diff --git a/charts/actions-runner-controller/templates/deployment.yaml b/charts/actions-runner-controller/templates/deployment.yaml index 6da5daa3..0ed5a0c9 100644 --- a/charts/actions-runner-controller/templates/deployment.yaml +++ b/charts/actions-runner-controller/templates/deployment.yaml @@ -31,7 +31,8 @@ spec: {{- end }} containers: - args: - - "--metrics-addr=127.0.0.1:8080" + {{- $metricsHost := .Values.kube_rbac_proxy.enabled | ternary "127.0.0.1" "0.0.0.0" }} + - "--metrics-addr={{ $metricsHost }}:8080" - "--enable-leader-election" - "--sync-period={{ .Values.syncPeriod }}" - "--docker-image={{ .Values.image.dindSidecarRepositoryAndTag }}" @@ -72,6 +73,11 @@ spec: - containerPort: 9443 name: webhook-server protocol: TCP + {{- if not .Values.kube_rbac_proxy.enabled }} + - containerPort: 9443 + name: https + protocol: TCP + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} securityContext: @@ -85,6 +91,7 @@ spec: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true + {{- if .Values.kube_rbac_proxy.enabled }} - args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" @@ -100,6 +107,7 @@ spec: {{- toYaml .Values.resources | nindent 12 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} + {{- end }} terminationGracePeriodSeconds: 10 volumes: - name: secret diff --git a/charts/actions-runner-controller/values.yaml b/charts/actions-runner-controller/values.yaml index bd427d05..956a9617 100644 --- a/charts/actions-runner-controller/values.yaml +++ b/charts/actions-runner-controller/values.yaml @@ -26,6 +26,7 @@ image: pullPolicy: IfNotPresent kube_rbac_proxy: + enabled: true image: repository: quay.io/brancz/kube-rbac-proxy tag: v0.8.0