: /home/runner/_work
-  - name: dind-cert
+  - name: dind-sock
-    mountPath: /certs/client
+    mountPath: /var/run
  - name: dind-externals
    mountPath: /home/runner/externals
 {{- end }}
 {{- define "gha-runner-scale-set.dind-volume" -}}
- name: dind-cert
+- name: dind-sock
  emptyDir: {}
 - name: dind-externals
  emptyDir: {}
@@ -180,8 +196,6 @@ volumeMounts:
      {{- end }}
    {{- end }}
    {{- $setDockerHost := 1 }}
    {{- $setDockerTlsVerify := 1 }}
    {{- $setDockerCertPath := 1 }}
    {{- $setRunnerWaitDocker := 1 }}
    {{- $setNodeExtraCaCerts := 0 }}
    {{- $setRunnerUpdateCaCerts := 0 }}
@@ -195,12 +209,6 @@ env:
        {{- if eq $env.name "DOCKER_HOST" }}
          {{- $setDockerHost = 0 }}
        {{- end }}
        {{- if eq $env.name "DOCKER_TLS_VERIFY" }}
          {{- $setDockerTlsVerify = 0 }}
        {{- end }}
        {{- if eq $env.name "DOCKER_CERT_PATH" }}
          {{- $setDockerCertPath = 0 }}
        {{- end }}
        {{- if eq $env.name "RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" }}
          {{- $setRunnerWaitDocker = 0 }}
        {{- end }}
@@ -215,15 +223,7 @@ env:
    {{- end }}
    {{- if $setDockerHost }}
  - name: DOCKER_HOST
-    value: tcp://localhost:2376
+    value: unix:///var/run/docker.sock
    {{- end }}
    {{- if $setDockerTlsVerify }}
  - name: DOCKER_TLS_VERIFY
    value: "1"
    {{- end }}
    {{- if $setDockerCertPath }}
  - name: DOCKER_CERT_PATH
    value: /certs/client
    {{- end }}
    {{- if $setRunnerWaitDocker }}
  - name: RUNNER_WAIT_FOR_DOCKER_IN_SECONDS
@@ -249,7 +249,7 @@ volumeMounts:
        {{- if eq $volMount.name "work" }}
          {{- $mountWork = 0 }}
        {{- end }}
-        {{- if eq $volMount.name "dind-cert" }}
+        {{- if eq $volMount.name "dind-sock" }}
          {{- $mountDindCert = 0 }}
        {{- end }}
        {{- if eq $volMount.name "github-server-tls-cert" }}
@@ -263,8 +263,8 @@ volumeMounts:
    mountPath: /home/runner/_work
    {{- end }}
    {{- if $mountDindCert }}
-  - name: dind-cert
+  - name: dind-sock
-    mountPath: /certs/client
+    mountPath: /var/run
    readOnly: true
    {{- end }}
    {{- if $mountGitHubServerTLS }}
@@ -385,6 +385,9 @@ volumeMounts:
    {{- $setNodeExtraCaCerts = 1 }}
    {{- $setRunnerUpdateCaCerts = 1 }}
  {{- end }}
  {{- $mountGitHubServerTLS := 0 }}
  {{- if or $container.env $setNodeExtraCaCerts $setRunnerUpdateCaCerts }}
  env:
    {{- with $container.env }}
      {{- range $i, $env := . }}
@@ -405,10 +408,12 @@ volumeMounts:
    - name: RUNNER_UPDATE_CA_CERTS
      value: "1"
    {{- end }}
    {{- $mountGitHubServerTLS := 0 }}
    {{- if $tlsConfig.runnerMountPath }}
      {{- $mountGitHubServerTLS = 1 }}
    {{- end }}
  {{- end }}
  {{- if or $container.volumeMounts $mountGitHubServerTLS }}
  volumeMounts:
    {{- with $container.volumeMounts }}
      {{- range $i, $volMount := . }}
@@ -423,16 +428,17 @@ volumeMounts:
      mountPath: {{ clean (print $tlsConfig.runnerMountPath "/" $tlsConfig.certificateFrom.configMapKeyRef.key) }}
      subPath: {{ $tlsConfig.certificateFrom.configMapKeyRef.key }}
    {{- end }}
  {{- end}}
 {{- end }}
 {{- end }}
 {{- end }}
 {{- define "gha-runner-scale-set.managerRoleName" -}}
-{{- include "gha-runner-scale-set.fullname" . }}-manager-role
+{{- include "gha-runner-scale-set.fullname" . }}-manager
 {{- end }}
 {{- define "gha-runner-scale-set.managerRoleBindingName" -}}
-{{- include "gha-runner-scale-set.fullname" . }}-manager-role-binding
+{{- include "gha-runner-scale-set.fullname" . }}-manager
 {{- end }}
 {{- define "gha-runner-scale-set.managerServiceAccountName" -}}
@@ -451,7 +457,7 @@ volumeMounts:
  {{- $managerServiceAccountName := "" }}
  {{- range $index, $deployment := (lookup "apps/v1" "Deployment" "" "").items }}
    {{- if kindIs "map" $deployment.metadata.labels }}
-      {{- if eq (get $deployment.metadata.labels "app.kubernetes.io/part-of") "gha-runner-scale-set-controller" }}
+      {{- if eq (get $deployment.metadata.labels "app.kubernetes.io/part-of") "gha-rs-controller" }}
        {{- if hasKey $deployment.metadata.labels "actions.github.com/controller-watch-single-namespace" }}
          {{- $singleNamespaceCounter = add $singleNamespaceCounter 1 }}
          {{- $_ := set $singleNamespaceControllerDeployments (get $deployment.metadata.labels "actions.github.com/controller-watch-single-namespace") $deployment}}
@@ -463,13 +469,13 @@ volumeMounts:
    {{- end }}
  {{- end }}
  {{- if and (eq $multiNamespacesCounter 0) (eq $singleNamespaceCounter 0) }}
-    {{- fail "No gha-runner-scale-set-controller deployment found using label (app.kubernetes.io/part-of=gha-runner-scale-set-controller). Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
+    {{- fail "No gha-rs-controller deployment found using label (app.kubernetes.io/part-of=gha-rs-controller). Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
  {{- end }}
  {{- if and (gt $multiNamespacesCounter 0) (gt $singleNamespaceCounter 0) }}
-    {{- fail "Found both gha-runner-scale-set-controller installed with flags.watchSingleNamespace set and unset in cluster, this is not supported. Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
+    {{- fail "Found both gha-rs-controller installed with flags.watchSingleNamespace set and unset in cluster, this is not supported. Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
  {{- end }}
  {{- if gt $multiNamespacesCounter 1 }}
-    {{- fail "More than one gha-runner-scale-set-controller deployment found using label (app.kubernetes.io/part-of=gha-runner-scale-set-controller). Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
+    {{- fail "More than one gha-rs-controller deployment found using label (app.kubernetes.io/part-of=gha-rs-controller). Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
  {{- end }}
  {{- if eq $multiNamespacesCounter 1 }}
    {{- with $controllerDeployment.metadata }}
@@ -482,11 +488,11 @@ volumeMounts:
        {{- $managerServiceAccountName = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-name") }}
      {{- end }}
    {{- else }}
-      {{- fail "No gha-runner-scale-set-controller deployment that watch this namespace found using label (actions.github.com/controller-watch-single-namespace). Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
+      {{- fail "No gha-rs-controller deployment that watch this namespace found using label (actions.github.com/controller-watch-single-namespace). Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
    {{- end }}
  {{- end }}
  {{- if eq $managerServiceAccountName "" }}
-    {{- fail "No service account name found for gha-runner-scale-set-controller deployment using label (actions.github.com/controller-service-account-name), consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
+    {{- fail "No service account name found for gha-rs-controller deployment using label (actions.github.com/controller-service-account-name), consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
  {{- end }}
 {{- $managerServiceAccountName }}
 {{- end }}
@@ -508,7 +514,7 @@ volumeMounts:
  {{- $managerServiceAccountNamespace := "" }}
  {{- range $index, $deployment := (lookup "apps/v1" "Deployment" "" "").items }}
    {{- if kindIs "map" $deployment.metadata.labels }}
-      {{- if eq (get $deployment.metadata.labels "app.kubernetes.io/part-of") "gha-runner-scale-set-controller" }}
+      {{- if eq (get $deployment.metadata.labels "app.kubernetes.io/part-of") "gha-rs-controller" }}
        {{- if hasKey $deployment.metadata.labels "actions.github.com/controller-watch-single-namespace" }}
          {{- $singleNamespaceCounter = add $singleNamespaceCounter 1 }}
          {{- $_ := set $singleNamespaceControllerDeployments (get $deployment.metadata.labels "actions.github.com/controller-watch-single-namespace") $deployment}}
@@ -520,13 +526,13 @@ volumeMounts:
    {{- end }}
  {{- end }}
  {{- if and (eq $multiNamespacesCounter 0) (eq $singleNamespaceCounter 0) }}
-    {{- fail "No gha-runner-scale-set-controller deployment found using label (app.kubernetes.io/part-of=gha-runner-scale-set-controller). Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
+    {{- fail "No gha-rs-controller deployment found using label (app.kubernetes.io/part-of=gha-rs-controller). Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
  {{- end }}
  {{- if and (gt $multiNamespacesCounter 0) (gt $singleNamespaceCounter 0) }}
-    {{- fail "Found both gha-runner-scale-set-controller installed with flags.watchSingleNamespace set and unset in cluster, this is not supported. Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
+    {{- fail "Found both gha-rs-controller installed with flags.watchSingleNamespace set and unset in cluster, this is not supported. Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
  {{- end }}
  {{- if gt $multiNamespacesCounter 1 }}
-    {{- fail "More than one gha-runner-scale-set-controller deployment found using label (app.kubernetes.io/part-of=gha-runner-scale-set-controller). Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
+    {{- fail "More than one gha-rs-controller deployment found using label (app.kubernetes.io/part-of=gha-rs-controller). Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
  {{- end }}
  {{- if eq $multiNamespacesCounter 1 }}
    {{- with $controllerDeployment.metadata }}
@@ -539,11 +545,11 @@ volumeMounts:
        {{- $managerServiceAccountNamespace = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-namespace") }}
      {{- end }}
    {{- else }}
-      {{- fail "No gha-runner-scale-set-controller deployment that watch this namespace found using label (actions.github.com/controller-watch-single-namespace). Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
+      {{- fail "No gha-rs-controller deployment that watch this namespace found using label (actions.github.com/controller-watch-single-namespace). Consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
    {{- end }}
  {{- end }}
  {{- if eq $managerServiceAccountNamespace "" }}
-    {{- fail "No service account namespace found for gha-runner-scale-set-controller deployment using label (actions.github.com/controller-service-account-namespace), consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
+    {{- fail "No service account namespace found for gha-rs-controller deployment using label (actions.github.com/controller-service-account-namespace), consider setting controllerServiceAccount.name in values.yaml to be explicit if you think the discovery is wrong." }}
  {{- end }}
 {{- $managerServiceAccountNamespace }}
 {{- end }}
--- a/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml
+++ b/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml
@@ -1,13 +1,13 @@
 apiVersion: actions.github.com/v1alpha1
 kind: AutoscalingRunnerSet
 metadata:
-  {{- if or (not .Release.Name) (gt (len .Release.Name) 45) }}
+  {{- if or (not (include "gha-runner-scale-set.scale-set-name" .)) (gt (len (include "gha-runner-scale-set.scale-set-name" .)) 45) }}
  {{ fail "Name must have up to 45 characters" }}
  {{- end }}
  {{- if gt (len .Release.Namespace) 63 }}
  {{ fail "Namespace must have up to 63 characters" }}
  {{- end }}
-  name: {{ .Release.Name }}
+  name: {{ include "gha-runner-scale-set.scale-set-name" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/component: "autoscaling-runner-set"
@@ -88,6 +88,11 @@ spec:
  minRunners: {{ .Values.minRunners | int }}
  {{- end }}
  {{- with .Values.listenerTemplate}}
  listenerTemplate:
    {{- toYaml . | nindent 4}}
  {{- end }}
  template:
    {{- with .Values.template.metadata }}
    metadata:
@@ -106,6 +111,9 @@ spec:
      {{ $key }}: {{ $val | toYaml | nindent 8 }}
        {{- end }}
      {{- end }}
      {{- if not .Values.template.spec.restartPolicy }}
      restartPolicy: Never
      {{- end }}
      {{- $containerMode := .Values.containerMode }}
      {{- if eq $containerMode.type "kubernetes" }}
      serviceAccountName: {{ default (include "gha-runner-scale-set.kubeModeServiceAccountName" .) .Values.template.spec.serviceAccountName }}
@@ -119,7 +127,7 @@ spec:
        {{- include "gha-runner-scale-set.dind-init-container" . | nindent 8 }}
        {{- end }}
        {{- with .Values.template.spec.initContainers }}
-      {{- toYaml . | nindent 8 }}
+      {{- toYaml . | nindent 6 }}
        {{- end }}
      {{- end }}
      containers:
--- a/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml
+++ b/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml
@@ -5,6 +5,12 @@ kind: ServiceAccount
 metadata:
  name: {{ include "gha-runner-scale-set.kubeModeServiceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  {{- if .Values.containerMode.kubernetesModeServiceAccount }}
  {{- with .Values.containerMode.kubernetesModeServiceAccount.annotations }}
  annotations:
  {{- toYaml . | nindent 4 }}
  {{- end }}
  {{- end }}
  finalizers:
    - actions.github.com/cleanup-protection
  labels:
--- a/charts/gha-runner-scale-set/tests/template_test.go
+++ b/charts/gha-runner-scale-set/tests/template_test.go
@@ -10,6 +10,7 @@ import (
 	actionsgithubcom "github.com/actions/actions-runner-controller/controllers/actions.github.com"
 	"github.com/gruntwork-io/terratest/modules/helm"
 	"github.com/gruntwork-io/terratest/modules/k8s"
 	"github.com/gruntwork-io/terratest/modules/logger"
 	"github.com/gruntwork-io/terratest/modules/random"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -28,6 +29,7 @@ func TestTemplateRenderedGitHubSecretWithGitHubToken(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
@@ -43,7 +45,7 @@ func TestTemplateRenderedGitHubSecretWithGitHubToken(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &githubSecret)
 	assert.Equal(t, namespaceName, githubSecret.Namespace)
-	assert.Equal(t, "test-runners-gha-runner-scale-set-github-secret", githubSecret.Name)
+	assert.Equal(t, "test-runners-gha-rs-github-secret", githubSecret.Name)
 	assert.Equal(t, "gh_token12345", string(githubSecret.Data["github_token"]))
 	assert.Equal(t, "actions.github.com/cleanup-protection", githubSecret.Finalizers[0])
 }
@@ -59,6 +61,7 @@ func TestTemplateRenderedGitHubSecretWithGitHubApp(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                               "https://github.com/actions",
 			"githubConfigSecret.github_app_id":              "10",
@@ -92,6 +95,7 @@ func TestTemplateRenderedGitHubSecretErrorWithMissingAuthInput(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_app_id":   "",
@@ -119,6 +123,7 @@ func TestTemplateRenderedGitHubSecretErrorWithMissingAppInput(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_app_id":   "10",
@@ -145,6 +150,7 @@ func TestTemplateNotRenderedGitHubSecretWithPredefinedSecret(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret":                 "pre-defined-secret",
@@ -169,6 +175,7 @@ func TestTemplateRenderedSetServiceAccountToNoPermission(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
@@ -183,13 +190,13 @@ func TestTemplateRenderedSetServiceAccountToNoPermission(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &serviceAccount)
 	assert.Equal(t, namespaceName, serviceAccount.Namespace)
-	assert.Equal(t, "test-runners-gha-runner-scale-set-no-permission-service-account", serviceAccount.Name)
+	assert.Equal(t, "test-runners-gha-rs-no-permission", serviceAccount.Name)
 	output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/autoscalingrunnerset.yaml"})
 	var ars v1alpha1.AutoscalingRunnerSet
 	helm.UnmarshalK8SYaml(t, output, &ars)
-	assert.Equal(t, "test-runners-gha-runner-scale-set-no-permission-service-account", ars.Spec.Template.Spec.ServiceAccountName)
+	assert.Equal(t, "test-runners-gha-rs-no-permission", ars.Spec.Template.Spec.ServiceAccountName)
 	assert.Empty(t, ars.Annotations[actionsgithubcom.AnnotationKeyKubernetesModeServiceAccountName]) // no finalizer protections in place
 }
@@ -204,6 +211,7 @@ func TestTemplateRenderedSetServiceAccountToKubeMode(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
@@ -219,7 +227,7 @@ func TestTemplateRenderedSetServiceAccountToKubeMode(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &serviceAccount)
 	assert.Equal(t, namespaceName, serviceAccount.Namespace)
-	assert.Equal(t, "test-runners-gha-runner-scale-set-kube-mode-service-account", serviceAccount.Name)
+	assert.Equal(t, "test-runners-gha-rs-kube-mode", serviceAccount.Name)
 	assert.Equal(t, "actions.github.com/cleanup-protection", serviceAccount.Finalizers[0])
 	output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/kube_mode_role.yaml"})
@@ -227,7 +235,7 @@ func TestTemplateRenderedSetServiceAccountToKubeMode(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &role)
 	assert.Equal(t, namespaceName, role.Namespace)
-	assert.Equal(t, "test-runners-gha-runner-scale-set-kube-mode-role", role.Name)
+	assert.Equal(t, "test-runners-gha-rs-kube-mode", role.Name)
 	assert.Equal(t, "actions.github.com/cleanup-protection", role.Finalizers[0])
@@ -243,11 +251,11 @@ func TestTemplateRenderedSetServiceAccountToKubeMode(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &roleBinding)
 	assert.Equal(t, namespaceName, roleBinding.Namespace)
-	assert.Equal(t, "test-runners-gha-runner-scale-set-kube-mode-role-binding", roleBinding.Name)
+	assert.Equal(t, "test-runners-gha-rs-kube-mode", roleBinding.Name)
 	assert.Len(t, roleBinding.Subjects, 1)
-	assert.Equal(t, "test-runners-gha-runner-scale-set-kube-mode-service-account", roleBinding.Subjects[0].Name)
+	assert.Equal(t, "test-runners-gha-rs-kube-mode", roleBinding.Subjects[0].Name)
 	assert.Equal(t, namespaceName, roleBinding.Subjects[0].Namespace)
-	assert.Equal(t, "test-runners-gha-runner-scale-set-kube-mode-role", roleBinding.RoleRef.Name)
+	assert.Equal(t, "test-runners-gha-rs-kube-mode", roleBinding.RoleRef.Name)
 	assert.Equal(t, "Role", roleBinding.RoleRef.Kind)
 	assert.Equal(t, "actions.github.com/cleanup-protection", serviceAccount.Finalizers[0])
@@ -255,7 +263,7 @@ func TestTemplateRenderedSetServiceAccountToKubeMode(t *testing.T) {
 	var ars v1alpha1.AutoscalingRunnerSet
 	helm.UnmarshalK8SYaml(t, output, &ars)
-	expectedServiceAccountName := "test-runners-gha-runner-scale-set-kube-mode-service-account"
+	expectedServiceAccountName := "test-runners-gha-rs-kube-mode"
 	assert.Equal(t, expectedServiceAccountName, ars.Spec.Template.Spec.ServiceAccountName)
 	assert.Equal(t, expectedServiceAccountName, ars.Annotations[actionsgithubcom.AnnotationKeyKubernetesModeServiceAccountName])
 }
@@ -271,6 +279,7 @@ func TestTemplateRenderedUserProvideSetServiceAccount(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
@@ -303,6 +312,7 @@ func TestTemplateRenderedAutoScalingRunnerSet(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
@@ -320,14 +330,14 @@ func TestTemplateRenderedAutoScalingRunnerSet(t *testing.T) {
 	assert.Equal(t, namespaceName, ars.Namespace)
 	assert.Equal(t, "test-runners", ars.Name)
-	assert.Equal(t, "gha-runner-scale-set", ars.Labels["app.kubernetes.io/name"])
+	assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/name"])
 	assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/instance"])
-	assert.Equal(t, "gha-runner-scale-set", ars.Labels["app.kubernetes.io/part-of"])
+	assert.Equal(t, "gha-rs", ars.Labels["app.kubernetes.io/part-of"])
 	assert.Equal(t, "autoscaling-runner-set", ars.Labels["app.kubernetes.io/component"])
 	assert.NotEmpty(t, ars.Labels["app.kubernetes.io/version"])
 	assert.Equal(t, "https://github.com/actions", ars.Spec.GitHubConfigUrl)
-	assert.Equal(t, "test-runners-gha-runner-scale-set-github-secret", ars.Spec.GitHubConfigSecret)
+	assert.Equal(t, "test-runners-gha-rs-github-secret", ars.Spec.GitHubConfigSecret)
 	assert.Empty(t, ars.Spec.RunnerGroup, "RunnerGroup should be empty")
@@ -351,13 +361,15 @@ func TestTemplateRenderedAutoScalingRunnerSet_RunnerScaleSetName(t *testing.T) {
 	require.NoError(t, err)
 	releaseName := "test-runners"
 	nameOverride := "test-runner-scale-set-name"
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
-			"runnerScaleSetName":                 "test-runner-scale-set-name",
+			"runnerScaleSetName":                 nameOverride,
 			"controllerServiceAccount.name":      "arc",
 			"controllerServiceAccount.namespace": "arc-system",
 		},
@@ -370,12 +382,15 @@ func TestTemplateRenderedAutoScalingRunnerSet_RunnerScaleSetName(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &ars)
 	assert.Equal(t, namespaceName, ars.Namespace)
-	assert.Equal(t, "test-runners", ars.Name)
+	assert.Equal(t, nameOverride, ars.Name)
-	assert.Equal(t, "gha-runner-scale-set", ars.Labels["app.kubernetes.io/name"])
+	assert.Equal(t, nameOverride, ars.Labels["app.kubernetes.io/name"])
-	assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/instance"])
+	assert.Equal(t, nameOverride, ars.Labels["app.kubernetes.io/instance"])
 	assert.Equal(t, nameOverride, ars.Labels["actions.github.com/scale-set-name"])
 	assert.Equal(t, namespaceName, ars.Labels["actions.github.com/scale-set-namespace"])
 	assert.Equal(t, "gha-rs", ars.Labels["app.kubernetes.io/part-of"])
 	assert.Equal(t, "https://github.com/actions", ars.Spec.GitHubConfigUrl)
-	assert.Equal(t, "test-runners-gha-runner-scale-set-github-secret", ars.Spec.GitHubConfigSecret)
+	assert.Equal(t, nameOverride+"-gha-rs-github-secret", ars.Spec.GitHubConfigSecret)
 	assert.Equal(t, "test-runner-scale-set-name", ars.Spec.RunnerScaleSetName)
 	assert.Empty(t, ars.Spec.RunnerGroup, "RunnerGroup should be empty")
@@ -403,6 +418,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_ProvideMetadata(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                     "https://github.com/actions",
 			"githubConfigSecret.github_token":     "gh_token12345",
@@ -450,6 +466,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_MaxRunnersValidationError(t *testi
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
@@ -477,6 +494,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_MinRunnersValidationError(t *testi
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
@@ -505,6 +523,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_MinMaxRunnersValidationError(t *te
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
@@ -533,6 +552,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_MinMaxRunnersValidationSameValue(t
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
@@ -564,6 +584,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_MinMaxRunnersValidation_OnlyMin(t
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
@@ -594,6 +615,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_MinMaxRunnersValidation_OnlyMax(t
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
@@ -627,6 +649,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_MinMaxRunners_FromValuesFile(t *te
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger:         logger.Discard,
 		ValuesFiles:    []string{testValuesPath},
 		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 	}
@@ -654,6 +677,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_ExtraVolumes(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"controllerServiceAccount.name":      "arc",
 			"controllerServiceAccount.namespace": "arc-system",
@@ -674,6 +698,81 @@ func TestTemplateRenderedAutoScalingRunnerSet_ExtraVolumes(t *testing.T) {
 	assert.Equal(t, "/data", ars.Spec.Template.Spec.Volumes[2].HostPath.Path, "Volume host path should be /data")
 }
 func TestTemplateRenderedAutoScalingRunnerSet_DinD_ExtraInitContainers(t *testing.T) {
 	t.Parallel()
 	// Path to the helm chart we will test
 	helmChartPath, err := filepath.Abs("../../gha-runner-scale-set")
 	require.NoError(t, err)
 	testValuesPath, err := filepath.Abs("../tests/values_dind_extra_init_containers.yaml")
 	require.NoError(t, err)
 	releaseName := "test-runners"
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"controllerServiceAccount.name":      "arc",
 			"controllerServiceAccount.namespace": "arc-system",
 		},
 		ValuesFiles:    []string{testValuesPath},
 		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 	}
 	output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/autoscalingrunnerset.yaml"})
 	var ars v1alpha1.AutoscalingRunnerSet
 	helm.UnmarshalK8SYaml(t, output, &ars)
 	assert.Len(t, ars.Spec.Template.Spec.InitContainers, 3, "InitContainers should be 3")
 	assert.Equal(t, "kube-init", ars.Spec.Template.Spec.InitContainers[1].Name, "InitContainers[1] Name should be kube-init")
 	assert.Equal(t, "runner-image:latest", ars.Spec.Template.Spec.InitContainers[1].Image, "InitContainers[1] Image should be runner-image:latest")
 	assert.Equal(t, "sudo", ars.Spec.Template.Spec.InitContainers[1].Command[0], "InitContainers[1] Command[0] should be sudo")
 	assert.Equal(t, "chown", ars.Spec.Template.Spec.InitContainers[1].Command[1], "InitContainers[1] Command[1] should be chown")
 	assert.Equal(t, "-R", ars.Spec.Template.Spec.InitContainers[1].Command[2], "InitContainers[1] Command[2] should be -R")
 	assert.Equal(t, "1001:123", ars.Spec.Template.Spec.InitContainers[1].Command[3], "InitContainers[1] Command[3] should be 1001:123")
 	assert.Equal(t, "/home/runner/_work", ars.Spec.Template.Spec.InitContainers[1].Command[4], "InitContainers[1] Command[4] should be /home/runner/_work")
 	assert.Equal(t, "work", ars.Spec.Template.Spec.InitContainers[1].VolumeMounts[0].Name, "InitContainers[1] VolumeMounts[0] Name should be work")
 	assert.Equal(t, "/home/runner/_work", ars.Spec.Template.Spec.InitContainers[1].VolumeMounts[0].MountPath, "InitContainers[1] VolumeMounts[0] MountPath should be /home/runner/_work")
 	assert.Equal(t, "ls", ars.Spec.Template.Spec.InitContainers[2].Name, "InitContainers[2] Name should be ls")
 	assert.Equal(t, "ubuntu:latest", ars.Spec.Template.Spec.InitContainers[2].Image, "InitContainers[2] Image should be ubuntu:latest")
 	assert.Equal(t, "ls", ars.Spec.Template.Spec.InitContainers[2].Command[0], "InitContainers[2] Command[0] should be ls")
 }
 func TestTemplateRenderedKubernetesModeServiceAccountAnnotations(t *testing.T) {
 	t.Parallel()
 	// Path to the helm chart we will test
 	helmChartPath, err := filepath.Abs("../../gha-runner-scale-set")
 	require.NoError(t, err)
 	testValuesPath, err := filepath.Abs("../tests/values_kubernetes_mode_service_account_annotations.yaml")
 	require.NoError(t, err)
 	releaseName := "test-runners"
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"controllerServiceAccount.name":      "arc",
 			"controllerServiceAccount.namespace": "arc-system",
 		},
 		ValuesFiles:    []string{testValuesPath},
 		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 	}
 	output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/kube_mode_serviceaccount.yaml"})
 	var sa corev1.ServiceAccount
 	helm.UnmarshalK8SYaml(t, output, &sa)
 	assert.Equal(t, "arn:aws:iam::123456789012:role/sample-role", sa.Annotations["eks.amazonaws.com/role-arn"], "Annotations should be arn:aws:iam::123456789012:role/sample-role")
 }
 func TestTemplateRenderedAutoScalingRunnerSet_DinD_ExtraVolumes(t *testing.T) {
 	t.Parallel()
@@ -688,6 +787,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_DinD_ExtraVolumes(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"controllerServiceAccount.name":      "arc",
 			"controllerServiceAccount.namespace": "arc-system",
@@ -702,7 +802,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_DinD_ExtraVolumes(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &ars)
 	assert.Len(t, ars.Spec.Template.Spec.Volumes, 5, "Volumes should be 5")
-	assert.Equal(t, "dind-cert", ars.Spec.Template.Spec.Volumes[0].Name, "Volume name should be dind-cert")
+	assert.Equal(t, "dind-sock", ars.Spec.Template.Spec.Volumes[0].Name, "Volume name should be dind-sock")
 	assert.Equal(t, "dind-externals", ars.Spec.Template.Spec.Volumes[1].Name, "Volume name should be dind-externals")
 	assert.Equal(t, "work", ars.Spec.Template.Spec.Volumes[2].Name, "Volume name should be work")
 	assert.Equal(t, "/data", ars.Spec.Template.Spec.Volumes[2].HostPath.Path, "Volume host path should be /data")
@@ -724,6 +824,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_K8S_ExtraVolumes(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"controllerServiceAccount.name":      "arc",
 			"controllerServiceAccount.namespace": "arc-system",
@@ -755,6 +856,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_EnableDinD(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
@@ -773,10 +875,10 @@ func TestTemplateRenderedAutoScalingRunnerSet_EnableDinD(t *testing.T) {
 	assert.Equal(t, namespaceName, ars.Namespace)
 	assert.Equal(t, "test-runners", ars.Name)
-	assert.Equal(t, "gha-runner-scale-set", ars.Labels["app.kubernetes.io/name"])
+	assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/name"])
 	assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/instance"])
 	assert.Equal(t, "https://github.com/actions", ars.Spec.GitHubConfigUrl)
-	assert.Equal(t, "test-runners-gha-runner-scale-set-github-secret", ars.Spec.GitHubConfigSecret)
+	assert.Equal(t, "test-runners-gha-rs-github-secret", ars.Spec.GitHubConfigSecret)
 	assert.Empty(t, ars.Spec.RunnerGroup, "RunnerGroup should be empty")
@@ -796,40 +898,36 @@ func TestTemplateRenderedAutoScalingRunnerSet_EnableDinD(t *testing.T) {
 	assert.Len(t, ars.Spec.Template.Spec.Containers, 2, "Template.Spec should have 2 container")
 	assert.Equal(t, "runner", ars.Spec.Template.Spec.Containers[0].Name)
 	assert.Equal(t, "ghcr.io/actions/actions-runner:latest", ars.Spec.Template.Spec.Containers[0].Image)
-	assert.Len(t, ars.Spec.Template.Spec.Containers[0].Env, 4, "The runner container should have 4 env vars, DOCKER_HOST, DOCKER_TLS_VERIFY, DOCKER_CERT_PATH and RUNNER_WAIT_FOR_DOCKER_IN_SECONDS")
+	assert.Len(t, ars.Spec.Template.Spec.Containers[0].Env, 2, "The runner container should have 2 env vars, DOCKER_HOST and RUNNER_WAIT_FOR_DOCKER_IN_SECONDS")
 	assert.Equal(t, "DOCKER_HOST", ars.Spec.Template.Spec.Containers[0].Env[0].Name)
-	assert.Equal(t, "tcp://localhost:2376", ars.Spec.Template.Spec.Containers[0].Env[0].Value)
+	assert.Equal(t, "unix:///run/docker/docker.sock", ars.Spec.Template.Spec.Containers[0].Env[0].Value)
-	assert.Equal(t, "DOCKER_TLS_VERIFY", ars.Spec.Template.Spec.Containers[0].Env[1].Name)
+	assert.Equal(t, "RUNNER_WAIT_FOR_DOCKER_IN_SECONDS", ars.Spec.Template.Spec.Containers[0].Env[1].Name)
-	assert.Equal(t, "1", ars.Spec.Template.Spec.Containers[0].Env[1].Value)
+	assert.Equal(t, "120", ars.Spec.Template.Spec.Containers[0].Env[1].Value)
 	assert.Equal(t, "DOCKER_CERT_PATH", ars.Spec.Template.Spec.Containers[0].Env[2].Name)
 	assert.Equal(t, "/certs/client", ars.Spec.Template.Spec.Containers[0].Env[2].Value)
 	assert.Equal(t, "RUNNER_WAIT_FOR_DOCKER_IN_SECONDS", ars.Spec.Template.Spec.Containers[0].Env[3].Name)
 	assert.Equal(t, "120", ars.Spec.Template.Spec.Containers[0].Env[3].Value)
-	assert.Len(t, ars.Spec.Template.Spec.Containers[0].VolumeMounts, 2, "The runner container should have 2 volume mounts, dind-cert and work")
+	assert.Len(t, ars.Spec.Template.Spec.Containers[0].VolumeMounts, 2, "The runner container should have 2 volume mounts, dind-sock and work")
 	assert.Equal(t, "work", ars.Spec.Template.Spec.Containers[0].VolumeMounts[0].Name)
 	assert.Equal(t, "/home/runner/_work", ars.Spec.Template.Spec.Containers[0].VolumeMounts[0].MountPath)
 	assert.False(t, ars.Spec.Template.Spec.Containers[0].VolumeMounts[0].ReadOnly)
-	assert.Equal(t, "dind-cert", ars.Spec.Template.Spec.Containers[0].VolumeMounts[1].Name)
+	assert.Equal(t, "dind-sock", ars.Spec.Template.Spec.Containers[0].VolumeMounts[1].Name)
-	assert.Equal(t, "/certs/client", ars.Spec.Template.Spec.Containers[0].VolumeMounts[1].MountPath)
+	assert.Equal(t, "/run/docker", ars.Spec.Template.Spec.Containers[0].VolumeMounts[1].MountPath)
 	assert.True(t, ars.Spec.Template.Spec.Containers[0].VolumeMounts[1].ReadOnly)
 	assert.Equal(t, "dind", ars.Spec.Template.Spec.Containers[1].Name)
 	assert.Equal(t, "docker:dind", ars.Spec.Template.Spec.Containers[1].Image)
 	assert.True(t, *ars.Spec.Template.Spec.Containers[1].SecurityContext.Privileged)
-	assert.Len(t, ars.Spec.Template.Spec.Containers[1].VolumeMounts, 3, "The dind container should have 3 volume mounts, dind-cert, work and externals")
+	assert.Len(t, ars.Spec.Template.Spec.Containers[1].VolumeMounts, 3, "The dind container should have 3 volume mounts, dind-sock, work and externals")
 	assert.Equal(t, "work", ars.Spec.Template.Spec.Containers[1].VolumeMounts[0].Name)
 	assert.Equal(t, "/home/runner/_work", ars.Spec.Template.Spec.Containers[1].VolumeMounts[0].MountPath)
-	assert.Equal(t, "dind-cert", ars.Spec.Template.Spec.Containers[1].VolumeMounts[1].Name)
+	assert.Equal(t, "dind-sock", ars.Spec.Template.Spec.Containers[1].VolumeMounts[1].Name)
-	assert.Equal(t, "/certs/client", ars.Spec.Template.Spec.Containers[1].VolumeMounts[1].MountPath)
+	assert.Equal(t, "/run/docker", ars.Spec.Template.Spec.Containers[1].VolumeMounts[1].MountPath)
 	assert.Equal(t, "dind-externals", ars.Spec.Template.Spec.Containers[1].VolumeMounts[2].Name)
 	assert.Equal(t, "/home/runner/externals", ars.Spec.Template.Spec.Containers[1].VolumeMounts[2].MountPath)
 	assert.Len(t, ars.Spec.Template.Spec.Volumes, 3, "Volumes should be 3")
-	assert.Equal(t, "dind-cert", ars.Spec.Template.Spec.Volumes[0].Name, "Volume name should be dind-cert")
+	assert.Equal(t, "dind-sock", ars.Spec.Template.Spec.Volumes[0].Name, "Volume name should be dind-sock")
 	assert.Equal(t, "dind-externals", ars.Spec.Template.Spec.Volumes[1].Name, "Volume name should be dind-externals")
 	assert.Equal(t, "work", ars.Spec.Template.Spec.Volumes[2].Name, "Volume name should be work")
 	assert.NotNil(t, ars.Spec.Template.Spec.Volumes[2].EmptyDir, "Volume work should be an emptyDir")
@@ -846,6 +944,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_EnableKubernetesMode(t *testing.T)
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
@@ -864,10 +963,10 @@ func TestTemplateRenderedAutoScalingRunnerSet_EnableKubernetesMode(t *testing.T)
 	assert.Equal(t, namespaceName, ars.Namespace)
 	assert.Equal(t, "test-runners", ars.Name)
-	assert.Equal(t, "gha-runner-scale-set", ars.Labels["app.kubernetes.io/name"])
+	assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/name"])
 	assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/instance"])
 	assert.Equal(t, "https://github.com/actions", ars.Spec.GitHubConfigUrl)
-	assert.Equal(t, "test-runners-gha-runner-scale-set-github-secret", ars.Spec.GitHubConfigSecret)
+	assert.Equal(t, "test-runners-gha-rs-github-secret", ars.Spec.GitHubConfigSecret)
 	assert.Empty(t, ars.Spec.RunnerGroup, "RunnerGroup should be empty")
 	assert.Nil(t, ars.Spec.MinRunners, "MinRunners should be nil")
@@ -892,6 +991,50 @@ func TestTemplateRenderedAutoScalingRunnerSet_EnableKubernetesMode(t *testing.T)
 	assert.NotNil(t, ars.Spec.Template.Spec.Volumes[0].Ephemeral, "Template.Spec should have 1 ephemeral volume")
 }
 func TestTemplateRenderedAutoscalingRunnerSet_ListenerPodTemplate(t *testing.T) {
 	t.Parallel()
 	// Path to the helm chart we will test
 	helmChartPath, err := filepath.Abs("../../gha-runner-scale-set")
 	require.NoError(t, err)
 	testValuesPath, err := filepath.Abs("../tests/values_listener_template.yaml")
 	require.NoError(t, err)
 	releaseName := "test-runners"
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"controllerServiceAccount.name":      "arc",
 			"controllerServiceAccount.namespace": "arc-system",
 		},
 		ValuesFiles:    []string{testValuesPath},
 		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 	}
 	output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/autoscalingrunnerset.yaml"})
 	var ars v1alpha1.AutoscalingRunnerSet
 	helm.UnmarshalK8SYaml(t, output, &ars)
 	require.NotNil(t, ars.Spec.ListenerTemplate, "ListenerPodTemplate should not be nil")
 	assert.Equal(t, ars.Spec.ListenerTemplate.Spec.Hostname, "example")
 	require.Len(t, ars.Spec.ListenerTemplate.Spec.Containers, 2, "ListenerPodTemplate should have 2 containers")
 	assert.Equal(t, ars.Spec.ListenerTemplate.Spec.Containers[0].Name, "listener")
 	assert.Equal(t, ars.Spec.ListenerTemplate.Spec.Containers[0].Image, "listener:latest")
 	assert.ElementsMatch(t, ars.Spec.ListenerTemplate.Spec.Containers[0].Command, []string{"/path/to/entrypoint"})
 	assert.Len(t, ars.Spec.ListenerTemplate.Spec.Containers[0].VolumeMounts, 1, "VolumeMounts should be 1")
 	assert.Equal(t, ars.Spec.ListenerTemplate.Spec.Containers[0].VolumeMounts[0].Name, "work")
 	assert.Equal(t, ars.Spec.ListenerTemplate.Spec.Containers[0].VolumeMounts[0].MountPath, "/home/example")
 	assert.Equal(t, ars.Spec.ListenerTemplate.Spec.Containers[1].Name, "side-car")
 	assert.Equal(t, ars.Spec.ListenerTemplate.Spec.Containers[1].Image, "nginx:latest")
 }
 func TestTemplateRenderedAutoScalingRunnerSet_UsePredefinedSecret(t *testing.T) {
 	t.Parallel()
@@ -903,6 +1046,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_UsePredefinedSecret(t *testing.T)
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret":                 "pre-defined-secrets",
@@ -920,7 +1064,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_UsePredefinedSecret(t *testing.T)
 	assert.Equal(t, namespaceName, ars.Namespace)
 	assert.Equal(t, "test-runners", ars.Name)
-	assert.Equal(t, "gha-runner-scale-set", ars.Labels["app.kubernetes.io/name"])
+	assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/name"])
 	assert.Equal(t, "test-runners", ars.Labels["app.kubernetes.io/instance"])
 	assert.Equal(t, "https://github.com/actions", ars.Spec.GitHubConfigUrl)
 	assert.Equal(t, "pre-defined-secrets", ars.Spec.GitHubConfigSecret)
@@ -937,6 +1081,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_ErrorOnEmptyPredefinedSecret(t *te
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret":                 "",
@@ -963,6 +1108,7 @@ func TestTemplateRenderedWithProxy(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret":                 "pre-defined-secrets",
@@ -1026,6 +1172,7 @@ func TestTemplateRenderedWithTLS(t *testing.T) {
 	t.Run("providing githubServerTLS.runnerMountPath", func(t *testing.T) {
 		t.Run("mode: default", func(t *testing.T) {
 			options := &helm.Options{
 				Logger: logger.Discard,
 				SetValues: map[string]string{
 					"githubConfigUrl":    "https://github.com/actions",
 					"githubConfigSecret": "pre-defined-secrets",
@@ -1084,6 +1231,7 @@ func TestTemplateRenderedWithTLS(t *testing.T) {
 		t.Run("mode: dind", func(t *testing.T) {
 			options := &helm.Options{
 				Logger: logger.Discard,
 				SetValues: map[string]string{
 					"githubConfigUrl":    "https://github.com/actions",
 					"githubConfigSecret": "pre-defined-secrets",
@@ -1143,6 +1291,7 @@ func TestTemplateRenderedWithTLS(t *testing.T) {
 		t.Run("mode: kubernetes", func(t *testing.T) {
 			options := &helm.Options{
 				Logger: logger.Discard,
 				SetValues: map[string]string{
 					"githubConfigUrl":    "https://github.com/actions",
 					"githubConfigSecret": "pre-defined-secrets",
@@ -1204,6 +1353,7 @@ func TestTemplateRenderedWithTLS(t *testing.T) {
 	t.Run("without providing githubServerTLS.runnerMountPath", func(t *testing.T) {
 		t.Run("mode: default", func(t *testing.T) {
 			options := &helm.Options{
 				Logger: logger.Discard,
 				SetValues: map[string]string{
 					"githubConfigUrl":    "https://github.com/actions",
 					"githubConfigSecret": "pre-defined-secrets",
@@ -1258,6 +1408,7 @@ func TestTemplateRenderedWithTLS(t *testing.T) {
 		t.Run("mode: dind", func(t *testing.T) {
 			options := &helm.Options{
 				Logger: logger.Discard,
 				SetValues: map[string]string{
 					"githubConfigUrl":    "https://github.com/actions",
 					"githubConfigSecret": "pre-defined-secrets",
@@ -1313,6 +1464,7 @@ func TestTemplateRenderedWithTLS(t *testing.T) {
 		t.Run("mode: kubernetes", func(t *testing.T) {
 			options := &helm.Options{
 				Logger: logger.Discard,
 				SetValues: map[string]string{
 					"githubConfigUrl":    "https://github.com/actions",
 					"githubConfigSecret": "pre-defined-secrets",
@@ -1402,6 +1554,7 @@ func TestTemplateNamingConstraints(t *testing.T) {
 	for name, tc := range tt {
 		t.Run(name, func(t *testing.T) {
 			options := &helm.Options{
 				Logger:         logger.Discard,
 				SetValues:      setValues,
 				KubectlOptions: k8s.NewKubectlOptions("", "", tc.namespaceName),
 			}
@@ -1423,6 +1576,7 @@ func TestTemplateRenderedGitHubConfigUrlEndsWIthSlash(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions/",
 			"githubConfigSecret.github_token":    "gh_token12345",
@@ -1453,6 +1607,7 @@ func TestTemplate_CreateManagerRole(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
@@ -1468,7 +1623,7 @@ func TestTemplate_CreateManagerRole(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &managerRole)
 	assert.Equal(t, namespaceName, managerRole.Namespace, "namespace should match the namespace of the Helm release")
-	assert.Equal(t, "test-runners-gha-runner-scale-set-manager-role", managerRole.Name)
+	assert.Equal(t, "test-runners-gha-rs-manager", managerRole.Name)
 	assert.Equal(t, "actions.github.com/cleanup-protection", managerRole.Finalizers[0])
 	assert.Equal(t, 6, len(managerRole.Rules))
@@ -1487,6 +1642,7 @@ func TestTemplate_CreateManagerRole_UseConfigMaps(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                                      "https://github.com/actions",
 			"githubConfigSecret.github_token":                      "gh_token12345",
@@ -1503,7 +1659,7 @@ func TestTemplate_CreateManagerRole_UseConfigMaps(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &managerRole)
 	assert.Equal(t, namespaceName, managerRole.Namespace, "namespace should match the namespace of the Helm release")
-	assert.Equal(t, "test-runners-gha-runner-scale-set-manager-role", managerRole.Name)
+	assert.Equal(t, "test-runners-gha-rs-manager", managerRole.Name)
 	assert.Equal(t, "actions.github.com/cleanup-protection", managerRole.Finalizers[0])
 	assert.Equal(t, 7, len(managerRole.Rules))
 	assert.Equal(t, "configmaps", managerRole.Rules[6].Resources[0])
@@ -1520,6 +1676,7 @@ func TestTemplate_CreateManagerRoleBinding(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
@@ -1535,8 +1692,8 @@ func TestTemplate_CreateManagerRoleBinding(t *testing.T) {
 	helm.UnmarshalK8SYaml(t, output, &managerRoleBinding)
 	assert.Equal(t, namespaceName, managerRoleBinding.Namespace, "namespace should match the namespace of the Helm release")
-	assert.Equal(t, "test-runners-gha-runner-scale-set-manager-role-binding", managerRoleBinding.Name)
+	assert.Equal(t, "test-runners-gha-rs-manager", managerRoleBinding.Name)
-	assert.Equal(t, "test-runners-gha-runner-scale-set-manager-role", managerRoleBinding.RoleRef.Name)
+	assert.Equal(t, "test-runners-gha-rs-manager", managerRoleBinding.RoleRef.Name)
 	assert.Equal(t, "actions.github.com/cleanup-protection", managerRoleBinding.Finalizers[0])
 	assert.Equal(t, "arc", managerRoleBinding.Subjects[0].Name)
 	assert.Equal(t, "arc-system", managerRoleBinding.Subjects[0].Namespace)
@@ -1556,6 +1713,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_ExtraContainers(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"controllerServiceAccount.name":      "arc",
 			"controllerServiceAccount.namespace": "arc-system",
@@ -1589,6 +1747,53 @@ func TestTemplateRenderedAutoScalingRunnerSet_ExtraContainers(t *testing.T) {
 	assert.Equal(t, "192.0.2.1", ars.Spec.Template.Spec.DNSConfig.Nameservers[0], "DNS Nameserver should be set")
 }
 func TestTemplateRenderedAutoScalingRunnerSet_RestartPolicy(t *testing.T) {
 	t.Parallel()
 	// Path to the helm chart we will test
 	helmChartPath, err := filepath.Abs("../../gha-runner-scale-set")
 	require.NoError(t, err)
 	releaseName := "test-runners"
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
 			"controllerServiceAccount.name":      "arc",
 			"controllerServiceAccount.namespace": "arc-system",
 		},
 		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 	}
 	output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/autoscalingrunnerset.yaml"})
 	var ars v1alpha1.AutoscalingRunnerSet
 	helm.UnmarshalK8SYaml(t, output, &ars)
 	assert.Equal(t, corev1.RestartPolicyNever, ars.Spec.Template.Spec.RestartPolicy, "RestartPolicy should be Never")
 	options = &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
 			"controllerServiceAccount.name":      "arc",
 			"controllerServiceAccount.namespace": "arc-system",
 			"template.spec.restartPolicy":        "Always",
 		},
 		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 	}
 	output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/autoscalingrunnerset.yaml"}, "--debug")
 	helm.UnmarshalK8SYaml(t, output, &ars)
 	assert.Equal(t, corev1.RestartPolicyAlways, ars.Spec.Template.Spec.RestartPolicy, "RestartPolicy should be Always")
 }
 func TestTemplateRenderedAutoScalingRunnerSet_ExtraPodSpec(t *testing.T) {
 	t.Parallel()
@@ -1603,6 +1808,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_ExtraPodSpec(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"controllerServiceAccount.name":      "arc",
 			"controllerServiceAccount.namespace": "arc-system",
@@ -1636,6 +1842,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_DinDMergePodSpec(t *testing.T) {
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"controllerServiceAccount.name":      "arc",
 			"controllerServiceAccount.namespace": "arc-system",
@@ -1657,10 +1864,6 @@ func TestTemplateRenderedAutoScalingRunnerSet_DinDMergePodSpec(t *testing.T) {
 	assert.Equal(t, "tcp://localhost:9999", ars.Spec.Template.Spec.Containers[0].Env[0].Value, "DOCKER_HOST should be set to `tcp://localhost:9999`")
 	assert.Equal(t, "MY_NODE_NAME", ars.Spec.Template.Spec.Containers[0].Env[1].Name, "MY_NODE_NAME should be set")
 	assert.Equal(t, "spec.nodeName", ars.Spec.Template.Spec.Containers[0].Env[1].ValueFrom.FieldRef.FieldPath, "MY_NODE_NAME should be set to `spec.nodeName`")
 	assert.Equal(t, "DOCKER_TLS_VERIFY", ars.Spec.Template.Spec.Containers[0].Env[2].Name, "DOCKER_TLS_VERIFY should be set")
 	assert.Equal(t, "1", ars.Spec.Template.Spec.Containers[0].Env[2].Value, "DOCKER_TLS_VERIFY should be set to `1`")
 	assert.Equal(t, "DOCKER_CERT_PATH", ars.Spec.Template.Spec.Containers[0].Env[3].Name, "DOCKER_CERT_PATH should be set")
 	assert.Equal(t, "/certs/client", ars.Spec.Template.Spec.Containers[0].Env[3].Value, "DOCKER_CERT_PATH should be set to `/certs/client`")
 	assert.Equal(t, "work", ars.Spec.Template.Spec.Containers[0].VolumeMounts[0].Name, "VolumeMount name should be work")
 	assert.Equal(t, "/work", ars.Spec.Template.Spec.Containers[0].VolumeMounts[0].MountPath, "VolumeMount mountPath should be /work")
 	assert.Equal(t, "others", ars.Spec.Template.Spec.Containers[0].VolumeMounts[1].Name, "VolumeMount name should be others")
@@ -1681,6 +1884,7 @@ func TestTemplateRenderedAutoScalingRunnerSet_KubeModeMergePodSpec(t *testing.T)
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"controllerServiceAccount.name":      "arc",
 			"controllerServiceAccount.namespace": "arc-system",
@@ -1722,6 +1926,7 @@ func TestTemplateRenderedAutoscalingRunnerSetAnnotation_GitHubSecret(t *testing.
 	annotationExpectedTests := map[string]*helm.Options{
 		"GitHub token": {
 			Logger: logger.Discard,
 			SetValues: map[string]string{
 				"githubConfigUrl":                    "https://github.com/actions",
 				"githubConfigSecret.github_token":    "gh_token12345",
@@ -1731,6 +1936,7 @@ func TestTemplateRenderedAutoscalingRunnerSetAnnotation_GitHubSecret(t *testing.
 			KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 		},
 		"GitHub app": {
 			Logger: logger.Discard,
 			SetValues: map[string]string{
 				"githubConfigUrl":                               "https://github.com/actions",
 				"githubConfigSecret.github_app_id":              "10",
@@ -1755,6 +1961,7 @@ func TestTemplateRenderedAutoscalingRunnerSetAnnotation_GitHubSecret(t *testing.
 	t.Run("Annotation should not be set", func(t *testing.T) {
 		options := &helm.Options{
 			Logger: logger.Discard,
 			SetValues: map[string]string{
 				"githubConfigUrl":                    "https://github.com/actions",
 				"githubConfigSecret":                 "pre-defined-secret",
@@ -1782,6 +1989,7 @@ func TestTemplateRenderedAutoscalingRunnerSetAnnotation_KubernetesModeCleanup(t
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger: logger.Discard,
 		SetValues: map[string]string{
 			"githubConfigUrl":                    "https://github.com/actions",
 			"githubConfigSecret.github_token":    "gh_token12345",
@@ -1797,15 +2005,87 @@ func TestTemplateRenderedAutoscalingRunnerSetAnnotation_KubernetesModeCleanup(t
 	helm.UnmarshalK8SYaml(t, output, &autoscalingRunnerSet)
 	annotationValues := map[string]string{
-		actionsgithubcom.AnnotationKeyGitHubSecretName:                 "test-runners-gha-runner-scale-set-github-secret",
+		actionsgithubcom.AnnotationKeyGitHubSecretName:                 "test-runners-gha-rs-github-secret",
-		actionsgithubcom.AnnotationKeyManagerRoleName:                  "test-runners-gha-runner-scale-set-manager-role",
+		actionsgithubcom.AnnotationKeyManagerRoleName:                  "test-runners-gha-rs-manager",
-		actionsgithubcom.AnnotationKeyManagerRoleBindingName:           "test-runners-gha-runner-scale-set-manager-role-binding",
+		actionsgithubcom.AnnotationKeyManagerRoleBindingName:           "test-runners-gha-rs-manager",
-		actionsgithubcom.AnnotationKeyKubernetesModeServiceAccountName: "test-runners-gha-runner-scale-set-kube-mode-service-account",
+		actionsgithubcom.AnnotationKeyKubernetesModeServiceAccountName: "test-runners-gha-rs-kube-mode",
-		actionsgithubcom.AnnotationKeyKubernetesModeRoleName:           "test-runners-gha-runner-scale-set-kube-mode-role",
+		actionsgithubcom.AnnotationKeyKubernetesModeRoleName:           "test-runners-gha-rs-kube-mode",
-		actionsgithubcom.AnnotationKeyKubernetesModeRoleBindingName:    "test-runners-gha-runner-scale-set-kube-mode-role-binding",
+		actionsgithubcom.AnnotationKeyKubernetesModeRoleBindingName:    "test-runners-gha-rs-kube-mode",
 	}
 	for annotation, value := range annotationValues {
 		assert.Equal(t, value, autoscalingRunnerSet.Annotations[annotation], fmt.Sprintf("Annotation %q does not match the expected value", annotation))
 	}
 }
 func TestRunnerContainerEnvNotEmptyMap(t *testing.T) {
 	t.Parallel()
 	// Path to the helm chart we will test
 	helmChartPath, err := filepath.Abs("../../gha-runner-scale-set")
 	require.NoError(t, err)
 	testValuesPath, err := filepath.Abs("../tests/values.yaml")
 	require.NoError(t, err)
 	releaseName := "test-runners"
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger:         logger.Discard,
 		ValuesFiles:    []string{testValuesPath},
 		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 	}
 	output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/autoscalingrunnerset.yaml"})
 	type testModel struct {
 		Spec struct {
 			Template struct {
 				Spec struct {
 					Containers []map[string]any `yaml:"containers"`
 				} `yaml:"spec"`
 			} `yaml:"template"`
 		} `yaml:"spec"`
 	}
 	var m testModel
 	helm.UnmarshalK8SYaml(t, output, &m)
 	_, ok := m.Spec.Template.Spec.Containers[0]["env"]
 	assert.False(t, ok, "env should not be set")
 }
 func TestRunnerContainerVolumeNotEmptyMap(t *testing.T) {
 	t.Parallel()
 	// Path to the helm chart we will test
 	helmChartPath, err := filepath.Abs("../../gha-runner-scale-set")
 	require.NoError(t, err)
 	testValuesPath, err := filepath.Abs("../tests/values.yaml")
 	require.NoError(t, err)
 	releaseName := "test-runners"
 	namespaceName := "test-" + strings.ToLower(random.UniqueId())
 	options := &helm.Options{
 		Logger:         logger.Discard,
 		ValuesFiles:    []string{testValuesPath},
 		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
 	}
 	output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/autoscalingrunnerset.yaml"})
 	type testModel struct {
 		Spec struct {
 			Template struct {
 				Spec struct {
 					Containers []map[string]any `yaml:"containers"`
 				} `yaml:"spec"`
 			} `yaml:"template"`
 		} `yaml:"spec"`
 	}
 	var m testModel
 	helm.UnmarshalK8SYaml(t, output, &m)
 	_, ok := m.Spec.Template.Spec.Containers[0]["volumeMounts"]
 	assert.False(t, ok, "volumeMounts should not be set")
 }
--- a/charts/gha-runner-scale-set/tests/values_dind_extra_init_containers.yaml
+++ b/charts/gha-runner-scale-set/tests/values_dind_extra_init_containers.yaml
@@ -0,0 +1,17 @@
 githubConfigUrl: https://github.com/actions/actions-runner-controller
 githubConfigSecret:
  github_token: test
 template:
  spec:
    initContainers:
    - name: kube-init
      image: runner-image:latest
      command: ["sudo", "chown", "-R", "1001:123", "/home/runner/_work"]
      volumeMounts:
      - name: work
        mountPath: /home/runner/_work
    - name: ls
      image: ubuntu:latest
      command: ["ls"]
 containerMode:
  type: dind
--- a/charts/gha-runner-scale-set/tests/values_kubernetes_mode_service_account_annotations.yaml
+++ b/charts/gha-runner-scale-set/tests/values_kubernetes_mode_service_account_annotations.yaml
@@ -0,0 +1,8 @@
 githubConfigUrl: https://github.com/actions/actions-runner-controller
 githubConfigSecret:
  github_token: test
 containerMode:
  type: kubernetes
  kubernetesModeServiceAccount:
    annotations:
      eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/sample-role
--- a/charts/gha-runner-scale-set/tests/values_listener_template.yaml
+++ b/charts/gha-runner-scale-set/tests/values_listener_template.yaml
@@ -0,0 +1,15 @@
 githubConfigUrl: https://github.com/actions/actions-runner-controller
 githubConfigSecret:
  github_token: test
 listenerTemplate:
  spec:
    hostname: "example"
    containers:
    - name: listener
      image: listener:latest
      command: ["/path/to/entrypoint"]
      volumeMounts:
      - name: work
        mountPath: /home/example
    - name: side-car
      image: nginx:latest
--- a/charts/gha-runner-scale-set/values.yaml
+++ b/charts/gha-runner-scale-set/values.yaml
@@ -36,10 +36,11 @@ githubConfigSecret:
 #     - example.com
 #     - example.org
-## maxRunners is the max number of runners the auto scaling runner set will scale up to.
+## maxRunners is the max number of runners the autoscaling runner set will scale up to.
 # maxRunners: 5
-## minRunners is the min number of runners the auto scaling runner set will scale down to.
+## minRunners is the min number of idle runners. The target number of runners created will be
 ## calculated as a sum of minRunners and the number of jobs assigned to the scale set.
 # minRunners: 0
 # runnerGroup: "default"
@@ -68,6 +69,12 @@ githubConfigSecret:
 #       key: ca.crt
 #   runnerMountPath: /usr/local/share/ca-certificates/
 ## Container mode is an object that provides out-of-box configuration
 ## for dind and kubernetes mode. Template will be modified as documented under the
 ## template object.
 ##
 ## If any customization is required for dind or kubernetes mode, containerMode should remain
 ## empty, and configuration should be applied to the template.
 # containerMode:
 #   type: "dind"  ## type can be set to dind or kubernetes
 #   ## the following is required when containerMode.type=kubernetes
@@ -78,8 +85,28 @@ githubConfigSecret:
 #     resources:
 #       requests:
 #         storage: 1Gi
 #   kubernetesModeServiceAccount:
 #     annotations:
 ## template is the PodSpec for each listener Pod
 ## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec
 # listenerTemplate:
 #   spec:
 #     containers:
 #     # Use this section to append additional configuration to the listener container.
 #     # If you change the name of the container, the configuration will not be applied to the listener,
 #     # and it will be treated as a side-car container.
 #     - name: listener
 #       securityContext:
 #         runAsUser: 1000
 #     # Use this section to add the configuration of a side-car container.
 #     # Comment it out or remove it if you don't need it.
 #     # Spec for this container will be applied as is without any modifications.
 #     - name: side-car
 #       image: example-sidecar
 ## template is the PodSpec for each runner Pod
 ## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec
 template:
  ## template.spec will be modified if you change the container mode
  ## with containerMode.type=dind, we will populate the template.spec with following pod spec
@@ -95,34 +122,38 @@ template:
  ##     containers:
  ##     - name: runner
  ##       image: ghcr.io/actions/actions-runner:latest
  ##       command: ["/home/runner/run.sh"]
  ##       env:
  ##         - name: DOCKER_HOST
-  ##           value: tcp://localhost:2376
+  ##           value: unix:///run/docker/docker.sock
  ##         - name: DOCKER_TLS_VERIFY
  ##           value: "1"
  ##         - name: DOCKER_CERT_PATH
  ##           value: /certs/client
  ##       volumeMounts:
  ##         - name: work
  ##           mountPath: /home/runner/_work
-  ##         - name: dind-cert
+  ##         - name: dind-sock
-  ##           mountPath: /certs/client
+  ##           mountPath: /run/docker
  ##           readOnly: true
  ##     - name: dind
  ##       image: docker:dind
  ##       args:
  ##         - dockerd
  ##         - --host=unix:///run/docker/docker.sock
  ##         - --group=$(DOCKER_GROUP_GID)
  ##       env:
  ##         - name: DOCKER_GROUP_GID
  ##           value: "123"
  ##       securityContext:
  ##         privileged: true
  ##       volumeMounts:
  ##         - name: work
  ##           mountPath: /home/runner/_work
-  ##         - name: dind-cert
+  ##         - name: dind-sock
-  ##           mountPath: /certs/client
+  ##           mountPath: /run/docker
  ##         - name: dind-externals
  ##           mountPath: /home/runner/externals
  ##     volumes:
  ##     - name: work
  ##       emptyDir: {}
-  ##     - name: dind-cert
+  ##     - name: dind-sock
  ##       emptyDir: {}
  ##     - name: dind-externals
  ##       emptyDir: {}
@@ -133,6 +164,7 @@ template:
  ##     containers:
  ##     - name: runner
  ##       image: ghcr.io/actions/actions-runner:latest
  ##       command: ["/home/runner/run.sh"]
  ##       env:
  ##         - name: ACTIONS_RUNNER_CONTAINER_HOOKS
  ##           value: /home/runner/k8s/index.js
@@ -157,9 +189,9 @@ template:
  ##                   storage: 1Gi
  spec:
    containers:
-    - name: runner
+      - name: runner
-      image: ghcr.io/actions/actions-runner:latest
+        image: ghcr.io/actions/actions-runner:latest
-      command: ["/home/runner/run.sh"]
+        command: ["/home/runner/run.sh"]
 ## Optional controller service account that needs to have required Role and RoleBinding
 ## to operate this gha-runner-scale-set installation.
--- a/cmd/ghalistener/app/app.go
+++ b/cmd/ghalistener/app/app.go
@@ -0,0 +1,133 @@
 package app
 import (
 	"context"
 	"errors"
 	"fmt"
 	"github.com/actions/actions-runner-controller/cmd/ghalistener/config"
 	"github.com/actions/actions-runner-controller/cmd/ghalistener/listener"
 	"github.com/actions/actions-runner-controller/cmd/ghalistener/metrics"
 	"github.com/actions/actions-runner-controller/cmd/ghalistener/worker"
 	"github.com/actions/actions-runner-controller/github/actions"
 	"github.com/go-logr/logr"
 	"golang.org/x/sync/errgroup"
 )
 // App is responsible for initializing required components and running the app.
 type App struct {
 	// configured fields
 	config config.Config
 	logger logr.Logger
 	// initialized fields
 	listener Listener
 	worker   Worker
 	metrics  metrics.ServerPublisher
 }
 //go:generate mockery --name Listener --output ./mocks --outpkg mocks --case underscore
 type Listener interface {
 	Listen(ctx context.Context, handler listener.Handler) error
 }
 //go:generate mockery --name Worker --output ./mocks --outpkg mocks --case underscore
 type Worker interface {
 	HandleJobStarted(ctx context.Context, jobInfo *actions.JobStarted) error
 	HandleDesiredRunnerCount(ctx context.Context, desiredRunnerCount int) error
 }
 func New(config config.Config) (*App, error) {
 	app := &App{
 		config: config,
 	}
 	ghConfig, err := actions.ParseGitHubConfigFromURL(config.ConfigureUrl)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse GitHub config from URL: %w", err)
 	}
 	{
 		logger, err := config.Logger()
 		if err != nil {
 			return nil, fmt.Errorf("failed to create logger: %w", err)
 		}
 		app.logger = logger.WithName("listener-app")
 	}
 	actionsClient, err := config.ActionsClient(app.logger)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create actions client: %w", err)
 	}
 	if config.MetricsAddr != "" {
 		app.metrics = metrics.NewExporter(metrics.ExporterConfig{
 			ScaleSetName:      config.EphemeralRunnerSetName,
 			ScaleSetNamespace: config.EphemeralRunnerSetNamespace,
 			Enterprise:        ghConfig.Enterprise,
 			Organization:      ghConfig.Organization,
 			Repository:        ghConfig.Repository,
 			ServerAddr:        config.MetricsAddr,
 			ServerEndpoint:    config.MetricsEndpoint,
 		})
 	}
 	worker, err := worker.New(
 		worker.Config{
 			EphemeralRunnerSetNamespace: config.EphemeralRunnerSetNamespace,
 			EphemeralRunnerSetName:      config.EphemeralRunnerSetName,
 			MaxRunners:                  config.MaxRunners,
 			MinRunners:                  config.MinRunners,
 		},
 		worker.WithLogger(app.logger.WithName("worker")),
 	)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create new kubernetes worker: %w", err)
 	}
 	app.worker = worker
 	listener, err := listener.New(listener.Config{
 		Client:     actionsClient,
 		ScaleSetID: app.config.RunnerScaleSetId,
 		MinRunners: app.config.MinRunners,
 		MaxRunners: app.config.MaxRunners,
 		Logger:     app.logger.WithName("listener"),
 		Metrics:    app.metrics,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("failed to create new listener: %w", err)
 	}
 	app.listener = listener
 	app.logger.Info("app initialized")
 	return app, nil
 }
 func (app *App) Run(ctx context.Context) error {
 	var errs []error
 	if app.worker == nil {
 		errs = append(errs, fmt.Errorf("worker not initialized"))
 	}
 	if app.listener == nil {
 		errs = append(errs, fmt.Errorf("listener not initialized"))
 	}
 	if err := errors.Join(errs...); err != nil {
 		return fmt.Errorf("app not initialized: %w", err)
 	}
 	g, ctx := errgroup.WithContext(ctx)
 	g.Go(func() error {
 		app.logger.Info("Starting listener")
 		return app.listener.Listen(ctx, app.worker)
 	})
 	if app.metrics != nil {
 		g.Go(func() error {
 			app.logger.Info("Starting metrics server")
 			return app.metrics.ListenAndServe(ctx)
 		})
 	}
 	return g.Wait()
 }
--- a/cmd/ghalistener/app/app_test.go
+++ b/cmd/ghalistener/app/app_test.go
@@ -0,0 +1,85 @@
 package app
 import (
 	"context"
 	"errors"
 	"testing"
 	appmocks "github.com/actions/actions-runner-controller/cmd/ghalistener/app/mocks"
 	"github.com/actions/actions-runner-controller/cmd/ghalistener/listener"
 	metricsMocks "github.com/actions/actions-runner-controller/cmd/ghalistener/metrics/mocks"
 	"github.com/actions/actions-runner-controller/cmd/ghalistener/worker"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 )
 func TestApp_Run(t *testing.T) {
 	t.Parallel()
 	t.Run("ListenerWorkerGuard", func(t *testing.T) {
 		invalidApps := []*App{
 			{},
 			{worker: &worker.Worker{}},
 			{listener: &listener.Listener{}},
 		}
 		for _, app := range invalidApps {
 			assert.Error(t, app.Run(context.Background()))
 		}
 	})
 	t.Run("ExitsOnListenerError", func(t *testing.T) {
 		listener := appmocks.NewListener(t)
 		worker := appmocks.NewWorker(t)
 		listener.On("Listen", mock.Anything, mock.Anything).Return(errors.New("listener error")).Once()
 		app := &App{
 			listener: listener,
 			worker:   worker,
 		}
 		err := app.Run(context.Background())
 		assert.Error(t, err)
 	})
 	t.Run("ExitsOnListenerNil", func(t *testing.T) {
 		listener := appmocks.NewListener(t)
 		worker := appmocks.NewWorker(t)
 		listener.On("Listen", mock.Anything, mock.Anything).Return(nil).Once()
 		app := &App{
 			listener: listener,
 			worker:   worker,
 		}
 		err := app.Run(context.Background())
 		assert.NoError(t, err)
 	})
 	t.Run("CancelListenerOnMetricsServerError", func(t *testing.T) {
 		listener := appmocks.NewListener(t)
 		worker := appmocks.NewWorker(t)
 		metrics := metricsMocks.NewServerPublisher(t)
 		ctx := context.Background()
 		listener.On("Listen", mock.Anything, mock.Anything).Run(func(args mock.Arguments) {
 			ctx := args.Get(0).(context.Context)
 			go func() {
 				<-ctx.Done()
 			}()
 		}).Return(nil).Once()
 		metrics.On("ListenAndServe", mock.Anything).Return(errors.New("metrics server error")).Once()
 		app := &App{
 			listener: listener,
 			worker:   worker,
 			metrics:  metrics,
 		}
 		err := app.Run(ctx)
 		assert.Error(t, err)
 	})
 }
--- a/cmd/ghalistener/app/mocks/listener.go
+++ b/cmd/ghalistener/app/mocks/listener.go
@@ -0,0 +1,43 @@
 // Code generated by mockery v2.36.1. DO NOT EDIT.
 package mocks
 import (
 	context "context"
 	listener "github.com/actions/actions-runner-controller/cmd/ghalistener/listener"
 	mock "github.com/stretchr/testify/mock"
 )
 // Listener is an autogenerated mock type for the Listener type
 type Listener struct {
 	mock.Mock
 }
 // Listen provides a mock function with given fields: ctx, handler
 func (_m *Listener) Listen(ctx context.Context, handler listener.Handler) error {
 	ret := _m.Called(ctx, handler)
 	var r0 error
 	if rf, ok := ret.Get(0).(func(context.Context, listener.Handler) error); ok {
 		r0 = rf(ctx, handler)
 	} else {
 		r0 = ret.Error(0)
 	}
 	return r0
 }
 // NewListener creates a new instance of Listener. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
 // The first argument is typically a *testing.T value.
 func NewListener(t interface {
 	mock.TestingT
 	Cleanup(func())
 }) *Listener {
 	mock := &Listener{}
 	mock.Mock.Test(t)
 	t.Cleanup(func() { mock.AssertExpectations(t) })
 	return mock
 }
--- a/cmd/ghalistener/app/mocks/worker.go
+++ b/cmd/ghalistener/app/mocks/worker.go
@@ -0,0 +1,58 @@
 // Code generated by mockery v2.36.1. DO NOT EDIT.
 package mocks
 import (
 	actions "github.com/actions/actions-runner-controller/github/actions"
 	context "context"
 	mock "github.com/stretchr/testify/mock"
 )
 // Worker is an autogenerated mock type for the Worker type
 type Worker struct {
 	mock.Mock
 }
 // HandleDesiredRunnerCount provides a mock function with given fields: ctx, desiredRunnerCount
 func (_m *Worker) HandleDesiredRunnerCount(ctx context.Context, desiredRunnerCount int) error {
 	ret := _m.Called(ctx, desiredRunnerCount)
 	var r0 error
 	if rf, ok := ret.Get(0).(func(context.Context, int) error); ok {
 		r0 = rf(ctx, desiredRunnerCount)
 	} else {
 		r0 = ret.Error(0)
 	}
 	return r0
 }
 // HandleJobStarted provides a mock function with given fields: ctx, jobInfo
 func (_m *Worker) HandleJobStarted(ctx context.Context, jobInfo *actions.JobStarted) error {
 	ret := _m.Called(ctx, jobInfo)
 	var r0 error
 	if rf, ok := ret.Get(0).(func(context.Context, *actions.JobStarted) error); ok {
 		r0 = rf(ctx, jobInfo)
 	} else {
 		r0 = ret.Error(0)
 	}
 	return r0
 }
 // NewWorker creates a new instance of Worker. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
 // The first argument is typically a *testing.T value.
 func NewWorker(t interface {
 	mock.TestingT
 	Cleanup(func())
 }) *Worker {
 	mock := &Worker{}
 	mock.Mock.Test(t)
 	t.Cleanup(func() { mock.AssertExpectations(t) })
 	return mock
 }
--- a/cmd/ghalistener/config/config.go
+++ b/cmd/ghalistener/config/config.go
@@ -0,0 +1,161 @@
 package config
 import (
 	"crypto/x509"
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/url"
 	"os"
 	"github.com/actions/actions-runner-controller/build"
 	"github.com/actions/actions-runner-controller/github/actions"
 	"github.com/actions/actions-runner-controller/logging"
 	"github.com/go-logr/logr"
 	"golang.org/x/net/http/httpproxy"
 )
 type Config struct {
 	ConfigureUrl                string `json:"configureUrl"`
 	AppID                       int64  `json:"appID"`
 	AppInstallationID           int64  `json:"appInstallationID"`
 	AppPrivateKey               string `json:"appPrivateKey"`
 	Token                       string `json:"token"`
 	EphemeralRunnerSetNamespace string `json:"ephemeralRunnerSetNamespace"`
 	EphemeralRunnerSetName      string `json:"ephemeralRunnerSetName"`
 	MaxRunners                  int    `json:"maxRunners"`
 	MinRunners                  int    `json:"minRunners"`
 	RunnerScaleSetId            int    `json:"runnerScaleSetId"`
 	RunnerScaleSetName          string `json:"runnerScaleSetName"`
 	ServerRootCA                string `json:"serverRootCA"`
 	LogLevel                    string `json:"logLevel"`
 	LogFormat                   string `json:"logFormat"`
 	MetricsAddr                 string `json:"metricsAddr"`
 	MetricsEndpoint             string `json:"metricsEndpoint"`
 }
 func Read(path string) (Config, error) {
 	f, err := os.Open(path)
 	if err != nil {
 		return Config{}, err
 	}
 	defer f.Close()
 	var config Config
 	if err := json.NewDecoder(f).Decode(&config); err != nil {
 		return Config{}, fmt.Errorf("failed to decode config: %w", err)
 	}
 	if err := config.validate(); err != nil {
 		return Config{}, fmt.Errorf("failed to validate config: %w", err)
 	}
 	return config, nil
 }
 func (c *Config) validate() error {
 	if len(c.ConfigureUrl) == 0 {
 		return fmt.Errorf("GitHubConfigUrl is not provided")
 	}
 	if len(c.EphemeralRunnerSetNamespace) == 0 || len(c.EphemeralRunnerSetName) == 0 {
 		return fmt.Errorf("EphemeralRunnerSetNamespace '%s' or EphemeralRunnerSetName '%s' is missing", c.EphemeralRunnerSetNamespace, c.EphemeralRunnerSetName)
 	}
 	if c.RunnerScaleSetId == 0 {
 		return fmt.Errorf("RunnerScaleSetId '%d' is missing", c.RunnerScaleSetId)
 	}
 	if c.MaxRunners < c.MinRunners {
 		return fmt.Errorf("MinRunners '%d' cannot be greater than MaxRunners '%d'", c.MinRunners, c.MaxRunners)
 	}
 	hasToken := len(c.Token) > 0
 	hasPrivateKeyConfig := c.AppID > 0 && c.AppPrivateKey != ""
 	if !hasToken && !hasPrivateKeyConfig {
 		return fmt.Errorf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(c.Token), c.AppID, c.AppInstallationID, len(c.AppPrivateKey))
 	}
 	if hasToken && hasPrivateKeyConfig {
 		return fmt.Errorf("only one GitHub auth method supported at a time. Have both PAT and App auth: token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(c.Token), c.AppID, c.AppInstallationID, len(c.AppPrivateKey))
 	}
 	return nil
 }
 func (c *Config) Logger() (logr.Logger, error) {
 	logLevel := string(logging.LogLevelDebug)
 	if c.LogLevel != "" {
 		logLevel = c.LogLevel
 	}
 	logFormat := string(logging.LogFormatText)
 	if c.LogFormat != "" {
 		logFormat = c.LogFormat
 	}
 	logger, err := logging.NewLogger(logLevel, logFormat)
 	if err != nil {
 		return logr.Logger{}, fmt.Errorf("NewLogger failed: %w", err)
 	}
 	return logger, nil
 }
 func (c *Config) ActionsClient(logger logr.Logger, clientOptions ...actions.ClientOption) (*actions.Client, error) {
 	var creds actions.ActionsAuth
 	switch c.Token {
 	case "":
 		creds.AppCreds = &actions.GitHubAppAuth{
 			AppID:             c.AppID,
 			AppInstallationID: c.AppInstallationID,
 			AppPrivateKey:     c.AppPrivateKey,
 		}
 	default:
 		creds.Token = c.Token
 	}
 	options := append([]actions.ClientOption{
 		actions.WithLogger(logger),
 	}, clientOptions...)
 	if c.ServerRootCA != "" {
 		systemPool, err := x509.SystemCertPool()
 		if err != nil {
 			return nil, fmt.Errorf("failed to load system cert pool: %w", err)
 		}
 		pool := systemPool.Clone()
 		ok := pool.AppendCertsFromPEM([]byte(c.ServerRootCA))
 		if !ok {
 			return nil, fmt.Errorf("failed to parse root certificate")
 		}
 		options = append(options, actions.WithRootCAs(pool))
 	}
 	proxyFunc := httpproxy.FromEnvironment().ProxyFunc()
 	options = append(options, actions.WithProxy(func(req *http.Request) (*url.URL, error) {
 		return proxyFunc(req.URL)
 	}))
 	client, err := actions.NewClient(c.ConfigureUrl, &creds, options...)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create actions client: %w", err)
 	}
 	client.SetUserAgent(actions.UserAgentInfo{
 		Version:    build.Version,
 		CommitSHA:  build.CommitSHA,
 		ScaleSetID: c.RunnerScaleSetId,
 		HasProxy:   hasProxy(),
 		Subsystem:  "ghalistener",
 	})
 	return client, nil
 }
 func hasProxy() bool {
 	proxyFunc := httpproxy.FromEnvironment().ProxyFunc()
 	return proxyFunc != nil
 }
--- a/cmd/ghalistener/config/config_client_test.go
+++ b/cmd/ghalistener/config/config_client_test.go
@@ -0,0 +1,161 @@
 package config_test
 import (
 	"context"
 	"crypto/tls"
 	"net/http"
 	"net/http/httptest"
 	"os"
 	"path/filepath"
 	"testing"
 	"github.com/actions/actions-runner-controller/cmd/ghalistener/config"
 	"github.com/actions/actions-runner-controller/github/actions"
 	"github.com/actions/actions-runner-controller/github/actions/testserver"
 	"github.com/go-logr/logr"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 func TestCustomerServerRootCA(t *testing.T) {
 	ctx := context.Background()
 	certsFolder := filepath.Join(
 		"../../../",
 		"github",
 		"actions",
 		"testdata",
 	)
 	certPath := filepath.Join(certsFolder, "server.crt")
 	keyPath := filepath.Join(certsFolder, "server.key")
 	serverCalledSuccessfully := false
 	server := testserver.NewUnstarted(t, http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 		serverCalledSuccessfully = true
 		w.WriteHeader(http.StatusOK)
 		w.Write([]byte(`{"count": 0}`))
 	}))
 	cert, err := tls.LoadX509KeyPair(certPath, keyPath)
 	require.NoError(t, err)
 	server.TLS = &tls.Config{Certificates: []tls.Certificate{cert}}
 	server.StartTLS()
 	var certsString string
 	rootCA, err := os.ReadFile(filepath.Join(certsFolder, "rootCA.crt"))
 	require.NoError(t, err)
 	certsString = string(rootCA)
 	intermediate, err := os.ReadFile(filepath.Join(certsFolder, "intermediate.pem"))
 	require.NoError(t, err)
 	certsString = certsString + string(intermediate)
 	config := config.Config{
 		ConfigureUrl: server.ConfigURLForOrg("myorg"),
 		ServerRootCA: certsString,
 		Token:        "token",
 	}
 	client, err := config.ActionsClient(logr.Discard())
 	require.NoError(t, err)
 	_, err = client.GetRunnerScaleSet(ctx, 1, "test")
 	require.NoError(t, err)
 	assert.True(t, serverCalledSuccessfully)
 }
 func TestProxySettings(t *testing.T) {
 	t.Run("http", func(t *testing.T) {
 		wentThroughProxy := false
 		proxy := httptest.NewServer(http.HandlerFunc(func(http.ResponseWriter, *http.Request) {
 			wentThroughProxy = true
 		}))
 		t.Cleanup(func() {
 			proxy.Close()
 		})
 		prevProxy := os.Getenv("http_proxy")
 		os.Setenv("http_proxy", proxy.URL)
 		defer os.Setenv("http_proxy", prevProxy)
 		config := config.Config{
 			ConfigureUrl: "https://github.com/org/repo",
 			Token:        "token",
 		}
 		client, err := config.ActionsClient(logr.Discard())
 		require.NoError(t, err)
 		req, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
 		require.NoError(t, err)
 		_, err = client.Do(req)
 		require.NoError(t, err)
 		assert.True(t, wentThroughProxy)
 	})
 	t.Run("https", func(t *testing.T) {
 		wentThroughProxy := false
 		proxy := httptest.NewServer(http.HandlerFunc(func(http.ResponseWriter, *http.Request) {
 			wentThroughProxy = true
 		}))
 		t.Cleanup(func() {
 			proxy.Close()
 		})
 		prevProxy := os.Getenv("https_proxy")
 		os.Setenv("https_proxy", proxy.URL)
 		defer os.Setenv("https_proxy", prevProxy)
 		config := config.Config{
 			ConfigureUrl: "https://github.com/org/repo",
 			Token:        "token",
 		}
 		client, err := config.ActionsClient(logr.Discard(), actions.WithRetryMax(0))
 		require.NoError(t, err)
 		req, err := http.NewRequest(http.MethodGet, "https://example.com", nil)
 		require.NoError(t, err)
 		_, err = client.Do(req)
 		// proxy doesn't support https
 		assert.Error(t, err)
 		assert.True(t, wentThroughProxy)
 	})
 	t.Run("no_proxy", func(t *testing.T) {
 		wentThroughProxy := false
 		proxy := httptest.NewServer(http.HandlerFunc(func(http.ResponseWriter, *http.Request) {
 			wentThroughProxy = true
 		}))
 		t.Cleanup(func() {
 			proxy.Close()
 		})
 		prevProxy := os.Getenv("http_proxy")
 		os.Setenv("http_proxy", proxy.URL)
 		defer os.Setenv("http_proxy", prevProxy)
 		prevNoProxy := os.Getenv("no_proxy")
 		os.Setenv("no_proxy", "example.com")
 		defer os.Setenv("no_proxy", prevNoProxy)
 		config := config.Config{
 			ConfigureUrl: "https://github.com/org/repo",
 			Token:        "token",
 		}
 		client, err := config.ActionsClient(logr.Discard())
 		require.NoError(t, err)
 		req, err := http.NewRequest(http.MethodGet, "http://example.com", nil)
 		require.NoError(t, err)
 		_, err = client.Do(req)
 		require.NoError(t, err)
 		assert.False(t, wentThroughProxy)
 	})
 }
--- a/cmd/ghalistener/config/config_test.go
+++ b/cmd/ghalistener/config/config_test.go
@@ -0,0 +1,92 @@
 package config
 import (
 	"fmt"
 	"testing"
 	"github.com/stretchr/testify/assert"
 )
 func TestConfigValidationMinMax(t *testing.T) {
 	config := &Config{
 		ConfigureUrl:                "github.com/some_org/some_repo",
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 		MinRunners:                  5,
 		MaxRunners:                  2,
 		Token:                       "token",
 	}
 	err := config.validate()
 	assert.ErrorContains(t, err, "MinRunners '5' cannot be greater than MaxRunners '2", "Expected error about MinRunners > MaxRunners")
 }
 func TestConfigValidationMissingToken(t *testing.T) {
 	config := &Config{
 		ConfigureUrl:                "github.com/some_org/some_repo",
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 	}
 	err := config.validate()
 	expectedError := fmt.Sprintf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
 	assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
 }
 func TestConfigValidationAppKey(t *testing.T) {
 	config := &Config{
 		AppID:                       1,
 		AppInstallationID:           10,
 		ConfigureUrl:                "github.com/some_org/some_repo",
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 	}
 	err := config.validate()
 	expectedError := fmt.Sprintf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
 	assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
 }
 func TestConfigValidationOnlyOneTypeOfCredentials(t *testing.T) {
 	config := &Config{
 		AppID:                       1,
 		AppInstallationID:           10,
 		AppPrivateKey:               "asdf",
 		Token:                       "asdf",
 		ConfigureUrl:                "github.com/some_org/some_repo",
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 	}
 	err := config.validate()
 	expectedError := fmt.Sprintf("only one GitHub auth method supported at a time. Have both PAT and App auth: token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
 	assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
 }
 func TestConfigValidation(t *testing.T) {
 	config := &Config{
 		ConfigureUrl:                "https://github.com/actions",
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 		MinRunners:                  1,
 		MaxRunners:                  5,
 		Token:                       "asdf",
 	}
 	err := config.validate()
 	assert.NoError(t, err, "Expected no error")
 }
 func TestConfigValidationConfigUrl(t *testing.T) {
 	config := &Config{
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 	}
 	err := config.validate()
 	assert.ErrorContains(t, err, "GitHubConfigUrl is not provided", "Expected error about missing ConfigureUrl")
 }
--- a/cmd/ghalistener/listener/listener.go
+++ b/cmd/ghalistener/listener/listener.go
@@ -0,0 +1,388 @@
 package listener
 import (
 	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"net/http"
 	"os"
 	"time"
 	"github.com/actions/actions-runner-controller/cmd/ghalistener/metrics"
 	"github.com/actions/actions-runner-controller/github/actions"
 	"github.com/go-logr/logr"
 	"github.com/google/uuid"
 )
 const (
 	sessionCreationMaxRetries = 10
 )
 // message types
 const (
 	messageTypeJobAvailable = "JobAvailable"
 	messageTypeJobAssigned  = "JobAssigned"
 	messageTypeJobStarted   = "JobStarted"
 	messageTypeJobCompleted = "JobCompleted"
 )
 //go:generate mockery --name Client --output ./mocks --outpkg mocks --case underscore
 type Client interface {
 	GetAcquirableJobs(ctx context.Context, runnerScaleSetId int) (*actions.AcquirableJobList, error)
 	CreateMessageSession(ctx context.Context, runnerScaleSetId int, owner string) (*actions.RunnerScaleSetSession, error)
 	GetMessage(ctx context.Context, messageQueueUrl, messageQueueAccessToken string, lastMessageId int64) (*actions.RunnerScaleSetMessage, error)
 	DeleteMessage(ctx context.Context, messageQueueUrl, messageQueueAccessToken string, messageId int64) error
 	AcquireJobs(ctx context.Context, runnerScaleSetId int, messageQueueAccessToken string, requestIds []int64) ([]int64, error)
 	RefreshMessageSession(ctx context.Context, runnerScaleSetId int, sessionId *uuid.UUID) (*actions.RunnerScaleSetSession, error)
 }
 type Config struct {
 	Client     Client
 	ScaleSetID int
 	MinRunners int
 	MaxRunners int
 	Logger     logr.Logger
 	Metrics    metrics.Publisher
 }
 func (c *Config) Validate() error {
 	if c.Client == nil {
 		return errors.New("client is required")
 	}
 	if c.ScaleSetID == 0 {
 		return errors.New("scaleSetID is required")
 	}
 	if c.MinRunners < 0 {
 		return errors.New("minRunners must be greater than or equal to 0")
 	}
 	if c.MaxRunners < 0 {
 		return errors.New("maxRunners must be greater than or equal to 0")
 	}
 	if c.MaxRunners > 0 && c.MinRunners > c.MaxRunners {
 		return errors.New("minRunners must be less than or equal to maxRunners")
 	}
 	return nil
 }
 // The Listener's role is to manage all interactions with the actions service.
 // It receives messages and processes them using the given handler.
 type Listener struct {
 	// configured fields
 	scaleSetID int               // The ID of the scale set associated with the listener.
 	client     Client            // The client used to interact with the scale set.
 	metrics    metrics.Publisher // The publisher used to publish metrics.
 	// internal fields
 	logger   logr.Logger // The logger used for logging.
 	hostname string      // The hostname of the listener.
 	// updated fields
 	lastMessageID int64                          // The ID of the last processed message.
 	session       *actions.RunnerScaleSetSession // The session for managing the runner scale set.
 }
 func New(config Config) (*Listener, error) {
 	if err := config.Validate(); err != nil {
 		return nil, fmt.Errorf("invalid config: %w", err)
 	}
 	listener := &Listener{
 		scaleSetID: config.ScaleSetID,
 		client:     config.Client,
 		logger:     config.Logger,
 		metrics:    metrics.Discard,
 	}
 	if config.Metrics != nil {
 		listener.metrics = config.Metrics
 	}
 	listener.metrics.PublishStatic(config.MinRunners, config.MaxRunners)
 	hostname, err := os.Hostname()
 	if err != nil {
 		hostname = uuid.NewString()
 		listener.logger.Info("Failed to get hostname, fallback to uuid", "uuid", hostname, "error", err)
 	}
 	listener.hostname = hostname
 	return listener, nil
 }
 //go:generate mockery --name Handler --output ./mocks --outpkg mocks --case underscore
 type Handler interface {
 	HandleJobStarted(ctx context.Context, jobInfo *actions.JobStarted) error
 	HandleDesiredRunnerCount(ctx context.Context, desiredRunnerCount int) error
 }
 // Listen listens for incoming messages and handles them using the provided handler.
 // It continuously listens for messages until the context is cancelled.
 // The initial message contains the current statistics and acquirable jobs, if any.
 // The handler is responsible for handling the initial message and subsequent messages.
 // If an error occurs during any step, Listen returns an error.
 func (l *Listener) Listen(ctx context.Context, handler Handler) error {
 	if err := l.createSession(ctx); err != nil {
 		return fmt.Errorf("createSession failed: %w", err)
 	}
 	initialMessage := &actions.RunnerScaleSetMessage{
 		MessageId:   0,
 		MessageType: "RunnerScaleSetJobMessages",
 		Statistics:  l.session.Statistics,
 		Body:        "",
 	}
 	if l.session.Statistics.TotalAvailableJobs > 0 || l.session.Statistics.TotalAssignedJobs > 0 {
 		acquirableJobs, err := l.client.GetAcquirableJobs(ctx, l.scaleSetID)
 		if err != nil {
 			return fmt.Errorf("failed to call GetAcquirableJobs: %w", err)
 		}
 		acquirableJobsJson, err := json.Marshal(acquirableJobs)
 		if err != nil {
 			return fmt.Errorf("failed to marshal acquirable jobs: %w", err)
 		}
 		initialMessage.Body = string(acquirableJobsJson)
 	}
 	if err := handler.HandleDesiredRunnerCount(ctx, initialMessage.Statistics.TotalAssignedJobs); err != nil {
 		return fmt.Errorf("handling initial message failed: %w", err)
 	}
 	for {
 		select {
 		case <-ctx.Done():
 			return fmt.Errorf("context cancelled: %w", ctx.Err())
 		default:
 		}
 		msg, err := l.getMessage(ctx)
 		if err != nil {
 			return fmt.Errorf("failed to get message: %w", err)
 		}
 		if msg == nil {
 			continue
 		}
 		statistics, jobsStarted, err := l.parseMessage(ctx, msg)
 		if err != nil {
 			return fmt.Errorf("failed to parse message: %w", err)
 		}
 		l.lastMessageID = msg.MessageId
 		if err := l.deleteLastMessage(ctx); err != nil {
 			return fmt.Errorf("failed to delete message: %w", err)
 		}
 		for _, jobStarted := range jobsStarted {
 			if err := handler.HandleJobStarted(ctx, jobStarted); err != nil {
 				return fmt.Errorf("failed to handle job started: %w", err)
 			}
 		}
 		if err := handler.HandleDesiredRunnerCount(ctx, statistics.TotalAssignedJobs); err != nil {
 			return fmt.Errorf("failed to handle desired runner count: %w", err)
 		}
 	}
 }
 func (l *Listener) createSession(ctx context.Context) error {
 	var session *actions.RunnerScaleSetSession
 	var retries int
 	for {
 		var err error
 		session, err = l.client.CreateMessageSession(ctx, l.scaleSetID, l.hostname)
 		if err == nil {
 			break
 		}
 		clientErr := &actions.HttpClientSideError{}
 		if !errors.As(err, &clientErr) {
 			return fmt.Errorf("failed to create session: %w", err)
 		}
 		if clientErr.Code != http.StatusConflict {
 			return fmt.Errorf("failed to create session: %w", err)
 		}
 		retries++
 		if retries >= sessionCreationMaxRetries {
 			return fmt.Errorf("failed to create session after %d retries: %w", retries, err)
 		}
 		l.logger.Info("Unable to create message session. Will try again in 30 seconds", "error", err.Error())
 		select {
 		case <-ctx.Done():
 			return fmt.Errorf("context cancelled: %w", ctx.Err())
 		case <-time.After(30 * time.Second):
 		}
 	}
 	statistics, err := json.Marshal(session.Statistics)
 	if err != nil {
 		return fmt.Errorf("failed to marshal statistics: %w", err)
 	}
 	l.logger.Info("Current runner scale set statistics.", "statistics", string(statistics))
 	l.session = session
 	return nil
 }
 func (l *Listener) getMessage(ctx context.Context) (*actions.RunnerScaleSetMessage, error) {
 	l.logger.Info("Getting next message", "lastMessageID", l.lastMessageID)
 	msg, err := l.client.GetMessage(ctx, l.session.MessageQueueUrl, l.session.MessageQueueAccessToken, l.lastMessageID)
 	if err == nil { // if NO error
 		return msg, nil
 	}
 	expiredError := &actions.MessageQueueTokenExpiredError{}
 	if !errors.As(err, &expiredError) {
 		return nil, fmt.Errorf("failed to get next message: %w", err)
 	}
 	if err := l.refreshSession(ctx); err != nil {
 		return nil, err
 	}
 	l.logger.Info("Getting next message", "lastMessageID", l.lastMessageID)
 	msg, err = l.client.GetMessage(ctx, l.session.MessageQueueUrl, l.session.MessageQueueAccessToken, l.lastMessageID)
 	if err != nil { // if NO error
 		return nil, fmt.Errorf("failed to get next message after message session refresh: %w", err)
 	}
 	return msg, nil
 }
 func (l *Listener) deleteLastMessage(ctx context.Context) error {
 	l.logger.Info("Deleting last message", "lastMessageID", l.lastMessageID)
 	if err := l.client.DeleteMessage(ctx, l.session.MessageQueueUrl, l.session.MessageQueueAccessToken, l.lastMessageID); err != nil {
 		return fmt.Errorf("failed to delete message: %w", err)
 	}
 	return nil
 }
 func (l *Listener) parseMessage(ctx context.Context, msg *actions.RunnerScaleSetMessage) (*actions.RunnerScaleSetStatistic, []*actions.JobStarted, error) {
 	l.logger.Info("Processing message", "messageId", msg.MessageId, "messageType", msg.MessageType)
 	if msg.Statistics == nil {
 		return nil, nil, fmt.Errorf("invalid message: statistics is nil")
 	}
 	l.logger.Info("New runner scale set statistics.", "statistics", msg.Statistics)
 	if msg.MessageType != "RunnerScaleSetJobMessages" {
 		l.logger.Info("Skipping message", "messageType", msg.MessageType)
 		return nil, nil, fmt.Errorf("invalid message type: %s", msg.MessageType)
 	}
 	var batchedMessages []json.RawMessage
 	if len(msg.Body) > 0 {
 		if err := json.Unmarshal([]byte(msg.Body), &batchedMessages); err != nil {
 			return nil, nil, fmt.Errorf("failed to unmarshal batched messages: %w", err)
 		}
 	}
 	var availableJobs []int64
 	var startedJobs []*actions.JobStarted
 	for _, msg := range batchedMessages {
 		var messageType actions.JobMessageType
 		if err := json.Unmarshal(msg, &messageType); err != nil {
 			return nil, nil, fmt.Errorf("failed to decode job message type: %w", err)
 		}
 		switch messageType.MessageType {
 		case messageTypeJobAvailable:
 			var jobAvailable actions.JobAvailable
 			if err := json.Unmarshal(msg, &jobAvailable); err != nil {
 				return nil, nil, fmt.Errorf("failed to decode job available: %w", err)
 			}
 			l.logger.Info("Job available message received", "jobId", jobAvailable.RunnerRequestId)
 			availableJobs = append(availableJobs, jobAvailable.RunnerRequestId)
 		case messageTypeJobAssigned:
 			var jobAssigned actions.JobAssigned
 			if err := json.Unmarshal(msg, &jobAssigned); err != nil {
 				return nil, nil, fmt.Errorf("failed to decode job assigned: %w", err)
 			}
 			l.logger.Info("Job assigned message received", "jobId", jobAssigned.RunnerRequestId)
 		case messageTypeJobStarted:
 			var jobStarted actions.JobStarted
 			if err := json.Unmarshal(msg, &jobStarted); err != nil {
 				return nil, nil, fmt.Errorf("could not decode job started message. %w", err)
 			}
 			l.logger.Info("Job started message received.", "RequestId", jobStarted.RunnerRequestId, "RunnerId", jobStarted.RunnerId)
 			startedJobs = append(startedJobs, &jobStarted)
 		case messageTypeJobCompleted:
 			var jobCompleted actions.JobCompleted
 			if err := json.Unmarshal(msg, &jobCompleted); err != nil {
 				return nil, nil, fmt.Errorf("failed to decode job completed: %w", err)
 			}
 			l.logger.Info("Job completed message received.", "RequestId", jobCompleted.RunnerRequestId, "Result", jobCompleted.Result, "RunnerId", jobCompleted.RunnerId, "RunnerName", jobCompleted.RunnerName)
 		default:
 			l.logger.Info("unknown job message type.", "messageType", messageType.MessageType)
 		}
 	}
 	l.logger.Info("Available jobs.", "count", len(availableJobs), "requestIds", fmt.Sprint(availableJobs))
 	if len(availableJobs) > 0 {
 		acquired, err := l.acquireAvailableJobs(ctx, availableJobs)
 		if err != nil {
 			return nil, nil, err
 		}
 		l.logger.Info("Jobs are acquired", "count", len(acquired), "requestIds", fmt.Sprint(acquired))
 	}
 	return msg.Statistics, startedJobs, nil
 }
 func (l *Listener) acquireAvailableJobs(ctx context.Context, availableJobs []int64) ([]int64, error) {
 	l.logger.Info("Acquiring jobs")
 	ids, err := l.client.AcquireJobs(ctx, l.scaleSetID, l.session.MessageQueueAccessToken, availableJobs)
 	if err == nil { // if NO errors
 		return ids, nil
 	}
 	expiredError := &actions.MessageQueueTokenExpiredError{}
 	if !errors.As(err, &expiredError) {
 		return nil, fmt.Errorf("failed to acquire jobs: %w", err)
 	}
 	if err := l.refreshSession(ctx); err != nil {
 		return nil, err
 	}
 	ids, err = l.client.AcquireJobs(ctx, l.scaleSetID, l.session.MessageQueueAccessToken, availableJobs)
 	if err != nil {
 		return nil, fmt.Errorf("failed to acquire jobs after session refresh: %w", err)
 	}
 	return ids, nil
 }
 func (l *Listener) refreshSession(ctx context.Context) error {
 	l.logger.Info("Message queue token is expired during GetNextMessage, refreshing...")
 	session, err := l.client.RefreshMessageSession(ctx, l.session.RunnerScaleSet.Id, l.session.SessionId)
 	if err != nil {
 		return fmt.Errorf("refresh message session failed. %w", err)
 	}
 	l.session = session
 	return nil
 }
--- a/cmd/ghalistener/listener/listener_test.go
+++ b/cmd/ghalistener/listener/listener_test.go
@@ -0,0 +1,613 @@
 package listener
 import (
 	"context"
 	"errors"
 	"net/http"
 	"testing"
 	"time"
 	listenermocks "github.com/actions/actions-runner-controller/cmd/ghalistener/listener/mocks"
 	"github.com/actions/actions-runner-controller/cmd/ghalistener/metrics"
 	metricsmocks "github.com/actions/actions-runner-controller/cmd/ghalistener/metrics/mocks"
 	"github.com/actions/actions-runner-controller/github/actions"
 	"github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 )
 func TestNew(t *testing.T) {
 	t.Parallel()
 	t.Run("InvalidConfig", func(t *testing.T) {
 		t.Parallel()
 		var config Config
 		_, err := New(config)
 		assert.NotNil(t, err)
 	})
 	t.Run("ValidConfig", func(t *testing.T) {
 		t.Parallel()
 		config := Config{
 			Client:     listenermocks.NewClient(t),
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		l, err := New(config)
 		assert.Nil(t, err)
 		assert.NotNil(t, l)
 	})
 	t.Run("SetStaticMetrics", func(t *testing.T) {
 		t.Parallel()
 		metrics := metricsmocks.NewPublisher(t)
 		metrics.On("PublishStatic", mock.Anything, mock.Anything).Once()
 		config := Config{
 			Client:     listenermocks.NewClient(t),
 			ScaleSetID: 1,
 			Metrics:    metrics,
 		}
 		l, err := New(config)
 		assert.Nil(t, err)
 		assert.NotNil(t, l)
 	})
 }
 func TestListener_createSession(t *testing.T) {
 	t.Parallel()
 	t.Run("FailOnce", func(t *testing.T) {
 		t.Parallel()
 		ctx := context.Background()
 		config := Config{
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		client := listenermocks.NewClient(t)
 		client.On("CreateMessageSession", ctx, mock.Anything, mock.Anything).Return(nil, assert.AnError).Once()
 		config.Client = client
 		l, err := New(config)
 		require.Nil(t, err)
 		err = l.createSession(ctx)
 		assert.NotNil(t, err)
 	})
 	t.Run("FailContext", func(t *testing.T) {
 		t.Parallel()
 		ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
 		defer cancel()
 		config := Config{
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		client := listenermocks.NewClient(t)
 		client.On("CreateMessageSession", ctx, mock.Anything, mock.Anything).Return(nil,
 			&actions.HttpClientSideError{Code: http.StatusConflict}).Once()
 		config.Client = client
 		l, err := New(config)
 		require.Nil(t, err)
 		err = l.createSession(ctx)
 		assert.True(t, errors.Is(err, context.DeadlineExceeded))
 	})
 	t.Run("SetsSession", func(t *testing.T) {
 		t.Parallel()
 		config := Config{
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		client := listenermocks.NewClient(t)
 		uuid := uuid.New()
 		session := &actions.RunnerScaleSetSession{
 			SessionId:               &uuid,
 			OwnerName:               "example",
 			RunnerScaleSet:          &actions.RunnerScaleSet{},
 			MessageQueueUrl:         "https://example.com",
 			MessageQueueAccessToken: "1234567890",
 			Statistics:              nil,
 		}
 		client.On("CreateMessageSession", mock.Anything, mock.Anything, mock.Anything).Return(session, nil).Once()
 		config.Client = client
 		l, err := New(config)
 		require.Nil(t, err)
 		err = l.createSession(context.Background())
 		assert.Nil(t, err)
 		assert.Equal(t, session, l.session)
 	})
 }
 func TestListener_getMessage(t *testing.T) {
 	t.Parallel()
 	t.Run("ReceivesMessage", func(t *testing.T) {
 		t.Parallel()
 		ctx := context.Background()
 		config := Config{
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		client := listenermocks.NewClient(t)
 		want := &actions.RunnerScaleSetMessage{
 			MessageId: 1,
 		}
 		client.On("GetMessage", ctx, mock.Anything, mock.Anything, mock.Anything).Return(want, nil).Once()
 		config.Client = client
 		l, err := New(config)
 		require.Nil(t, err)
 		l.session = &actions.RunnerScaleSetSession{}
 		got, err := l.getMessage(ctx)
 		assert.Nil(t, err)
 		assert.Equal(t, want, got)
 	})
 	t.Run("NotExpiredError", func(t *testing.T) {
 		t.Parallel()
 		ctx := context.Background()
 		config := Config{
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		client := listenermocks.NewClient(t)
 		client.On("GetMessage", ctx, mock.Anything, mock.Anything, mock.Anything).Return(nil, &actions.HttpClientSideError{Code: http.StatusNotFound}).Once()
 		config.Client = client
 		l, err := New(config)
 		require.Nil(t, err)
 		l.session = &actions.RunnerScaleSetSession{}
 		_, err = l.getMessage(ctx)
 		assert.NotNil(t, err)
 	})
 	t.Run("RefreshAndSucceeds", func(t *testing.T) {
 		t.Parallel()
 		ctx := context.Background()
 		config := Config{
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		client := listenermocks.NewClient(t)
 		uuid := uuid.New()
 		session := &actions.RunnerScaleSetSession{
 			SessionId:               &uuid,
 			OwnerName:               "example",
 			RunnerScaleSet:          &actions.RunnerScaleSet{},
 			MessageQueueUrl:         "https://example.com",
 			MessageQueueAccessToken: "1234567890",
 			Statistics:              nil,
 		}
 		client.On("RefreshMessageSession", ctx, mock.Anything, mock.Anything).Return(session, nil).Once()
 		client.On("GetMessage", ctx, mock.Anything, mock.Anything, mock.Anything).Return(nil, &actions.MessageQueueTokenExpiredError{}).Once()
 		want := &actions.RunnerScaleSetMessage{
 			MessageId: 1,
 		}
 		client.On("GetMessage", ctx, mock.Anything, mock.Anything, mock.Anything).Return(want, nil).Once()
 		config.Client = client
 		l, err := New(config)
 		require.Nil(t, err)
 		l.session = &actions.RunnerScaleSetSession{
 			SessionId:      &uuid,
 			RunnerScaleSet: &actions.RunnerScaleSet{},
 		}
 		got, err := l.getMessage(ctx)
 		assert.Nil(t, err)
 		assert.Equal(t, want, got)
 	})
 	t.Run("RefreshAndFails", func(t *testing.T) {
 		t.Parallel()
 		ctx := context.Background()
 		config := Config{
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		client := listenermocks.NewClient(t)
 		uuid := uuid.New()
 		session := &actions.RunnerScaleSetSession{
 			SessionId:               &uuid,
 			OwnerName:               "example",
 			RunnerScaleSet:          &actions.RunnerScaleSet{},
 			MessageQueueUrl:         "https://example.com",
 			MessageQueueAccessToken: "1234567890",
 			Statistics:              nil,
 		}
 		client.On("RefreshMessageSession", ctx, mock.Anything, mock.Anything).Return(session, nil).Once()
 		client.On("GetMessage", ctx, mock.Anything, mock.Anything, mock.Anything).Return(nil, &actions.MessageQueueTokenExpiredError{}).Twice()
 		config.Client = client
 		l, err := New(config)
 		require.Nil(t, err)
 		l.session = &actions.RunnerScaleSetSession{
 			SessionId:      &uuid,
 			RunnerScaleSet: &actions.RunnerScaleSet{},
 		}
 		got, err := l.getMessage(ctx)
 		assert.NotNil(t, err)
 		assert.Nil(t, got)
 	})
 }
 func TestListener_refreshSession(t *testing.T) {
 	t.Parallel()
 	t.Run("SuccessfullyRefreshes", func(t *testing.T) {
 		t.Parallel()
 		ctx := context.Background()
 		config := Config{
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		client := listenermocks.NewClient(t)
 		newUUID := uuid.New()
 		session := &actions.RunnerScaleSetSession{
 			SessionId:               &newUUID,
 			OwnerName:               "example",
 			RunnerScaleSet:          &actions.RunnerScaleSet{},
 			MessageQueueUrl:         "https://example.com",
 			MessageQueueAccessToken: "1234567890",
 			Statistics:              nil,
 		}
 		client.On("RefreshMessageSession", ctx, mock.Anything, mock.Anything).Return(session, nil).Once()
 		config.Client = client
 		l, err := New(config)
 		require.Nil(t, err)
 		oldUUID := uuid.New()
 		l.session = &actions.RunnerScaleSetSession{
 			SessionId:      &oldUUID,
 			RunnerScaleSet: &actions.RunnerScaleSet{},
 		}
 		err = l.refreshSession(ctx)
 		assert.Nil(t, err)
 		assert.Equal(t, session, l.session)
 	})
 	t.Run("FailsToRefresh", func(t *testing.T) {
 		t.Parallel()
 		ctx := context.Background()
 		config := Config{
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		client := listenermocks.NewClient(t)
 		client.On("RefreshMessageSession", ctx, mock.Anything, mock.Anything).Return(nil, errors.New("error")).Once()
 		config.Client = client
 		l, err := New(config)
 		require.Nil(t, err)
 		oldUUID := uuid.New()
 		oldSession := &actions.RunnerScaleSetSession{
 			SessionId:      &oldUUID,
 			RunnerScaleSet: &actions.RunnerScaleSet{},
 		}
 		l.session = oldSession
 		err = l.refreshSession(ctx)
 		assert.NotNil(t, err)
 		assert.Equal(t, oldSession, l.session)
 	})
 }
 func TestListener_deleteLastMessage(t *testing.T) {
 	t.Parallel()
 	t.Run("SuccessfullyDeletes", func(t *testing.T) {
 		t.Parallel()
 		ctx := context.Background()
 		config := Config{
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		client := listenermocks.NewClient(t)
 		client.On("DeleteMessage", ctx, mock.Anything, mock.Anything, mock.MatchedBy(func(lastMessageID any) bool {
 			return lastMessageID.(int64) == int64(5)
 		})).Return(nil).Once()
 		config.Client = client
 		l, err := New(config)
 		require.Nil(t, err)
 		l.session = &actions.RunnerScaleSetSession{}
 		l.lastMessageID = 5
 		err = l.deleteLastMessage(ctx)
 		assert.Nil(t, err)
 	})
 	t.Run("FailsToDelete", func(t *testing.T) {
 		t.Parallel()
 		ctx := context.Background()
 		config := Config{
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		client := listenermocks.NewClient(t)
 		client.On("DeleteMessage", ctx, mock.Anything, mock.Anything, mock.Anything).Return(errors.New("error")).Once()
 		config.Client = client
 		l, err := New(config)
 		require.Nil(t, err)
 		l.session = &actions.RunnerScaleSetSession{}
 		l.lastMessageID = 5
 		err = l.deleteLastMessage(ctx)
 		assert.NotNil(t, err)
 	})
 }
 func TestListener_Listen(t *testing.T) {
 	t.Parallel()
 	t.Run("CreateSessionFails", func(t *testing.T) {
 		t.Parallel()
 		ctx := context.Background()
 		config := Config{
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		client := listenermocks.NewClient(t)
 		client.On("CreateMessageSession", ctx, mock.Anything, mock.Anything).Return(nil, assert.AnError).Once()
 		config.Client = client
 		l, err := New(config)
 		require.Nil(t, err)
 		err = l.Listen(ctx, nil)
 		assert.NotNil(t, err)
 	})
 	t.Run("CallHandleRegardlessOfInitialMessage", func(t *testing.T) {
 		t.Parallel()
 		ctx, cancel := context.WithCancel(context.Background())
 		config := Config{
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		client := listenermocks.NewClient(t)
 		uuid := uuid.New()
 		session := &actions.RunnerScaleSetSession{
 			SessionId:               &uuid,
 			OwnerName:               "example",
 			RunnerScaleSet:          &actions.RunnerScaleSet{},
 			MessageQueueUrl:         "https://example.com",
 			MessageQueueAccessToken: "1234567890",
 			Statistics:              &actions.RunnerScaleSetStatistic{},
 		}
 		client.On("CreateMessageSession", ctx, mock.Anything, mock.Anything).Return(session, nil).Once()
 		config.Client = client
 		l, err := New(config)
 		require.Nil(t, err)
 		var called bool
 		handler := listenermocks.NewHandler(t)
 		handler.On("HandleDesiredRunnerCount", mock.Anything, mock.Anything).
 			Return(nil).
 			Run(
 				func(mock.Arguments) {
 					called = true
 					cancel()
 				},
 			).
 			Once()
 		err = l.Listen(ctx, handler)
 		assert.True(t, errors.Is(err, context.Canceled))
 		assert.True(t, called)
 	})
 }
 func TestListener_acquireAvailableJobs(t *testing.T) {
 	t.Parallel()
 	t.Run("FailingToAcquireJobs", func(t *testing.T) {
 		t.Parallel()
 		ctx := context.Background()
 		config := Config{
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		client := listenermocks.NewClient(t)
 		client.On("AcquireJobs", ctx, mock.Anything, mock.Anything, mock.Anything).Return(nil, assert.AnError).Once()
 		config.Client = client
 		l, err := New(config)
 		require.Nil(t, err)
 		uuid := uuid.New()
 		l.session = &actions.RunnerScaleSetSession{
 			SessionId:               &uuid,
 			OwnerName:               "example",
 			RunnerScaleSet:          &actions.RunnerScaleSet{},
 			MessageQueueUrl:         "https://example.com",
 			MessageQueueAccessToken: "1234567890",
 			Statistics:              &actions.RunnerScaleSetStatistic{},
 		}
 		_, err = l.acquireAvailableJobs(ctx, []int64{1, 2, 3})
 		assert.Error(t, err)
 	})
 	t.Run("SuccessfullyAcquiresJobsOnFirstRun", func(t *testing.T) {
 		t.Parallel()
 		ctx := context.Background()
 		config := Config{
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		client := listenermocks.NewClient(t)
 		jobIDs := []int64{1, 2, 3}
 		client.On("AcquireJobs", ctx, mock.Anything, mock.Anything, mock.Anything).Return(jobIDs, nil).Once()
 		config.Client = client
 		l, err := New(config)
 		require.Nil(t, err)
 		uuid := uuid.New()
 		l.session = &actions.RunnerScaleSetSession{
 			SessionId:               &uuid,
 			OwnerName:               "example",
 			RunnerScaleSet:          &actions.RunnerScaleSet{},
 			MessageQueueUrl:         "https://example.com",
 			MessageQueueAccessToken: "1234567890",
 			Statistics:              &actions.RunnerScaleSetStatistic{},
 		}
 		acquiredJobIDs, err := l.acquireAvailableJobs(ctx, []int64{1, 2, 3})
 		assert.NoError(t, err)
 		assert.Equal(t, jobIDs, acquiredJobIDs)
 	})
 	t.Run("RefreshAndSucceeds", func(t *testing.T) {
 		t.Parallel()
 		ctx := context.Background()
 		config := Config{
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		client := listenermocks.NewClient(t)
 		uuid := uuid.New()
 		session := &actions.RunnerScaleSetSession{
 			SessionId:               &uuid,
 			OwnerName:               "example",
 			RunnerScaleSet:          &actions.RunnerScaleSet{},
 			MessageQueueUrl:         "https://example.com",
 			MessageQueueAccessToken: "1234567890",
 			Statistics:              nil,
 		}
 		client.On("RefreshMessageSession", ctx, mock.Anything, mock.Anything).Return(session, nil).Once()
 		// First call to AcquireJobs will fail with a token expired error
 		client.On("AcquireJobs", ctx, mock.Anything, mock.Anything, mock.Anything).Return(nil, &actions.MessageQueueTokenExpiredError{}).Once()
 		// Second call to AcquireJobs will succeed
 		want := []int64{1, 2, 3}
 		client.On("AcquireJobs", ctx, mock.Anything, mock.Anything, mock.Anything).Return(want, nil).Once()
 		config.Client = client
 		l, err := New(config)
 		require.Nil(t, err)
 		l.session = &actions.RunnerScaleSetSession{
 			SessionId:      &uuid,
 			RunnerScaleSet: &actions.RunnerScaleSet{},
 		}
 		got, err := l.acquireAvailableJobs(ctx, want)
 		assert.Nil(t, err)
 		assert.Equal(t, want, got)
 	})
 	t.Run("RefreshAndFails", func(t *testing.T) {
 		t.Parallel()
 		ctx := context.Background()
 		config := Config{
 			ScaleSetID: 1,
 			Metrics:    metrics.Discard,
 		}
 		client := listenermocks.NewClient(t)
 		uuid := uuid.New()
 		session := &actions.RunnerScaleSetSession{
 			SessionId:               &uuid,
 			OwnerName:               "example",
 			RunnerScaleSet:          &actions.RunnerScaleSet{},
 			MessageQueueUrl:         "https://example.com",
 			MessageQueueAccessToken: "1234567890",
 			Statistics:              nil,
 		}
 		client.On("RefreshMessageSession", ctx, mock.Anything, mock.Anything).Return(session, nil).Once()
 		client.On("AcquireJobs", ctx, mock.Anything, mock.Anything, mock.Anything).Return(nil, &actions.MessageQueueTokenExpiredError{}).Twice()
 		config.Client = client
 		l, err := New(config)
 		require.Nil(t, err)
 		l.session = &actions.RunnerScaleSetSession{
 			SessionId:      &uuid,
 			RunnerScaleSet: &actions.RunnerScaleSet{},
 		}
 		got, err := l.acquireAvailableJobs(ctx, []int64{1, 2, 3})
 		assert.NotNil(t, err)
 		assert.Nil(t, got)
 	})
 }
--- a/cmd/ghalistener/listener/mocks/client.go
+++ b/cmd/ghalistener/listener/mocks/client.go
@@ -0,0 +1,176 @@
 // Code generated by mockery v2.36.1. DO NOT EDIT.
 package mocks
 import (
 	context "context"
 	actions "github.com/actions/actions-runner-controller/github/actions"
 	mock "github.com/stretchr/testify/mock"
 	uuid "github.com/google/uuid"
 )
 // Client is an autogenerated mock type for the Client type
 type Client struct {
 	mock.Mock
 }
 // AcquireJobs provides a mock function with given fields: ctx, runnerScaleSetId, messageQueueAccessToken, requestIds
 func (_m *Client) AcquireJobs(ctx context.Context, runnerScaleSetId int, messageQueueAccessToken string, requestIds []int64) ([]int64, error) {
 	ret := _m.Called(ctx, runnerScaleSetId, messageQueueAccessToken, requestIds)
 	var r0 []int64
 	var r1 error
 	if rf, ok := ret.Get(0).(func(context.Context, int, string, []int64) ([]int64, error)); ok {
 		return rf(ctx, runnerScaleSetId, messageQueueAccessToken, requestIds)
 	}
 	if rf, ok := ret.Get(0).(func(context.Context, int, string, []int64) []int64); ok {
 		r0 = rf(ctx, runnerScaleSetId, messageQueueAccessToken, requestIds)
 	} else {
 		if ret.Get(0) != nil {
 			r0 = ret.Get(0).([]int64)
 		}
 	}
 	if rf, ok := ret.Get(1).(func(context.Context, int, string, []int64) error); ok {
 		r1 = rf(ctx, runnerScaleSetId, messageQueueAccessToken, requestIds)
 	} else {
 		r1 = ret.Error(1)
 	}
 	return r0, r1
 }
 // CreateMessageSession provides a mock function with given fields: ctx, runnerScaleSetId, owner
 func (_m *Client) CreateMessageSession(ctx context.Context, runnerScaleSetId int, owner string) (*actions.RunnerScaleSetSession, error) {
 	ret := _m.Called(ctx, runnerScaleSetId, owner)
 	var r0 *actions.RunnerScaleSetSession
 	var r1 error
 	if rf, ok := ret.Get(0).(func(context.Context, int, string) (*actions.RunnerScaleSetSession, error)); ok {
 		return rf(ctx, runnerScaleSetId, owner)
 	}
 	if rf, ok := ret.Get(0).(func(context.Context, int, string) *actions.RunnerScaleSetSession); ok {
 		r0 = rf(ctx, runnerScaleSetId, owner)
 	} else {
 		if ret.Get(0) != nil {
 			r0 = ret.Get(0).(*actions.RunnerScaleSetSession)
 		}
 	}
 	if rf, ok := ret.Get(1).(func(context.Context, int, string) error); ok {
 		r1 = rf(ctx, runnerScaleSetId, owner)
 	} else {
 		r1 = ret.Error(1)
 	}
 	return r0, r1
 }
 // DeleteMessage provides a mock function with given fields: ctx, messageQueueUrl, messageQueueAccessToken, messageId
 func (_m *Client) DeleteMessage(ctx context.Context, messageQueueUrl string, messageQueueAccessToken string, messageId int64) error {
 	ret := _m.Called(ctx, messageQueueUrl, messageQueueAccessToken, messageId)
 	var r0 error
 	if rf, ok := ret.Get(0).(func(context.Context, string, string, int64) error); ok {
 		r0 = rf(ctx, messageQueueUrl, messageQueueAccessToken, messageId)
 	} else {
 		r0 = ret.Error(0)
 	}
 	return r0
 }
 // GetAcquirableJobs provides a mock function with given fields: ctx, runnerScaleSetId
 func (_m *Client) GetAcquirableJobs(ctx context.Context, runnerScaleSetId int) (*actions.AcquirableJobList, error) {
 	ret := _m.Called(ctx, runnerScaleSetId)
 	var r0 *actions.AcquirableJobList
 	var r1 error
 	if rf, ok := ret.Get(0).(func(context.Context, int) (*actions.AcquirableJobList, error)); ok {
 		return rf(ctx, runnerScaleSetId)
 	}
 	if rf, ok := ret.Get(0).(func(context.Context, int) *actions.AcquirableJobList); ok {
 		r0 = rf(ctx, runnerScaleSetId)
 	} else {
 		if ret.Get(0) != nil {
 			r0 = ret.Get(0).(*actions.AcquirableJobList)
 		}
 	}
 	if rf, ok := ret.Get(1).(func(context.Context, int) error); ok {
 		r1 = rf(ctx, runnerScaleSetId)
 	} else {
 		r1 = ret.Error(1)
 	}
 	return r0, r1
 }
 // GetMessage provides a mock function with given fields: ctx, messageQueueUrl, messageQueueAccessToken, lastMessageId
 func (_m *Client) GetMessage(ctx context.Context, messageQueueUrl string, messageQueueAccessToken string, lastMessageId int64) (*actions.RunnerScaleSetMessage, error) {
 	ret := _m.Called(ctx, messageQueueUrl, messageQueueAccessToken, lastMessageId)
 	var r0 *actions.RunnerScaleSetMessage
 	var r1 error
 	if rf, ok := ret.Get(0).(func(context.Context, string, string, int64) (*actions.RunnerScaleSetMessage, error)); ok {
 		return rf(ctx, messageQueueUrl, messageQueueAccessToken, lastMessageId)
 	}
 	if rf, ok := ret.Get(0).(func(context.Context, string, string, int64) *actions.RunnerScaleSetMessage); ok {
 		r0 = rf(ctx, messageQueueUrl, messageQueueAccessToken, lastMessageId)
 	} else {
 		if ret.Get(0) != nil {
 			r0 = ret.Get(0).(*actions.RunnerScaleSetMessage)
 		}
 	}
 	if rf, ok := ret.Get(1).(func(context.Context, string, string, int64) error); ok {
 		r1 = rf(ctx, messageQueueUrl, messageQueueAccessToken, lastMessageId)
 	} else {
 		r1 = ret.Error(1)
 	}
 	return r0, r1
 }
 // RefreshMessageSession provides a mock function with given fields: ctx, runnerScaleSetId, sessionId
 func (_m *Client) RefreshMessageSession(ctx context.Context, runnerScaleSetId int, sessionId *uuid.UUID) (*actions.RunnerScaleSetSession, error) {
 	ret := _m.Called(ctx, runnerScaleSetId, sessionId)
 	var r0 *actions.RunnerScaleSetSession
 	var r1 error
 	if rf, ok := ret.Get(0).(func(context.Context, int, *uuid.UUID) (*actions.RunnerScaleSetSession, error)); ok {
 		return rf(ctx, runnerScaleSetId, sessionId)
 	}
 	if rf, ok := ret.Get(0).(func(context.Context, int, *uuid.UUID) *actions.RunnerScaleSetSession); ok {
 		r0 = rf(ctx, runnerScaleSetId, sessionId)
 	} else {
 		if ret.Get(0) != nil {
 			r0 = ret.Get(0).(*actions.RunnerScaleSetSession)
 		}
 	}
 	if rf, ok := ret.Get(1).(func(context.Context, int, *uuid.UUID) error); ok {
 		r1 = rf(ctx, runnerScaleSetId, sessionId)
 	} else {
 		r1 = ret.Error(1)
 	}
 	return r0, r1
 }
 // NewClient creates a new instance of Client. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
 // The first argument is typically a *testing.T value.
 func NewClient(t interface {
 	mock.TestingT
 	Cleanup(func())
 }) *Client {
 	mock := &Client{}
 	mock.Mock.Test(t)
 	t.Cleanup(func() { mock.AssertExpectations(t) })
 	return mock
 }
--- a/cmd/ghalistener/listener/mocks/handler.go
+++ b/cmd/ghalistener/listener/mocks/handler.go
@@ -0,0 +1,58 @@
 // Code generated by mockery v2.36.1. DO NOT EDIT.
 package mocks
 import (
 	context "context"
 	actions "github.com/actions/actions-runner-controller/github/actions"
 	mock "github.com/stretchr/testify/mock"
 )
 // Handler is an autogenerated mock type for the Handler type
 type Handler struct {
 	mock.Mock
 }
 // HandleDesiredRunnerCount provides a mock function with given fields: ctx, desiredRunnerCount
 func (_m *Handler) HandleDesiredRunnerCount(ctx context.Context, desiredRunnerCount int) error {
 	ret := _m.Called(ctx, desiredRunnerCount)
 	var r0 error
 	if rf, ok := ret.Get(0).(func(context.Context, int) error); ok {
 		r0 = rf(ctx, desiredRunnerCount)
 	} else {
 		r0 = ret.Error(0)
 	}
 	return r0
 }
 // HandleJobStarted provides a mock function with given fields: ctx, jobInfo
 func (_m *Handler) HandleJobStarted(ctx context.Context, jobInfo *actions.JobStarted) error {
 	ret := _m.Called(ctx, jobInfo)
 	var r0 error
 	if rf, ok := ret.Get(0).(func(context.Context, *actions.JobStarted) error); ok {
 		r0 = rf(ctx, jobInfo)
 	} else {
 		r0 = ret.Error(0)
 	}
 	return r0
 }
 // NewHandler creates a new instance of Handler. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
 // The first argument is typically a *testing.T value.
 func NewHandler(t interface {
 	mock.TestingT
 	Cleanup(func())
 }) *Handler {
 	mock := &Handler{}
 	mock.Mock.Test(t)
 	t.Cleanup(func() { mock.AssertExpectations(t) })
 	return mock
 }
--- a/cmd/ghalistener/main.go
+++ b/cmd/ghalistener/main.go
@@ -0,0 +1,40 @@
 package main
 import (
 	"context"
 	"fmt"
 	"log"
 	"os"
 	"os/signal"
 	"syscall"
 	"github.com/actions/actions-runner-controller/cmd/ghalistener/app"
 	"github.com/actions/actions-runner-controller/cmd/ghalistener/config"
 )
 func main() {
 	configPath, ok := os.LookupEnv("LISTENER_CONFIG_PATH")
 	if !ok {
 		fmt.Fprintf(os.Stderr, "Error: LISTENER_CONFIG_PATH environment variable is not set\n")
 		os.Exit(1)
 	}
 	config, err := config.Read(configPath)
 	if err != nil {
 		log.Printf("Failed to read config: %v", err)
 		os.Exit(1)
 	}
 	app, err := app.New(config)
 	if err != nil {
 		log.Printf("Failed to initialize app: %v", err)
 		os.Exit(1)
 	}
 	ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
 	defer stop()
 	if err := app.Run(ctx); err != nil {
 		log.Printf("Application returned an error: %v", err)
 		os.Exit(1)
 	}
 }
--- a/cmd/ghalistener/metrics/metrics.go
+++ b/cmd/ghalistener/metrics/metrics.go
@@ -0,0 +1,387 @@
 package metrics
 import (
 	"context"
 	"net/http"
 	"strconv"
 	"github.com/actions/actions-runner-controller/github/actions"
 	"github.com/go-logr/logr"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 )
 const (
 	labelKeyRunnerScaleSetName      = "name"
 	labelKeyRunnerScaleSetNamespace = "namespace"
 	labelKeyEnterprise              = "enterprise"
 	labelKeyOrganization            = "organization"
 	labelKeyRepository              = "repository"
 	labelKeyJobName                 = "job_name"
 	labelKeyJobWorkflowRef          = "job_workflow_ref"
 	labelKeyEventName               = "event_name"
 	labelKeyJobResult               = "job_result"
 	labelKeyRunnerID                = "runner_id"
 	labelKeyRunnerName              = "runner_name"
 )
 const githubScaleSetSubsystem = "gha"
 // labels
 var (
 	scaleSetLabels = []string{
 		labelKeyRunnerScaleSetName,
 		labelKeyRepository,
 		labelKeyOrganization,
 		labelKeyEnterprise,
 		labelKeyRunnerScaleSetNamespace,
 	}
 	jobLabels = []string{
 		labelKeyRepository,
 		labelKeyOrganization,
 		labelKeyEnterprise,
 		labelKeyJobName,
 		labelKeyJobWorkflowRef,
 		labelKeyEventName,
 	}
 	completedJobsTotalLabels   = append(jobLabels, labelKeyJobResult, labelKeyRunnerID, labelKeyRunnerName)
 	jobExecutionDurationLabels = append(jobLabels, labelKeyJobResult, labelKeyRunnerID, labelKeyRunnerName)
 	startedJobsTotalLabels     = append(jobLabels, labelKeyRunnerID, labelKeyRunnerName)
 	jobStartupDurationLabels   = append(jobLabels, labelKeyRunnerID, labelKeyRunnerName)
 )
 var (
 	assignedJobs = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "assigned_jobs",
 			Help:      "Number of jobs assigned to this scale set.",
 		},
 		scaleSetLabels,
 	)
 	runningJobs = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "running_jobs",
 			Help:      "Number of jobs running (or about to be run).",
 		},
 		scaleSetLabels,
 	)
 	registeredRunners = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "registered_runners",
 			Help:      "Number of runners registered by the scale set.",
 		},
 		scaleSetLabels,
 	)
 	busyRunners = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "busy_runners",
 			Help:      "Number of registered runners running a job.",
 		},
 		scaleSetLabels,
 	)
 	minRunners = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "min_runners",
 			Help:      "Minimum number of runners.",
 		},
 		scaleSetLabels,
 	)
 	maxRunners = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "max_runners",
 			Help:      "Maximum number of runners.",
 		},
 		scaleSetLabels,
 	)
 	desiredRunners = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "desired_runners",
 			Help:      "Number of runners desired by the scale set.",
 		},
 		scaleSetLabels,
 	)
 	idleRunners = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "idle_runners",
 			Help:      "Number of registered runners not running a job.",
 		},
 		scaleSetLabels,
 	)
 	startedJobsTotal = prometheus.NewCounterVec(
 		prometheus.CounterOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "started_jobs_total",
 			Help:      "Total number of jobs started.",
 		},
 		startedJobsTotalLabels,
 	)
 	completedJobsTotal = prometheus.NewCounterVec(
 		prometheus.CounterOpts{
 			Name:      "completed_jobs_total",
 			Help:      "Total number of jobs completed.",
 			Subsystem: githubScaleSetSubsystem,
 		},
 		completedJobsTotalLabels,
 	)
 	jobStartupDurationSeconds = prometheus.NewHistogramVec(
 		prometheus.HistogramOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "job_startup_duration_seconds",
 			Help:      "Time spent waiting for workflow job to get started on the runner owned by the scale set (in seconds).",
 			Buckets:   runtimeBuckets,
 		},
 		jobStartupDurationLabels,
 	)
 	jobExecutionDurationSeconds = prometheus.NewHistogramVec(
 		prometheus.HistogramOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "job_execution_duration_seconds",
 			Help:      "Time spent executing workflow jobs by the scale set (in seconds).",
 			Buckets:   runtimeBuckets,
 		},
 		jobExecutionDurationLabels,
 	)
 )
 var runtimeBuckets []float64 = []float64{
 	0.01,
 	0.05,
 	0.1,
 	0.5,
 	1,
 	2,
 	3,
 	4,
 	5,
 	6,
 	7,
 	8,
 	9,
 	10,
 	12,
 	15,
 	18,
 	20,
 	25,
 	30,
 	40,
 	50,
 	60,
 	70,
 	80,
 	90,
 	100,
 	110,
 	120,
 	150,
 	180,
 	210,
 	240,
 	300,
 	360,
 	420,
 	480,
 	540,
 	600,
 	900,
 	1200,
 	1800,
 	2400,
 	3000,
 	3600,
 }
 type baseLabels struct {
 	scaleSetName      string
 	scaleSetNamespace string
 	enterprise        string
 	organization      string
 	repository        string
 }
 func (b *baseLabels) jobLabels(jobBase *actions.JobMessageBase) prometheus.Labels {
 	return prometheus.Labels{
 		labelKeyEnterprise:     b.enterprise,
 		labelKeyOrganization:   b.organization,
 		labelKeyRepository:     b.repository,
 		labelKeyJobName:        jobBase.JobDisplayName,
 		labelKeyJobWorkflowRef: jobBase.JobWorkflowRef,
 		labelKeyEventName:      jobBase.EventName,
 	}
 }
 func (b *baseLabels) scaleSetLabels() prometheus.Labels {
 	return prometheus.Labels{
 		labelKeyRunnerScaleSetName:      b.scaleSetName,
 		labelKeyRunnerScaleSetNamespace: b.scaleSetNamespace,
 		labelKeyEnterprise:              b.enterprise,
 		labelKeyOrganization:            b.organization,
 		labelKeyRepository:              b.repository,
 	}
 }
 func (b *baseLabels) completedJobLabels(msg *actions.JobCompleted) prometheus.Labels {
 	l := b.jobLabels(&msg.JobMessageBase)
 	l[labelKeyRunnerID] = strconv.Itoa(msg.RunnerId)
 	l[labelKeyJobResult] = msg.Result
 	l[labelKeyRunnerName] = msg.RunnerName
 	return l
 }
 func (b *baseLabels) startedJobLabels(msg *actions.JobStarted) prometheus.Labels {
 	l := b.jobLabels(&msg.JobMessageBase)
 	l[labelKeyRunnerID] = strconv.Itoa(msg.RunnerId)
 	l[labelKeyRunnerName] = msg.RunnerName
 	return l
 }
 //go:generate mockery --name Publisher --output ./mocks --outpkg mocks --case underscore
 type Publisher interface {
 	PublishStatic(min, max int)
 	PublishStatistics(stats *actions.RunnerScaleSetStatistic)
 	PublishJobStarted(msg *actions.JobStarted)
 	PublishJobCompleted(msg *actions.JobCompleted)
 	PublishDesiredRunners(count int)
 }
 //go:generate mockery --name ServerPublisher --output ./mocks --outpkg mocks --case underscore
 type ServerPublisher interface {
 	Publisher
 	ListenAndServe(ctx context.Context) error
 }
 var _ Publisher = &discard{}
 var _ ServerPublisher = &exporter{}
 var Discard Publisher = &discard{}
 type exporter struct {
 	logger logr.Logger
 	baseLabels
 	srv *http.Server
 }
 type ExporterConfig struct {
 	ScaleSetName      string
 	ScaleSetNamespace string
 	Enterprise        string
 	Organization      string
 	Repository        string
 	ServerAddr        string
 	ServerEndpoint    string
 	Logger            logr.Logger
 }
 func NewExporter(config ExporterConfig) ServerPublisher {
 	reg := prometheus.NewRegistry()
 	reg.MustRegister(
 		assignedJobs,
 		runningJobs,
 		registeredRunners,
 		busyRunners,
 		minRunners,
 		maxRunners,
 		desiredRunners,
 		idleRunners,
 		startedJobsTotal,
 		completedJobsTotal,
 		jobStartupDurationSeconds,
 		jobExecutionDurationSeconds,
 	)
 	mux := http.NewServeMux()
 	mux.Handle(
 		config.ServerEndpoint,
 		promhttp.HandlerFor(reg, promhttp.HandlerOpts{Registry: reg}),
 	)
 	return &exporter{
 		logger: config.Logger.WithName("metrics"),
 		baseLabels: baseLabels{
 			scaleSetName:      config.ScaleSetName,
 			scaleSetNamespace: config.ScaleSetNamespace,
 			enterprise:        config.Enterprise,
 			organization:      config.Organization,
 			repository:        config.Repository,
 		},
 		srv: &http.Server{
 			Addr:    config.ServerAddr,
 			Handler: mux,
 		},
 	}
 }
 func (e *exporter) ListenAndServe(ctx context.Context) error {
 	e.logger.Info("starting metrics server", "addr", e.srv.Addr)
 	go func() {
 		<-ctx.Done()
 		e.logger.Info("stopping metrics server")
 		e.srv.Shutdown(ctx)
 	}()
 	return e.srv.ListenAndServe()
 }
 func (m *exporter) PublishStatic(min, max int) {
 	l := m.scaleSetLabels()
 	maxRunners.With(l).Set(float64(max))
 	minRunners.With(l).Set(float64(min))
 }
 func (e *exporter) PublishStatistics(stats *actions.RunnerScaleSetStatistic) {
 	l := e.scaleSetLabels()
 	assignedJobs.With(l).Set(float64(stats.TotalAssignedJobs))
 	runningJobs.With(l).Set(float64(stats.TotalRunningJobs))
 	registeredRunners.With(l).Set(float64(stats.TotalRegisteredRunners))
 	busyRunners.With(l).Set(float64(stats.TotalBusyRunners))
 	idleRunners.With(l).Set(float64(stats.TotalIdleRunners))
 }
 func (e *exporter) PublishJobStarted(msg *actions.JobStarted) {
 	l := e.startedJobLabels(msg)
 	startedJobsTotal.With(l).Inc()
 	startupDuration := msg.JobMessageBase.RunnerAssignTime.Unix() - msg.JobMessageBase.ScaleSetAssignTime.Unix()
 	jobStartupDurationSeconds.With(l).Observe(float64(startupDuration))
 }
 func (e *exporter) PublishJobCompleted(msg *actions.JobCompleted) {
 	l := e.completedJobLabels(msg)
 	completedJobsTotal.With(l).Inc()
 	executionDuration := msg.JobMessageBase.FinishTime.Unix() - msg.JobMessageBase.RunnerAssignTime.Unix()
 	jobExecutionDurationSeconds.With(l).Observe(float64(executionDuration))
 }
 func (m *exporter) PublishDesiredRunners(count int) {
 	desiredRunners.With(m.scaleSetLabels()).Set(float64(count))
 }
 type discard struct{}
 func (*discard) PublishStatic(int, int)                             {}
 func (*discard) PublishStatistics(*actions.RunnerScaleSetStatistic) {}
 func (*discard) PublishJobStarted(*actions.JobStarted)              {}
 func (*discard) PublishJobCompleted(*actions.JobCompleted)          {}
 func (*discard) PublishDesiredRunners(int)                          {}
--- a/cmd/ghalistener/metrics/mocks/publisher.go
+++ b/cmd/ghalistener/metrics/mocks/publisher.go
@@ -0,0 +1,53 @@
 // Code generated by mockery v2.36.1. DO NOT EDIT.
 package mocks
 import (
 	actions "github.com/actions/actions-runner-controller/github/actions"
 	mock "github.com/stretchr/testify/mock"
 )
 // Publisher is an autogenerated mock type for the Publisher type
 type Publisher struct {
 	mock.Mock
 }
 // PublishDesiredRunners provides a mock function with given fields: count
 func (_m *Publisher) PublishDesiredRunners(count int) {
 	_m.Called(count)
 }
 // PublishJobCompleted provides a mock function with given fields: msg
 func (_m *Publisher) PublishJobCompleted(msg *actions.JobCompleted) {
 	_m.Called(msg)
 }
 // PublishJobStarted provides a mock function with given fields: msg
 func (_m *Publisher) PublishJobStarted(msg *actions.JobStarted) {
 	_m.Called(msg)
 }
 // PublishStatic provides a mock function with given fields: min, max
 func (_m *Publisher) PublishStatic(min int, max int) {
 	_m.Called(min, max)
 }
 // PublishStatistics provides a mock function with given fields: stats
 func (_m *Publisher) PublishStatistics(stats *actions.RunnerScaleSetStatistic) {
 	_m.Called(stats)
 }
 // NewPublisher creates a new instance of Publisher. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
 // The first argument is typically a *testing.T value.
 func NewPublisher(t interface {
 	mock.TestingT
 	Cleanup(func())
 }) *Publisher {
 	mock := &Publisher{}
 	mock.Mock.Test(t)
 	t.Cleanup(func() { mock.AssertExpectations(t) })
 	return mock
 }
--- a/cmd/ghalistener/metrics/mocks/server_publisher.go
+++ b/cmd/ghalistener/metrics/mocks/server_publisher.go
@@ -0,0 +1,69 @@
 // Code generated by mockery v2.36.1. DO NOT EDIT.
 package mocks
 import (
 	context "context"
 	actions "github.com/actions/actions-runner-controller/github/actions"
 	mock "github.com/stretchr/testify/mock"
 )
 // ServerPublisher is an autogenerated mock type for the ServerPublisher type
 type ServerPublisher struct {
 	mock.Mock
 }
 // ListenAndServe provides a mock function with given fields: ctx
 func (_m *ServerPublisher) ListenAndServe(ctx context.Context) error {
 	ret := _m.Called(ctx)
 	var r0 error
 	if rf, ok := ret.Get(0).(func(context.Context) error); ok {
 		r0 = rf(ctx)
 	} else {
 		r0 = ret.Error(0)
 	}
 	return r0
 }
 // PublishDesiredRunners provides a mock function with given fields: count
 func (_m *ServerPublisher) PublishDesiredRunners(count int) {
 	_m.Called(count)
 }
 // PublishJobCompleted provides a mock function with given fields: msg
 func (_m *ServerPublisher) PublishJobCompleted(msg *actions.JobCompleted) {
 	_m.Called(msg)
 }
 // PublishJobStarted provides a mock function with given fields: msg
 func (_m *ServerPublisher) PublishJobStarted(msg *actions.JobStarted) {
 	_m.Called(msg)
 }
 // PublishStatic provides a mock function with given fields: min, max
 func (_m *ServerPublisher) PublishStatic(min int, max int) {
 	_m.Called(min, max)
 }
 // PublishStatistics provides a mock function with given fields: stats
 func (_m *ServerPublisher) PublishStatistics(stats *actions.RunnerScaleSetStatistic) {
 	_m.Called(stats)
 }
 // NewServerPublisher creates a new instance of ServerPublisher. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
 // The first argument is typically a *testing.T value.
 func NewServerPublisher(t interface {
 	mock.TestingT
 	Cleanup(func())
 }) *ServerPublisher {
 	mock := &ServerPublisher{}
 	mock.Mock.Test(t)
 	t.Cleanup(func() { mock.AssertExpectations(t) })
 	return mock
 }
--- a/cmd/ghalistener/worker/worker.go
+++ b/cmd/ghalistener/worker/worker.go
@@ -0,0 +1,229 @@
 package worker
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"github.com/actions/actions-runner-controller/apis/actions.github.com/v1alpha1"
 	"github.com/actions/actions-runner-controller/cmd/ghalistener/listener"
 	"github.com/actions/actions-runner-controller/github/actions"
 	"github.com/actions/actions-runner-controller/logging"
 	jsonpatch "github.com/evanphx/json-patch"
 	"github.com/go-logr/logr"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 )
 const workerName = "kubernetesworker"
 type Option func(*Worker)
 func WithLogger(logger logr.Logger) Option {
 	return func(w *Worker) {
 		logger = logger.WithName(workerName)
 		w.logger = &logger
 	}
 }
 type Config struct {
 	EphemeralRunnerSetNamespace string
 	EphemeralRunnerSetName      string
 	MaxRunners                  int
 	MinRunners                  int
 }
 // The Worker's role is to process the messages it receives from the listener.
 // It then initiates Kubernetes API requests to carry out the necessary actions.
 type Worker struct {
 	clientset *kubernetes.Clientset
 	config    Config
 	lastPatch int
 	logger    *logr.Logger
 }
 var _ listener.Handler = (*Worker)(nil)
 func New(config Config, options ...Option) (*Worker, error) {
 	w := &Worker{
 		config:    config,
 		lastPatch: -1,
 	}
 	conf, err := rest.InClusterConfig()
 	if err != nil {
 		return nil, err
 	}
 	clientset, err := kubernetes.NewForConfig(conf)
 	if err != nil {
 		return nil, err
 	}
 	w.clientset = clientset
 	for _, option := range options {
 		option(w)
 	}
 	if err := w.applyDefaults(); err != nil {
 		return nil, err
 	}
 	return w, nil
 }
 func (w *Worker) applyDefaults() error {
 	if w.logger == nil {
 		logger, err := logging.NewLogger(logging.LogLevelDebug, logging.LogFormatJSON)
 		if err != nil {
 			return fmt.Errorf("NewLogger failed: %w", err)
 		}
 		logger = logger.WithName(workerName)
 		w.logger = &logger
 	}
 	return nil
 }
 // HandleJobStarted updates the job information for the ephemeral runner when a job is started.
 // It takes a context and a jobInfo parameter which contains the details of the started job.
 // This update marks the ephemeral runner so that the controller would have more context
 // about the ephemeral runner that should not be deleted when scaling down.
 // It returns an error if there is any issue with updating the job information.
 func (w *Worker) HandleJobStarted(ctx context.Context, jobInfo *actions.JobStarted) error {
 	w.logger.Info("Updating job info for the runner",
 		"runnerName", jobInfo.RunnerName,
 		"ownerName", jobInfo.OwnerName,
 		"repoName", jobInfo.RepositoryName,
 		"workflowRef", jobInfo.JobWorkflowRef,
 		"workflowRunId", jobInfo.WorkflowRunId,
 		"jobDisplayName", jobInfo.JobDisplayName,
 		"requestId", jobInfo.RunnerRequestId)
 	original, err := json.Marshal(&v1alpha1.EphemeralRunner{})
 	if err != nil {
 		return fmt.Errorf("failed to marshal empty ephemeral runner: %w", err)
 	}
 	patch, err := json.Marshal(
 		&v1alpha1.EphemeralRunner{
 			Status: v1alpha1.EphemeralRunnerStatus{
 				JobRequestId:      jobInfo.RunnerRequestId,
 				JobRepositoryName: fmt.Sprintf("%s/%s", jobInfo.OwnerName, jobInfo.RepositoryName),
 				WorkflowRunId:     jobInfo.WorkflowRunId,
 				JobWorkflowRef:    jobInfo.JobWorkflowRef,
 				JobDisplayName:    jobInfo.JobDisplayName,
 			},
 		},
 	)
 	if err != nil {
 		return fmt.Errorf("failed to marshal ephemeral runner patch: %w", err)
 	}
 	mergePatch, err := jsonpatch.CreateMergePatch(original, patch)
 	if err != nil {
 		return fmt.Errorf("failed to create merge patch json for ephemeral runner: %w", err)
 	}
 	w.logger.Info("Updating ephemeral runner with merge patch", "json", string(mergePatch))
 	patchedStatus := &v1alpha1.EphemeralRunner{}
 	err = w.clientset.RESTClient().
 		Patch(types.MergePatchType).
 		Prefix("apis", v1alpha1.GroupVersion.Group, v1alpha1.GroupVersion.Version).
 		Namespace(w.config.EphemeralRunnerSetNamespace).
 		Resource("EphemeralRunners").
 		Name(jobInfo.RunnerName).
 		SubResource("status").
 		Body(mergePatch).
 		Do(ctx).
 		Into(patchedStatus)
 	if err != nil {
 		return fmt.Errorf("could not patch ephemeral runner status, patch JSON: %s, error: %w", string(mergePatch), err)
 	}
 	w.logger.Info("Ephemeral runner status updated with the merge patch successfully.")
 	return nil
 }
 // HandleDesiredRunnerCount handles the desired runner count by scaling the ephemeral runner set.
 // The function calculates the target runner count based on the minimum and maximum runner count configuration.
 // If the target runner count is the same as the last patched count, it skips patching and returns nil.
 // Otherwise, it creates a merge patch JSON for updating the ephemeral runner set with the desired count.
 // The function then scales the ephemeral runner set by applying the merge patch.
 // Finally, it logs the scaled ephemeral runner set details and returns nil if successful.
 // If any error occurs during the process, it returns an error with a descriptive message.
 func (w *Worker) HandleDesiredRunnerCount(ctx context.Context, count int) error {
 	// Max runners should always be set by the resource builder either to the configured value,
 	// or the maximum int32 (resourcebuilder.newAutoScalingListener()).
 	targetRunnerCount := min(w.config.MinRunners+count, w.config.MaxRunners)
 	logValues := []any{
 		"assigned job", count,
 		"decision", targetRunnerCount,
 		"min", w.config.MinRunners,
 		"max", w.config.MaxRunners,
 		"currentRunnerCount", w.lastPatch,
 	}
 	if targetRunnerCount == w.lastPatch {
 		w.logger.Info("Skipping patching of EphemeralRunnerSet as the desired count has not changed", logValues...)
 		return nil
 	}
 	original, err := json.Marshal(
 		&v1alpha1.EphemeralRunnerSet{
 			Spec: v1alpha1.EphemeralRunnerSetSpec{
 				Replicas: -1,
 			},
 		},
 	)
 	if err != nil {
 		return fmt.Errorf("failed to marshal empty ephemeral runner set: %w", err)
 	}
 	patch, err := json.Marshal(
 		&v1alpha1.EphemeralRunnerSet{
 			Spec: v1alpha1.EphemeralRunnerSetSpec{
 				Replicas: targetRunnerCount,
 			},
 		},
 	)
 	if err != nil {
 		w.logger.Error(err, "could not marshal patch ephemeral runner set")
 		return err
 	}
 	mergePatch, err := jsonpatch.CreateMergePatch(original, patch)
 	if err != nil {
 		return fmt.Errorf("failed to create merge patch json for ephemeral runner set: %w", err)
 	}
 	w.logger.Info("Created merge patch json for EphemeralRunnerSet update", "json", string(mergePatch))
 	w.logger.Info("Scaling ephemeral runner set", logValues...)
 	patchedEphemeralRunnerSet := &v1alpha1.EphemeralRunnerSet{}
 	err = w.clientset.RESTClient().
 		Patch(types.MergePatchType).
 		Prefix("apis", v1alpha1.GroupVersion.Group, v1alpha1.GroupVersion.Version).
 		Namespace(w.config.EphemeralRunnerSetNamespace).
 		Resource("ephemeralrunnersets").
 		Name(w.config.EphemeralRunnerSetName).
 		Body([]byte(mergePatch)).
 		Do(ctx).
 		Into(patchedEphemeralRunnerSet)
 	if err != nil {
 		return fmt.Errorf("could not patch ephemeral runner set , patch JSON: %s, error: %w", string(mergePatch), err)
 	}
 	w.logger.Info("Ephemeral runner set scaled.",
 		"namespace", w.config.EphemeralRunnerSetNamespace,
 		"name", w.config.EphemeralRunnerSetName,
 		"replicas", patchedEphemeralRunnerSet.Spec.Replicas,
 	)
 	return nil
 }
--- a/cmd/githubrunnerscalesetlistener/autoScalerMessageListener.go
+++ b/cmd/githubrunnerscalesetlistener/autoScalerMessageListener.go
@@ -114,7 +114,14 @@ func createSession(ctx context.Context, logger *logr.Logger, client actions.Acti
 		return runnerScaleSetSession, initialMessage, nil
 	}
-	return runnerScaleSetSession, nil, nil
+	initialMessage := &actions.RunnerScaleSetMessage{
 		MessageId:   0,
 		MessageType: "RunnerScaleSetJobMessages",
 		Statistics:  runnerScaleSetSession.Statistics,
 		Body:        "",
 	}
 	return runnerScaleSetSession, initialMessage, nil
 }
 func (m *AutoScalerClient) Close() error {
--- a/cmd/githubrunnerscalesetlistener/autoScalerMessageListener_test.go
+++ b/cmd/githubrunnerscalesetlistener/autoScalerMessageListener_test.go
@@ -37,7 +37,7 @@ func TestCreateSession(t *testing.T) {
 	require.NoError(t, err, "Error creating autoscaler client")
 	assert.Equal(t, session, session, "Session is not correct")
-	assert.Nil(t, asClient.initialMessage, "Initial message should be nil")
+	assert.NotNil(t, asClient.initialMessage, "Initial message should not be nil")
 	assert.Equal(t, int64(0), asClient.lastMessageId, "Last message id should be 0")
 	assert.True(t, mockActionsClient.AssertExpectations(t), "All expectations should be met")
 }
@@ -188,7 +188,7 @@ func TestCreateSession_RetrySessionConflict(t *testing.T) {
 	require.NoError(t, err, "Error creating autoscaler client")
 	assert.Equal(t, session, session, "Session is not correct")
-	assert.Nil(t, asClient.initialMessage, "Initial message should be nil")
+	assert.NotNil(t, asClient.initialMessage, "Initial message should not be nil")
 	assert.Equal(t, int64(0), asClient.lastMessageId, "Last message id should be 0")
 	assert.True(t, mockActionsClient.AssertExpectations(t), "All expectations should be met")
 }
@@ -334,6 +334,14 @@ func TestGetRunnerScaleSetMessage(t *testing.T) {
 		return nil
 	})
 	assert.NoError(t, err, "Error getting message")
 	assert.Equal(t, int64(0), asClient.lastMessageId, "Initial message")
 	err = asClient.GetRunnerScaleSetMessage(ctx, func(msg *actions.RunnerScaleSetMessage) error {
 		logger.Info("Message received", "messageId", msg.MessageId, "messageType", msg.MessageType, "body", msg.Body)
 		return nil
 	})
 	assert.NoError(t, err, "Error getting message")
 	assert.Equal(t, int64(1), asClient.lastMessageId, "Last message id should be updated")
 	assert.True(t, mockActionsClient.AssertExpectations(t), "All expectations should be met")
@@ -371,13 +379,21 @@ func TestGetRunnerScaleSetMessage_HandleFailed(t *testing.T) {
 	})
 	require.NoError(t, err, "Error creating autoscaler client")
 	// read initial message
 	err = asClient.GetRunnerScaleSetMessage(ctx, func(msg *actions.RunnerScaleSetMessage) error {
 		logger.Info("Message received", "messageId", msg.MessageId, "messageType", msg.MessageType, "body", msg.Body)
 		return nil
 	})
 	assert.NoError(t, err, "Error getting message")
 	err = asClient.GetRunnerScaleSetMessage(ctx, func(msg *actions.RunnerScaleSetMessage) error {
 		logger.Info("Message received", "messageId", msg.MessageId, "messageType", msg.MessageType, "body", msg.Body)
 		return fmt.Errorf("error")
 	})
 	assert.ErrorContains(t, err, "handle message failed. error", "Error getting message")
-	assert.Equal(t, int64(0), asClient.lastMessageId, "Last message id should be updated")
+	assert.Equal(t, int64(0), asClient.lastMessageId, "Last message id should not be updated")
 	assert.True(t, mockActionsClient.AssertExpectations(t), "All expectations should be met")
 	assert.True(t, mockSessionClient.AssertExpectations(t), "All expectations should be met")
 }
@@ -513,6 +529,12 @@ func TestGetRunnerScaleSetMessage_RetryUntilGetMessage(t *testing.T) {
 	})
 	require.NoError(t, err, "Error creating autoscaler client")
 	err = asClient.GetRunnerScaleSetMessage(ctx, func(msg *actions.RunnerScaleSetMessage) error {
 		logger.Info("Message received", "messageId", msg.MessageId, "messageType", msg.MessageType, "body", msg.Body)
 		return nil
 	})
 	assert.NoError(t, err, "Error getting initial message")
 	err = asClient.GetRunnerScaleSetMessage(ctx, func(msg *actions.RunnerScaleSetMessage) error {
 		logger.Info("Message received", "messageId", msg.MessageId, "messageType", msg.MessageType, "body", msg.Body)
 		return nil
@@ -550,6 +572,12 @@ func TestGetRunnerScaleSetMessage_ErrorOnGetMessage(t *testing.T) {
 	})
 	require.NoError(t, err, "Error creating autoscaler client")
 	// process initial message
 	err = asClient.GetRunnerScaleSetMessage(ctx, func(msg *actions.RunnerScaleSetMessage) error {
 		return nil
 	})
 	assert.NoError(t, err, "Error getting initial message")
 	err = asClient.GetRunnerScaleSetMessage(ctx, func(msg *actions.RunnerScaleSetMessage) error {
 		return fmt.Errorf("Should not be called")
 	})
@@ -592,6 +620,12 @@ func TestDeleteRunnerScaleSetMessage_Error(t *testing.T) {
 	})
 	require.NoError(t, err, "Error creating autoscaler client")
 	err = asClient.GetRunnerScaleSetMessage(ctx, func(msg *actions.RunnerScaleSetMessage) error {
 		logger.Info("Message received", "messageId", msg.MessageId, "messageType", msg.MessageType, "body", msg.Body)
 		return nil
 	})
 	assert.NoError(t, err, "Error getting initial message")
 	err = asClient.GetRunnerScaleSetMessage(ctx, func(msg *actions.RunnerScaleSetMessage) error {
 		logger.Info("Message received", "messageId", msg.MessageId, "messageType", msg.MessageType, "body", msg.Body)
 		return nil
--- a/cmd/githubrunnerscalesetlistener/autoScalerService.go
+++ b/cmd/githubrunnerscalesetlistener/autoScalerService.go
@@ -3,10 +3,11 @@ package main
 import (
 	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"math"
 	"strings"
 	"github.com/actions/actions-runner-controller/cmd/githubrunnerscalesetlistener/config"
 	"github.com/actions/actions-runner-controller/github/actions"
 	"github.com/go-logr/logr"
 )
@@ -25,6 +26,31 @@ type Service struct {
 	kubeManager        KubernetesManager
 	settings           *ScaleSettings
 	currentRunnerCount int
 	metricsExporter    metricsExporter
 	errs               []error
 }
 func WithPrometheusMetrics(conf config.Config) func(*Service) {
 	return func(svc *Service) {
 		parsedURL, err := actions.ParseGitHubConfigFromURL(conf.ConfigureUrl)
 		if err != nil {
 			svc.errs = append(svc.errs, err)
 		}
 		svc.metricsExporter.withBaseLabels(baseLabels{
 			scaleSetName:      conf.EphemeralRunnerSetName,
 			scaleSetNamespace: conf.EphemeralRunnerSetNamespace,
 			enterprise:        parsedURL.Enterprise,
 			organization:      parsedURL.Organization,
 			repository:        parsedURL.Repository,
 		})
 	}
 }
 func WithLogger(logger logr.Logger) func(*Service) {
 	return func(s *Service) {
 		s.logger = logger.WithName("service")
 	}
 }
 func NewService(
@@ -33,13 +59,13 @@ func NewService(
 	manager KubernetesManager,
 	settings *ScaleSettings,
 	options ...func(*Service),
-) *Service {
+) (*Service, error) {
 	s := &Service{
 		ctx:                ctx,
 		rsClient:           rsClient,
 		kubeManager:        manager,
 		settings:           settings,
-		currentRunnerCount: 0,
+		currentRunnerCount: -1, // force patch on startup
 		logger:             logr.FromContextOrDiscard(ctx),
 	}
@@ -47,18 +73,15 @@ func NewService(
 		option(s)
 	}
-	return s
+	if len(s.errs) > 0 {
 		return nil, errors.Join(s.errs...)
 	}
 	return s, nil
 }
 func (s *Service) Start() error {
-	if s.settings.MinRunners > 0 {
+	s.metricsExporter.publishStatic(s.settings.MaxRunners, s.settings.MinRunners)
 		s.logger.Info("scale to match minimal runners.")
 		err := s.scaleForAssignedJobCount(0)
 		if err != nil {
 			return fmt.Errorf("could not scale to match minimal runners. %w", err)
 		}
 	}
 	for {
 		s.logger.Info("waiting for message...")
 		select {
@@ -89,11 +112,17 @@ func (s *Service) processMessage(message *actions.RunnerScaleSetMessage) error {
 		"busy runners", message.Statistics.TotalBusyRunners,
 		"idle runners", message.Statistics.TotalIdleRunners)
 	s.metricsExporter.publishStatistics(message.Statistics)
 	if message.MessageType != "RunnerScaleSetJobMessages" {
 		s.logger.Info("skip message with unknown message type.", "messageType", message.MessageType)
 		return nil
 	}
 	if message.MessageId == 0 && message.Body == "" { // initial message with statistics only
 		return s.scaleForAssignedJobCount(message.Statistics.TotalAssignedJobs)
 	}
 	var batchedMessages []json.RawMessage
 	if err := json.NewDecoder(strings.NewReader(message.Body)).Decode(&batchedMessages); err != nil {
 		return fmt.Errorf("could not decode job messages. %w", err)
@@ -114,27 +143,54 @@ func (s *Service) processMessage(message *actions.RunnerScaleSetMessage) error {
 			if err := json.Unmarshal(message, &jobAvailable); err != nil {
 				return fmt.Errorf("could not decode job available message. %w", err)
 			}
-			s.logger.Info("job available message received.", "RequestId", jobAvailable.RunnerRequestId)
+			s.logger.Info(
 				"job available message received.",
 				"RequestId",
 				jobAvailable.RunnerRequestId,
 			)
 			availableJobs = append(availableJobs, jobAvailable.RunnerRequestId)
 		case "JobAssigned":
 			var jobAssigned actions.JobAssigned
 			if err := json.Unmarshal(message, &jobAssigned); err != nil {
 				return fmt.Errorf("could not decode job assigned message. %w", err)
 			}
-			s.logger.Info("job assigned message received.", "RequestId", jobAssigned.RunnerRequestId)
+			s.logger.Info(
 				"job assigned message received.",
 				"RequestId",
 				jobAssigned.RunnerRequestId,
 			)
 			// s.metricsExporter.publishJobAssigned(&jobAssigned)
 		case "JobStarted":
 			var jobStarted actions.JobStarted
 			if err := json.Unmarshal(message, &jobStarted); err != nil {
 				return fmt.Errorf("could not decode job started message. %w", err)
 			}
-			s.logger.Info("job started message received.", "RequestId", jobStarted.RunnerRequestId, "RunnerId", jobStarted.RunnerId)
+			s.logger.Info(
 				"job started message received.",
 				"RequestId",
 				jobStarted.RunnerRequestId,
 				"RunnerId",
 				jobStarted.RunnerId,
 			)
 			s.metricsExporter.publishJobStarted(&jobStarted)
 			s.updateJobInfoForRunner(jobStarted)
 		case "JobCompleted":
 			var jobCompleted actions.JobCompleted
 			if err := json.Unmarshal(message, &jobCompleted); err != nil {
 				return fmt.Errorf("could not decode job completed message. %w", err)
 			}
-			s.logger.Info("job completed message received.", "RequestId", jobCompleted.RunnerRequestId, "Result", jobCompleted.Result, "RunnerId", jobCompleted.RunnerId, "RunnerName", jobCompleted.RunnerName)
+			s.logger.Info(
 				"job completed message received.",
 				"RequestId",
 				jobCompleted.RunnerRequestId,
 				"Result",
 				jobCompleted.Result,
 				"RunnerId",
 				jobCompleted.RunnerId,
 				"RunnerName",
 				jobCompleted.RunnerName,
 			)
 			s.metricsExporter.publishJobCompleted(&jobCompleted)
 		default:
 			s.logger.Info("unknown job message type.", "messageType", messageType.MessageType)
 		}
@@ -149,14 +205,18 @@ func (s *Service) processMessage(message *actions.RunnerScaleSetMessage) error {
 }
 func (s *Service) scaleForAssignedJobCount(count int) error {
-	targetRunnerCount := int(math.Max(math.Min(float64(s.settings.MaxRunners), float64(count)), float64(s.settings.MinRunners)))
+	// Max runners should always be set by the resource builder either to the configured value,
 	// or the maximum int32 (resourcebuilder.newAutoScalingListener()).
 	targetRunnerCount := min(s.settings.MinRunners+count, s.settings.MaxRunners)
 	s.metricsExporter.publishDesiredRunners(targetRunnerCount)
 	if targetRunnerCount != s.currentRunnerCount {
 		s.logger.Info("try scale runner request up/down base on assigned job count",
 			"assigned job", count,
 			"decision", targetRunnerCount,
 			"min", s.settings.MinRunners,
 			"max", s.settings.MaxRunners,
-			"currentRunnerCount", s.currentRunnerCount)
+			"currentRunnerCount", s.currentRunnerCount,
 		)
 		err := s.kubeManager.ScaleEphemeralRunnerSet(s.ctx, s.settings.Namespace, s.settings.ResourceName, targetRunnerCount)
 		if err != nil {
 			return fmt.Errorf("could not scale ephemeral runner set (%s/%s). %w", s.settings.Namespace, s.settings.ResourceName, err)
@@ -177,7 +237,8 @@ func (s *Service) updateJobInfoForRunner(jobInfo actions.JobStarted) {
 		"workflowRef", jobInfo.JobWorkflowRef,
 		"workflowRunId", jobInfo.WorkflowRunId,
 		"jobDisplayName", jobInfo.JobDisplayName,
-		"requestId", jobInfo.RunnerRequestId)
+		"requestId", jobInfo.RunnerRequestId,
 	)
 	err := s.kubeManager.UpdateEphemeralRunnerWithJobInfo(s.ctx, s.settings.Namespace, jobInfo.RunnerName, jobInfo.OwnerName, jobInfo.RepositoryName, jobInfo.JobWorkflowRef, jobInfo.JobDisplayName, jobInfo.WorkflowRunId, jobInfo.RunnerRequestId)
 	if err != nil {
 		s.logger.Error(err, "could not update ephemeral runner with job info", "runnerName", jobInfo.RunnerName, "requestId", jobInfo.RunnerRequestId)
--- a/cmd/githubrunnerscalesetlistener/autoScalerService_test.go
+++ b/cmd/githubrunnerscalesetlistener/autoScalerService_test.go
@@ -21,7 +21,7 @@ func TestNewService(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	service := NewService(
+	service, err := NewService(
 		ctx,
 		mockRsClient,
 		mockKubeManager,
@@ -36,6 +36,7 @@ func TestNewService(t *testing.T) {
 		},
 	)
 	require.NoError(t, err)
 	assert.Equal(t, logger, service.logger)
 }
@@ -47,7 +48,7 @@ func TestStart(t *testing.T) {
 	require.NoError(t, log_err, "Error creating logger")
 	ctx, cancel := context.WithCancel(context.Background())
-	service := NewService(
+	service, err := NewService(
 		ctx,
 		mockRsClient,
 		mockKubeManager,
@@ -61,9 +62,11 @@ func TestStart(t *testing.T) {
 			s.logger = logger
 		},
 	)
 	require.NoError(t, err)
 	mockRsClient.On("GetRunnerScaleSetMessage", service.ctx, mock.Anything).Run(func(args mock.Arguments) { cancel() }).Return(nil).Once()
-	err := service.Start()
+	err = service.Start()
 	assert.NoError(t, err, "Unexpected error")
 	assert.True(t, mockRsClient.AssertExpectations(t), "All expectations should be met")
@@ -72,13 +75,14 @@ func TestStart(t *testing.T) {
 func TestStart_ScaleToMinRunners(t *testing.T) {
 	mockRsClient := &MockRunnerScaleSetClient{}
 	mockKubeManager := &MockKubernetesManager{}
 	logger, log_err := logging.NewLogger(logging.LogLevelDebug, logging.LogFormatText)
 	logger = logger.WithName(t.Name())
 	require.NoError(t, log_err, "Error creating logger")
 	ctx, cancel := context.WithCancel(context.Background())
-	service := NewService(
+	service, err := NewService(
 		ctx,
 		mockRsClient,
 		mockKubeManager,
@@ -92,11 +96,17 @@ func TestStart_ScaleToMinRunners(t *testing.T) {
 			s.logger = logger
 		},
 	)
 	require.NoError(t, err)
 	mockRsClient.On("GetRunnerScaleSetMessage", ctx, mock.Anything).Run(func(args mock.Arguments) {
 		_ = service.scaleForAssignedJobCount(5)
 	}).Return(nil)
 	mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 5).Run(func(args mock.Arguments) { cancel() }).Return(nil).Once()
-	err := service.Start()
+	err = service.Start()
 	assert.NoError(t, err, "Unexpected error")
 	assert.True(t, mockRsClient.AssertExpectations(t), "All expectations should be met")
 	assert.True(t, mockKubeManager.AssertExpectations(t), "All expectations should be met")
 }
@@ -110,7 +120,7 @@ func TestStart_ScaleToMinRunnersFailed(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	service := NewService(
+	service, err := NewService(
 		ctx,
 		mockRsClient,
 		mockKubeManager,
@@ -124,11 +134,16 @@ func TestStart_ScaleToMinRunnersFailed(t *testing.T) {
 			s.logger = logger
 		},
 	)
-	mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 5).Return(fmt.Errorf("error")).Once()
+	require.NoError(t, err)
-	err := service.Start()
+	c := mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 5).Return(fmt.Errorf("error")).Once()
 	mockRsClient.On("GetRunnerScaleSetMessage", ctx, mock.Anything).Run(func(args mock.Arguments) {
 		_ = service.scaleForAssignedJobCount(5)
 	}).Return(c.ReturnArguments.Get(0))
-	assert.ErrorContains(t, err, "could not scale to match minimal runners", "Unexpected error")
+	err = service.Start()
 	assert.ErrorContains(t, err, "could not get and process message", "Unexpected error")
 	assert.True(t, mockRsClient.AssertExpectations(t), "All expectations should be met")
 	assert.True(t, mockKubeManager.AssertExpectations(t), "All expectations should be met")
 }
@@ -141,7 +156,7 @@ func TestStart_GetMultipleMessages(t *testing.T) {
 	require.NoError(t, log_err, "Error creating logger")
 	ctx, cancel := context.WithCancel(context.Background())
-	service := NewService(
+	service, err := NewService(
 		ctx,
 		mockRsClient,
 		mockKubeManager,
@@ -155,10 +170,12 @@ func TestStart_GetMultipleMessages(t *testing.T) {
 			s.logger = logger
 		},
 	)
 	require.NoError(t, err)
 	mockRsClient.On("GetRunnerScaleSetMessage", service.ctx, mock.Anything).Return(nil).Times(5)
 	mockRsClient.On("GetRunnerScaleSetMessage", service.ctx, mock.Anything).Run(func(args mock.Arguments) { cancel() }).Return(nil).Once()
-	err := service.Start()
+	err = service.Start()
 	assert.NoError(t, err, "Unexpected error")
 	assert.True(t, mockRsClient.AssertExpectations(t), "All expectations should be met")
@@ -174,7 +191,7 @@ func TestStart_ErrorOnMessage(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	service := NewService(
+	service, err := NewService(
 		ctx,
 		mockRsClient,
 		mockKubeManager,
@@ -188,10 +205,12 @@ func TestStart_ErrorOnMessage(t *testing.T) {
 			s.logger = logger
 		},
 	)
 	require.NoError(t, err)
 	mockRsClient.On("GetRunnerScaleSetMessage", service.ctx, mock.Anything).Return(nil).Times(2)
 	mockRsClient.On("GetRunnerScaleSetMessage", service.ctx, mock.Anything).Return(fmt.Errorf("error")).Once()
-	err := service.Start()
+	err = service.Start()
 	assert.ErrorContains(t, err, "could not get and process message. error", "Unexpected error")
 	assert.True(t, mockRsClient.AssertExpectations(t), "All expectations should be met")
@@ -207,7 +226,7 @@ func TestProcessMessage_NoStatistic(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	service := NewService(
+	service, err := NewService(
 		ctx,
 		mockRsClient,
 		mockKubeManager,
@@ -221,8 +240,9 @@ func TestProcessMessage_NoStatistic(t *testing.T) {
 			s.logger = logger
 		},
 	)
 	require.NoError(t, err)
-	err := service.processMessage(&actions.RunnerScaleSetMessage{
+	err = service.processMessage(&actions.RunnerScaleSetMessage{
 		MessageId:   1,
 		MessageType: "test",
 		Body:        "test",
@@ -242,7 +262,7 @@ func TestProcessMessage_IgnoreUnknownMessageType(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	service := NewService(
+	service, err := NewService(
 		ctx,
 		mockRsClient,
 		mockKubeManager,
@@ -256,8 +276,9 @@ func TestProcessMessage_IgnoreUnknownMessageType(t *testing.T) {
 			s.logger = logger
 		},
 	)
 	require.NoError(t, err)
-	err := service.processMessage(&actions.RunnerScaleSetMessage{
+	err = service.processMessage(&actions.RunnerScaleSetMessage{
 		MessageId:   1,
 		MessageType: "unknown",
 		Statistics: &actions.RunnerScaleSetStatistic{
@@ -280,7 +301,7 @@ func TestProcessMessage_InvalidBatchMessageJson(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	service := NewService(
+	service, err := NewService(
 		ctx,
 		mockRsClient,
 		mockKubeManager,
@@ -295,7 +316,9 @@ func TestProcessMessage_InvalidBatchMessageJson(t *testing.T) {
 		},
 	)
-	err := service.processMessage(&actions.RunnerScaleSetMessage{
+	require.NoError(t, err)
 	err = service.processMessage(&actions.RunnerScaleSetMessage{
 		MessageId:   1,
 		MessageType: "RunnerScaleSetJobMessages",
 		Statistics: &actions.RunnerScaleSetStatistic{
@@ -318,7 +341,7 @@ func TestProcessMessage_InvalidJobMessageJson(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	service := NewService(
+	service, err := NewService(
 		ctx,
 		mockRsClient,
 		mockKubeManager,
@@ -332,8 +355,9 @@ func TestProcessMessage_InvalidJobMessageJson(t *testing.T) {
 			s.logger = logger
 		},
 	)
 	require.NoError(t, err)
-	err := service.processMessage(&actions.RunnerScaleSetMessage{
+	err = service.processMessage(&actions.RunnerScaleSetMessage{
 		MessageId:   1,
 		MessageType: "RunnerScaleSetJobMessages",
 		Statistics: &actions.RunnerScaleSetStatistic{
@@ -356,7 +380,7 @@ func TestProcessMessage_MultipleMessages(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	service := NewService(
+	service, err := NewService(
 		ctx,
 		mockRsClient,
 		mockKubeManager,
@@ -370,10 +394,12 @@ func TestProcessMessage_MultipleMessages(t *testing.T) {
 			s.logger = logger
 		},
 	)
-	mockRsClient.On("AcquireJobsForRunnerScaleSet", ctx, mock.MatchedBy(func(ids []int64) bool { return ids[0] == 3 && ids[1] == 4 })).Return(nil).Once()
+	require.NoError(t, err)
 	mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 2).Run(func(args mock.Arguments) { cancel() }).Return(nil).Once()
-	err := service.processMessage(&actions.RunnerScaleSetMessage{
+	mockRsClient.On("AcquireJobsForRunnerScaleSet", ctx, mock.MatchedBy(func(ids []int64) bool { return ids[0] == 3 && ids[1] == 4 })).Return(nil).Once()
 	mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 3).Run(func(args mock.Arguments) { cancel() }).Return(nil).Once()
 	err = service.processMessage(&actions.RunnerScaleSetMessage{
 		MessageId:   1,
 		MessageType: "RunnerScaleSetJobMessages",
 		Statistics: &actions.RunnerScaleSetStatistic{
@@ -397,7 +423,7 @@ func TestProcessMessage_AcquireJobsFailed(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	service := NewService(
+	service, err := NewService(
 		ctx,
 		mockRsClient,
 		mockKubeManager,
@@ -411,9 +437,11 @@ func TestProcessMessage_AcquireJobsFailed(t *testing.T) {
 			s.logger = logger
 		},
 	)
 	require.NoError(t, err)
 	mockRsClient.On("AcquireJobsForRunnerScaleSet", ctx, mock.MatchedBy(func(ids []int64) bool { return ids[0] == 1 })).Return(fmt.Errorf("error")).Once()
-	err := service.processMessage(&actions.RunnerScaleSetMessage{
+	err = service.processMessage(&actions.RunnerScaleSetMessage{
 		MessageId:   1,
 		MessageType: "RunnerScaleSetJobMessages",
 		Statistics: &actions.RunnerScaleSetStatistic{
@@ -437,7 +465,7 @@ func TestScaleForAssignedJobCount_DeDupScale(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	service := NewService(
+	service, err := NewService(
 		ctx,
 		mockRsClient,
 		mockKubeManager,
@@ -451,9 +479,11 @@ func TestScaleForAssignedJobCount_DeDupScale(t *testing.T) {
 			s.logger = logger
 		},
 	)
 	require.NoError(t, err)
 	mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 2).Return(nil).Once()
-	err := service.scaleForAssignedJobCount(2)
+	err = service.scaleForAssignedJobCount(2)
 	require.NoError(t, err, "Unexpected error")
 	err = service.scaleForAssignedJobCount(2)
 	require.NoError(t, err, "Unexpected error")
@@ -476,7 +506,7 @@ func TestScaleForAssignedJobCount_ScaleWithinMinMax(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	service := NewService(
+	service, err := NewService(
 		ctx,
 		mockRsClient,
 		mockKubeManager,
@@ -490,13 +520,15 @@ func TestScaleForAssignedJobCount_ScaleWithinMinMax(t *testing.T) {
 			s.logger = logger
 		},
 	)
 	require.NoError(t, err)
 	mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 1).Return(nil).Once()
-	mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 3).Return(nil).Once()
+	mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 4).Return(nil).Once()
 	mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 5).Return(nil).Once()
-	mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 1).Return(nil).Once()
+	mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 2).Return(nil).Once()
 	mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 5).Return(nil).Once()
-	err := service.scaleForAssignedJobCount(0)
+	err = service.scaleForAssignedJobCount(0)
 	require.NoError(t, err, "Unexpected error")
 	err = service.scaleForAssignedJobCount(3)
 	require.NoError(t, err, "Unexpected error")
@@ -521,7 +553,7 @@ func TestScaleForAssignedJobCount_ScaleFailed(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	service := NewService(
+	service, err := NewService(
 		ctx,
 		mockRsClient,
 		mockKubeManager,
@@ -535,9 +567,11 @@ func TestScaleForAssignedJobCount_ScaleFailed(t *testing.T) {
 			s.logger = logger
 		},
 	)
-	mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 2).Return(fmt.Errorf("error"))
+	require.NoError(t, err)
-	err := service.scaleForAssignedJobCount(2)
+	mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 3).Return(fmt.Errorf("error"))
 	err = service.scaleForAssignedJobCount(2)
 	assert.ErrorContains(t, err, "could not scale ephemeral runner set (namespace/resource). error", "Unexpected error")
 	assert.True(t, mockRsClient.AssertExpectations(t), "All expectations should be met")
@@ -553,7 +587,7 @@ func TestProcessMessage_JobStartedMessage(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	service := NewService(
+	service, err := NewService(
 		ctx,
 		mockRsClient,
 		mockKubeManager,
@@ -567,12 +601,29 @@ func TestProcessMessage_JobStartedMessage(t *testing.T) {
 			s.logger = logger
 		},
 	)
 	require.NoError(t, err)
 	service.currentRunnerCount = 1
-	mockKubeManager.On("UpdateEphemeralRunnerWithJobInfo", ctx, service.settings.Namespace, "runner1", "owner1", "repo1", ".github/workflows/ci.yaml", "job1", int64(100), int64(3)).Run(func(args mock.Arguments) { cancel() }).Return(nil).Once()
+	mockKubeManager.On(
-	mockRsClient.On("AcquireJobsForRunnerScaleSet", ctx, mock.MatchedBy(func(ids []int64) bool { return len(ids) == 0 })).Return(nil).Once()
+		"UpdateEphemeralRunnerWithJobInfo",
 		ctx,
 		service.settings.Namespace,
 		"runner1",
 		"owner1",
 		"repo1",
 		".github/workflows/ci.yaml",
 		"job1",
 		int64(100),
 		int64(3),
 	).Run(
 		func(_ mock.Arguments) { cancel() },
 	).Return(nil).Once()
-	err := service.processMessage(&actions.RunnerScaleSetMessage{
+	mockRsClient.On("AcquireJobsForRunnerScaleSet", ctx, mock.MatchedBy(func(ids []int64) bool { return len(ids) == 0 })).Return(nil).Once()
 	mockKubeManager.On("ScaleEphemeralRunnerSet", ctx, service.settings.Namespace, service.settings.ResourceName, 2).Return(nil)
 	err = service.processMessage(&actions.RunnerScaleSetMessage{
 		MessageId:   1,
 		MessageType: "RunnerScaleSetJobMessages",
 		Statistics: &actions.RunnerScaleSetStatistic{
@@ -596,7 +647,7 @@ func TestProcessMessage_JobStartedMessageIgnoreRunnerUpdateError(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	service := NewService(
+	service, err := NewService(
 		ctx,
 		mockRsClient,
 		mockKubeManager,
@@ -610,12 +661,14 @@ func TestProcessMessage_JobStartedMessageIgnoreRunnerUpdateError(t *testing.T) {
 			s.logger = logger
 		},
 	)
 	require.NoError(t, err)
 	service.currentRunnerCount = 1
 	mockKubeManager.On("UpdateEphemeralRunnerWithJobInfo", ctx, service.settings.Namespace, "runner1", "owner1", "repo1", ".github/workflows/ci.yaml", "job1", int64(100), int64(3)).Run(func(args mock.Arguments) { cancel() }).Return(fmt.Errorf("error")).Once()
 	mockRsClient.On("AcquireJobsForRunnerScaleSet", ctx, mock.MatchedBy(func(ids []int64) bool { return len(ids) == 0 })).Return(nil).Once()
-	err := service.processMessage(&actions.RunnerScaleSetMessage{
+	err = service.processMessage(&actions.RunnerScaleSetMessage{
 		MessageId:   1,
 		MessageType: "RunnerScaleSetJobMessages",
 		Statistics: &actions.RunnerScaleSetStatistic{
--- a/cmd/githubrunnerscalesetlistener/config/config.go
+++ b/cmd/githubrunnerscalesetlistener/config/config.go
@@ -0,0 +1,76 @@
 package config
 import (
 	"encoding/json"
 	"fmt"
 	"os"
 )
 type Config struct {
 	ConfigureUrl                string `json:"configureUrl"`
 	AppID                       int64  `json:"appID"`
 	AppInstallationID           int64  `json:"appInstallationID"`
 	AppPrivateKey               string `json:"appPrivateKey"`
 	Token                       string `json:"token"`
 	EphemeralRunnerSetNamespace string `json:"ephemeralRunnerSetNamespace"`
 	EphemeralRunnerSetName      string `json:"ephemeralRunnerSetName"`
 	MaxRunners                  int    `json:"maxRunners"`
 	MinRunners                  int    `json:"minRunners"`
 	RunnerScaleSetId            int    `json:"runnerScaleSetId"`
 	RunnerScaleSetName          string `json:"runnerScaleSetName"`
 	ServerRootCA                string `json:"serverRootCA"`
 	LogLevel                    string `json:"logLevel"`
 	LogFormat                   string `json:"logFormat"`
 	MetricsAddr                 string `json:"metricsAddr"`
 	MetricsEndpoint             string `json:"metricsEndpoint"`
 }
 func Read(path string) (Config, error) {
 	f, err := os.Open(path)
 	if err != nil {
 		return Config{}, err
 	}
 	defer f.Close()
 	var config Config
 	if err := json.NewDecoder(f).Decode(&config); err != nil {
 		return Config{}, fmt.Errorf("failed to decode config: %w", err)
 	}
 	if err := config.validate(); err != nil {
 		return Config{}, fmt.Errorf("failed to validate config: %w", err)
 	}
 	return config, nil
 }
 func (c *Config) validate() error {
 	if len(c.ConfigureUrl) == 0 {
 		return fmt.Errorf("GitHubConfigUrl is not provided")
 	}
 	if len(c.EphemeralRunnerSetNamespace) == 0 || len(c.EphemeralRunnerSetName) == 0 {
 		return fmt.Errorf("EphemeralRunnerSetNamespace '%s' or EphemeralRunnerSetName '%s' is missing", c.EphemeralRunnerSetNamespace, c.EphemeralRunnerSetName)
 	}
 	if c.RunnerScaleSetId == 0 {
 		return fmt.Errorf("RunnerScaleSetId '%d' is missing", c.RunnerScaleSetId)
 	}
 	if c.MaxRunners < c.MinRunners {
 		return fmt.Errorf("MinRunners '%d' cannot be greater than MaxRunners '%d'", c.MinRunners, c.MaxRunners)
 	}
 	hasToken := len(c.Token) > 0
 	hasPrivateKeyConfig := c.AppID > 0 && c.AppPrivateKey != ""
 	if !hasToken && !hasPrivateKeyConfig {
 		return fmt.Errorf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(c.Token), c.AppID, c.AppInstallationID, len(c.AppPrivateKey))
 	}
 	if hasToken && hasPrivateKeyConfig {
 		return fmt.Errorf("only one GitHub auth method supported at a time. Have both PAT and App auth: token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(c.Token), c.AppID, c.AppInstallationID, len(c.AppPrivateKey))
 	}
 	return nil
 }
--- a/cmd/githubrunnerscalesetlistener/config/config_test.go
+++ b/cmd/githubrunnerscalesetlistener/config/config_test.go
@@ -0,0 +1,92 @@
 package config
 import (
 	"fmt"
 	"testing"
 	"github.com/stretchr/testify/assert"
 )
 func TestConfigValidationMinMax(t *testing.T) {
 	config := &Config{
 		ConfigureUrl:                "github.com/some_org/some_repo",
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 		MinRunners:                  5,
 		MaxRunners:                  2,
 		Token:                       "token",
 	}
 	err := config.validate()
 	assert.ErrorContains(t, err, "MinRunners '5' cannot be greater than MaxRunners '2", "Expected error about MinRunners > MaxRunners")
 }
 func TestConfigValidationMissingToken(t *testing.T) {
 	config := &Config{
 		ConfigureUrl:                "github.com/some_org/some_repo",
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 	}
 	err := config.validate()
 	expectedError := fmt.Sprintf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
 	assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
 }
 func TestConfigValidationAppKey(t *testing.T) {
 	config := &Config{
 		AppID:                       1,
 		AppInstallationID:           10,
 		ConfigureUrl:                "github.com/some_org/some_repo",
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 	}
 	err := config.validate()
 	expectedError := fmt.Sprintf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
 	assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
 }
 func TestConfigValidationOnlyOneTypeOfCredentials(t *testing.T) {
 	config := &Config{
 		AppID:                       1,
 		AppInstallationID:           10,
 		AppPrivateKey:               "asdf",
 		Token:                       "asdf",
 		ConfigureUrl:                "github.com/some_org/some_repo",
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 	}
 	err := config.validate()
 	expectedError := fmt.Sprintf("only one GitHub auth method supported at a time. Have both PAT and App auth: token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
 	assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
 }
 func TestConfigValidation(t *testing.T) {
 	config := &Config{
 		ConfigureUrl:                "https://github.com/actions",
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 		MinRunners:                  1,
 		MaxRunners:                  5,
 		Token:                       "asdf",
 	}
 	err := config.validate()
 	assert.NoError(t, err, "Expected no error")
 }
 func TestConfigValidationConfigUrl(t *testing.T) {
 	config := &Config{
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 	}
 	err := config.validate()
 	assert.ErrorContains(t, err, "GitHubConfigUrl is not provided", "Expected error about missing ConfigureUrl")
 }
--- a/cmd/githubrunnerscalesetlistener/main.go
+++ b/cmd/githubrunnerscalesetlistener/main.go
@@ -25,59 +25,137 @@ import (
 	"os"
 	"os/signal"
 	"syscall"
 	"time"
 	"github.com/actions/actions-runner-controller/build"
 	"github.com/actions/actions-runner-controller/cmd/githubrunnerscalesetlistener/config"
 	"github.com/actions/actions-runner-controller/github/actions"
 	"github.com/actions/actions-runner-controller/logging"
 	"github.com/go-logr/logr"
-	"github.com/kelseyhightower/envconfig"
+	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"golang.org/x/net/http/httpproxy"
 	"golang.org/x/sync/errgroup"
 )
 type RunnerScaleSetListenerConfig struct {
 	ConfigureUrl                string `split_words:"true"`
 	AppID                       int64  `split_words:"true"`
 	AppInstallationID           int64  `split_words:"true"`
 	AppPrivateKey               string `split_words:"true"`
 	Token                       string `split_words:"true"`
 	EphemeralRunnerSetNamespace string `split_words:"true"`
 	EphemeralRunnerSetName      string `split_words:"true"`
 	MaxRunners                  int    `split_words:"true"`
 	MinRunners                  int    `split_words:"true"`
 	RunnerScaleSetId            int    `split_words:"true"`
 	ServerRootCA                string `split_words:"true"`
 }
 func main() {
-	logger, err := logging.NewLogger(logging.LogLevelDebug, logging.LogFormatText)
+	configPath, ok := os.LookupEnv("LISTENER_CONFIG_PATH")
 	if !ok {
 		fmt.Fprintf(os.Stderr, "Error: LISTENER_CONFIG_PATH environment variable is not set\n")
 		os.Exit(1)
 	}
 	rc, err := config.Read(configPath)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Error: reading config from path(%q): %v\n", configPath, err)
 		os.Exit(1)
 	}
 	logLevel := string(logging.LogLevelDebug)
 	if rc.LogLevel != "" {
 		logLevel = rc.LogLevel
 	}
 	logFormat := string(logging.LogFormatText)
 	if rc.LogFormat != "" {
 		logFormat = rc.LogFormat
 	}
 	logger, err := logging.NewLogger(logLevel, logFormat)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Error: creating logger: %v\n", err)
 		os.Exit(1)
 	}
-	var rc RunnerScaleSetListenerConfig
+	ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
-	if err := envconfig.Process("github", &rc); err != nil {
+	defer stop()
-		logger.Error(err, "Error: processing environment variables for RunnerScaleSetListenerConfig")
+
-		os.Exit(1)
+	g, ctx := errgroup.WithContext(ctx)
 	g.Go(func() error {
 		opts := runOptions{
 			serviceOptions: []func(*Service){
 				WithLogger(logger),
 			},
 		}
 		opts.serviceOptions = append(opts.serviceOptions, WithPrometheusMetrics(rc))
 		return run(ctx, rc, logger, opts)
 	})
 	if len(rc.MetricsAddr) != 0 {
 		g.Go(func() error {
 			metricsServer := metricsServer{
 				rc:     rc,
 				logger: logger,
 			}
 			g.Go(func() error {
 				<-ctx.Done()
 				return metricsServer.shutdown()
 			})
 			return metricsServer.listenAndServe()
 		})
 	}
-	// Validate all inputs
+	if err := g.Wait(); err != nil {
-	if err := validateConfig(&rc); err != nil {
+		logger.Error(err, "Error encountered")
 		logger.Error(err, "Inputs validation failed")
 		os.Exit(1)
 	}
 	if err := run(rc, logger); err != nil {
 		logger.Error(err, "Run error")
 		os.Exit(1)
 	}
 }
-func run(rc RunnerScaleSetListenerConfig, logger logr.Logger) error {
+type metricsServer struct {
-	// Create root context and hook with sigint and sigterm
+	rc     config.Config
-	ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
+	logger logr.Logger
-	defer stop()
+	srv    *http.Server
 }
 func (s *metricsServer) shutdown() error {
 	ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
 	defer cancel()
 	return s.srv.Shutdown(ctx)
 }
 func (s *metricsServer) listenAndServe() error {
 	reg := prometheus.NewRegistry()
 	reg.MustRegister(
 		// availableJobs,
 		// acquiredJobs,
 		assignedJobs,
 		runningJobs,
 		registeredRunners,
 		busyRunners,
 		minRunners,
 		maxRunners,
 		desiredRunners,
 		idleRunners,
 		startedJobsTotal,
 		completedJobsTotal,
 		// jobQueueDurationSeconds,
 		jobStartupDurationSeconds,
 		jobExecutionDurationSeconds,
 	)
 	mux := http.NewServeMux()
 	mux.Handle(
 		s.rc.MetricsEndpoint,
 		promhttp.HandlerFor(reg, promhttp.HandlerOpts{Registry: reg}),
 	)
 	s.srv = &http.Server{
 		Addr:    s.rc.MetricsAddr,
 		Handler: mux,
 	}
 	s.logger.Info("Starting metrics server", "address", s.srv.Addr)
 	return s.srv.ListenAndServe()
 }
 type runOptions struct {
 	serviceOptions []func(*Service)
 }
 func run(ctx context.Context, rc config.Config, logger logr.Logger, opts runOptions) error {
 	// Create root context and hook with sigint and sigterm
 	creds := &actions.ActionsAuth{}
 	if rc.Token != "" {
 		creds.Token = rc.Token
@@ -93,8 +171,14 @@ func run(rc RunnerScaleSetListenerConfig, logger logr.Logger) error {
 		rc,
 		creds,
 		actions.WithLogger(logger),
 		actions.WithUserAgent(fmt.Sprintf("actions-runner-controller/%s", build.Version)),
 	)
 	actionsServiceClient.SetUserAgent(actions.UserAgentInfo{
 		Version:    build.Version,
 		CommitSHA:  build.CommitSHA,
 		ScaleSetID: rc.RunnerScaleSetId,
 		HasProxy:   hasProxy(),
 		Subsystem:  "githubrunnerscalesetlistener",
 	})
 	if err != nil {
 		return fmt.Errorf("failed to create an Actions Service client: %w", err)
 	}
@@ -119,9 +203,10 @@ func run(rc RunnerScaleSetListenerConfig, logger logr.Logger) error {
 		MinRunners:   rc.MinRunners,
 	}
-	service := NewService(ctx, autoScalerClient, kubeManager, scaleSettings, func(s *Service) {
+	service, err := NewService(ctx, autoScalerClient, kubeManager, scaleSettings, opts.serviceOptions...)
-		s.logger = logger.WithName("service")
+	if err != nil {
-	})
+		return fmt.Errorf("failed to create new service: %v", err)
 	}
 	// Start listening for messages
 	if err = service.Start(); err != nil {
@@ -130,38 +215,7 @@ func run(rc RunnerScaleSetListenerConfig, logger logr.Logger) error {
 	return nil
 }
-func validateConfig(config *RunnerScaleSetListenerConfig) error {
+func newActionsClientFromConfig(config config.Config, creds *actions.ActionsAuth, options ...actions.ClientOption) (*actions.Client, error) {
 	if len(config.ConfigureUrl) == 0 {
 		return fmt.Errorf("GitHubConfigUrl is not provided")
 	}
 	if len(config.EphemeralRunnerSetNamespace) == 0 || len(config.EphemeralRunnerSetName) == 0 {
 		return fmt.Errorf("EphemeralRunnerSetNamespace '%s' or EphemeralRunnerSetName '%s' is missing", config.EphemeralRunnerSetNamespace, config.EphemeralRunnerSetName)
 	}
 	if config.RunnerScaleSetId == 0 {
 		return fmt.Errorf("RunnerScaleSetId '%d' is missing", config.RunnerScaleSetId)
 	}
 	if config.MaxRunners < config.MinRunners {
 		return fmt.Errorf("MinRunners '%d' cannot be greater than MaxRunners '%d'", config.MinRunners, config.MaxRunners)
 	}
 	hasToken := len(config.Token) > 0
 	hasPrivateKeyConfig := config.AppID > 0 && config.AppPrivateKey != ""
 	if !hasToken && !hasPrivateKeyConfig {
 		return fmt.Errorf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
 	}
 	if hasToken && hasPrivateKeyConfig {
 		return fmt.Errorf("only one GitHub auth method supported at a time. Have both PAT and App auth: token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
 	}
 	return nil
 }
 func newActionsClientFromConfig(config RunnerScaleSetListenerConfig, creds *actions.ActionsAuth, options ...actions.ClientOption) (*actions.Client, error) {
 	if config.ServerRootCA != "" {
 		systemPool, err := x509.SystemCertPool()
 		if err != nil {
@@ -183,3 +237,8 @@ func newActionsClientFromConfig(config RunnerScaleSetListenerConfig, creds *acti
 	return actions.NewClient(config.ConfigureUrl, creds, options...)
 }
 func hasProxy() bool {
 	proxyFunc := httpproxy.FromEnvironment().ProxyFunc()
 	return proxyFunc != nil
 }
--- a/cmd/githubrunnerscalesetlistener/main_test.go
+++ b/cmd/githubrunnerscalesetlistener/main_test.go
@@ -3,7 +3,6 @@ package main
 import (
 	"context"
 	"crypto/tls"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"os"
@@ -13,94 +12,11 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/actions/actions-runner-controller/cmd/githubrunnerscalesetlistener/config"
 	"github.com/actions/actions-runner-controller/github/actions"
 	"github.com/actions/actions-runner-controller/github/actions/testserver"
 )
 func TestConfigValidationMinMax(t *testing.T) {
 	config := &RunnerScaleSetListenerConfig{
 		ConfigureUrl:                "github.com/some_org/some_repo",
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 		MinRunners:                  5,
 		MaxRunners:                  2,
 		Token:                       "token",
 	}
 	err := validateConfig(config)
 	assert.ErrorContains(t, err, "MinRunners '5' cannot be greater than MaxRunners '2", "Expected error about MinRunners > MaxRunners")
 }
 func TestConfigValidationMissingToken(t *testing.T) {
 	config := &RunnerScaleSetListenerConfig{
 		ConfigureUrl:                "github.com/some_org/some_repo",
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 	}
 	err := validateConfig(config)
 	expectedError := fmt.Sprintf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
 	assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
 }
 func TestConfigValidationAppKey(t *testing.T) {
 	config := &RunnerScaleSetListenerConfig{
 		AppID:                       1,
 		AppInstallationID:           10,
 		ConfigureUrl:                "github.com/some_org/some_repo",
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 	}
 	err := validateConfig(config)
 	expectedError := fmt.Sprintf("GitHub auth credential is missing, token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
 	assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
 }
 func TestConfigValidationOnlyOneTypeOfCredentials(t *testing.T) {
 	config := &RunnerScaleSetListenerConfig{
 		AppID:                       1,
 		AppInstallationID:           10,
 		AppPrivateKey:               "asdf",
 		Token:                       "asdf",
 		ConfigureUrl:                "github.com/some_org/some_repo",
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 	}
 	err := validateConfig(config)
 	expectedError := fmt.Sprintf("only one GitHub auth method supported at a time. Have both PAT and App auth: token length: '%d', appId: '%d', installationId: '%d', private key length: '%d", len(config.Token), config.AppID, config.AppInstallationID, len(config.AppPrivateKey))
 	assert.ErrorContains(t, err, expectedError, "Expected error about missing auth")
 }
 func TestConfigValidation(t *testing.T) {
 	config := &RunnerScaleSetListenerConfig{
 		ConfigureUrl:                "https://github.com/actions",
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 		MinRunners:                  1,
 		MaxRunners:                  5,
 		Token:                       "asdf",
 	}
 	err := validateConfig(config)
 	assert.NoError(t, err, "Expected no error")
 }
 func TestConfigValidationConfigUrl(t *testing.T) {
 	config := &RunnerScaleSetListenerConfig{
 		EphemeralRunnerSetNamespace: "namespace",
 		EphemeralRunnerSetName:      "deployment",
 		RunnerScaleSetId:            1,
 	}
 	err := validateConfig(config)
 	assert.ErrorContains(t, err, "GitHubConfigUrl is not provided", "Expected error about missing ConfigureUrl")
 }
 func TestCustomerServerRootCA(t *testing.T) {
 	ctx := context.Background()
 	certsFolder := filepath.Join(
@@ -134,7 +50,7 @@ func TestCustomerServerRootCA(t *testing.T) {
 	require.NoError(t, err)
 	certsString = certsString + string(intermediate)
-	config := RunnerScaleSetListenerConfig{
+	config := config.Config{
 		ConfigureUrl: server.ConfigURLForOrg("myorg"),
 		ServerRootCA: certsString,
 	}
@@ -164,7 +80,7 @@ func TestProxySettings(t *testing.T) {
 		os.Setenv("http_proxy", proxy.URL)
 		defer os.Setenv("http_proxy", prevProxy)
-		config := RunnerScaleSetListenerConfig{
+		config := config.Config{
 			ConfigureUrl: "https://github.com/org/repo",
 		}
 		creds := &actions.ActionsAuth{
@@ -196,7 +112,7 @@ func TestProxySettings(t *testing.T) {
 		os.Setenv("https_proxy", proxy.URL)
 		defer os.Setenv("https_proxy", prevProxy)
-		config := RunnerScaleSetListenerConfig{
+		config := config.Config{
 			ConfigureUrl: "https://github.com/org/repo",
 		}
 		creds := &actions.ActionsAuth{
@@ -233,7 +149,7 @@ func TestProxySettings(t *testing.T) {
 		os.Setenv("no_proxy", "example.com")
 		defer os.Setenv("no_proxy", prevNoProxy)
-		config := RunnerScaleSetListenerConfig{
+		config := config.Config{
 			ConfigureUrl: "https://github.com/org/repo",
 		}
 		creds := &actions.ActionsAuth{
--- a/cmd/githubrunnerscalesetlistener/metrics.go
+++ b/cmd/githubrunnerscalesetlistener/metrics.go
@@ -0,0 +1,343 @@
 package main
 import (
 	"github.com/actions/actions-runner-controller/github/actions"
 	"github.com/prometheus/client_golang/prometheus"
 )
 // label names
 const (
 	labelKeyRunnerScaleSetName      = "name"
 	labelKeyRunnerScaleSetNamespace = "namespace"
 	labelKeyEnterprise              = "enterprise"
 	labelKeyOrganization            = "organization"
 	labelKeyRepository              = "repository"
 	labelKeyJobName                 = "job_name"
 	labelKeyJobWorkflowRef          = "job_workflow_ref"
 	labelKeyEventName               = "event_name"
 	labelKeyJobResult               = "job_result"
 )
 const githubScaleSetSubsystem = "gha"
 // labels
 var (
 	scaleSetLabels = []string{
 		labelKeyRunnerScaleSetName,
 		labelKeyRepository,
 		labelKeyOrganization,
 		labelKeyEnterprise,
 		labelKeyRunnerScaleSetNamespace,
 	}
 	jobLabels = []string{
 		labelKeyRepository,
 		labelKeyOrganization,
 		labelKeyEnterprise,
 		labelKeyJobName,
 		labelKeyJobWorkflowRef,
 		labelKeyEventName,
 	}
 	completedJobsTotalLabels   = append(jobLabels, labelKeyJobResult)
 	jobExecutionDurationLabels = append(jobLabels, labelKeyJobResult)
 	startedJobsTotalLabels     = jobLabels
 	jobStartupDurationLabels   = []string{
 		labelKeyRepository,
 		labelKeyOrganization,
 		labelKeyEnterprise,
 		labelKeyEventName,
 	}
 )
 // metrics
 var (
 	// availableJobs = prometheus.NewGaugeVec(
 	// 	prometheus.GaugeOpts{
 	// 		Subsystem: githubScaleSetSubsystem,
 	// 		Name:      "available_jobs",
 	// 		Help:      "Number of jobs with `runs-on` matching the runner scale set name. Jobs are not yet assigned to the runner scale set.",
 	// 	},
 	// 	scaleSetLabels,
 	// )
 	//
 	// acquiredJobs = prometheus.NewGaugeVec(
 	// 	prometheus.GaugeOpts{
 	// 		Subsystem: githubScaleSetSubsystem,
 	// 		Name:      "acquired_jobs",
 	// 		Help:      "Number of jobs acquired by the scale set.",
 	// 	},
 	// 	scaleSetLabels,
 	// )
 	assignedJobs = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "assigned_jobs",
 			Help:      "Number of jobs assigned to this scale set.",
 		},
 		scaleSetLabels,
 	)
 	runningJobs = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "running_jobs",
 			Help:      "Number of jobs running (or about to be run).",
 		},
 		scaleSetLabels,
 	)
 	registeredRunners = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "registered_runners",
 			Help:      "Number of runners registered by the scale set.",
 		},
 		scaleSetLabels,
 	)
 	busyRunners = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "busy_runners",
 			Help:      "Number of registered runners running a job.",
 		},
 		scaleSetLabels,
 	)
 	minRunners = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "min_runners",
 			Help:      "Minimum number of runners.",
 		},
 		scaleSetLabels,
 	)
 	maxRunners = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "max_runners",
 			Help:      "Maximum number of runners.",
 		},
 		scaleSetLabels,
 	)
 	desiredRunners = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "desired_runners",
 			Help:      "Number of runners desired by the scale set.",
 		},
 		scaleSetLabels,
 	)
 	idleRunners = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "idle_runners",
 			Help:      "Number of registered runners not running a job.",
 		},
 		scaleSetLabels,
 	)
 	startedJobsTotal = prometheus.NewCounterVec(
 		prometheus.CounterOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "started_jobs_total",
 			Help:      "Total number of jobs started.",
 		},
 		startedJobsTotalLabels,
 	)
 	completedJobsTotal = prometheus.NewCounterVec(
 		prometheus.CounterOpts{
 			Name:      "completed_jobs_total",
 			Help:      "Total number of jobs completed.",
 			Subsystem: githubScaleSetSubsystem,
 		},
 		completedJobsTotalLabels,
 	)
 	// jobQueueDurationSeconds = prometheus.NewHistogramVec(
 	// 	prometheus.HistogramOpts{
 	// 		Subsystem: githubScaleSetSubsystem,
 	// 		Name:      "job_queue_duration_seconds",
 	// 		Help:      "Time spent waiting for workflow jobs to get assigned to the scale set after queueing (in seconds).",
 	// 		Buckets:   runtimeBuckets,
 	// 	},
 	// 	jobLabels,
 	// )
 	jobStartupDurationSeconds = prometheus.NewHistogramVec(
 		prometheus.HistogramOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "job_startup_duration_seconds",
 			Help:      "Time spent waiting for workflow job to get started on the runner owned by the scale set (in seconds).",
 			Buckets:   runtimeBuckets,
 		},
 		jobStartupDurationLabels,
 	)
 	jobExecutionDurationSeconds = prometheus.NewHistogramVec(
 		prometheus.HistogramOpts{
 			Subsystem: githubScaleSetSubsystem,
 			Name:      "job_execution_duration_seconds",
 			Help:      "Time spent executing workflow jobs by the scale set (in seconds).",
 			Buckets:   runtimeBuckets,
 		},
 		jobExecutionDurationLabels,
 	)
 )
 var runtimeBuckets []float64 = []float64{
 	0.01,
 	0.05,
 	0.1,
 	0.5,
 	1,
 	2,
 	3,
 	4,
 	5,
 	6,
 	7,
 	8,
 	9,
 	10,
 	12,
 	15,
 	18,
 	20,
 	25,
 	30,
 	40,
 	50,
 	60,
 	70,
 	80,
 	90,
 	100,
 	110,
 	120,
 	150,
 	180,
 	210,
 	240,
 	300,
 	360,
 	420,
 	480,
 	540,
 	600,
 	900,
 	1200,
 	1800,
 	2400,
 	3000,
 	3600,
 }
 type metricsExporter struct {
 	// Initialized during creation.
 	baseLabels
 }
 type baseLabels struct {
 	scaleSetName      string
 	scaleSetNamespace string
 	enterprise        string
 	organization      string
 	repository        string
 }
 func (b *baseLabels) jobLabels(jobBase *actions.JobMessageBase) prometheus.Labels {
 	return prometheus.Labels{
 		labelKeyEnterprise:     b.enterprise,
 		labelKeyOrganization:   b.organization,
 		labelKeyRepository:     b.repository,
 		labelKeyJobName:        jobBase.JobDisplayName,
 		labelKeyJobWorkflowRef: jobBase.JobWorkflowRef,
 		labelKeyEventName:      jobBase.EventName,
 	}
 }
 func (b *baseLabels) scaleSetLabels() prometheus.Labels {
 	return prometheus.Labels{
 		labelKeyRunnerScaleSetName:      b.scaleSetName,
 		labelKeyRunnerScaleSetNamespace: b.scaleSetNamespace,
 		labelKeyEnterprise:              b.enterprise,
 		labelKeyOrganization:            b.organization,
 		labelKeyRepository:              b.repository,
 	}
 }
 func (b *baseLabels) completedJobLabels(msg *actions.JobCompleted) prometheus.Labels {
 	l := b.jobLabels(&msg.JobMessageBase)
 	l[labelKeyJobResult] = msg.Result
 	return l
 }
 func (b *baseLabels) startedJobLabels(msg *actions.JobStarted) prometheus.Labels {
 	l := b.jobLabels(&msg.JobMessageBase)
 	return l
 }
 func (b *baseLabels) jobStartupDurationLabels(msg *actions.JobStarted) prometheus.Labels {
 	return prometheus.Labels{
 		labelKeyEnterprise:   b.enterprise,
 		labelKeyOrganization: b.organization,
 		labelKeyRepository:   b.repository,
 		labelKeyEventName:    msg.EventName,
 	}
 }
 func (m *metricsExporter) withBaseLabels(base baseLabels) {
 	m.baseLabels = base
 }
 func (m *metricsExporter) publishStatic(max, min int) {
 	l := m.scaleSetLabels()
 	maxRunners.With(l).Set(float64(max))
 	minRunners.With(l).Set(float64(min))
 }
 func (m *metricsExporter) publishStatistics(stats *actions.RunnerScaleSetStatistic) {
 	l := m.scaleSetLabels()
 	// availableJobs.With(l).Set(float64(stats.TotalAvailableJobs))
 	// acquiredJobs.With(l).Set(float64(stats.TotalAcquiredJobs))
 	assignedJobs.With(l).Set(float64(stats.TotalAssignedJobs))
 	runningJobs.With(l).Set(float64(stats.TotalRunningJobs))
 	registeredRunners.With(l).Set(float64(stats.TotalRegisteredRunners))
 	busyRunners.With(l).Set(float64(stats.TotalBusyRunners))
 	idleRunners.With(l).Set(float64(stats.TotalIdleRunners))
 }
 func (m *metricsExporter) publishJobStarted(msg *actions.JobStarted) {
 	l := m.startedJobLabels(msg)
 	startedJobsTotal.With(l).Inc()
 	l = m.jobStartupDurationLabels(msg)
 	startupDuration := msg.JobMessageBase.RunnerAssignTime.Unix() - msg.JobMessageBase.ScaleSetAssignTime.Unix()
 	jobStartupDurationSeconds.With(l).Observe(float64(startupDuration))
 }
 // func (m *metricsExporter) publishJobAssigned(msg *actions.JobAssigned) {
 // 	l := m.jobLabels(&msg.JobMessageBase)
 // 	queueDuration := msg.JobMessageBase.ScaleSetAssignTime.Unix() - msg.JobMessageBase.QueueTime.Unix()
 // 	jobQueueDurationSeconds.With(l).Observe(float64(queueDuration))
 // }
 func (m *metricsExporter) publishJobCompleted(msg *actions.JobCompleted) {
 	l := m.completedJobLabels(msg)
 	completedJobsTotal.With(l).Inc()
 	executionDuration := msg.JobMessageBase.FinishTime.Unix() - msg.JobMessageBase.RunnerAssignTime.Unix()
 	jobExecutionDurationSeconds.With(l).Observe(float64(executionDuration))
 }
 func (m *metricsExporter) publishDesiredRunners(count int) {
 	desiredRunners.With(m.scaleSetLabels()).Set(float64(count))
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Bassem Dghaidi	09b542320d	Revert docker socket path to /var/run/docker.sock	2024-01-20 20:12:31 +00:00
Ken Muse	47dfed3ced	Add documentation legacy modes warning and links to new docs (#3199 )	2024-01-05 19:56:31 +01:00
Nikola Jokic	1f9b7541e6	Prepare 0.8.1 release (#3184 )	2023-12-21 17:14:33 +01:00
Nikola Jokic	a029b705cd	Fix proxy issue in new listener client (#3181 )	2023-12-21 15:35:36 +01:00
Nikola Jokic	3fab744a4f	Prepare 0.8.0 release (#3175 )	2023-12-20 11:16:56 +01:00
Nikola Jokic	fe8c3bb789	Change listener container name (#3167 )	2023-12-19 12:22:52 +01:00
Nikola Jokic	e40874f67f	Fix assertion test in wait for delete (#3146 )	2023-12-18 17:04:35 +01:00
Serge	d7d479172d	Fix override listener pod spec (#3139 ) (#3161 ) Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>	2023-12-18 16:50:06 +01:00
Nikola Jokic	31352924d7	Fix empty env and volumeMounts object on default setup (#3166 )	2023-12-18 16:01:34 +01:00
dependabot[bot]	3e4201ac5f	Bump k8s.io/client-go from 0.28.3 to 0.28.4 (#3125 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com>	2023-12-14 12:58:35 +01:00
dependabot[bot]	a44b037d6b	Bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 (#3127 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-14 12:57:42 +01:00
dependabot[bot]	e11beea49b	Bump golang.org/x/net from 0.18.0 to 0.19.0 (#3126 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com>	2023-12-14 09:45:22 +01:00
dependabot[bot]	bfadad0830	Bump github.com/gruntwork-io/terratest from 0.41.24 to 0.46.7 (#3091 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com>	2023-12-14 09:35:07 +01:00
Nikola Jokic	f7eb88ce9c	Change minRunners behavior and fix the new listener min runners (#3139 )	2023-12-13 19:39:21 +01:00
Nikola Jokic	0fd8eac305	Update user agent for new ghalistener (#3138 )	2023-12-08 14:01:22 +01:00
Nikola Jokic	b78cadd901	Refactoring listener app with configurable fallback (#3096 )	2023-12-08 13:41:06 +01:00
Nikola Jokic	202a97ab12	Modify user agent format with subsystem and is proxy configured information (#3116 )	2023-12-08 13:16:29 +01:00
Toru Komatsu	b08d533105	Record the error when the creation pod fails (#3112 ) Signed-off-by: utam0k <k0ma@utam0k.jp>	2023-12-07 21:11:52 +01:00
dependabot[bot]	0bfa57ac50	Bump k8s.io/api from 0.28.3 to 0.28.4 (#3093 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com>	2023-12-04 16:22:33 +01:00
dependabot[bot]	2831d658c4	Bump k8s.io/apimachinery from 0.28.3 to 0.28.4 (#3092 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-04 15:54:48 +01:00
dependabot[bot]	0f40f6ab26	Bump github.com/onsi/gomega from 1.29.0 to 1.30.0 (#3094 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com>	2023-12-01 09:11:44 +01:00
Nikola Jokic	5347e2c2c8	ADR: Changing semantics of min runners to be min idle runners (#3040 )	2023-11-30 11:59:10 +01:00
Adam Szaraniec	1cba9c7800	Fix typo in helm chart (#3104 ) Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com>	2023-11-30 11:32:59 +01:00
Yusuke Kuoka	2c29cfb994	Bump legacy ARC chart's app version to v0.27.7 (#3008 )	2023-11-27 08:03:58 +01:00
Marco Hanisch	4f89ac5878	Add configureable namespace to ServiceMonitors (#3105 )	2023-11-27 14:05:48 +09:00
steve21168	64778a828e	Add fuse-overlayfs to benefit from union filesystem (#3022 )	2023-11-27 12:33:58 +09:00
Donal O'Brien	8e484637f9	Upgrade docker and docker compose in line with GH hosted runners (#3053 ) Co-authored-by: Yusuke Kuoka <ykuoka@gmail.com>	2023-11-27 12:25:19 +09:00
Nikola Jokic	b202be712e	Set actions client timeout to 5 minutes, add logging to client (#3103 )	2023-11-24 17:04:21 +01:00
github-actions[bot]	fb11d3bfd0	Updates: container-hooks to v0.5.0 (#3099 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2023-11-23 15:49:10 +01:00
Toru Komatsu	7793e1974a	Record a reason for pod failure in EphemeralRunner (#3074 ) Signed-off-by: utam0k <k0ma@utam0k.jp>	2023-11-21 08:26:29 +01:00
Nikola Jokic	8aa04dd2be	Prepare 0.7.0 release (#3077 )	2023-11-15 13:10:51 +01:00
Nikola Jokic	2939640fa9	Add ResizePolicy and RestartPolicy on mergeListenerContainer (#3075 )	2023-11-15 10:39:11 +01:00
Nikola Jokic	65fd04540c	Bump go version and all direct dependencies to newest for k8s compatibility (#2947 )	2023-11-14 16:19:43 +01:00
Tijmen Stor	1ae5d2b18e	feat: GHA controller Helm Chart quoted labels (#3061 )	2023-11-13 16:18:04 +01:00
Ferenc Hammerl	862bc1a9dd	Use full tag for action version (#3050 )	2023-11-07 15:13:13 +01:00
Nikola Jokic	95487735a2	Remove inheritance of imagePullPolicy from manager to listeners (#3009 )	2023-11-07 15:08:36 +01:00
Nikola Jokic	16815230bb	Metrics: set max and min runners during startup time (#3032 )	2023-11-07 14:20:10 +01:00
Nikola Jokic	2646456677	Update authorization for PAT to be Bearer as documented (#3039 )	2023-11-07 14:19:53 +01:00
Max Knee	62eca94e45	Update Chart.yaml (#3013 ) Signed-off-by: Max Knee <max.knee@nytimes.com>	2023-10-25 09:49:50 +02:00
github-actions[bot]	510b1d82e5	Updates: runner to v2.311.0 (#3018 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2023-10-24 14:54:27 +02:00
Nikola Jokic	b511953df7	Trim down metrics cardinality (#3003 )	2023-10-20 12:20:30 +02:00
Nikola Jokic	2117fd1892	Configure listener pod with the secret instead of env (#2965 ) Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com>	2023-10-19 12:29:32 +02:00
kahirokunn	e1edb84abe	chore: Service accounts in Kubernetes mode can now be annotated. (#2566 ) Signed-off-by: kahirokunn <okinakahiro@gmail.com>	2023-10-18 13:37:39 +02:00
Yusuke Kuoka	f14dbd68f1	Bump Kubernetes client to 1.26.4 (#2991 )	2023-10-16 15:45:25 +02:00
Nikola Jokic	bffcb32b19	Fix role and rolebinding cleanup for the listener controller (#2970 )	2023-10-16 12:40:38 +02:00
Nikola Jokic	ea2443a410	Include separate reports associated with Bug/Feature templates (#2938 )	2023-10-16 11:49:23 +02:00
John Sudol	ba91c183b5	Update CODEOWNERS to Launch team (#2979 )	2023-10-11 10:10:12 -04:00
github-actions[bot]	e10a1cc7a3	Updates: runner to v2.310.2 (#2980 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2023-10-11 08:32:02 -04:00
Waldek Herka	ce80adb9ab	Allow custom labels to be specified for controller pods (#2952 ) Co-authored-by: Waldek Herka <waldek.herka@no.reply>	2023-10-06 10:56:40 +02:00
Nikola Jokic	1a8abb6d39	Prepare 0.6.1 release (#2929 )	2023-09-26 11:40:48 +02:00
Nikola Jokic	fdf7b6c525	Fix nil map when annotations are applied (#2916 ) Co-authored-by: Hidetake Iwata <int128@gmail.com>	2023-09-26 11:21:16 +02:00
Nikola Jokic	db061b33e7	Fix name override labels when runnerScaleSetName value is set (#2915 )	2023-09-26 11:17:04 +02:00
github-actions[bot]	ead26ab18f	Updates: container-hooks to v0.4.0 (#2928 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2023-09-26 11:12:32 +02:00
Dmitry Chepurovskiy	16666e1bba	Fix #2809 : replace TLS dockerd connection with unix socket (#2833 ) Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com>	2023-09-22 12:41:50 +02:00
Nikola Jokic	2ae39828b2	Ignore summerwind resources in go test until controller version is the same (#2920 )	2023-09-22 12:35:34 +02:00
Nikola Jokic	cf24ab584d	Prepare 0.6.0 release (#2900 )	2023-09-15 12:04:06 +02:00
Nikola Jokic	07bff8aa1e	Extend the user agent and fix the build version for the listener app (#2892 )	2023-09-14 20:10:49 +02:00
Nikola Jokic	ea2fb32e20	Extend and generate crds allowing listener pod spec change (#2758 ) Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com>	2023-09-14 15:33:29 +02:00
Nikola Jokic	6a022e5489	Fix chart test for name override (#2896 )	2023-09-14 15:24:07 +02:00
Nicholas Hawkes	837a1cb850	Set the AutoscalingRunnerSet name to runnerScaleSetName (#2803 )	2023-09-13 09:55:08 +02:00
github-actions[bot]	dce49a003d	Updates: runner to v2.309.0 (#2876 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2023-09-12 16:31:51 +02:00
Lukas Beranek	c8216e1396	Fix missing \ in about-arc.md (#2866 )	2023-09-07 13:52:25 +02:00
Andi Büchler	564c112b1a	Fix trivial typos (#2856 )	2023-09-07 13:51:41 +02:00
Francesco Virga	c7dce2bbb7	Documenting the runner container command in values.yaml (#2854 )	2023-09-07 13:47:08 +02:00
Nikola Jokic	10d79342d7	Set restart policy on the runner pod to Never if restartPolicy is not set in template (#2787 )	2023-09-07 13:39:08 +02:00
Jongwoo Han	64eafb58b6	Replace deprecated ::set-output with $GITHUB_OUTPUT (#2679 )	2023-09-07 13:35:12 +02:00
mubashirusman	030efd82c5	Fix spacing in about-arc.md (#2790 )	2023-09-07 12:24:55 +02:00
Kirill Bilchenko	f1d7c52253	bump appVersion to latest available app (#2840 )	2023-08-30 15:01:31 +09:00
Jonathan Wiemers	76d622b86b	feature: allow custom envornment variables in metricsservice (#2839 )	2023-08-30 15:01:06 +09:00
Nathan Heaps	0b24b0d60b	Add docs for setting the RUNNER_GRACEFUL_STOP_TIMEOUT env var on docker container (#2843 )	2023-08-30 12:30:18 +09:00
Bassem Dghaidi	5e23c598a8	Move top level metrics property up (#2841 )	2023-08-29 03:58:08 -04:00
Nikola Jokic	3652932780	Fix canary VERSION parameter (#2842 )	2023-08-28 14:46:53 +02:00
Stefan Andres	94065d2fc5	[helm actions-runner-controller] Use namespaceSelector.matchExpression instead of matchLabels (#2830 )	2023-08-28 14:24:20 +09:00
jb-2020	b1cc4da5dc	Switch git-lfs source to packagecloud (#2838 )	2023-08-28 14:23:57 +09:00
Lukas Hauser	8b7bfa5ffb	Fix - Actually Enable Sets in addition to Slices in `env` (#2828 )	2023-08-28 13:48:29 +09:00
Nikola Jokic	52fc819339	Fix parsing AcquireJob MessageQueueTokenExpiredError (#2837 )	2023-08-25 20:35:01 +02:00
Bassem Dghaidi	215b245881	Upgrade e2e tests to latest version (0.5.0) (#2826 )	2023-08-21 17:09:16 +02:00
Bassem Dghaidi	a3df23b07c	Add grafana dashboard sample (#2825 )	2023-08-21 16:31:55 +02:00
Bassem Dghaidi	f5c69654e7	Revert back the helm chart renaming hotfix (#2823 )	2023-08-21 15:44:20 +02:00
Nikola Jokic	abc0b678d3	Revert chart name and use helper constant to trim the name base (#2824 ) Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com>	2023-08-21 15:36:14 +02:00
Bassem Dghaidi	963ab2a748	Fix workflow after chart renaming (#2822 )	2023-08-21 14:28:55 +02:00
Bassem Dghaidi	8a41a596b6	Prepare 0.5.0 release (#2783 )	2023-08-21 14:10:36 +02:00
Bassem Dghaidi	e10c437f46	Move gha-* docs out of preview (#2779 )	2023-08-21 14:06:12 +02:00
Nikola Jokic	a0a3916c80	Provide scale-set listener metrics (#2559 ) Co-authored-by: Tingluo Huang <tingluohuang@github.com> Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com>	2023-08-21 13:50:07 +02:00
Nikola Jokic	1c360d7e26	Document customization for containerModes (#2777 )	2023-08-18 11:03:28 +02:00
github-actions[bot]	20bb860a37	Updates: runner to v2.308.0 (#2814 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2023-08-15 12:53:03 +02:00
Nikola Jokic	6a75bc0880	Trim gha-runner-scale-set to gha-rs in names and remove role type suffixes (#2706 )	2023-08-09 11:11:45 +02:00
Lukas Hauser	78271000c0	Logs - Add missing formatting (#2780 )	2023-08-09 17:54:24 +09:00
Juliet Boyd	a36b0e58b0	Clarify multiple metrics in docs (#2712 ) Co-authored-by: Dylan Boyd <5061312+dylanjboyd@users.noreply.github.com>	2023-08-09 17:53:39 +09:00
Nikola Jokic	336e11a4e9	Fix scaling back to 0 after min runners were set to number > 0 (#2742 )	2023-08-09 10:32:08 +02:00
github-actions[bot]	dcb64f0b9e	Updates: runner to v2.307.1 (#2778 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2023-07-26 20:02:33 +02:00
Nikola Jokic	0dadfc4d37	ADR: Customize listener pod (#2752 )	2023-07-25 16:47:26 +02:00
Thorsten Wildberger	dc58f6ba13	feat: allow more dockerd options (#2701 )	2023-07-25 13:59:49 +09:00
arielly-parussulo	06cbd632b8	add interval and timeout configuration for the actions-runner-controler serviceMonitors (#2654 ) Co-authored-by: Yusuke Kuoka <ykuoka@gmail.com>	2023-07-25 13:59:41 +09:00
Paweł Rein	9f33ae1507	fixed indent in a README example (#2725 )	2023-07-25 13:45:44 +09:00
Ekaterina Sobolevskaia	63a6b5a7f0	add opportunity write dnsPolicy for controller by helm values (#2708 )	2023-07-25 13:38:13 +09:00
marcin-motyl	fddc5bf1c8	Fix deployment & service values in actionsMetrics (#2683 )	2023-07-25 09:56:20 +09:00
Daniel Kubat	d90ce2bed5	Upgrade Docker Compose to v2.20.0 (#2738 )	2023-07-25 09:54:09 +09:00
Gavin Williams	cd996e7c27	Fix `panic: slice bounds out of range` when runner spec contains `volumeMounts`. (#2720 ) Signed-off-by: Gavin Williams <gavin.williams@machinemax.com>	2023-07-25 09:53:50 +09:00
Lars Lange	297442975e	fix: remove callbacks resulting in scales due to incomplete response (#2671 ) Co-authored-by: Yusuke Kuoka <ykuoka@gmail.com>	2023-07-25 09:04:54 +09:00
dependabot[bot]	5271f316e6	Bump golang.org/x/net from 0.11.0 to 0.12.0 (#2750 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-18 12:07:33 +02:00
dependabot[bot]	9845a934f4	Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#2628 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com>	2023-07-14 13:48:27 +02:00
github-actions[bot]	e0a7e142e0	Updates: runner to v2.306.0 (#2727 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2023-07-07 14:48:40 +02:00
dependabot[bot]	f9a11a8b0b	chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.4 (#2716 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com>	2023-07-06 12:41:55 +02:00
Nikola Jokic	fde1893494	Add status check before deserializing runner-registration response (#2699 )	2023-07-05 21:09:07 +02:00
Nikola Jokic	6fe8008640	Add configurable log format to values.yaml and propagate it to listener (#2686 )	2023-07-05 21:06:42 +02:00
Yusuke Kuoka	2fee26ddce	chore: Set build version on make-runscaleset (#2713 )	2023-07-03 11:52:04 +02:00
marcin-motyl	685f7162a4	Fix serviceMonitor labels in actionsMetrics (#2682 )	2023-07-01 13:59:44 +09:00
Lars Lange	d134dee14b	fix: template test of service account (#2705 )	2023-06-28 10:24:49 +02:00
dependabot[bot]	c33ce998f4	chore(deps): bump github.com/onsi/ginkgo/v2 from 2.9.1 to 2.11.0 (#2689 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com>	2023-06-27 13:14:31 +02:00
kahirokunn	78a93566af	chore: remove 16 characters from -service-account (#2567 ) Signed-off-by: kahirokunn <okinakahiro@gmail.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com>	2023-06-27 12:32:47 +02:00
Rose Soriano	81dea9b3dc	Fix more broken links in docs (#2473 ) Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com>	2023-06-23 08:54:13 -04:00
Nikola Jokic	7ca3df3605	fix chart test (#2694 )	2023-06-21 08:43:03 -04:00
kahirokunn	2343cd2d7b	chore(gha-runner-scale-set): update indentation of initContainers (#2638 )	2023-06-21 13:50:02 +02:00
Timm Drevensek	cf18cb3fb0	Adapt role name to prevent namespace collision (#2617 )	2023-06-20 17:35:53 +02:00
Bassem Dghaidi	ae8b27a9a3	Apply the label "runners update" on runner update PRs (#2680 )	2023-06-16 09:11:58 -04:00
dependabot[bot]	58ee5e8c4e	chore(deps): bump github.com/onsi/ginkgo/v2 from 2.9.0 to 2.9.1 (#2401 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com>	2023-06-15 14:56:53 +02:00
dependabot[bot]	fade63a663	chore(deps): bump go.uber.org/multierr from 1.7.0 to 1.10.0 (#2400 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com>	2023-06-15 14:05:35 +02:00
Nikola Jokic	ac4056f85b	Upgrade golang.org/x/net to 0.11 (#2676 )	2023-06-15 13:38:55 +02:00
github-actions[bot]	462d044604	Updates: runner to v2.305.0 (#2674 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2023-06-15 06:07:09 -04:00
Nikola Jokic	94934819c4	Trim repo/org/enterprise to 63 characters in label values (#2657 )	2023-06-09 20:57:20 +02:00
Nuru	aac811f210	Update unconsumed HRA capacity reservation's expiration more frequently and consistently (#2502 ) Co-authored-by: Yusuke Kuoka <ykuoka@gmail.com>	2023-05-30 09:04:57 +09:00
Thang Le	e7ec736738	Use head_branch metric (#2549 ) Co-authored-by: Yusuke Kuoka <ykuoka@gmail.com>	2023-05-28 16:36:55 +09:00
Daniel Hobley	90ea691e72	feat: allow for modifying `var-run` mount maximum size limit (#2624 )	2023-05-27 11:47:23 +09:00
robert lestak	32a653c0ca	enable passing docker-gid in helm chart (#2574 )	2023-05-27 11:33:46 +09:00
Vincent Rivellino	c7b2dd1764	fix: labels on github webhook service template (#2582 )	2023-05-27 11:33:20 +09:00
Changliang Wu	80af7fc125	feat: support configure docker insecure registry with env (#2606 )	2023-05-27 11:32:46 +09:00
Armin Becher	34909f0cf1	Fix typo in HorizontalRunnerAutoscaler (#2563 ) Co-authored-by: Yusuke Kuoka <ykuoka@gmail.com>	2023-05-27 11:22:44 +09:00
Bassem Dghaidi	8afef51c8b	Add DrainJobsMode (aka UpdateStrategy feature) (#2569 )	2023-05-23 07:42:30 -04:00
Bassem Dghaidi	032443fcfd	Fix workflows concurrency group names (#2611 )	2023-05-22 07:16:38 -04:00
Nikola Jokic	91c8991835	Scale Set Metrics ADR (#2568 ) Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com>	2023-05-18 15:37:41 +02:00
Nikola Jokic	c5ebe750dc	Discard logs on helm chart tests (#2607 )	2023-05-18 14:15:05 +02:00
Bassem Dghaidi	34fdbf1231	Add concurrency limits on all workflows to eliminate wasted cycles (#2603 )	2023-05-18 04:55:03 -04:00
Bassem Dghaidi	44e9b7d8eb	Add new architecture diagram (#2598 )	2023-05-17 08:36:16 -04:00
Bassem Dghaidi	7ab516fdab	Update CONTRIBUTING.md with new contribution guidelines and release process documentation (#2596 ) Co-authored-by: John Sudol <24583161+johnsudol@users.noreply.github.com>	2023-05-17 07:42:35 -04:00
github-actions[bot]	e571df52b5	Updates: container-hooks to v0.3.2 (#2597 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2023-05-17 05:57:23 -04:00
Bassem Dghaidi	706ec17bf4	Fix broken chart validation workflows (#2589 )	2023-05-15 10:12:03 -04:00
Bassem Dghaidi	30355f742b	Apply naming convention to workflows (#2581 ) Co-authored-by: John Sudol <24583161+johnsudol@users.noreply.github.com>	2023-05-15 08:31:18 -04:00
Yusuke Kuoka	8a5fb6ccb7	Bump chart version to v0.23.3 for ARC v0.27.4 (#2577 )	2023-05-12 09:10:59 -04:00
github-actions[bot]	e930ba6e98	Updates: container-hooks to v0.3.1 (#2580 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2023-05-12 05:55:09 -04:00
Bassem Dghaidi	5ba3805a3f	Fix update runners scheduled workflow to check for container-hooks upgrades (#2576 )	2023-05-12 05:52:24 -04:00
`@@ -1,2 +1,2 @@`
	`# actions-runner-controller maintainers`	`# actions-runner-controller maintainers`
	`* @mumoshu @toast-gear @actions/actions-runtime @nikola-jokic`	`* @mumoshu @toast-gear @actions/actions-launch @nikola-jokic`
`@@ -1,3 +1,4 @@`
	`Thank you for installing {{ .Chart.Name }}.`	`Thank you for installing {{ .Chart.Name }}.`

	`Your release is named {{ .Release.Name }}.`	`Your release is named {{ .Release.Name }}.`