diff --git a/.github/workflows/schemas.yaml b/.github/workflows/schemas.yaml index be1ed3ee82..54395659c3 100644 --- a/.github/workflows/schemas.yaml +++ b/.github/workflows/schemas.yaml @@ -20,7 +20,7 @@ env: jobs: publish-kubernetes-schemas: name: Publish Kubernetes Schemas - runs-on: ["k8s-homelab"] + runs-on: ["k8s-homelab-runner"] permissions: contents: read packages: write diff --git a/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/actions-runner-controller.yaml b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/actions-runner-controller.yaml new file mode 100644 index 0000000000..892a318c3f --- /dev/null +++ b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/actions-runner-controller.yaml @@ -0,0 +1,26 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: actions-runner-controller +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: actions-runner-controller-secret + template: + engineVersion: v2 + data: + ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID: |- + {{ .GITHUB_APP_ID }} + ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID: |- + {{ .GITHUB_APP_INSTALLATION_ID }} + ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY: |- + {{ .GITHUB_APP_PRIVATE_KEY }} + ACTION_RUNNER_CONTROLLER_GITHUB_WEBHOOK_SECRET_TOKEN: |- + {{ .GITHUB_WEBHOOK_SECRET_TOKEN }} + dataFrom: + - extract: + key: github-action-runner diff --git a/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/helm-release.yaml b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/helm-release.yaml new file mode 100644 index 0000000000..31335de532 --- /dev/null +++ b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/helm-release.yaml @@ -0,0 +1,29 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/helm.toolkit.fluxcd.io/helmrelease_v2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &name actions-runner-controller +spec: + interval: 30m + chart: + spec: + chart: gha-runner-scale-set-controller + version: 0.10.1 + sourceRef: + kind: HelmRepository + name: actions-runner-controller-charts + namespace: flux-system + install: + crds: CreateReplace + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + crds: CreateReplace + remediation: + strategy: rollback + retries: 3 + values: + fullnameOverride: *name + replicaCount: 1 diff --git a/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/kustomization.yaml b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/kustomization.yaml new file mode 100644 index 0000000000..c0b591639f --- /dev/null +++ b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - actions-runner-controller.yaml + - helm-release.yaml + - pvc.yaml diff --git a/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/pvc.yaml b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/pvc.yaml new file mode 100644 index 0000000000..5af599fa23 --- /dev/null +++ b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/app/pvc.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: actions-runner-controller-cache + labels: + app.kubernetes.io/name: &name actions-runner-controller + app.kubernetes.io/instance: *name + excluded_from_alerts: "true" +spec: + storageClassName: ceph-filesystem + accessModes: + - ReadWriteMany + resources: + requests: + storage: 8Gi diff --git a/kubernetes/main/apps/actions-runner-system/actions-runner-controller/install.yaml b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/install.yaml new file mode 100644 index 0000000000..b629bb74f5 --- /dev/null +++ b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/install.yaml @@ -0,0 +1,43 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app actions-runner-controller + namespace: flux-system +spec: + targetNamespace: actions-runner-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/main/apps/actions-runner-system/actions-runner-controller/app + prune: true + sourceRef: + kind: GitRepository + name: flux-system + wait: false + interval: 30m + timeout: 5m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app actions-runner-controller-runners + namespace: flux-system +spec: + targetNamespace: actions-runner-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: actions-runner-controller + - name: external-secrets + prune: true + wait: false + interval: 30m + timeout: 5m diff --git a/kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/k8s-homelab/helm-release.yaml b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/k8s-homelab/helm-release.yaml new file mode 100644 index 0000000000..977370f7bc --- /dev/null +++ b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/k8s-homelab/helm-release.yaml @@ -0,0 +1,85 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/helm.toolkit.fluxcd.io/helmrelease_v2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &name k8s-homelab-runner +spec: + interval: 30m + chart: + spec: + chart: gha-runner-scale-set + version: 0.10.1 + sourceRef: + kind: HelmRepository + name: actions-runner-controller-charts + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + dependsOn: + - name: actions-runner-controller + namespace: actions-runner-system + - name: openebs + namespace: system + valuesFrom: + - targetPath: githubConfigSecret.github_app_id + kind: Secret + name: actions-runner-controller-secret + valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID + - targetPath: githubConfigSecret.github_app_installation_id + kind: Secret + name: actions-runner-controller-secret + valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID + - targetPath: githubConfigSecret.github_app_private_key + kind: Secret + name: actions-runner-controller-secret + valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY + values: + runnerScaleSetName: k8s-homelab-runner + githubConfigUrl: https://github.com/szinn/k8s-homelab + minRunners: 1 + maxRunners: 3 + containerMode: + type: kubernetes + kubernetesModeWorkVolumeClaim: + accessModes: ["ReadWriteOnce"] + storageClassName: openebs-hostpath + resources: + requests: + storage: 25Gi + controllerServiceAccount: + name: actions-runner-controller + namespace: actions-runner-system + template: + spec: + containers: + - name: runner + image: ghcr.io/onedr0p/actions-runner:2.321.0@sha256:a7539dc157f3f0129f49459826576ab53a529580916bb8a09a395e61e38354c0 + command: ["/home/runner/run.sh"] + env: + - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER + value: "false" + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - mountPath: /var/run/secrets/talos.dev + name: talos + readOnly: true + - name: cache-volume + mountPath: /cache + serviceAccountName: *name + volumes: + - name: talos + secret: + secretName: *name + - name: cache-volume + persistentVolumeClaim: + claimName: actions-runner-controller-cache diff --git a/kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/k8s-homelab/kustomization.yaml b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/k8s-homelab/kustomization.yaml new file mode 100644 index 0000000000..c4c3f20e3d --- /dev/null +++ b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/k8s-homelab/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-release.yaml + - rbac.yaml diff --git a/kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/k8s-homelab/rbac.yaml b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/k8s-homelab/rbac.yaml new file mode 100644 index 0000000000..e9f936029e --- /dev/null +++ b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/k8s-homelab/rbac.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: k8s-homelab-runner +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: k8s-homelab-runner +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: k8s-homelab-runner + namespace: actions-runner-system +--- +apiVersion: talos.dev/v1alpha1 +kind: ServiceAccount +metadata: + name: k8s-homelab-runner +spec: + roles: ["os:admin"] diff --git a/kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/kustomization.yaml b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/kustomization.yaml new file mode 100644 index 0000000000..21d00e682f --- /dev/null +++ b/kubernetes/main/apps/actions-runner-system/actions-runner-controller/runners/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - k8s-homelab diff --git a/kubernetes/main/apps/actions-runner-system/kustomization.yaml b/kubernetes/main/apps/actions-runner-system/kustomization.yaml new file mode 100644 index 0000000000..db559bd645 --- /dev/null +++ b/kubernetes/main/apps/actions-runner-system/kustomization.yaml @@ -0,0 +1,18 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + # Pre Flux-Kustomizations + - namespace.yaml + - ../../templates/alerts + # Flux-Kustomizations + - actions-runner-controller/install.yaml +transformers: + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: not-used + namespace: actions-runner-system + unsetOnly: true diff --git a/kubernetes/main/apps/actions-runner-system/namespace.yaml b/kubernetes/main/apps/actions-runner-system/namespace.yaml new file mode 100644 index 0000000000..d6512dfb82 --- /dev/null +++ b/kubernetes/main/apps/actions-runner-system/namespace.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: actions-runner-system + annotations: + kustomize.toolkit.fluxcd.io/prune: disabled + volsync.backube/privileged-movers: "true" diff --git a/kubernetes/main/apps/dev/actions-runner-controller/install.yaml b/kubernetes/main/apps/dev/actions-runner-controller/install.yaml index cb9c938b7c..276b547cd3 100644 --- a/kubernetes/main/apps/dev/actions-runner-controller/install.yaml +++ b/kubernetes/main/apps/dev/actions-runner-controller/install.yaml @@ -20,26 +20,26 @@ spec: wait: true interval: 30m timeout: 5m ---- +# --- # yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app actions-runner-controller-runners - namespace: flux-system -spec: - targetNamespace: dev - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./kubernetes/main/apps/dev/actions-runner-controller/runners - sourceRef: - kind: GitRepository - name: flux-system - dependsOn: - - name: actions-runner-operator - - name: external-secrets - prune: true - wait: false - interval: 30m - timeout: 5m +# apiVersion: kustomize.toolkit.fluxcd.io/v1 +# kind: Kustomization +# metadata: +# name: &app actions-runner-controller-runners +# namespace: flux-system +# spec: +# targetNamespace: dev +# commonMetadata: +# labels: +# app.kubernetes.io/name: *app +# path: ./kubernetes/main/apps/dev/actions-runner-controller/runners +# sourceRef: +# kind: GitRepository +# name: flux-system +# dependsOn: +# - name: actions-runner-operator +# - name: external-secrets +# prune: true +# wait: false +# interval: 30m +# timeout: 5m diff --git a/kubernetes/main/apps/dev/kustomization.yaml b/kubernetes/main/apps/dev/kustomization.yaml index 6b5d9fbbf9..1ead278840 100644 --- a/kubernetes/main/apps/dev/kustomization.yaml +++ b/kubernetes/main/apps/dev/kustomization.yaml @@ -7,7 +7,7 @@ resources: - namespace.yaml - ../../templates/alerts # Flux-Kustomizations - - actions-runner-controller/install.yaml + # - actions-runner-controller/install.yaml - kubernetes-schemas/install.yaml transformers: - |- diff --git a/kubernetes/main/apps/media/bazarr/app/bazarr-secrets.yaml b/kubernetes/main/apps/media/bazarr/app/bazarr-secrets.yaml index fade8be215..92fa49b9db 100644 --- a/kubernetes/main/apps/media/bazarr/app/bazarr-secrets.yaml +++ b/kubernetes/main/apps/media/bazarr/app/bazarr-secrets.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/external-secrets.io/externalsecret_v1beta1.json apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: diff --git a/kubernetes/main/apps/media/bazarr/install.yaml b/kubernetes/main/apps/media/bazarr/install.yaml index a678092c85..b36229cef5 100644 --- a/kubernetes/main/apps/media/bazarr/install.yaml +++ b/kubernetes/main/apps/media/bazarr/install.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/main/bootstrap/talos/talconfig.yaml b/kubernetes/main/bootstrap/talos/talconfig.yaml index c2f38b8716..5b4b158b91 100644 --- a/kubernetes/main/bootstrap/talos/talconfig.yaml +++ b/kubernetes/main/bootstrap/talos/talconfig.yaml @@ -221,6 +221,7 @@ controlPlane: - os:admin allowedKubernetesNamespaces: - system-upgrade + - actions-runner-system # Configure containerd - &containerdPatch |- diff --git a/kubernetes/main/templates/alerts/alert.yaml b/kubernetes/main/templates/alerts/alert.yaml index 7e11cd0882..c38abd54b9 100644 --- a/kubernetes/main/templates/alerts/alert.yaml +++ b/kubernetes/main/templates/alerts/alert.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/alert_v1beta3.json +# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/notification.toolkit.fluxcd.io/alert_v1beta3.json apiVersion: notification.toolkit.fluxcd.io/v1beta3 kind: Alert metadata: diff --git a/kubernetes/main/templates/alerts/provider.yaml b/kubernetes/main/templates/alerts/provider.yaml index cd2f67fd0e..95e9e8c28a 100644 --- a/kubernetes/main/templates/alerts/provider.yaml +++ b/kubernetes/main/templates/alerts/provider.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/provider_v1beta3.json +# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/notification.toolkit.fluxcd.io/provider_v1beta3.json apiVersion: notification.toolkit.fluxcd.io/v1beta3 kind: Provider metadata: