mirror of
https://github.com/actions/actions-runner-controller.git
synced 2026-01-20 19:31:29 +08:00
40 lines
1.4 KiB
YAML
40 lines
1.4 KiB
YAML
{{- $runnerMode := (.Values.runner.mode | default "") -}}
|
|
{{- $kubeDefaults := (.Values.runner.kubernetesMode.default | default true) -}}
|
|
{{- if and (eq $runnerMode "kubernetes") $kubeDefaults (empty .Values.runner.kubernetesMode.serviceAccountName) }}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: {{ include "kube-mode-role.name" . | quote }}
|
|
namespace: {{ include "autoscaling-runner-set.namespace" . | quote }}
|
|
labels:
|
|
{{- include "kube-mode-role.labels" . | nindent 4 }}
|
|
annotations:
|
|
{{- include "kube-mode-role.annotations" . | nindent 4 }}
|
|
finalizers:
|
|
- actions.github.com/cleanup-protection
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["pods"]
|
|
verbs: ["get", "list", "create", "delete"]
|
|
- apiGroups: [""]
|
|
resources: ["pods/exec"]
|
|
verbs: ["get", "create"]
|
|
- apiGroups: [""]
|
|
resources: ["pods/log"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: ["batch"]
|
|
resources: ["jobs"]
|
|
verbs: ["get", "list", "create", "delete"]
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["get", "list", "create", "delete"]
|
|
{{- with .Values.runner.kubernetesMode.extraRules }}
|
|
{{- if not (empty .) }}
|
|
{{- if not (kindIs "slice" .) -}}
|
|
{{- fail ".Values.runner.kubernetesMode.extraRules must be a list of RBAC policy rules" -}}
|
|
{{- end }}
|
|
{{ toYaml . | nindent 2 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|