diff --git a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role.yaml b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role.yaml index ac5a2d93a7..84eb702c28 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role.yaml @@ -107,6 +107,20 @@ rules: verbs: - list - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - list + - watch - apiGroups: - rbac.authorization.k8s.io resources: diff --git a/charts/gha-runner-scale-set-controller/tests/template_test.go b/charts/gha-runner-scale-set-controller/tests/template_test.go index afee95a219..533b4f9edd 100644 --- a/charts/gha-runner-scale-set-controller/tests/template_test.go +++ b/charts/gha-runner-scale-set-controller/tests/template_test.go @@ -920,7 +920,7 @@ func TestTemplate_CreateManagerSingleNamespaceRole(t *testing.T) { assert.Equal(t, "test-arc-gha-rs-controller-single-namespace-watch", managerSingleNamespaceWatchRole.Name) assert.Equal(t, "demo", managerSingleNamespaceWatchRole.Namespace) - assert.Equal(t, 14, len(managerSingleNamespaceWatchRole.Rules)) + assert.Equal(t, 16, len(managerSingleNamespaceWatchRole.Rules)) } func TestTemplate_ManagerSingleNamespaceRoleBinding(t *testing.T) { diff --git a/main.go b/main.go index 3a3aa00bd5..cbff64c91b 100644 --- a/main.go +++ b/main.go @@ -234,6 +234,16 @@ func main() { cfg.QPS = float32(rateLimiterQPS) cfg.Burst = rateLimiterBurst + clientOptions := client.Options{} + if watchSingleNamespace == "" { + clientOptions.Cache = &client.CacheOptions{ + DisableFor: []client.Object{ + &corev1.Secret{}, + &corev1.ConfigMap{}, + }, + } + } + mgr, err := ctrl.NewManager(cfg, ctrl.Options{ Scheme: scheme, Metrics: metricsserver.Options{ @@ -246,14 +256,7 @@ func main() { WebhookServer: webhookServer, LeaderElection: enableLeaderElection, LeaderElectionID: leaderElectionId, - Client: client.Options{ - Cache: &client.CacheOptions{ - DisableFor: []client.Object{ - &corev1.Secret{}, - &corev1.ConfigMap{}, - }, - }, - }, + Client: clientOptions, PprofBindAddress: pprofAddr, }) if err != nil {