Merge a8ccfed9e3 into 0baa4f6b09

2025-10-28 18:31:48 +02:00 · 2025-10-28 18:31:48 +02:00 · b81efbd363
parent 0baa4f6b09 a8ccfed9e3
commit b81efbd363
4 changed files with 41 additions and 10 deletions
--- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml
+++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml
@ -46,6 +46,20 @@ rules:
  verbs:
  - list
  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - list
+  - watch
 - apiGroups:
  - rbac.authorization.k8s.io
  resources:
--- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role.yaml
+++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role.yaml
@ -107,6 +107,20 @@ rules:
  verbs:
  - list
  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - list
+  - watch
 - apiGroups:
  - rbac.authorization.k8s.io
  resources:
--- a/charts/gha-runner-scale-set-controller/tests/template_test.go
+++ b/charts/gha-runner-scale-set-controller/tests/template_test.go
@ -918,7 +918,7 @@ func TestTemplate_CreateManagerSingleNamespaceRole(t *testing.T) {

 	assert.Equal(t, "test-arc-gha-rs-controller-single-namespace", managerSingleNamespaceControllerRole.Name)
 	assert.Equal(t, namespaceName, managerSingleNamespaceControllerRole.Namespace)
-	assert.Equal(t, 10, len(managerSingleNamespaceControllerRole.Rules))
+	assert.Equal(t, 12, len(managerSingleNamespaceControllerRole.Rules))

 	output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/manager_single_namespace_watch_role.yaml"})

@ -927,7 +927,7 @@ func TestTemplate_CreateManagerSingleNamespaceRole(t *testing.T) {

 	assert.Equal(t, "test-arc-gha-rs-controller-single-namespace-watch", managerSingleNamespaceWatchRole.Name)
 	assert.Equal(t, "demo", managerSingleNamespaceWatchRole.Namespace)
-	assert.Equal(t, 14, len(managerSingleNamespaceWatchRole.Rules))
+	assert.Equal(t, 16, len(managerSingleNamespaceWatchRole.Rules))
 }

 func TestTemplate_ManagerSingleNamespaceRoleBinding(t *testing.T) {
--- a/main.go
+++ b/main.go
@ -224,6 +224,16 @@ func main() {
 		})
 	}

+	clientOptions := client.Options{}
+	if watchSingleNamespace == "" {
+		clientOptions.Cache = &client.CacheOptions{
+			DisableFor: []client.Object{
+				&corev1.Secret{},
+				&corev1.ConfigMap{},
+			},
+		}
+	}
+
 	cfg := ctrl.GetConfigOrDie()
 	cfg.QPS = float32(k8sClientRateLimiterQPS)
 	cfg.Burst = k8sClientRateLimiterBurst
@ -240,14 +250,7 @@ func main() {
 		WebhookServer:    webhookServer,
 		LeaderElection:   enableLeaderElection,
 		LeaderElectionID: leaderElectionId,
-		Client: client.Options{
-			Cache: &client.CacheOptions{
-				DisableFor: []client.Object{
-					&corev1.Secret{},
-					&corev1.ConfigMap{},
-				},
-			},
-		},
+		Client:           clientOptions,
 	})
 	if err != nil {
 		log.Error(err, "unable to start manager")