Skip to content

Add support for giving kubernetes mode scaleset service account additional permissions #4282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add support for giving kubernetes mode scaleset service account additional permissions #4282

wants to merge 1 commit into from
+49 −15

Conversation

@marcusramberg
Copy link

This is useful for instance to allow buildx kubernetes driver to work, of if you use a custom container hook that needs additional permissions like pod watch.

Tested locally with ct against a kind cluster.

Copilot AI review requested due to automatic review settings October 23, 2025 11:59
Copilot AI reviewed Oct 23, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for extending the Kubernetes mode service account role with additional permissions. This enables scenarios like using buildx Kubernetes driver or custom container hooks that require extra permissions such as pod watch capabilities.

  • Adds a new configuration field kubernetesModeAdditionalRoleRules to allow users to specify custom RBAC rules
  • Extends the Role template to merge custom rules with default permissions
  • Includes test configuration demonstrating deployment management permissions

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
charts/gha-runner-scale-set/values.yaml Documents the new kubernetesModeAdditionalRoleRules configuration option
charts/gha-runner-scale-set/tests/values_k8s_extra_role_rules.yaml Provides test case with example deployment permissions
charts/gha-runner-scale-set/templates/kube_mode_role.yaml Implements the template logic to append additional role rules

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@marcusramberg marcusramberg force-pushed the marcus/additional_rules branch from 9a0353f to 9d6755a Compare October 23, 2025 11:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mumoshu mumoshu Awaiting requested review from mumoshu mumoshu is a code owner

@toast-gear toast-gear Awaiting requested review from toast-gear toast-gear is a code owner

@nikola-jokic nikola-jokic Awaiting requested review from nikola-jokic nikola-jokic is a code owner

@rentziass rentziass Awaiting requested review from rentziass rentziass is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marcusramberg