public_git
/
actions-runner-controller
mirror of https://github.com/actions-runner-controller/actions-runner-controller.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge 9d6755ab70 into 0baa4f6b09

This commit is contained in:
Marcus Ramberg 2025-10-23 13:59:25 +02:00 committed by GitHub
parent 0baa4f6b09 9d6755ab70
commit 24abec2149
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 49 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
charts/gha-runner-scale-set/templates/kube_mode_role.yaml
View File

@ -36,21 +36,24 @@ metadata:
finalizers: finalizers:
- actions.github.com/cleanup-protection - actions.github.com/cleanup-protection
rules: rules:
- apiGroups: [""] - apiGroups: [""]
resources: ["pods"] resources: ["pods"]
verbs: ["get", "list", "create", "delete"] verbs: ["get", "list", "create", "delete"]
- apiGroups: [""] - apiGroups: [""]
resources: ["pods/exec"] resources: ["pods/exec"]
verbs: ["get", "create"] verbs: ["get", "create"]
- apiGroups: [""] - apiGroups: [""]
resources: ["pods/log"] resources: ["pods/log"]
verbs: ["get", "list", "watch",] verbs: ["get", "list", "watch",]
{{- if ne $containerMode.type "kubernetes-novolume" }} {{- if ne $containerMode.type "kubernetes-novolume" }}
- apiGroups: ["batch"] - apiGroups: ["batch"]
resources: ["jobs"] resources: ["jobs"]
verbs: ["get", "list", "create", "delete"] verbs: ["get", "list", "create", "delete"]
{{- end }}
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "create", "delete"]
{{- with $containerMode.kubernetesModeAdditionalRoleRules}}
{{- toYaml . | nindent 2}}
{{- end }} {{- end }}
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "create", "delete"]
{{- end }} {{- end }}

30
charts/gha-runner-scale-set/tests/values_k8s_extra_role_rules.yaml Normal file
View File

@ -0,0 +1,30 @@
githubConfigUrl: https://github.com/actions/actions-runner-controller
githubConfigSecret:
github_token: test
template:
spec:
containers:
- name: other
image: other-image:latest
volumes:
- name: foo
emptyDir: {}
- name: bar
emptyDir: {}
- name: work
hostPath:
path: /data
type: Directory
containerMode:
type: kubernetes
kubernetesModeAdditionalRoleRule:
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- list
- create
- delete

1
charts/gha-runner-scale-set/values.yaml
View File

@ -124,6 +124,7 @@ githubConfigSecret:
# resources: # resources:
# requests: # requests:
# storage: 1Gi # storage: 1Gi
# kubernetesModeAdditionalRoleRules: []
# #
## listenerTemplate is the PodSpec for each listener Pod ## listenerTemplate is the PodSpec for each listener Pod