From f17edd500b823275a98821a3c2ac2d60610a6236 Mon Sep 17 00:00:00 2001 From: Roee Landesman Date: Fri, 16 Jul 2021 04:19:38 +0300 Subject: [PATCH] Use https connection when metrics enabled for githubwebhook server (#685) Relates to #625 and adds necessary RBAC permissions to fix #401 first reported [here](https://github.com/actions-runner-controller/actions-runner-controller/issues/656). Co-authored-by: Roee Landesman --- .../templates/githubwebhook.role.yaml | 12 ++++++++++++ .../templates/githubwebhook.serviceMonitor.yaml | 6 ++++++ 2 files changed, 18 insertions(+) diff --git a/charts/actions-runner-controller/templates/githubwebhook.role.yaml b/charts/actions-runner-controller/templates/githubwebhook.role.yaml index 1c0d1523..d9d22908 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.role.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.role.yaml @@ -67,4 +67,16 @@ rules: - get - patch - update +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create {{- end }} diff --git a/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml b/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml index c144ea9f..c5368dfb 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml @@ -12,6 +12,12 @@ spec: endpoints: - path: /metrics port: metrics-port + {{- if .Values.metrics.proxy.enabled }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + scheme: https + tlsConfig: + insecureSkipVerify: true + {{- end }} selector: matchLabels: {{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 6 }}