actions-runner-controller
actions-runner-controller copied to clipboard
Published
20 hours ago •
actions
actions
Runner Scale Set listener-config secret is static
Checks
- [X] I've already read https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors and I'm sure my issue is not covered in the troubleshooting guide.
- [X] I am using charts that are officially provided
Controller Version
0.7.0
Deployment Method
Helm
Checks
- [X] This isn't a question or user support case (For Q&A and community support, go to Discussions).
- [X] I've read the Changelog before submitting this issue and I'm sure it's not due to any recently-introduced backward-incompatible changes
To Reproduce
1. Update the data in the `githubConfigSecret`
2. Force reconciliation (restart controller pod)
Describe the bug
After attempting to rotate the credentials used by the runner scale sets it was observed the data in the secret: *-listener-config is not automatically updated like the base secret: *-listener. This will cause issues if the old credentials are no longer valid.
Current work around is to manually delete the *-listener-config and force reconciliation
Describe the expected behavior
After the 'base' secret *-listener is updated the *-listener-config secret should also be updated.
Additional Context
N/A - it is worth noting that the static nature of this config secret also cause issues if the runner groups are updated or recreated. If the associated runner group's ID is modified but the name is preserved you will also run into issues.
This issue becomes quite painful if the old credentials are no longer valid, all listeners would then start throwing 401s.
Controller Logs
https://gist.github.com/jb-2020/bc063bcdead1e72ce44d4a0f0ceab32e
Runner Pod Logs
N/A
