Skip to content

Commit

Permalink
Update action-runners system
Browse files Browse the repository at this point in the history
  • Loading branch information
@szinn
szinn committed Jan 14, 2025
1 parent 7c7aa00 commit 51261b4
Show file tree
Hide file tree
Showing 19 changed files with 300 additions and 28 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/schemas.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ env:
jobs:
publish-kubernetes-schemas:
name: Publish Kubernetes Schemas
runs-on: ["k8s-homelab"]
runs-on: ["k8s-homelab-runner"]
permissions:
contents: read
packages: write
Expand Down
26 changes: 26 additions & 0 deletions ...n/apps/actions-runner-system/actions-runner-controller/app/actions-runner-controller.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: actions-runner-controller
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: actions-runner-controller-secret
template:
engineVersion: v2
data:
ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID: |-
{{ .GITHUB_APP_ID }}
ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID: |-
{{ .GITHUB_APP_INSTALLATION_ID }}
ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY: |-
{{ .GITHUB_APP_PRIVATE_KEY }}
ACTION_RUNNER_CONTROLLER_GITHUB_WEBHOOK_SECRET_TOKEN: |-
{{ .GITHUB_WEBHOOK_SECRET_TOKEN }}
dataFrom:
- extract:
key: github-action-runner
29 changes: 29 additions & 0 deletions kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/helm-release.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &name actions-runner-controller
spec:
interval: 30m
chart:
spec:
chart: gha-runner-scale-set-controller
version: 0.10.1
sourceRef:
kind: HelmRepository
name: actions-runner-controller-charts
namespace: flux-system
install:
crds: CreateReplace
remediation:
retries: 3
upgrade:
cleanupOnFail: true
crds: CreateReplace
remediation:
strategy: rollback
retries: 3
values:
fullnameOverride: *name
replicaCount: 1
8 changes: 8 additions & 0 deletions kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- actions-runner-controller.yaml
- helm-release.yaml
- pvc.yaml
16 changes: 16 additions & 0 deletions kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/pvc.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: actions-runner-controller-cache
labels:
app.kubernetes.io/name: &name actions-runner-controller
app.kubernetes.io/instance: *name
excluded_from_alerts: "true"
spec:
storageClassName: ceph-filesystem
accessModes:
- ReadWriteMany
resources:
requests:
storage: 8Gi
43 changes: 43 additions & 0 deletions kubernetes/main/apps/actions-runner-system/actions-runner-controller/install.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app actions-runner-controller
namespace: flux-system
spec:
targetNamespace: actions-runner-system
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/main/apps/actions-runner-system/actions-runner-controller/app
prune: true
sourceRef:
kind: GitRepository
name: flux-system
wait: false
interval: 30m
timeout: 5m
---
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app actions-runner-controller-runners
namespace: flux-system
spec:
targetNamespace: actions-runner-system
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners
sourceRef:
kind: GitRepository
name: flux-system
dependsOn:
- name: actions-runner-controller
- name: external-secrets
prune: true
wait: false
interval: 30m
timeout: 5m
85 changes: 85 additions & 0 deletions ...pps/actions-runner-system/actions-runner-controller/runners/k8s-homelab/helm-release.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &name k8s-homelab-runner
spec:
interval: 30m
chart:
spec:
chart: gha-runner-scale-set
version: 0.10.1
sourceRef:
kind: HelmRepository
name: actions-runner-controller-charts
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
dependsOn:
- name: actions-runner-controller
namespace: actions-runner-system
- name: openebs
namespace: system
valuesFrom:
- targetPath: githubConfigSecret.github_app_id
kind: Secret
name: actions-runner-controller-secret
valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID
- targetPath: githubConfigSecret.github_app_installation_id
kind: Secret
name: actions-runner-controller-secret
valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID
- targetPath: githubConfigSecret.github_app_private_key
kind: Secret
name: actions-runner-controller-secret
valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY
values:
runnerScaleSetName: k8s-homelab-runner
githubConfigUrl: https://github.com/szinn/k8s-homelab
minRunners: 1
maxRunners: 3
containerMode:
type: kubernetes
kubernetesModeWorkVolumeClaim:
accessModes: ["ReadWriteOnce"]
storageClassName: openebs-hostpath
resources:
requests:
storage: 25Gi
controllerServiceAccount:
name: actions-runner-controller
namespace: actions-runner-system
template:
spec:
containers:
- name: runner
image: ghcr.io/onedr0p/actions-runner:2.321.0@sha256:a7539dc157f3f0129f49459826576ab53a529580916bb8a09a395e61e38354c0
command: ["/home/runner/run.sh"]
env:
- name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
value: "false"
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
volumeMounts:
- mountPath: /var/run/secrets/talos.dev
name: talos
readOnly: true
- name: cache-volume
mountPath: /cache
serviceAccountName: *name
volumes:
- name: talos
secret:
secretName: *name
- name: cache-volume
persistentVolumeClaim:
claimName: actions-runner-controller-cache
7 changes: 7 additions & 0 deletions ...ps/actions-runner-system/actions-runner-controller/runners/k8s-homelab/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
- rbac.yaml
25 changes: 25 additions & 0 deletions ...s/main/apps/actions-runner-system/actions-runner-controller/runners/k8s-homelab/rbac.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: k8s-homelab-runner
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: k8s-homelab-runner
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: k8s-homelab-runner
namespace: actions-runner-system
---
apiVersion: talos.dev/v1alpha1
kind: ServiceAccount
metadata:
name: k8s-homelab-runner
spec:
roles: ["os:admin"]
6 changes: 6 additions & 0 deletions ...etes/main/apps/actions-runner-system/actions-runner-controller/runners/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- k8s-homelab
18 changes: 18 additions & 0 deletions kubernetes/main/apps/actions-runner-system/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# Pre Flux-Kustomizations
- namespace.yaml
- ../../templates/alerts
# Flux-Kustomizations
- actions-runner-controller/install.yaml
transformers:
- |-
apiVersion: builtin
kind: NamespaceTransformer
metadata:
name: not-used
namespace: actions-runner-system
unsetOnly: true
8 changes: 8 additions & 0 deletions kubernetes/main/apps/actions-runner-system/namespace.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: actions-runner-system
annotations:
kustomize.toolkit.fluxcd.io/prune: disabled
volsync.backube/privileged-movers: "true"
44 changes: 22 additions & 22 deletions kubernetes/main/apps/dev/actions-runner-controller/install.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,26 +20,26 @@ spec:
wait: true
interval: 30m
timeout: 5m
---
# ---
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app actions-runner-controller-runners
namespace: flux-system
spec:
targetNamespace: dev
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/main/apps/dev/actions-runner-controller/runners
sourceRef:
kind: GitRepository
name: flux-system
dependsOn:
- name: actions-runner-operator
- name: external-secrets
prune: true
wait: false
interval: 30m
timeout: 5m
# apiVersion: kustomize.toolkit.fluxcd.io/v1
# kind: Kustomization
# metadata:
# name: &app actions-runner-controller-runners
# namespace: flux-system
# spec:
# targetNamespace: dev
# commonMetadata:
# labels:
# app.kubernetes.io/name: *app
# path: ./kubernetes/main/apps/dev/actions-runner-controller/runners
# sourceRef:
# kind: GitRepository
# name: flux-system
# dependsOn:
# - name: actions-runner-operator
# - name: external-secrets
# prune: true
# wait: false
# interval: 30m
# timeout: 5m
2 changes: 1 addition & 1 deletion kubernetes/main/apps/dev/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ resources:
- namespace.yaml
- ../../templates/alerts
# Flux-Kustomizations
- actions-runner-controller/install.yaml
# - actions-runner-controller/install.yaml
- kubernetes-schemas/install.yaml
transformers:
- |-
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/main/apps/media/bazarr/app/bazarr-secrets.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/main/apps/media/bazarr/install.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
Expand Down
1 change: 1 addition & 0 deletions kubernetes/main/bootstrap/talos/talconfig.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -221,6 +221,7 @@ controlPlane:
- os:admin
allowedKubernetesNamespaces:
- system-upgrade
- actions-runner-system
# Configure containerd
- &containerdPatch |-
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/main/templates/alerts/alert.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/alert_v1beta3.json
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/notification.toolkit.fluxcd.io/alert_v1beta3.json
apiVersion: notification.toolkit.fluxcd.io/v1beta3
kind: Alert
metadata:
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/main/templates/alerts/provider.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/provider_v1beta3.json
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/notification.toolkit.fluxcd.io/provider_v1beta3.json
apiVersion: notification.toolkit.fluxcd.io/v1beta3
kind: Provider
metadata:
Expand Down

0 comments on commit 51261b4

Please sign in to comment.