diff --git a/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml b/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml index a32eceef..d0fa4b08 100644 --- a/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml +++ b/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml @@ -5,6 +5,12 @@ kind: ServiceAccount metadata: name: {{ include "gha-runner-scale-set.kubeModeServiceAccountName" . }} namespace: {{ .Release.Namespace }} + {{- if .Values.containerMode.kubernetesModeServiceAccount }} + {{- with .Values.containerMode.kubernetesModeServiceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} finalizers: - actions.github.com/cleanup-protection labels: diff --git a/charts/gha-runner-scale-set/tests/template_test.go b/charts/gha-runner-scale-set/tests/template_test.go index 1e4ffa90..ed56b339 100644 --- a/charts/gha-runner-scale-set/tests/template_test.go +++ b/charts/gha-runner-scale-set/tests/template_test.go @@ -742,6 +742,37 @@ func TestTemplateRenderedAutoScalingRunnerSet_DinD_ExtraInitContainers(t *testin assert.Equal(t, "ls", ars.Spec.Template.Spec.InitContainers[2].Command[0], "InitContainers[2] Command[0] should be ls") } +func TestTemplateRenderedKubernetesModeServiceAccountAnnotations(t *testing.T) { + t.Parallel() + + // Path to the helm chart we will test + helmChartPath, err := filepath.Abs("../../gha-runner-scale-set") + require.NoError(t, err) + + testValuesPath, err := filepath.Abs("../tests/values_kubernetes_mode_service_account_annotations.yaml") + require.NoError(t, err) + + releaseName := "test-runners" + namespaceName := "test-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "controllerServiceAccount.name": "arc", + "controllerServiceAccount.namespace": "arc-system", + }, + ValuesFiles: []string{testValuesPath}, + KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), + } + + output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/kube_mode_serviceaccount.yaml"}) + + var sa corev1.ServiceAccount + helm.UnmarshalK8SYaml(t, output, &sa) + + assert.Equal(t, "arn:aws:iam::123456789012:role/sample-role", sa.Annotations["eks.amazonaws.com/role-arn"], "Annotations should be arn:aws:iam::123456789012:role/sample-role") +} + func TestTemplateRenderedAutoScalingRunnerSet_DinD_ExtraVolumes(t *testing.T) { t.Parallel() diff --git a/charts/gha-runner-scale-set/tests/values_k8s_merge_spec.yaml b/charts/gha-runner-scale-set/tests/values_k8s_merge_spec.yaml index c62cf0e5..79b79b8d 100644 --- a/charts/gha-runner-scale-set/tests/values_k8s_merge_spec.yaml +++ b/charts/gha-runner-scale-set/tests/values_k8s_merge_spec.yaml @@ -28,4 +28,4 @@ template: path: /data type: Directory containerMode: - type: kubernetes \ No newline at end of file + type: kubernetes diff --git a/charts/gha-runner-scale-set/tests/values_kubernetes_mode_service_account_annotations.yaml b/charts/gha-runner-scale-set/tests/values_kubernetes_mode_service_account_annotations.yaml new file mode 100644 index 00000000..cf0cc375 --- /dev/null +++ b/charts/gha-runner-scale-set/tests/values_kubernetes_mode_service_account_annotations.yaml @@ -0,0 +1,8 @@ +githubConfigUrl: https://github.com/actions/actions-runner-controller +githubConfigSecret: + github_token: test +containerMode: + type: kubernetes + kubernetesModeServiceAccount: + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/sample-role diff --git a/charts/gha-runner-scale-set/values.yaml b/charts/gha-runner-scale-set/values.yaml index 64642edb..cedb44be 100644 --- a/charts/gha-runner-scale-set/values.yaml +++ b/charts/gha-runner-scale-set/values.yaml @@ -84,6 +84,8 @@ githubConfigSecret: # resources: # requests: # storage: 1Gi +# kubernetesModeServiceAccount: +# annotations: ## template is the PodSpec for each listener Pod ## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec