From 3c1a323381a7f5ba782fb1a66c5db04767f70c7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=2E=20Fern=C3=A1ndez?= <7312236+fernandezcuesta@users.noreply.github.com> Date: Tue, 18 Mar 2025 20:41:04 +0000 Subject: [PATCH] feat: allow namespace overrides (#3797) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com> Co-authored-by: Nikola Jokic --- .../templates/NOTES.txt | 14 +- .../templates/_helpers.tpl | 11 ++ .../templates/actionsmetrics.deployment.yaml | 2 +- .../templates/actionsmetrics.ingress.yaml.yml | 2 +- .../actionsmetrics.role_binding.yaml | 2 +- .../templates/actionsmetrics.secrets.yaml | 2 +- .../templates/actionsmetrics.service.yaml | 2 +- .../actionsmetrics.serviceaccount.yaml.yml | 2 +- .../actionsmetrics.servicemonitor.yaml.yml | 2 +- .../templates/auth_proxy_role_binding.yaml | 2 +- .../templates/certificate.yaml | 8 +- .../templates/controller.metrics.service.yaml | 2 +- .../controller.metrics.serviceMonitor.yaml | 2 +- .../templates/controller.pdb.yaml | 2 +- .../templates/deployment.yaml | 4 +- .../templates/githubwebhook.deployment.yaml | 4 +- .../templates/githubwebhook.ingress.yaml | 2 +- .../templates/githubwebhook.pdb.yaml | 2 +- .../templates/githubwebhook.role_binding.yaml | 2 +- .../templates/githubwebhook.secrets.yaml | 2 +- .../templates/githubwebhook.service.yaml | 2 +- .../githubwebhook.serviceMonitor.yaml | 2 +- .../githubwebhook.serviceaccount.yaml | 2 +- .../templates/leader_election_role.yaml | 2 +- .../leader_election_role_binding.yaml | 4 +- .../templates/manager_role_binding.yaml | 2 +- .../manager_role_binding_secrets.yaml | 4 +- .../templates/manager_secrets.yaml | 2 +- .../templates/serviceaccount.yaml | 2 +- .../templates/webhook_configs.yaml | 36 ++--- .../templates/webhook_service.yaml | 2 +- charts/actions-runner-controller/values.yaml | 3 + .../templates/_helpers.tpl | 13 +- .../templates/deployment.yaml | 4 +- .../templates/leader_election_role.yaml | 2 +- .../leader_election_role_binding.yaml | 4 +- .../manager_cluster_role_binding.yaml | 2 +- .../templates/manager_listener_role.yaml | 2 +- .../manager_listener_role_binding.yaml | 4 +- ...ager_single_namespace_controller_role.yaml | 2 +- ...gle_namespace_controller_role_binding.yaml | 4 +- ...r_single_namespace_watch_role_binding.yaml | 2 +- .../templates/serviceaccount.yaml | 2 +- .../tests/template_test.go | 144 +++++++++++++++++ .../values.yaml | 5 +- .../templates/_helpers.tpl | 18 ++- .../templates/autoscalingrunnerset.yaml | 4 +- .../templates/githubsecret.yaml | 2 +- .../templates/kube_mode_role.yaml | 2 +- .../templates/kube_mode_role_binding.yaml | 4 +- .../templates/kube_mode_serviceaccount.yaml | 3 +- .../templates/manager_role.yaml | 2 +- .../templates/manager_role_binding.yaml | 2 +- .../no_permission_serviceaccount.yaml | 2 +- .../tests/template_test.go | 153 ++++++++++++++++++ charts/gha-runner-scale-set/values.yaml | 3 + 56 files changed, 427 insertions(+), 92 deletions(-) diff --git a/charts/actions-runner-controller/templates/NOTES.txt b/charts/actions-runner-controller/templates/NOTES.txt index faf893f0..7282f452 100644 --- a/charts/actions-runner-controller/templates/NOTES.txt +++ b/charts/actions-runner-controller/templates/NOTES.txt @@ -6,17 +6,17 @@ {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "actions-runner-controller.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ include "actions-runner-controller.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "actions-runner-controller.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "actions-runner-controller.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "actions-runner-controller.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "actions-runner-controller.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + You can watch the status of by running 'kubectl get --namespace {{ include "actions-runner-controller.namespace" . }} svc -w {{ include "actions-runner-controller.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "actions-runner-controller.namespace" . }} {{ include "actions-runner-controller.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "actions-runner-controller.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + export POD_NAME=$(kubectl get pods --namespace {{ include "actions-runner-controller.namespace" . }} -l "app.kubernetes.io/name={{ include "actions-runner-controller.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ include "actions-runner-controller.namespace" . }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT + kubectl --namespace {{ include "actions-runner-controller.namespace" . }} port-forward $POD_NAME 8080:$CONTAINER_PORT {{- end }} diff --git a/charts/actions-runner-controller/templates/_helpers.tpl b/charts/actions-runner-controller/templates/_helpers.tpl index 68570f03..dca55149 100644 --- a/charts/actions-runner-controller/templates/_helpers.tpl +++ b/charts/actions-runner-controller/templates/_helpers.tpl @@ -1,3 +1,14 @@ +{{/* +Allow overriding the namespace for the resources. +*/}} +{{- define "actions-runner-controller.namespace" -}} +{{- if .Values.namespaceOverride }} + {{- .Values.namespaceOverride }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + {{/* Expand the name of the chart. */}} diff --git a/charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml b/charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml index 676e2472..045acc0a 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml +++ b/charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "actions-runner-controller-actions-metrics-server.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} spec: diff --git a/charts/actions-runner-controller/templates/actionsmetrics.ingress.yaml.yml b/charts/actions-runner-controller/templates/actionsmetrics.ingress.yaml.yml index 5b54993c..5b147a58 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.ingress.yaml.yml +++ b/charts/actions-runner-controller/templates/actionsmetrics.ingress.yaml.yml @@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.actionsMetricsServer.ingress.annotations }} diff --git a/charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml b/charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml index 0b64ed5f..d00f26ae 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml +++ b/charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml @@ -10,5 +10,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller-actions-metrics-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} {{- end }} diff --git a/charts/actions-runner-controller/templates/actionsmetrics.secrets.yaml b/charts/actions-runner-controller/templates/actionsmetrics.secrets.yaml index a7128b4c..36628261 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.secrets.yaml +++ b/charts/actions-runner-controller/templates/actionsmetrics.secrets.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "actions-runner-controller-actions-metrics-server.secretName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} type: Opaque diff --git a/charts/actions-runner-controller/templates/actionsmetrics.service.yaml b/charts/actions-runner-controller/templates/actionsmetrics.service.yaml index 4ff8830b..4c973281 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.service.yaml +++ b/charts/actions-runner-controller/templates/actionsmetrics.service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "actions-runner-controller-actions-metrics-server.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller-actions-metrics-server.selectorLabels" . | nindent 4 }} {{- if .Values.actionsMetricsServer.service.annotations }} diff --git a/charts/actions-runner-controller/templates/actionsmetrics.serviceaccount.yaml.yml b/charts/actions-runner-controller/templates/actionsmetrics.serviceaccount.yaml.yml index 9ab1afc1..5b41e2e4 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.serviceaccount.yaml.yml +++ b/charts/actions-runner-controller/templates/actionsmetrics.serviceaccount.yaml.yml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "actions-runner-controller-actions-metrics-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.actionsMetricsServer.serviceAccount.annotations }} diff --git a/charts/actions-runner-controller/templates/actionsmetrics.servicemonitor.yaml.yml b/charts/actions-runner-controller/templates/actionsmetrics.servicemonitor.yaml.yml index 7a8b7ecf..b5b9bdac 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.servicemonitor.yaml.yml +++ b/charts/actions-runner-controller/templates/actionsmetrics.servicemonitor.yaml.yml @@ -1,5 +1,5 @@ {{- if and .Values.actionsMetricsServer.enabled .Values.actionsMetrics.serviceMonitor.enable }} -{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default .Release.Namespace }} +{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default (include "actions-runner-controller.namespace" .) }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml b/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml index b3061f76..076cdbeb 100644 --- a/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml +++ b/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml @@ -10,5 +10,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} {{- end }} diff --git a/charts/actions-runner-controller/templates/certificate.yaml b/charts/actions-runner-controller/templates/certificate.yaml index 25ddfa0f..fd77c685 100644 --- a/charts/actions-runner-controller/templates/certificate.yaml +++ b/charts/actions-runner-controller/templates/certificate.yaml @@ -6,7 +6,7 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: {{ include "actions-runner-controller.selfsignedIssuerName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} spec: selfSigned: {} --- @@ -14,11 +14,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: {{ include "actions-runner-controller.servingCertName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} spec: dnsNames: - - {{ include "actions-runner-controller.webhookServiceName" . }}.{{ .Release.Namespace }}.svc - - {{ include "actions-runner-controller.webhookServiceName" . }}.{{ .Release.Namespace }}.svc.cluster.local + - {{ include "actions-runner-controller.webhookServiceName" . }}.{{ include "actions-runner-controller.namespace" . }}.svc + - {{ include "actions-runner-controller.webhookServiceName" . }}.{{ include "actions-runner-controller.namespace" . }}.svc.cluster.local issuerRef: kind: Issuer name: {{ include "actions-runner-controller.selfsignedIssuerName" . }} diff --git a/charts/actions-runner-controller/templates/controller.metrics.service.yaml b/charts/actions-runner-controller/templates/controller.metrics.service.yaml index 1dc422be..b837d2cb 100644 --- a/charts/actions-runner-controller/templates/controller.metrics.service.yaml +++ b/charts/actions-runner-controller/templates/controller.metrics.service.yaml @@ -4,7 +4,7 @@ metadata: labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} name: {{ include "actions-runner-controller.metricsServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} {{- with .Values.metrics.serviceAnnotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml b/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml index b1ab0d90..d9196416 100644 --- a/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml +++ b/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml @@ -8,7 +8,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "actions-runner-controller.serviceMonitorName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} spec: endpoints: - path: /metrics diff --git a/charts/actions-runner-controller/templates/controller.pdb.yaml b/charts/actions-runner-controller/templates/controller.pdb.yaml index 6831c4d6..edd6d300 100644 --- a/charts/actions-runner-controller/templates/controller.pdb.yaml +++ b/charts/actions-runner-controller/templates/controller.pdb.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} name: {{ include "actions-runner-controller.pdbName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} spec: {{- if .Values.podDisruptionBudget.minAvailable }} minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} diff --git a/charts/actions-runner-controller/templates/deployment.yaml b/charts/actions-runner-controller/templates/deployment.yaml index 3490f989..4e17a854 100644 --- a/charts/actions-runner-controller/templates/deployment.yaml +++ b/charts/actions-runner-controller/templates/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "actions-runner-controller.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} spec: @@ -56,7 +56,7 @@ spec: - "--docker-registry-mirror={{ .Values.dockerRegistryMirror }}" {{- end }} {{- if .Values.scope.singleNamespace }} - - "--watch-namespace={{ default .Release.Namespace .Values.scope.watchNamespace }}" + - "--watch-namespace={{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }}" {{- end }} {{- if .Values.logLevel }} - "--log-level={{ .Values.logLevel }}" diff --git a/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml b/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml index d778cba8..a4108429 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "actions-runner-controller-github-webhook-server.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} spec: @@ -43,7 +43,7 @@ spec: - "--log-level={{ .Values.githubWebhookServer.logLevel }}" {{- end }} {{- if .Values.scope.singleNamespace }} - - "--watch-namespace={{ default .Release.Namespace .Values.scope.watchNamespace }}" + - "--watch-namespace={{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }}" {{- end }} {{- if .Values.runnerGithubURL }} - "--runner-github-url={{ .Values.runnerGithubURL }}" diff --git a/charts/actions-runner-controller/templates/githubwebhook.ingress.yaml b/charts/actions-runner-controller/templates/githubwebhook.ingress.yaml index 48baa763..a3adef61 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.ingress.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.ingress.yaml @@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.githubWebhookServer.ingress.annotations }} diff --git a/charts/actions-runner-controller/templates/githubwebhook.pdb.yaml b/charts/actions-runner-controller/templates/githubwebhook.pdb.yaml index cb8d5304..3853c2d7 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.pdb.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.pdb.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} name: {{ include "actions-runner-controller-github-webhook-server.pdbName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} spec: {{- if .Values.githubWebhookServer.podDisruptionBudget.minAvailable }} minAvailable: {{ .Values.githubWebhookServer.podDisruptionBudget.minAvailable }} diff --git a/charts/actions-runner-controller/templates/githubwebhook.role_binding.yaml b/charts/actions-runner-controller/templates/githubwebhook.role_binding.yaml index 24a69456..131da806 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.role_binding.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.role_binding.yaml @@ -10,5 +10,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller-github-webhook-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} {{- end }} diff --git a/charts/actions-runner-controller/templates/githubwebhook.secrets.yaml b/charts/actions-runner-controller/templates/githubwebhook.secrets.yaml index e1fbc285..e980d62e 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.secrets.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.secrets.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "actions-runner-controller-github-webhook-server.secretName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} type: Opaque diff --git a/charts/actions-runner-controller/templates/githubwebhook.service.yaml b/charts/actions-runner-controller/templates/githubwebhook.service.yaml index 6ec28acf..441ebdd1 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.service.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "actions-runner-controller-github-webhook-server.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 4 }} {{- if .Values.githubWebhookServer.service.annotations }} diff --git a/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml b/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml index 594d43c5..078e41c3 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml @@ -1,5 +1,5 @@ {{- if and .Values.githubWebhookServer.enabled .Values.metrics.serviceMonitor.enable }} -{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default .Release.Namespace }} +{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default (include "actions-runner-controller.namespace" .) }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/actions-runner-controller/templates/githubwebhook.serviceaccount.yaml b/charts/actions-runner-controller/templates/githubwebhook.serviceaccount.yaml index e7db91a2..d280ef4e 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.serviceaccount.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.serviceaccount.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "actions-runner-controller-github-webhook-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.githubWebhookServer.serviceAccount.annotations }} diff --git a/charts/actions-runner-controller/templates/leader_election_role.yaml b/charts/actions-runner-controller/templates/leader_election_role.yaml index 9a2890cc..dbd5fbca 100644 --- a/charts/actions-runner-controller/templates/leader_election_role.yaml +++ b/charts/actions-runner-controller/templates/leader_election_role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "actions-runner-controller.leaderElectionRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} rules: - apiGroups: - "" diff --git a/charts/actions-runner-controller/templates/leader_election_role_binding.yaml b/charts/actions-runner-controller/templates/leader_election_role_binding.yaml index 328e9dab..b28e893d 100644 --- a/charts/actions-runner-controller/templates/leader_election_role_binding.yaml +++ b/charts/actions-runner-controller/templates/leader_election_role_binding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "actions-runner-controller.leaderElectionRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -10,4 +10,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} diff --git a/charts/actions-runner-controller/templates/manager_role_binding.yaml b/charts/actions-runner-controller/templates/manager_role_binding.yaml index c51b4d97..e587f77d 100644 --- a/charts/actions-runner-controller/templates/manager_role_binding.yaml +++ b/charts/actions-runner-controller/templates/manager_role_binding.yaml @@ -9,4 +9,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} diff --git a/charts/actions-runner-controller/templates/manager_role_binding_secrets.yaml b/charts/actions-runner-controller/templates/manager_role_binding_secrets.yaml index 9b7132cf..5b167788 100644 --- a/charts/actions-runner-controller/templates/manager_role_binding_secrets.yaml +++ b/charts/actions-runner-controller/templates/manager_role_binding_secrets.yaml @@ -6,7 +6,7 @@ kind: ClusterRoleBinding {{- end }} metadata: name: {{ include "actions-runner-controller.managerRoleName" . }}-secrets - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io {{- if .Values.scope.singleNamespace }} @@ -18,4 +18,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} diff --git a/charts/actions-runner-controller/templates/manager_secrets.yaml b/charts/actions-runner-controller/templates/manager_secrets.yaml index 7d95c5cf..8545eab4 100644 --- a/charts/actions-runner-controller/templates/manager_secrets.yaml +++ b/charts/actions-runner-controller/templates/manager_secrets.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "actions-runner-controller.secretName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} {{- if .Values.authSecret.annotations }} annotations: {{ toYaml .Values.authSecret.annotations | nindent 4 }} diff --git a/charts/actions-runner-controller/templates/serviceaccount.yaml b/charts/actions-runner-controller/templates/serviceaccount.yaml index 221ac163..1ca9839e 100644 --- a/charts/actions-runner-controller/templates/serviceaccount.yaml +++ b/charts/actions-runner-controller/templates/serviceaccount.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "actions-runner-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} diff --git a/charts/actions-runner-controller/templates/webhook_configs.yaml b/charts/actions-runner-controller/templates/webhook_configs.yaml index 757c626a..71f984f3 100644 --- a/charts/actions-runner-controller/templates/webhook_configs.yaml +++ b/charts/actions-runner-controller/templates/webhook_configs.yaml @@ -2,7 +2,7 @@ We will use a self managed CA if one is not provided by cert-manager */}} {{- $ca := genCA "actions-runner-ca" 3650 }} -{{- $cert := genSignedCert (printf "%s.%s.svc" (include "actions-runner-controller.webhookServiceName" .) .Release.Namespace) nil (list (printf "%s.%s.svc" (include "actions-runner-controller.webhookServiceName" .) .Release.Namespace)) 3650 $ca }} +{{- $cert := genSignedCert (printf "%s.%s.svc" (include "actions-runner-controller.webhookServiceName" .) (include "actions-runner-controller.namespace" .)) nil (list (printf "%s.%s.svc" (include "actions-runner-controller.webhookServiceName" .) (include "actions-runner-controller.namespace" .))) 3650 $ca }} --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration @@ -11,7 +11,7 @@ metadata: name: {{ include "actions-runner-controller.fullname" . }}-mutating-webhook-configuration {{- if .Values.certManagerEnabled }} annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "actions-runner-controller.servingCertName" . }} + cert-manager.io/inject-ca-from: {{ include "actions-runner-controller.namespace" . }}/{{ include "actions-runner-controller.servingCertName" . }} {{- end }} webhooks: - admissionReviewVersions: @@ -19,7 +19,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -29,7 +29,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /mutate-actions-summerwind-dev-v1alpha1-runner failurePolicy: Fail name: mutate.runner.actions.summerwind.dev @@ -50,7 +50,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -60,7 +60,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /mutate-actions-summerwind-dev-v1alpha1-runnerdeployment failurePolicy: Fail name: mutate.runnerdeployment.actions.summerwind.dev @@ -81,7 +81,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -91,7 +91,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /mutate-actions-summerwind-dev-v1alpha1-runnerreplicaset failurePolicy: Fail name: mutate.runnerreplicaset.actions.summerwind.dev @@ -112,7 +112,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -122,7 +122,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /mutate-runner-set-pod failurePolicy: Fail name: mutate-runner-pod.webhook.actions.summerwind.dev @@ -148,7 +148,7 @@ metadata: name: {{ include "actions-runner-controller.fullname" . }}-validating-webhook-configuration {{- if .Values.certManagerEnabled }} annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "actions-runner-controller.servingCertName" . }} + cert-manager.io/inject-ca-from: {{ include "actions-runner-controller.namespace" . }}/{{ include "actions-runner-controller.servingCertName" . }} {{- end }} webhooks: - admissionReviewVersions: @@ -156,7 +156,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -166,7 +166,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /validate-actions-summerwind-dev-v1alpha1-runner failurePolicy: Fail name: validate.runner.actions.summerwind.dev @@ -187,7 +187,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -197,7 +197,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /validate-actions-summerwind-dev-v1alpha1-runnerdeployment failurePolicy: Fail name: validate.runnerdeployment.actions.summerwind.dev @@ -218,7 +218,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -228,7 +228,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /validate-actions-summerwind-dev-v1alpha1-runnerreplicaset failurePolicy: Fail name: validate.runnerreplicaset.actions.summerwind.dev @@ -250,7 +250,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "actions-runner-controller.servingCertName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} type: kubernetes.io/tls diff --git a/charts/actions-runner-controller/templates/webhook_service.yaml b/charts/actions-runner-controller/templates/webhook_service.yaml index 41425f42..e9757cfc 100644 --- a/charts/actions-runner-controller/templates/webhook_service.yaml +++ b/charts/actions-runner-controller/templates/webhook_service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.service.annotations }} diff --git a/charts/actions-runner-controller/values.yaml b/charts/actions-runner-controller/values.yaml index 25da1515..fff18cc0 100644 --- a/charts/actions-runner-controller/values.yaml +++ b/charts/actions-runner-controller/values.yaml @@ -420,3 +420,6 @@ actionsMetricsServer: # - chart-example.local terminationGracePeriodSeconds: 10 lifecycle: {} + +# Add the option to deploy in another namespace rather than .Release.Namespace. +namespaceOverride: "" diff --git a/charts/gha-runner-scale-set-controller/templates/_helpers.tpl b/charts/gha-runner-scale-set-controller/templates/_helpers.tpl index 075d21ae..65c5315e 100644 --- a/charts/gha-runner-scale-set-controller/templates/_helpers.tpl +++ b/charts/gha-runner-scale-set-controller/templates/_helpers.tpl @@ -7,6 +7,17 @@ Expand the name of the chart. gha-rs-controller {{- end }} +{{/* +Allow overriding the namespace for the resources. +*/}} +{{- define "gha-runner-scale-set-controller.namespace" -}} +{{- if .Values.namespaceOverride }} + {{- .Values.namespaceOverride }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + {{- define "gha-runner-scale-set-controller.name" -}} {{- default (include "gha-base-name" .) .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -57,7 +68,7 @@ Selector labels */}} {{- define "gha-runner-scale-set-controller.selectorLabels" -}} app.kubernetes.io/name: {{ include "gha-runner-scale-set-controller.name" . }} -app.kubernetes.io/namespace: {{ .Release.Namespace }} +app.kubernetes.io/namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} diff --git a/charts/gha-runner-scale-set-controller/templates/deployment.yaml b/charts/gha-runner-scale-set-controller/templates/deployment.yaml index 29cdbdd3..5aa5c6f5 100644 --- a/charts/gha-runner-scale-set-controller/templates/deployment.yaml +++ b/charts/gha-runner-scale-set-controller/templates/deployment.yaml @@ -2,10 +2,10 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "gha-runner-scale-set-controller.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} labels: {{- include "gha-runner-scale-set-controller.labels" . | nindent 4 }} - actions.github.com/controller-service-account-namespace: {{ .Release.Namespace }} + actions.github.com/controller-service-account-namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} actions.github.com/controller-service-account-name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} {{- if .Values.flags.watchSingleNamespace }} actions.github.com/controller-watch-single-namespace: {{ .Values.flags.watchSingleNamespace }} diff --git a/charts/gha-runner-scale-set-controller/templates/leader_election_role.yaml b/charts/gha-runner-scale-set-controller/templates/leader_election_role.yaml index e23e0226..02e0b415 100644 --- a/charts/gha-runner-scale-set-controller/templates/leader_election_role.yaml +++ b/charts/gha-runner-scale-set-controller/templates/leader_election_role.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "gha-runner-scale-set-controller.leaderElectionRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] diff --git a/charts/gha-runner-scale-set-controller/templates/leader_election_role_binding.yaml b/charts/gha-runner-scale-set-controller/templates/leader_election_role_binding.yaml index 85effd27..16d38388 100644 --- a/charts/gha-runner-scale-set-controller/templates/leader_election_role_binding.yaml +++ b/charts/gha-runner-scale-set-controller/templates/leader_election_role_binding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "gha-runner-scale-set-controller.leaderElectionRoleBinding" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -11,5 +11,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} {{- end }} \ No newline at end of file diff --git a/charts/gha-runner-scale-set-controller/templates/manager_cluster_role_binding.yaml b/charts/gha-runner-scale-set-controller/templates/manager_cluster_role_binding.yaml index 041d73a9..60291d21 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_cluster_role_binding.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_cluster_role_binding.yaml @@ -10,5 +10,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} {{- end }} \ No newline at end of file diff --git a/charts/gha-runner-scale-set-controller/templates/manager_listener_role.yaml b/charts/gha-runner-scale-set-controller/templates/manager_listener_role.yaml index 86a93777..a238d5fc 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_listener_role.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_listener_role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "gha-runner-scale-set-controller.managerListenerRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} rules: - apiGroups: - "" diff --git a/charts/gha-runner-scale-set-controller/templates/manager_listener_role_binding.yaml b/charts/gha-runner-scale-set-controller/templates/manager_listener_role_binding.yaml index 8a2f7f95..efc66b57 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_listener_role_binding.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_listener_role_binding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "gha-runner-scale-set-controller.managerListenerRoleBinding" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -10,4 +10,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} \ No newline at end of file diff --git a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml index 7fd6e988..c486a79b 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "gha-runner-scale-set-controller.managerSingleNamespaceRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} rules: - apiGroups: - actions.github.com diff --git a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role_binding.yaml b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role_binding.yaml index 3423b9dd..3bb5247e 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role_binding.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role_binding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "gha-runner-scale-set-controller.managerSingleNamespaceRoleBinding" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -11,5 +11,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} {{- end }} \ No newline at end of file diff --git a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role_binding.yaml b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role_binding.yaml index 67923358..c4810b7a 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role_binding.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role_binding.yaml @@ -11,5 +11,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} {{- end }} diff --git a/charts/gha-runner-scale-set-controller/templates/serviceaccount.yaml b/charts/gha-runner-scale-set-controller/templates/serviceaccount.yaml index 5d3bbf3f..7bc4b2a8 100644 --- a/charts/gha-runner-scale-set-controller/templates/serviceaccount.yaml +++ b/charts/gha-runner-scale-set-controller/templates/serviceaccount.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} labels: {{- include "gha-runner-scale-set-controller.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} diff --git a/charts/gha-runner-scale-set-controller/tests/template_test.go b/charts/gha-runner-scale-set-controller/tests/template_test.go index c1efe293..a8623f2e 100644 --- a/charts/gha-runner-scale-set-controller/tests/template_test.go +++ b/charts/gha-runner-scale-set-controller/tests/template_test.go @@ -17,6 +17,7 @@ import ( appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) type Chart struct { @@ -1078,3 +1079,146 @@ func TestDeployment_excludeLabelPropagationPrefixes(t *testing.T) { assert.Contains(t, container.Args, "--exclude-label-propagation-prefix=prefix.com/") assert.Contains(t, container.Args, "--exclude-label-propagation-prefix=complete.io/label") } +func TestNamespaceOverride(t *testing.T) { + t.Parallel() + + chartPath := "../../gha-runner-scale-set-controller" + + releaseName := "test" + releaseNamespace := "test-" + strings.ToLower(random.UniqueId()) + namespaceOverride := "test-" + strings.ToLower(random.UniqueId()) + + tt := map[string]struct { + file string + options *helm.Options + wantNamespace string + }{ + "deployment": { + file: "deployment.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + wantNamespace: namespaceOverride, + }, + "leader_election_role_binding": { + file: "leader_election_role_binding.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "replicaCount": "2", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + wantNamespace: namespaceOverride, + }, + "leader_election_role": { + file: "leader_election_role.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "replicaCount": "2", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + wantNamespace: namespaceOverride, + }, + "manager_listener_role_binding": { + file: "manager_listener_role_binding.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "replicaCount": "2", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + wantNamespace: namespaceOverride, + }, + "manager_listener_role": { + file: "manager_listener_role.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "replicaCount": "2", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + wantNamespace: namespaceOverride, + }, + "manager_single_namespace_controller_role": { + file: "manager_single_namespace_controller_role.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "flags.watchSingleNamespace": "true", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + wantNamespace: namespaceOverride, + }, + "manager_single_namespace_controller_role_binding": { + file: "manager_single_namespace_controller_role_binding.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "flags.watchSingleNamespace": "true", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + wantNamespace: namespaceOverride, + }, + "manager_single_namespace_watch_role": { + file: "manager_single_namespace_watch_role.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "flags.watchSingleNamespace": "target-ns", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + wantNamespace: "target-ns", + }, + "manager_single_namespace_watch_role_binding": { + file: "manager_single_namespace_watch_role_binding.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "flags.watchSingleNamespace": "target-ns", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + wantNamespace: "target-ns", + }, + } + + for name, tc := range tt { + c := tc + t.Run(name, func(t *testing.T) { + t.Parallel() + templateFile := filepath.Join("./templates", c.file) + + output, err := helm.RenderTemplateE(t, c.options, chartPath, releaseName, []string{templateFile}) + if err != nil { + t.Errorf("Error rendering template %s from chart %s: %s", c.file, chartPath, err) + } + + type object struct { + Metadata metav1.ObjectMeta + } + var renderedObject object + helm.UnmarshalK8SYaml(t, output, &renderedObject) + assert.Equal(t, tc.wantNamespace, renderedObject.Metadata.Namespace) + }) + } +} diff --git a/charts/gha-runner-scale-set-controller/values.yaml b/charts/gha-runner-scale-set-controller/values.yaml index c96e5abe..fb54ed99 100644 --- a/charts/gha-runner-scale-set-controller/values.yaml +++ b/charts/gha-runner-scale-set-controller/values.yaml @@ -136,6 +136,9 @@ flags: # excludeLabelPropagationPrefixes: # - "argocd.argoproj.io/instance" - ## Defines the K8s client rate limiter parameters. +# Overrides the default `.Release.Namespace` for all resources in this chart. +namespaceOverride: "" + +## Defines the K8s client rate limiter parameters. # k8sClientRateLimiterQPS: 20 # k8sClientRateLimiterBurst: 30 diff --git a/charts/gha-runner-scale-set/templates/_helpers.tpl b/charts/gha-runner-scale-set/templates/_helpers.tpl index cd827afd..ef75a3f2 100644 --- a/charts/gha-runner-scale-set/templates/_helpers.tpl +++ b/charts/gha-runner-scale-set/templates/_helpers.tpl @@ -43,7 +43,7 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: gha-rs actions.github.com/scale-set-name: {{ include "gha-runner-scale-set.scale-set-name" . }} -actions.github.com/scale-set-namespace: {{ .Release.Namespace }} +actions.github.com/scale-set-namespace: {{ include "gha-runner-scale-set.namespace" . }} {{- end }} {{/* @@ -481,8 +481,8 @@ volumeMounts: {{- $managerServiceAccountName = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-name") }} {{- end }} {{- else if gt $singleNamespaceCounter 0 }} - {{- if hasKey $singleNamespaceControllerDeployments .Release.Namespace }} - {{- $controllerDeployment = get $singleNamespaceControllerDeployments .Release.Namespace }} + {{- if hasKey $singleNamespaceControllerDeployments (include "gha-runner-scale-set.namespace" .) }} + {{- $controllerDeployment = get $singleNamespaceControllerDeployments (include "gha-runner-scale-set.namespace" .) }} {{- with $controllerDeployment.metadata }} {{- $managerServiceAccountName = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-name") }} {{- end }} @@ -538,8 +538,8 @@ volumeMounts: {{- $managerServiceAccountNamespace = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-namespace") }} {{- end }} {{- else if gt $singleNamespaceCounter 0 }} - {{- if hasKey $singleNamespaceControllerDeployments .Release.Namespace }} - {{- $controllerDeployment = get $singleNamespaceControllerDeployments .Release.Namespace }} + {{- if hasKey $singleNamespaceControllerDeployments (include "gha-runner-scale-set.namespace" .) }} + {{- $controllerDeployment = get $singleNamespaceControllerDeployments (include "gha-runner-scale-set.namespace" .) }} {{- with $controllerDeployment.metadata }} {{- $managerServiceAccountNamespace = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-namespace") }} {{- end }} @@ -553,3 +553,11 @@ volumeMounts: {{- $managerServiceAccountNamespace }} {{- end }} {{- end }} + +{{- define "gha-runner-scale-set.namespace" -}} +{{- if .Values.namespaceOverride }} + {{- .Values.namespaceOverride }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml b/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml index c5ad2e38..276c8640 100644 --- a/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml +++ b/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml @@ -5,11 +5,11 @@ metadata: {{- if or (not (include "gha-runner-scale-set.scale-set-name" .)) (gt (len (include "gha-runner-scale-set.scale-set-name" .)) 45) }} {{ fail "Name must have up to 45 characters" }} {{- end }} - {{- if gt (len .Release.Namespace) 63 }} + {{- if gt (len (include "gha-runner-scale-set.namespace" .)) 63 }} {{ fail "Namespace must have up to 63 characters" }} {{- end }} name: {{ include "gha-runner-scale-set.scale-set-name" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} labels: {{- with .Values.labels }} {{- toYaml . | nindent 4 }} diff --git a/charts/gha-runner-scale-set/templates/githubsecret.yaml b/charts/gha-runner-scale-set/templates/githubsecret.yaml index 4cee4669..a9cae74f 100644 --- a/charts/gha-runner-scale-set/templates/githubsecret.yaml +++ b/charts/gha-runner-scale-set/templates/githubsecret.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "gha-runner-scale-set.githubsecret" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} labels: {{- with .Values.labels }} {{- toYaml . | nindent 4 }} diff --git a/charts/gha-runner-scale-set/templates/kube_mode_role.yaml b/charts/gha-runner-scale-set/templates/kube_mode_role.yaml index 1180546e..038307c1 100644 --- a/charts/gha-runner-scale-set/templates/kube_mode_role.yaml +++ b/charts/gha-runner-scale-set/templates/kube_mode_role.yaml @@ -6,7 +6,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "gha-runner-scale-set.kubeModeRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} labels: {{- with .Values.labels }} {{- toYaml . | nindent 4 }} diff --git a/charts/gha-runner-scale-set/templates/kube_mode_role_binding.yaml b/charts/gha-runner-scale-set/templates/kube_mode_role_binding.yaml index 9c7f0f41..a4416890 100644 --- a/charts/gha-runner-scale-set/templates/kube_mode_role_binding.yaml +++ b/charts/gha-runner-scale-set/templates/kube_mode_role_binding.yaml @@ -5,7 +5,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "gha-runner-scale-set.kubeModeRoleBindingName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} labels: {{- with .Values.labels }} {{- toYaml . | nindent 4 }} @@ -35,5 +35,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set.kubeModeServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} {{- end }} diff --git a/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml b/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml index f68ce25b..5286ff50 100644 --- a/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml +++ b/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml @@ -5,8 +5,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "gha-runner-scale-set.kubeModeServiceAccountName" . }} - namespace: {{ .Release.Namespace }} - + namespace: {{ include "gha-runner-scale-set.namespace" . }} {{- if or .Values.annotations $hasCustomResourceMeta }} annotations: {{- with .Values.annotations }} diff --git a/charts/gha-runner-scale-set/templates/manager_role.yaml b/charts/gha-runner-scale-set/templates/manager_role.yaml index 260e3c78..8696efa1 100644 --- a/charts/gha-runner-scale-set/templates/manager_role.yaml +++ b/charts/gha-runner-scale-set/templates/manager_role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "gha-runner-scale-set.managerRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} labels: {{- with .Values.labels }} {{- toYaml . | nindent 4 }} diff --git a/charts/gha-runner-scale-set/templates/manager_role_binding.yaml b/charts/gha-runner-scale-set/templates/manager_role_binding.yaml index 7b69cde1..6da367b6 100644 --- a/charts/gha-runner-scale-set/templates/manager_role_binding.yaml +++ b/charts/gha-runner-scale-set/templates/manager_role_binding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "gha-runner-scale-set.managerRoleBindingName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} labels: {{- with .Values.labels }} {{- toYaml . | nindent 4 }} diff --git a/charts/gha-runner-scale-set/templates/no_permission_serviceaccount.yaml b/charts/gha-runner-scale-set/templates/no_permission_serviceaccount.yaml index 06d4a1cb..edb20d67 100644 --- a/charts/gha-runner-scale-set/templates/no_permission_serviceaccount.yaml +++ b/charts/gha-runner-scale-set/templates/no_permission_serviceaccount.yaml @@ -5,7 +5,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "gha-runner-scale-set.noPermissionServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} labels: {{- with .Values.labels }} {{- toYaml . | nindent 4 }} diff --git a/charts/gha-runner-scale-set/tests/template_test.go b/charts/gha-runner-scale-set/tests/template_test.go index d7363511..790f44e0 100644 --- a/charts/gha-runner-scale-set/tests/template_test.go +++ b/charts/gha-runner-scale-set/tests/template_test.go @@ -6,6 +6,8 @@ import ( "strings" "testing" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + v1alpha1 "github.com/actions/actions-runner-controller/apis/actions.github.com/v1alpha1" actionsgithubcom "github.com/actions/actions-runner-controller/controllers/actions.github.com" "github.com/gruntwork-io/terratest/modules/helm" @@ -2315,3 +2317,154 @@ func TestCustomAnnotations(t *testing.T) { assert.Equal(t, wantCustomValue, noPermissionServiceAccount.Annotations[targetAnnotations]) assert.Equal(t, "npsa-custom-value", noPermissionServiceAccount.Annotations["npsa-custom"]) } + +func TestNamespaceOverride(t *testing.T) { + t.Parallel() + + chartPath := "../../gha-runner-scale-set" + + releaseName := "test" + releaseNamespace := "test-" + strings.ToLower(random.UniqueId()) + namespaceOverride := "test-" + strings.ToLower(random.UniqueId()) + + tt := map[string]struct { + file string + options *helm.Options + }{ + "manager_role": { + file: "manager_role.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + }, + "manager_role_binding": { + file: "manager_role_binding.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + }, + "no_permission_serviceaccount": { + file: "no_permission_serviceaccount.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + }, + "autoscalingrunnerset": { + file: "autoscalingrunnerset.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + }, + "githubsecret": { + file: "githubsecret.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + }, + "kube_mode_role": { + file: "kube_mode_role.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "containerMode.type": "kubernetes", + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + }, + "kube_mode_role_binding": { + file: "kube_mode_role_binding.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "containerMode.type": "kubernetes", + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + }, + "kube_mode_serviceaccount": { + file: "kube_mode_serviceaccount.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "containerMode.type": "kubernetes", + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + }, + } + + for name, tc := range tt { + c := tc + t.Run(name, func(t *testing.T) { + t.Parallel() + templateFile := filepath.Join("./templates", c.file) + + output, err := helm.RenderTemplateE(t, c.options, chartPath, releaseName, []string{templateFile}) + if err != nil { + t.Errorf("Error rendering template %s from chart %s: %s", c.file, chartPath, err) + } + + type object struct { + Metadata metav1.ObjectMeta + } + var renderedObject object + helm.UnmarshalK8SYaml(t, output, &renderedObject) + assert.Equal(t, namespaceOverride, renderedObject.Metadata.Namespace) + }) + } +} diff --git a/charts/gha-runner-scale-set/values.yaml b/charts/gha-runner-scale-set/values.yaml index 7c32b436..145058c7 100644 --- a/charts/gha-runner-scale-set/values.yaml +++ b/charts/gha-runner-scale-set/values.yaml @@ -216,6 +216,9 @@ template: # namespace: arc-system # name: test-arc-gha-runner-scale-set-controller +# Overrides the default `.Release.Namespace` for all resources in this chart. +namespaceOverride: "" + ## Optional annotations and labels applied to all resources created by helm installation ## ## Annotations applied to all resources created by this helm chart. Annotations will not override the default ones, so make sure