actions/actions-runner-controller
1
0
Fork 0
mirror of https://github.com/actions/actions-runner-controller.git synced 2026-01-20 11:21:41 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
4056edbe9f4ffdd1706501c83f2f77d7527564ea
actions-runner-controller/charts/gha-runner-scale-set-dev/templates/kube_mode_role.yaml
Nikola Jokic 4056edbe9f wip
2026-01-19 19:00:58 +01:00

40 lines
1.4 KiB
YAML
Raw Blame History

{{- $runnerMode := (.Values.runner.mode | default "") -}}
{{- $kubeDefaults := (.Values.runner.kubernetesMode.default | default true) -}}
{{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty .Values.runner.kubernetesMode.serviceAccountName) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "kube-mode-role.name" . | quote }}
namespace: {{ include "autoscaling-runner-set.namespace" . | quote }}
labels:
{{- include "kube-mode-role.labels" . | nindent 4 }}
annotations:
{{- include "kube-mode-role.annotations" . | nindent 4 }}
finalizers:
- actions.github.com/cleanup-protection
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "create", "delete"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["get", "create"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get", "list", "watch"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["get", "list", "create", "delete"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "create", "delete"]
{{- with .Values.resource.kubernetesModeRole.extraRules }}
{{- if not (empty .) }}
{{- if not (kindIs "slice" .) -}}
{{- fail ".Values.resource.kubernetesModeRole.extraRules must be a list of RBAC policy rules" -}}
{{- end }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink