Implement allowed projects for MacOS Beta (!163) · Merge requests · GitLab.org / Ops Sub-Department / custom-executor-drivers / Autoscaler

Arran Walker requested to merge ajwalker/beta-allowed-projects into main Sep 10, 2021

What does this MR do?

Allows loading of a list of project URL prefixes that are allowed to participate in a beta program.

If a project prefix is not found within the list, a message similar to below is printed to the trace log and the job fails:

Why was this MR needed?

Our current way of using registering tokens is tedious.
The concurrency settings for the runner configuration are confusing when multiple Runners are configured. This will allow us to register just once as a instance Runner.

What's the best way to test this MR?

Create an allow list of projects:

# Create an allow list of projects
echo "/my-project/path" >> canary.project-allowlist

# Create a kubernetes secret with it
kubectl create secret generic orka-canary-project-allowlist --from-file=project-allowlist=canary.project-allowlist

Then modify the Helm values to make use of the allow list:

diff --git a/values-orka-canary.yaml b/values-orka-canary.yaml
index 0046bb9..9393c83 100644
--- a/values-orka-canary.yaml
+++ b/values-orka-canary.yaml
@@ -550,6 +551,7 @@ podLabels: {}
 ## mounted at /secrets.
 secrets:
   - name: orka-canary
+  - name: orka-canary-project-allowlist
 
 ## Additional config files to mount in the containers in `/configmaps`.
 ##
@@ -570,6 +572,8 @@ configMaps:
     Cores = 4
     Endpoint = "ORKA_API_ENDPOINT"
     Token = "ORKA_API_TOKEN"
+    BetaAllowedProjectsPath = "/secrets/project-allowlist"
 
       [Orka.ImageAliases]
       "macos-10.13-xcode-7" = "ork-10.13-7-202109061639"

What are the relevant issue numbers?

Edited Sep 18, 2021 by Arran Walker

Implement allowed projects for MacOS Beta

What does this MR do?

Why was this MR needed?

What's the best way to test this MR?

What are the relevant issue numbers?

Merge request reports