Add missing job-related permissions to runner pods with k8s container mode
This commit is contained in:
Yusuke Kuoka
parent
7e4b6ebd6d
commit
1cfe1974c4
|
|
@ -285,6 +285,8 @@ rules:
|
||||||
- get
|
- get
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.rbac.allowGrantingKubernetesContainerModePermissions }}
|
{{- if .Values.rbac.allowGrantingKubernetesContainerModePermissions }}
|
||||||
|
{{/* These permissions are required by ARC to create RBAC resources for the runner pod to use the kubernetes container mode. */}}
|
||||||
|
{{/* See https://github.com/actions-runner-controller/actions-runner-controller/pull/1268/files#r917331632 */}}
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
resources:
|
resources:
|
||||||
|
|
@ -300,6 +302,15 @@ rules:
|
||||||
- get
|
- get
|
||||||
- list
|
- list
|
||||||
- watch
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- "batch"
|
||||||
|
resources:
|
||||||
|
- jobs
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
resources:
|
resources:
|
||||||
|
|
|
||||||
|
|
@ -304,6 +304,11 @@ func (r *RunnerReconciler) processRunnerCreation(ctx context.Context, runner v1a
|
||||||
Resources: []string{"pods/log"},
|
Resources: []string{"pods/log"},
|
||||||
Verbs: []string{"get", "list", "watch"},
|
Verbs: []string{"get", "list", "watch"},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
APIGroups: []string{"batch"},
|
||||||
|
Resources: []string{"jobs"},
|
||||||
|
Verbs: []string{"get", "list", "create", "delete"},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
APIGroups: []string{""},
|
APIGroups: []string{""},
|
||||||
Resources: []string{"secrets"},
|
Resources: []string{"secrets"},
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue