From b55f57c286e7ff27dc9b822dd65e2e93816c04ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Fern=C3=A1ndez?= <7312236+fernandezcuesta@users.noreply.github.com> Date: Wed, 6 Nov 2024 14:05:11 +0100 Subject: [PATCH] feat: allow namespace overrides --- .../templates/NOTES.txt | 14 ++++---- .../templates/_helpers.tpl | 11 ++++++ .../templates/actionsmetrics.deployment.yaml | 2 +- .../templates/actionsmetrics.ingress.yaml.yml | 2 +- .../actionsmetrics.role_binding.yaml | 2 +- .../templates/actionsmetrics.secrets.yaml | 2 +- .../templates/actionsmetrics.service.yaml | 2 +- .../actionsmetrics.serviceaccount.yaml.yml | 2 +- .../actionsmetrics.servicemonitor.yaml.yml | 2 +- .../templates/auth_proxy_role_binding.yaml | 2 +- .../templates/certificate.yaml | 8 ++--- .../templates/controller.metrics.service.yaml | 2 +- .../controller.metrics.serviceMonitor.yaml | 2 +- .../templates/controller.pdb.yaml | 2 +- .../templates/deployment.yaml | 4 +-- .../templates/githubwebhook.deployment.yaml | 4 +-- .../templates/githubwebhook.ingress.yaml | 2 +- .../templates/githubwebhook.pdb.yaml | 2 +- .../templates/githubwebhook.role_binding.yaml | 2 +- .../templates/githubwebhook.secrets.yaml | 2 +- .../templates/githubwebhook.service.yaml | 2 +- .../githubwebhook.serviceMonitor.yaml | 2 +- .../githubwebhook.serviceaccount.yaml | 2 +- .../templates/leader_election_role.yaml | 2 +- .../leader_election_role_binding.yaml | 4 +-- .../templates/manager_role_binding.yaml | 2 +- .../manager_role_binding_secrets.yaml | 4 +-- .../templates/manager_secrets.yaml | 2 +- .../templates/serviceaccount.yaml | 2 +- .../templates/webhook_configs.yaml | 36 +++++++++---------- .../templates/webhook_service.yaml | 2 +- charts/actions-runner-controller/values.yaml | 3 ++ .../templates/_helpers.tpl | 13 ++++++- .../templates/deployment.yaml | 4 +-- .../templates/leader_election_role.yaml | 2 +- .../leader_election_role_binding.yaml | 4 +-- .../manager_cluster_role_binding.yaml | 2 +- .../templates/manager_listener_role.yaml | 2 +- .../manager_listener_role_binding.yaml | 4 +-- ...ager_single_namespace_controller_role.yaml | 2 +- ...gle_namespace_controller_role_binding.yaml | 4 +-- ...r_single_namespace_watch_role_binding.yaml | 2 +- .../templates/serviceaccount.yaml | 2 +- .../values.yaml | 3 ++ .../templates/_helpers.tpl | 18 +++++++--- .../templates/autoscalingrunnerset.yaml | 4 +-- .../templates/githubsecret.yaml | 2 +- .../templates/kube_mode_role.yaml | 2 +- .../templates/kube_mode_role_binding.yaml | 4 +-- .../templates/kube_mode_serviceaccount.yaml | 2 +- .../templates/manager_role.yaml | 2 +- .../templates/manager_role_binding.yaml | 2 +- .../no_permission_serviceaccount.yaml | 2 +- charts/gha-runner-scale-set/values.yaml | 3 ++ 54 files changed, 129 insertions(+), 90 deletions(-) diff --git a/charts/actions-runner-controller/templates/NOTES.txt b/charts/actions-runner-controller/templates/NOTES.txt index faf893f046..7282f4521b 100644 --- a/charts/actions-runner-controller/templates/NOTES.txt +++ b/charts/actions-runner-controller/templates/NOTES.txt @@ -6,17 +6,17 @@ {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "actions-runner-controller.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ include "actions-runner-controller.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "actions-runner-controller.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "actions-runner-controller.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "actions-runner-controller.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "actions-runner-controller.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + You can watch the status of by running 'kubectl get --namespace {{ include "actions-runner-controller.namespace" . }} svc -w {{ include "actions-runner-controller.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "actions-runner-controller.namespace" . }} {{ include "actions-runner-controller.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "actions-runner-controller.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + export POD_NAME=$(kubectl get pods --namespace {{ include "actions-runner-controller.namespace" . }} -l "app.kubernetes.io/name={{ include "actions-runner-controller.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ include "actions-runner-controller.namespace" . }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT + kubectl --namespace {{ include "actions-runner-controller.namespace" . }} port-forward $POD_NAME 8080:$CONTAINER_PORT {{- end }} diff --git a/charts/actions-runner-controller/templates/_helpers.tpl b/charts/actions-runner-controller/templates/_helpers.tpl index 68570f03d2..dca551498d 100644 --- a/charts/actions-runner-controller/templates/_helpers.tpl +++ b/charts/actions-runner-controller/templates/_helpers.tpl @@ -1,3 +1,14 @@ +{{/* +Allow overriding the namespace for the resources. +*/}} +{{- define "actions-runner-controller.namespace" -}} +{{- if .Values.namespaceOverride }} + {{- .Values.namespaceOverride }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + {{/* Expand the name of the chart. */}} diff --git a/charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml b/charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml index 676e247224..045acc0ad7 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml +++ b/charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "actions-runner-controller-actions-metrics-server.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} spec: diff --git a/charts/actions-runner-controller/templates/actionsmetrics.ingress.yaml.yml b/charts/actions-runner-controller/templates/actionsmetrics.ingress.yaml.yml index 5b54993c39..5b147a5860 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.ingress.yaml.yml +++ b/charts/actions-runner-controller/templates/actionsmetrics.ingress.yaml.yml @@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.actionsMetricsServer.ingress.annotations }} diff --git a/charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml b/charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml index 0b64ed5f11..d00f26ae6d 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml +++ b/charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml @@ -10,5 +10,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller-actions-metrics-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} {{- end }} diff --git a/charts/actions-runner-controller/templates/actionsmetrics.secrets.yaml b/charts/actions-runner-controller/templates/actionsmetrics.secrets.yaml index a7128b4c31..3662826162 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.secrets.yaml +++ b/charts/actions-runner-controller/templates/actionsmetrics.secrets.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "actions-runner-controller-actions-metrics-server.secretName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} type: Opaque diff --git a/charts/actions-runner-controller/templates/actionsmetrics.service.yaml b/charts/actions-runner-controller/templates/actionsmetrics.service.yaml index 4ff8830b50..4c9732818d 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.service.yaml +++ b/charts/actions-runner-controller/templates/actionsmetrics.service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "actions-runner-controller-actions-metrics-server.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller-actions-metrics-server.selectorLabels" . | nindent 4 }} {{- if .Values.actionsMetricsServer.service.annotations }} diff --git a/charts/actions-runner-controller/templates/actionsmetrics.serviceaccount.yaml.yml b/charts/actions-runner-controller/templates/actionsmetrics.serviceaccount.yaml.yml index 9ab1afc165..5b41e2e416 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.serviceaccount.yaml.yml +++ b/charts/actions-runner-controller/templates/actionsmetrics.serviceaccount.yaml.yml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "actions-runner-controller-actions-metrics-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.actionsMetricsServer.serviceAccount.annotations }} diff --git a/charts/actions-runner-controller/templates/actionsmetrics.servicemonitor.yaml.yml b/charts/actions-runner-controller/templates/actionsmetrics.servicemonitor.yaml.yml index 7a8b7ecf74..b5b9bdacf7 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.servicemonitor.yaml.yml +++ b/charts/actions-runner-controller/templates/actionsmetrics.servicemonitor.yaml.yml @@ -1,5 +1,5 @@ {{- if and .Values.actionsMetricsServer.enabled .Values.actionsMetrics.serviceMonitor.enable }} -{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default .Release.Namespace }} +{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default (include "actions-runner-controller.namespace" .) }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml b/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml index b3061f76ac..076cdbeb2b 100644 --- a/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml +++ b/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml @@ -10,5 +10,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} {{- end }} diff --git a/charts/actions-runner-controller/templates/certificate.yaml b/charts/actions-runner-controller/templates/certificate.yaml index 25ddfa0f4b..fd77c685d1 100644 --- a/charts/actions-runner-controller/templates/certificate.yaml +++ b/charts/actions-runner-controller/templates/certificate.yaml @@ -6,7 +6,7 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: {{ include "actions-runner-controller.selfsignedIssuerName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} spec: selfSigned: {} --- @@ -14,11 +14,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: {{ include "actions-runner-controller.servingCertName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} spec: dnsNames: - - {{ include "actions-runner-controller.webhookServiceName" . }}.{{ .Release.Namespace }}.svc - - {{ include "actions-runner-controller.webhookServiceName" . }}.{{ .Release.Namespace }}.svc.cluster.local + - {{ include "actions-runner-controller.webhookServiceName" . }}.{{ include "actions-runner-controller.namespace" . }}.svc + - {{ include "actions-runner-controller.webhookServiceName" . }}.{{ include "actions-runner-controller.namespace" . }}.svc.cluster.local issuerRef: kind: Issuer name: {{ include "actions-runner-controller.selfsignedIssuerName" . }} diff --git a/charts/actions-runner-controller/templates/controller.metrics.service.yaml b/charts/actions-runner-controller/templates/controller.metrics.service.yaml index 1dc422be51..b837d2cbc8 100644 --- a/charts/actions-runner-controller/templates/controller.metrics.service.yaml +++ b/charts/actions-runner-controller/templates/controller.metrics.service.yaml @@ -4,7 +4,7 @@ metadata: labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} name: {{ include "actions-runner-controller.metricsServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} {{- with .Values.metrics.serviceAnnotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml b/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml index b1ab0d90d0..d919641617 100644 --- a/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml +++ b/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml @@ -8,7 +8,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "actions-runner-controller.serviceMonitorName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} spec: endpoints: - path: /metrics diff --git a/charts/actions-runner-controller/templates/controller.pdb.yaml b/charts/actions-runner-controller/templates/controller.pdb.yaml index 6831c4d60f..edd6d30096 100644 --- a/charts/actions-runner-controller/templates/controller.pdb.yaml +++ b/charts/actions-runner-controller/templates/controller.pdb.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} name: {{ include "actions-runner-controller.pdbName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} spec: {{- if .Values.podDisruptionBudget.minAvailable }} minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} diff --git a/charts/actions-runner-controller/templates/deployment.yaml b/charts/actions-runner-controller/templates/deployment.yaml index 3490f98904..4e17a8548e 100644 --- a/charts/actions-runner-controller/templates/deployment.yaml +++ b/charts/actions-runner-controller/templates/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "actions-runner-controller.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} spec: @@ -56,7 +56,7 @@ spec: - "--docker-registry-mirror={{ .Values.dockerRegistryMirror }}" {{- end }} {{- if .Values.scope.singleNamespace }} - - "--watch-namespace={{ default .Release.Namespace .Values.scope.watchNamespace }}" + - "--watch-namespace={{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }}" {{- end }} {{- if .Values.logLevel }} - "--log-level={{ .Values.logLevel }}" diff --git a/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml b/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml index d778cba876..a410842989 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "actions-runner-controller-github-webhook-server.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} spec: @@ -43,7 +43,7 @@ spec: - "--log-level={{ .Values.githubWebhookServer.logLevel }}" {{- end }} {{- if .Values.scope.singleNamespace }} - - "--watch-namespace={{ default .Release.Namespace .Values.scope.watchNamespace }}" + - "--watch-namespace={{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }}" {{- end }} {{- if .Values.runnerGithubURL }} - "--runner-github-url={{ .Values.runnerGithubURL }}" diff --git a/charts/actions-runner-controller/templates/githubwebhook.ingress.yaml b/charts/actions-runner-controller/templates/githubwebhook.ingress.yaml index 48baa76323..a3adef61dd 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.ingress.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.ingress.yaml @@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.githubWebhookServer.ingress.annotations }} diff --git a/charts/actions-runner-controller/templates/githubwebhook.pdb.yaml b/charts/actions-runner-controller/templates/githubwebhook.pdb.yaml index cb8d530460..3853c2d772 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.pdb.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.pdb.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} name: {{ include "actions-runner-controller-github-webhook-server.pdbName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} spec: {{- if .Values.githubWebhookServer.podDisruptionBudget.minAvailable }} minAvailable: {{ .Values.githubWebhookServer.podDisruptionBudget.minAvailable }} diff --git a/charts/actions-runner-controller/templates/githubwebhook.role_binding.yaml b/charts/actions-runner-controller/templates/githubwebhook.role_binding.yaml index 24a69456de..131da806cd 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.role_binding.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.role_binding.yaml @@ -10,5 +10,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller-github-webhook-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} {{- end }} diff --git a/charts/actions-runner-controller/templates/githubwebhook.secrets.yaml b/charts/actions-runner-controller/templates/githubwebhook.secrets.yaml index e1fbc28502..e980d62e2d 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.secrets.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.secrets.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "actions-runner-controller-github-webhook-server.secretName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} type: Opaque diff --git a/charts/actions-runner-controller/templates/githubwebhook.service.yaml b/charts/actions-runner-controller/templates/githubwebhook.service.yaml index 6ec28acfe1..441ebdd1ef 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.service.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "actions-runner-controller-github-webhook-server.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 4 }} {{- if .Values.githubWebhookServer.service.annotations }} diff --git a/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml b/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml index 594d43c540..078e41c36e 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml @@ -1,5 +1,5 @@ {{- if and .Values.githubWebhookServer.enabled .Values.metrics.serviceMonitor.enable }} -{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default .Release.Namespace }} +{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default (include "actions-runner-controller.namespace" .) }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/actions-runner-controller/templates/githubwebhook.serviceaccount.yaml b/charts/actions-runner-controller/templates/githubwebhook.serviceaccount.yaml index e7db91a2be..d280ef4e81 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.serviceaccount.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.serviceaccount.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "actions-runner-controller-github-webhook-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.githubWebhookServer.serviceAccount.annotations }} diff --git a/charts/actions-runner-controller/templates/leader_election_role.yaml b/charts/actions-runner-controller/templates/leader_election_role.yaml index 9a2890cc61..dbd5fbca69 100644 --- a/charts/actions-runner-controller/templates/leader_election_role.yaml +++ b/charts/actions-runner-controller/templates/leader_election_role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "actions-runner-controller.leaderElectionRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} rules: - apiGroups: - "" diff --git a/charts/actions-runner-controller/templates/leader_election_role_binding.yaml b/charts/actions-runner-controller/templates/leader_election_role_binding.yaml index 328e9dab6e..b28e893d93 100644 --- a/charts/actions-runner-controller/templates/leader_election_role_binding.yaml +++ b/charts/actions-runner-controller/templates/leader_election_role_binding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "actions-runner-controller.leaderElectionRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -10,4 +10,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} diff --git a/charts/actions-runner-controller/templates/manager_role_binding.yaml b/charts/actions-runner-controller/templates/manager_role_binding.yaml index c51b4d9775..e587f77d89 100644 --- a/charts/actions-runner-controller/templates/manager_role_binding.yaml +++ b/charts/actions-runner-controller/templates/manager_role_binding.yaml @@ -9,4 +9,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} diff --git a/charts/actions-runner-controller/templates/manager_role_binding_secrets.yaml b/charts/actions-runner-controller/templates/manager_role_binding_secrets.yaml index 9b7132cf85..5b1677880e 100644 --- a/charts/actions-runner-controller/templates/manager_role_binding_secrets.yaml +++ b/charts/actions-runner-controller/templates/manager_role_binding_secrets.yaml @@ -6,7 +6,7 @@ kind: ClusterRoleBinding {{- end }} metadata: name: {{ include "actions-runner-controller.managerRoleName" . }}-secrets - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io {{- if .Values.scope.singleNamespace }} @@ -18,4 +18,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} diff --git a/charts/actions-runner-controller/templates/manager_secrets.yaml b/charts/actions-runner-controller/templates/manager_secrets.yaml index 7d95c5cfdb..8545eab480 100644 --- a/charts/actions-runner-controller/templates/manager_secrets.yaml +++ b/charts/actions-runner-controller/templates/manager_secrets.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "actions-runner-controller.secretName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} {{- if .Values.authSecret.annotations }} annotations: {{ toYaml .Values.authSecret.annotations | nindent 4 }} diff --git a/charts/actions-runner-controller/templates/serviceaccount.yaml b/charts/actions-runner-controller/templates/serviceaccount.yaml index 221ac16320..1ca9839eee 100644 --- a/charts/actions-runner-controller/templates/serviceaccount.yaml +++ b/charts/actions-runner-controller/templates/serviceaccount.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "actions-runner-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} diff --git a/charts/actions-runner-controller/templates/webhook_configs.yaml b/charts/actions-runner-controller/templates/webhook_configs.yaml index 757c626a8c..71f984f39a 100644 --- a/charts/actions-runner-controller/templates/webhook_configs.yaml +++ b/charts/actions-runner-controller/templates/webhook_configs.yaml @@ -2,7 +2,7 @@ We will use a self managed CA if one is not provided by cert-manager */}} {{- $ca := genCA "actions-runner-ca" 3650 }} -{{- $cert := genSignedCert (printf "%s.%s.svc" (include "actions-runner-controller.webhookServiceName" .) .Release.Namespace) nil (list (printf "%s.%s.svc" (include "actions-runner-controller.webhookServiceName" .) .Release.Namespace)) 3650 $ca }} +{{- $cert := genSignedCert (printf "%s.%s.svc" (include "actions-runner-controller.webhookServiceName" .) (include "actions-runner-controller.namespace" .)) nil (list (printf "%s.%s.svc" (include "actions-runner-controller.webhookServiceName" .) (include "actions-runner-controller.namespace" .))) 3650 $ca }} --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration @@ -11,7 +11,7 @@ metadata: name: {{ include "actions-runner-controller.fullname" . }}-mutating-webhook-configuration {{- if .Values.certManagerEnabled }} annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "actions-runner-controller.servingCertName" . }} + cert-manager.io/inject-ca-from: {{ include "actions-runner-controller.namespace" . }}/{{ include "actions-runner-controller.servingCertName" . }} {{- end }} webhooks: - admissionReviewVersions: @@ -19,7 +19,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -29,7 +29,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /mutate-actions-summerwind-dev-v1alpha1-runner failurePolicy: Fail name: mutate.runner.actions.summerwind.dev @@ -50,7 +50,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -60,7 +60,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /mutate-actions-summerwind-dev-v1alpha1-runnerdeployment failurePolicy: Fail name: mutate.runnerdeployment.actions.summerwind.dev @@ -81,7 +81,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -91,7 +91,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /mutate-actions-summerwind-dev-v1alpha1-runnerreplicaset failurePolicy: Fail name: mutate.runnerreplicaset.actions.summerwind.dev @@ -112,7 +112,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -122,7 +122,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /mutate-runner-set-pod failurePolicy: Fail name: mutate-runner-pod.webhook.actions.summerwind.dev @@ -148,7 +148,7 @@ metadata: name: {{ include "actions-runner-controller.fullname" . }}-validating-webhook-configuration {{- if .Values.certManagerEnabled }} annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "actions-runner-controller.servingCertName" . }} + cert-manager.io/inject-ca-from: {{ include "actions-runner-controller.namespace" . }}/{{ include "actions-runner-controller.servingCertName" . }} {{- end }} webhooks: - admissionReviewVersions: @@ -156,7 +156,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -166,7 +166,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /validate-actions-summerwind-dev-v1alpha1-runner failurePolicy: Fail name: validate.runner.actions.summerwind.dev @@ -187,7 +187,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -197,7 +197,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /validate-actions-summerwind-dev-v1alpha1-runnerdeployment failurePolicy: Fail name: validate.runnerdeployment.actions.summerwind.dev @@ -218,7 +218,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -228,7 +228,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /validate-actions-summerwind-dev-v1alpha1-runnerreplicaset failurePolicy: Fail name: validate.runnerreplicaset.actions.summerwind.dev @@ -250,7 +250,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "actions-runner-controller.servingCertName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} type: kubernetes.io/tls diff --git a/charts/actions-runner-controller/templates/webhook_service.yaml b/charts/actions-runner-controller/templates/webhook_service.yaml index 41425f42cb..e9757cfc8d 100644 --- a/charts/actions-runner-controller/templates/webhook_service.yaml +++ b/charts/actions-runner-controller/templates/webhook_service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.service.annotations }} diff --git a/charts/actions-runner-controller/values.yaml b/charts/actions-runner-controller/values.yaml index 25da151516..fff18cc01e 100644 --- a/charts/actions-runner-controller/values.yaml +++ b/charts/actions-runner-controller/values.yaml @@ -420,3 +420,6 @@ actionsMetricsServer: # - chart-example.local terminationGracePeriodSeconds: 10 lifecycle: {} + +# Add the option to deploy in another namespace rather than .Release.Namespace. +namespaceOverride: "" diff --git a/charts/gha-runner-scale-set-controller/templates/_helpers.tpl b/charts/gha-runner-scale-set-controller/templates/_helpers.tpl index 075d21ae32..65c5315e46 100644 --- a/charts/gha-runner-scale-set-controller/templates/_helpers.tpl +++ b/charts/gha-runner-scale-set-controller/templates/_helpers.tpl @@ -7,6 +7,17 @@ Expand the name of the chart. gha-rs-controller {{- end }} +{{/* +Allow overriding the namespace for the resources. +*/}} +{{- define "gha-runner-scale-set-controller.namespace" -}} +{{- if .Values.namespaceOverride }} + {{- .Values.namespaceOverride }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + {{- define "gha-runner-scale-set-controller.name" -}} {{- default (include "gha-base-name" .) .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -57,7 +68,7 @@ Selector labels */}} {{- define "gha-runner-scale-set-controller.selectorLabels" -}} app.kubernetes.io/name: {{ include "gha-runner-scale-set-controller.name" . }} -app.kubernetes.io/namespace: {{ .Release.Namespace }} +app.kubernetes.io/namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} diff --git a/charts/gha-runner-scale-set-controller/templates/deployment.yaml b/charts/gha-runner-scale-set-controller/templates/deployment.yaml index 66b9a4b513..770aceec9a 100644 --- a/charts/gha-runner-scale-set-controller/templates/deployment.yaml +++ b/charts/gha-runner-scale-set-controller/templates/deployment.yaml @@ -2,10 +2,10 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "gha-runner-scale-set-controller.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} labels: {{- include "gha-runner-scale-set-controller.labels" . | nindent 4 }} - actions.github.com/controller-service-account-namespace: {{ .Release.Namespace }} + actions.github.com/controller-service-account-namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} actions.github.com/controller-service-account-name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} {{- if .Values.flags.watchSingleNamespace }} actions.github.com/controller-watch-single-namespace: {{ .Values.flags.watchSingleNamespace }} diff --git a/charts/gha-runner-scale-set-controller/templates/leader_election_role.yaml b/charts/gha-runner-scale-set-controller/templates/leader_election_role.yaml index e23e0226c0..02e0b415e7 100644 --- a/charts/gha-runner-scale-set-controller/templates/leader_election_role.yaml +++ b/charts/gha-runner-scale-set-controller/templates/leader_election_role.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "gha-runner-scale-set-controller.leaderElectionRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] diff --git a/charts/gha-runner-scale-set-controller/templates/leader_election_role_binding.yaml b/charts/gha-runner-scale-set-controller/templates/leader_election_role_binding.yaml index 85effd27f2..16d38388e9 100644 --- a/charts/gha-runner-scale-set-controller/templates/leader_election_role_binding.yaml +++ b/charts/gha-runner-scale-set-controller/templates/leader_election_role_binding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "gha-runner-scale-set-controller.leaderElectionRoleBinding" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -11,5 +11,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} {{- end }} \ No newline at end of file diff --git a/charts/gha-runner-scale-set-controller/templates/manager_cluster_role_binding.yaml b/charts/gha-runner-scale-set-controller/templates/manager_cluster_role_binding.yaml index 041d73a935..60291d21e9 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_cluster_role_binding.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_cluster_role_binding.yaml @@ -10,5 +10,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} {{- end }} \ No newline at end of file diff --git a/charts/gha-runner-scale-set-controller/templates/manager_listener_role.yaml b/charts/gha-runner-scale-set-controller/templates/manager_listener_role.yaml index 86a937776f..a238d5fc9c 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_listener_role.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_listener_role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "gha-runner-scale-set-controller.managerListenerRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} rules: - apiGroups: - "" diff --git a/charts/gha-runner-scale-set-controller/templates/manager_listener_role_binding.yaml b/charts/gha-runner-scale-set-controller/templates/manager_listener_role_binding.yaml index 8a2f7f95a4..efc66b574b 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_listener_role_binding.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_listener_role_binding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "gha-runner-scale-set-controller.managerListenerRoleBinding" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -10,4 +10,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} \ No newline at end of file diff --git a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml index 7fd6e98850..c486a79bce 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "gha-runner-scale-set-controller.managerSingleNamespaceRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} rules: - apiGroups: - actions.github.com diff --git a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role_binding.yaml b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role_binding.yaml index 3423b9ddc9..3bb5247e70 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role_binding.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role_binding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "gha-runner-scale-set-controller.managerSingleNamespaceRoleBinding" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -11,5 +11,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} {{- end }} \ No newline at end of file diff --git a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role_binding.yaml b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role_binding.yaml index 679233581b..c4810b7ae9 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role_binding.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role_binding.yaml @@ -11,5 +11,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} {{- end }} diff --git a/charts/gha-runner-scale-set-controller/templates/serviceaccount.yaml b/charts/gha-runner-scale-set-controller/templates/serviceaccount.yaml index 5d3bbf3f69..7bc4b2a849 100644 --- a/charts/gha-runner-scale-set-controller/templates/serviceaccount.yaml +++ b/charts/gha-runner-scale-set-controller/templates/serviceaccount.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} labels: {{- include "gha-runner-scale-set-controller.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} diff --git a/charts/gha-runner-scale-set-controller/values.yaml b/charts/gha-runner-scale-set-controller/values.yaml index 8e74317e45..7b9ae55875 100644 --- a/charts/gha-runner-scale-set-controller/values.yaml +++ b/charts/gha-runner-scale-set-controller/values.yaml @@ -130,3 +130,6 @@ flags: ## Labels that match prefix specified in the list are excluded from propagation. # excludeLabelPropagationPrefixes: # - "argocd.argoproj.io/instance" + +# Add the option to deploy in another namespace rather than .Release.Namespace. +namespaceOverride: "" diff --git a/charts/gha-runner-scale-set/templates/_helpers.tpl b/charts/gha-runner-scale-set/templates/_helpers.tpl index bd71ed64c9..c65b4a1f14 100644 --- a/charts/gha-runner-scale-set/templates/_helpers.tpl +++ b/charts/gha-runner-scale-set/templates/_helpers.tpl @@ -43,7 +43,7 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: gha-rs actions.github.com/scale-set-name: {{ include "gha-runner-scale-set.scale-set-name" . }} -actions.github.com/scale-set-namespace: {{ .Release.Namespace }} +actions.github.com/scale-set-namespace: {{ include "gha-runner-scale-set.namespace" . }} {{- end }} {{/* @@ -481,8 +481,8 @@ volumeMounts: {{- $managerServiceAccountName = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-name") }} {{- end }} {{- else if gt $singleNamespaceCounter 0 }} - {{- if hasKey $singleNamespaceControllerDeployments .Release.Namespace }} - {{- $controllerDeployment = get $singleNamespaceControllerDeployments .Release.Namespace }} + {{- if hasKey $singleNamespaceControllerDeployments (include "gha-runner-scale-set.namespace" .) }} + {{- $controllerDeployment = get $singleNamespaceControllerDeployments (include "gha-runner-scale-set.namespace" .) }} {{- with $controllerDeployment.metadata }} {{- $managerServiceAccountName = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-name") }} {{- end }} @@ -538,8 +538,8 @@ volumeMounts: {{- $managerServiceAccountNamespace = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-namespace") }} {{- end }} {{- else if gt $singleNamespaceCounter 0 }} - {{- if hasKey $singleNamespaceControllerDeployments .Release.Namespace }} - {{- $controllerDeployment = get $singleNamespaceControllerDeployments .Release.Namespace }} + {{- if hasKey $singleNamespaceControllerDeployments (include "gha-runner-scale-set.namespace" .) }} + {{- $controllerDeployment = get $singleNamespaceControllerDeployments (include "gha-runner-scale-set.namespace" .) }} {{- with $controllerDeployment.metadata }} {{- $managerServiceAccountNamespace = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-namespace") }} {{- end }} @@ -553,3 +553,11 @@ volumeMounts: {{- $managerServiceAccountNamespace }} {{- end }} {{- end }} + +{{- define "gha-runner-scale-set.namespace" -}} +{{- if .Values.namespaceOverride }} + {{- .Values.namespaceOverride }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml b/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml index 39ebfef800..c105fc7d43 100644 --- a/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml +++ b/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml @@ -4,11 +4,11 @@ metadata: {{- if or (not (include "gha-runner-scale-set.scale-set-name" .)) (gt (len (include "gha-runner-scale-set.scale-set-name" .)) 45) }} {{ fail "Name must have up to 45 characters" }} {{- end }} - {{- if gt (len .Release.Namespace) 63 }} + {{- if gt (len (include "gha-runner-scale-set.namespace" .)) 63 }} {{ fail "Namespace must have up to 63 characters" }} {{- end }} name: {{ include "gha-runner-scale-set.scale-set-name" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} labels: app.kubernetes.io/component: "autoscaling-runner-set" {{- include "gha-runner-scale-set.labels" . | nindent 4 }} diff --git a/charts/gha-runner-scale-set/templates/githubsecret.yaml b/charts/gha-runner-scale-set/templates/githubsecret.yaml index 67282c182b..1160a319a2 100644 --- a/charts/gha-runner-scale-set/templates/githubsecret.yaml +++ b/charts/gha-runner-scale-set/templates/githubsecret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "gha-runner-scale-set.githubsecret" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} labels: {{- include "gha-runner-scale-set.labels" . | nindent 4 }} finalizers: diff --git a/charts/gha-runner-scale-set/templates/kube_mode_role.yaml b/charts/gha-runner-scale-set/templates/kube_mode_role.yaml index e82d7b7713..ec84f22c9b 100644 --- a/charts/gha-runner-scale-set/templates/kube_mode_role.yaml +++ b/charts/gha-runner-scale-set/templates/kube_mode_role.yaml @@ -5,7 +5,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "gha-runner-scale-set.kubeModeRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} finalizers: - actions.github.com/cleanup-protection rules: diff --git a/charts/gha-runner-scale-set/templates/kube_mode_role_binding.yaml b/charts/gha-runner-scale-set/templates/kube_mode_role_binding.yaml index 060b9399e5..f36d6a6101 100644 --- a/charts/gha-runner-scale-set/templates/kube_mode_role_binding.yaml +++ b/charts/gha-runner-scale-set/templates/kube_mode_role_binding.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "gha-runner-scale-set.kubeModeRoleBindingName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} finalizers: - actions.github.com/cleanup-protection roleRef: @@ -14,5 +14,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set.kubeModeServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} {{- end }} diff --git a/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml b/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml index d0fa4b085c..09e58f03ad 100644 --- a/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml +++ b/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "gha-runner-scale-set.kubeModeServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} {{- if .Values.containerMode.kubernetesModeServiceAccount }} {{- with .Values.containerMode.kubernetesModeServiceAccount.annotations }} annotations: diff --git a/charts/gha-runner-scale-set/templates/manager_role.yaml b/charts/gha-runner-scale-set/templates/manager_role.yaml index f6a1e49383..6a82f95975 100644 --- a/charts/gha-runner-scale-set/templates/manager_role.yaml +++ b/charts/gha-runner-scale-set/templates/manager_role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "gha-runner-scale-set.managerRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} labels: {{- include "gha-runner-scale-set.labels" . | nindent 4 }} app.kubernetes.io/component: manager-role diff --git a/charts/gha-runner-scale-set/templates/manager_role_binding.yaml b/charts/gha-runner-scale-set/templates/manager_role_binding.yaml index ce212f77e2..7f138bdd82 100644 --- a/charts/gha-runner-scale-set/templates/manager_role_binding.yaml +++ b/charts/gha-runner-scale-set/templates/manager_role_binding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "gha-runner-scale-set.managerRoleBindingName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} labels: {{- include "gha-runner-scale-set.labels" . | nindent 4 }} app.kubernetes.io/component: manager-role-binding diff --git a/charts/gha-runner-scale-set/templates/no_permission_serviceaccount.yaml b/charts/gha-runner-scale-set/templates/no_permission_serviceaccount.yaml index f7c9700f1a..3ac63ec21f 100644 --- a/charts/gha-runner-scale-set/templates/no_permission_serviceaccount.yaml +++ b/charts/gha-runner-scale-set/templates/no_permission_serviceaccount.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "gha-runner-scale-set.noPermissionServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} labels: {{- include "gha-runner-scale-set.labels" . | nindent 4 }} finalizers: diff --git a/charts/gha-runner-scale-set/values.yaml b/charts/gha-runner-scale-set/values.yaml index 6018b7d0e5..565db3d881 100644 --- a/charts/gha-runner-scale-set/values.yaml +++ b/charts/gha-runner-scale-set/values.yaml @@ -201,3 +201,6 @@ template: # controllerServiceAccount: # namespace: arc-system # name: test-arc-gha-runner-scale-set-controller + +# Add the option to deploy in another namespace rather than .Release.Namespace. +namespaceOverride: ""