Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(arc): mount k8s and talos inside #3224

Merged
merged 1 commit into from
Dec 28, 2024
Merged

feat(arc): mount k8s and talos inside #3224

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 0 additions & 11 deletions .github/workflows/helm-repository-sync.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,13 +38,6 @@ jobs:
with:
token: "${{ steps.app-token.outputs.token }}"

- name: Write kubeconfig
id: kubeconfig
uses: timheuer/base64-to-file@v1
with:
encodedString: "${{ secrets.KUBECONFIG }}"
fileName: kubeconfig

- if: ${{ github.event.inputs.helmRepoNamespace == '' && github.event.inputs.helmRepoName == '' }}
name: Get changed files
id: changed-files
Expand All @@ -59,8 +52,6 @@ jobs:

- if: ${{ github.event.inputs.helmRepoNamespace == '' && github.event.inputs.helmRepoName == '' }}
name: Sync Helm Repository
env:
KUBECONFIG: "${{ steps.kubeconfig.outputs.filePath }}"
shell: bash
run: |
declare -a repos=()
Expand All @@ -79,8 +70,6 @@ jobs:

- if: ${{ github.event.inputs.helmRepoNamespace != '' && github.event.inputs.helmRepoName != '' }}
name: Sync Helm Repository
env:
KUBECONFIG: ${{ steps.kubeconfig.outputs.filePath }}
shell: bash
run: |
flux \
Expand Down
13 changes: 1 addition & 12 deletions .github/workflows/pre-pull-images.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,19 +104,8 @@ jobs:
- name: Setup Workflow Tools
run: brew update && brew install siderolabs/tap/talosctl

- name: Write talosconfig
id: talosconfig
uses: timheuer/base64-to-file@v1
with:
encodedString: "${{ secrets.TALOSCONFIG }}"
fileName: talosconfig

- name: Pre-pull Image
env:
TALOSCONFIG: "${{ steps.talosconfig.outputs.filePath }}"
run: |
NODE=$(talosctl config info --output json | jq --raw-output '.nodes[]' | shuf -n 1)
talosctl -n $NODE image pull ${{ matrix.images }}
run: talosctl -n $NODE_IP image pull ${{ matrix.images }}

# Summarize matrix https://github.community/t/status-check-for-a-matrix-jobs/127354/7
pre-pull-images-success:
Expand Down
1 change: 1 addition & 0 deletions kubernetes/apps/actions-runner-system/actions-runner-controller/app/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@ kind: Kustomization
resources:
- ./externalsecret.yaml
- ./helmrelease.yaml
- ./rbac.yaml
26 changes: 26 additions & 0 deletions kubernetes/apps/actions-runner-system/actions-runner-controller/app/rbac.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: actions-runner
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: actions-runner
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: actions-runner
namespace: actions-runner-system
---
apiVersion: talos.dev/v1alpha1
kind: ServiceAccount
metadata:
name: actions-runner
spec:
roles:
- os:admin
15 changes: 15 additions & 0 deletions kubernetes/apps/actions-runner-system/actions-runner-controller/runner/helmrelease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,26 @@ spec:
type: dind
template:
spec:
autoMountServiceAccountToken: true
containers:
- name: runner
image: ghcr.io/buroa/actions-runner:2.321.0@sha256:08baa1d4489fdbcf85e726568406be481d35cf86da8281d9821a32b78d9301d9
command:
- /home/runner/run.sh
env:
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
volumeMounts:
- mountPath: /var/run/secrets/talos.dev
name: talos
readOnly: true
serviceAccount: actions-runner
volumes:
- name: talos
secret:
secretName: actions-runner
controllerServiceAccount:
name: gha-runner-scale-set-controller
namespace: actions-runner-system
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/system-upgrade/system-upgrade-controller/app/rbac.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ subjects:
apiVersion: talos.dev/v1alpha1
kind: ServiceAccount
metadata:
name: talos
name: system-upgrade
spec:
roles:
- os:admin
2 changes: 1 addition & 1 deletion kubernetes/apps/system-upgrade/system-upgrade-controller/plans/kubernetes.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ spec:
version: ${KUBERNETES_VERSION}
serviceAccountName: system-upgrade
secrets:
- name: talos
- name: system-upgrade
path: /var/run/secrets/talos.dev
ignoreUpdates: true
concurrency: 1
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/system-upgrade/system-upgrade-controller/plans/talos.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ spec:
version: ${TALOS_VERSION}
serviceAccountName: system-upgrade
secrets:
- name: talos
- name: system-upgrade
path: /var/run/secrets/talos.dev
ignoreUpdates: true
concurrency: 1
Expand Down
1 change: 1 addition & 0 deletions talos/talconfig.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -434,4 +434,5 @@ controlPlane:
allowedRoles:
- os:admin
allowedKubernetesNamespaces:
- actions-runner-system
- system-upgrade
Loading