Multi-tenancy deployment with helm chart #1832
Replies: 4 comments 12 replies
-
@mumoshu Can you please help me here ? |
Beta Was this translation helpful? Give feedback.
-
👋🏻 Random drive-by opinion here. 😄 First, I'm unclear what you mean by "multi-tenancy", but am assuming you're trying to run multiple controllers in the same cluster. While that's technically possible, it's probably simpler to have 1 controller manage lots of deployments. |
Beta Was this translation helpful? Give feedback.
-
@aajith-arista Hey! No, you can't do that. You still need the default auth secret in case the HRA controller needs to call GitHub API before deciding which HRA to scale(ARC can't decide which githubAPICredentialsFrom.configMapName to read until the HRA controller decides which HRA to scale!), and to prepare for cases where there's no githubAPICredentialsFro field specified for a particular HRA/RunnenrDeployment/RunnerSet/etc. |
Beta Was this translation helpful? Give feedback.
-
We're hitting an issue using this in practice. We have two private github apps. One for the global controller that is in the arista-eos-external org and one that's for the barney-ci org. I'm referring to the latter secret in my runner and scaler. I'm getting this error in the controller's logs:
The barney-ci app has actions (read), metadata (read), and self-hosted runners (read/write) permissions. Does the controller's app need to be installed on the barney-ci org as well? Unfortunately if that's the case then we'd have to make it public meaning anyone could install it. |
Beta Was this translation helpful? Give feedback.
-
Hi,
I wanted to try out the multi-tenancy model in
actions-runner-controller-0.21.0
/v0.26.0
.I am using the helm chart to deploy and I use the github app authentication and webhook server.
So I set
githubWebhookServer.enabled=true
.I got rid of the global secret
authSecret.name="controller-manager"
. I understand that instead the secret needs to be specified in the spec ofRunnerDeployment
andHorizontalAutoscaler
.However, the helm chart fails to apply cleanly.
The deployment
<release>-actions-runner-controller
fails to come up. The pods are still looking for the global secret.If I run with
authSecret.enabled=false
, the pods end up in a crash loop.How do I get this working for the helm chart ?
Thanks,
Arun
Beta Was this translation helpful? Give feedback.
All reactions