chore: Service accounts in Kubernetes mode can now be annotated. (#2566)

Signed-off-by: kahirokunn <okinakahiro@gmail.com>
2023-10-18 20:37:39 +09:00 · 2023-10-18 20:37:39 +09:00 · e1edb84abe
parent f14dbd68f1
commit e1edb84abe
5 changed files with 48 additions and 1 deletions
--- a/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml
+++ b/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml
@ -5,6 +5,12 @@ kind: ServiceAccount
 metadata:
  name: {{ include "gha-runner-scale-set.kubeModeServiceAccountName" . }}
  namespace: {{ .Release.Namespace }}
+  {{- if .Values.containerMode.kubernetesModeServiceAccount }}
+  {{- with .Values.containerMode.kubernetesModeServiceAccount.annotations }}
+  annotations:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- end }}
  finalizers:
    - actions.github.com/cleanup-protection
  labels:
--- a/charts/gha-runner-scale-set/tests/template_test.go
+++ b/charts/gha-runner-scale-set/tests/template_test.go
@ -742,6 +742,37 @@ func TestTemplateRenderedAutoScalingRunnerSet_DinD_ExtraInitContainers(t *testin
 	assert.Equal(t, "ls", ars.Spec.Template.Spec.InitContainers[2].Command[0], "InitContainers[2] Command[0] should be ls")
 }

+func TestTemplateRenderedKubernetesModeServiceAccountAnnotations(t *testing.T) {
+	t.Parallel()
+
+	// Path to the helm chart we will test
+	helmChartPath, err := filepath.Abs("../../gha-runner-scale-set")
+	require.NoError(t, err)
+
+	testValuesPath, err := filepath.Abs("../tests/values_kubernetes_mode_service_account_annotations.yaml")
+	require.NoError(t, err)
+
+	releaseName := "test-runners"
+	namespaceName := "test-" + strings.ToLower(random.UniqueId())
+
+	options := &helm.Options{
+		Logger: logger.Discard,
+		SetValues: map[string]string{
+			"controllerServiceAccount.name":      "arc",
+			"controllerServiceAccount.namespace": "arc-system",
+		},
+		ValuesFiles:    []string{testValuesPath},
+		KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
+	}
+
+	output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/kube_mode_serviceaccount.yaml"})
+
+	var sa corev1.ServiceAccount
+	helm.UnmarshalK8SYaml(t, output, &sa)
+
+	assert.Equal(t, "arn:aws:iam::123456789012:role/sample-role", sa.Annotations["eks.amazonaws.com/role-arn"], "Annotations should be arn:aws:iam::123456789012:role/sample-role")
+}
+
 func TestTemplateRenderedAutoScalingRunnerSet_DinD_ExtraVolumes(t *testing.T) {
 	t.Parallel()

--- a/charts/gha-runner-scale-set/tests/values_k8s_merge_spec.yaml
+++ b/charts/gha-runner-scale-set/tests/values_k8s_merge_spec.yaml
@ -28,4 +28,4 @@ template:
        path: /data
        type: Directory
 containerMode:
-  type: kubernetes
+  type: kubernetes
--- a/charts/gha-runner-scale-set/tests/values_kubernetes_mode_service_account_annotations.yaml
+++ b/charts/gha-runner-scale-set/tests/values_kubernetes_mode_service_account_annotations.yaml
@ -0,0 +1,8 @@
+githubConfigUrl: https://github.com/actions/actions-runner-controller
+githubConfigSecret:
+  github_token: test
+containerMode:
+  type: kubernetes
+  kubernetesModeServiceAccount:
+    annotations:
+      eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/sample-role
--- a/charts/gha-runner-scale-set/values.yaml
+++ b/charts/gha-runner-scale-set/values.yaml
@ -84,6 +84,8 @@ githubConfigSecret:
 #     resources:
 #       requests:
 #         storage: 1Gi
+#   kubernetesModeServiceAccount:
+#     annotations:

 ## template is the PodSpec for each listener Pod
 ## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec