From 21722a5de8ea3d00b14676a0c559837f7679a4a3 Mon Sep 17 00:00:00 2001 From: Thomas B Date: Thu, 27 Apr 2023 06:33:48 +0200 Subject: [PATCH] Add CR and CRB to the helm chart (#2504) In response to https://github.com/actions/actions-runner-controller/issues/2212 , the ARC helm chart is missing ClusterRoleBinding and ClusterRole for the ActionsMetricsServer resulting on missing permissions. This also fix the labels of the ActionsMetricsServer Service as it is selected by the ServiceMonitor with those labels. Co-authored-by: Yusuke Kuoka --- .../templates/actionsmetrics.role.yaml | 90 +++++++++++++++++++ .../actionsmetrics.role_binding.yaml | 14 +++ .../templates/actionsmetrics.service.yaml | 2 +- 3 files changed, 105 insertions(+), 1 deletion(-) create mode 100644 charts/actions-runner-controller/templates/actionsmetrics.role.yaml create mode 100644 charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml diff --git a/charts/actions-runner-controller/templates/actionsmetrics.role.yaml b/charts/actions-runner-controller/templates/actionsmetrics.role.yaml new file mode 100644 index 00000000..829bcf3b --- /dev/null +++ b/charts/actions-runner-controller/templates/actionsmetrics.role.yaml @@ -0,0 +1,90 @@ +{{- if .Values.actionsMetricsServer.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ include "actions-runner-controller-actions-metrics-server.roleName" . }} +rules: +- apiGroups: + - actions.summerwind.dev + resources: + - horizontalrunnerautoscalers + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - actions.summerwind.dev + resources: + - horizontalrunnerautoscalers/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - actions.summerwind.dev + resources: + - horizontalrunnerautoscalers/status + verbs: + - get + - patch + - update +- apiGroups: + - actions.summerwind.dev + resources: + - runnersets + verbs: + - get + - list + - watch +- apiGroups: + - actions.summerwind.dev + resources: + - runnerdeployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - actions.summerwind.dev + resources: + - runnerdeployments/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - actions.summerwind.dev + resources: + - runnerdeployments/status + verbs: + - get + - patch + - update +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +{{- end }} diff --git a/charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml b/charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml new file mode 100644 index 00000000..0b64ed5f --- /dev/null +++ b/charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml @@ -0,0 +1,14 @@ +{{- if .Values.actionsMetricsServer.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "actions-runner-controller-actions-metrics-server.roleName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "actions-runner-controller-actions-metrics-server.roleName" . }} +subjects: + - kind: ServiceAccount + name: {{ include "actions-runner-controller-actions-metrics-server.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/actions-runner-controller/templates/actionsmetrics.service.yaml b/charts/actions-runner-controller/templates/actionsmetrics.service.yaml index cfd2738e..2c70f24b 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.service.yaml +++ b/charts/actions-runner-controller/templates/actionsmetrics.service.yaml @@ -5,7 +5,7 @@ metadata: name: {{ include "actions-runner-controller-actions-metrics-server.fullname" . }} namespace: {{ .Release.Namespace }} labels: - {{- include "actions-runner-controller.labels" . | nindent 4 }} + {{- include "actions-runner-controller-actions-metrics-server.selectorLabels" . | nindent 4 }} {{- if .Values.actionsMetricsServer.service.annotations }} annotations: {{ toYaml .Values.actionsMetricsServer.service.annotations | nindent 4 }}