From c119b90b1171eae69cad886d353258c1a70fe099 Mon Sep 17 00:00:00 2001 From: Taketoshi Fujiwara Date: Fri, 22 Nov 2024 10:08:03 +0900 Subject: [PATCH] gha: Allow the controller to watch Secrets / ConfigMaps in the single namespace mode --- ...ager_single_namespace_controller_role.yaml | 14 ++++++++++++++ .../manager_single_namespace_watch_role.yaml | 14 ++++++++++++++ .../tests/template_test.go | 4 ++-- main.go | 19 +++++++++++-------- 4 files changed, 41 insertions(+), 10 deletions(-) diff --git a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml index 7fd6e98850..d6b988784e 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml @@ -46,6 +46,20 @@ rules: verbs: - list - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - list + - watch - apiGroups: - rbac.authorization.k8s.io resources: diff --git a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role.yaml b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role.yaml index ac5a2d93a7..84eb702c28 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role.yaml @@ -107,6 +107,20 @@ rules: verbs: - list - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - list + - watch - apiGroups: - rbac.authorization.k8s.io resources: diff --git a/charts/gha-runner-scale-set-controller/tests/template_test.go b/charts/gha-runner-scale-set-controller/tests/template_test.go index afee95a219..f138e2e6e9 100644 --- a/charts/gha-runner-scale-set-controller/tests/template_test.go +++ b/charts/gha-runner-scale-set-controller/tests/template_test.go @@ -911,7 +911,7 @@ func TestTemplate_CreateManagerSingleNamespaceRole(t *testing.T) { assert.Equal(t, "test-arc-gha-rs-controller-single-namespace", managerSingleNamespaceControllerRole.Name) assert.Equal(t, namespaceName, managerSingleNamespaceControllerRole.Namespace) - assert.Equal(t, 10, len(managerSingleNamespaceControllerRole.Rules)) + assert.Equal(t, 12, len(managerSingleNamespaceControllerRole.Rules)) output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/manager_single_namespace_watch_role.yaml"}) @@ -920,7 +920,7 @@ func TestTemplate_CreateManagerSingleNamespaceRole(t *testing.T) { assert.Equal(t, "test-arc-gha-rs-controller-single-namespace-watch", managerSingleNamespaceWatchRole.Name) assert.Equal(t, "demo", managerSingleNamespaceWatchRole.Namespace) - assert.Equal(t, 14, len(managerSingleNamespaceWatchRole.Rules)) + assert.Equal(t, 16, len(managerSingleNamespaceWatchRole.Rules)) } func TestTemplate_ManagerSingleNamespaceRoleBinding(t *testing.T) { diff --git a/main.go b/main.go index 3a3aa00bd5..cbff64c91b 100644 --- a/main.go +++ b/main.go @@ -234,6 +234,16 @@ func main() { cfg.QPS = float32(rateLimiterQPS) cfg.Burst = rateLimiterBurst + clientOptions := client.Options{} + if watchSingleNamespace == "" { + clientOptions.Cache = &client.CacheOptions{ + DisableFor: []client.Object{ + &corev1.Secret{}, + &corev1.ConfigMap{}, + }, + } + } + mgr, err := ctrl.NewManager(cfg, ctrl.Options{ Scheme: scheme, Metrics: metricsserver.Options{ @@ -246,14 +256,7 @@ func main() { WebhookServer: webhookServer, LeaderElection: enableLeaderElection, LeaderElectionID: leaderElectionId, - Client: client.Options{ - Cache: &client.CacheOptions{ - DisableFor: []client.Object{ - &corev1.Secret{}, - &corev1.ConfigMap{}, - }, - }, - }, + Client: clientOptions, PprofBindAddress: pprofAddr, }) if err != nil {