Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⚡ adding action-runner-controller #450

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

⚡ adding action-runner-controller #450

wants to merge 3 commits into from

Conversation

chrede88
Copy link
Owner

No description provided.

@github-actions github-actions bot added the area/kubernetes Changes made to kubernetes resources label Feb 27, 2025
@github-actions GitHub Actions
Copy link 

--- HelmRelease: action-runner-system/k8s-runner Role: action-runner-system/k8s-runner-gha-rs-manager

+++ HelmRelease: action-runner-system/k8s-runner Role: action-runner-system/k8s-runner-gha-rs-manager

@@ -0,0 +1,74 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: k8s-runner-gha-rs-manager
+  namespace: action-runner-system
+  labels:
+    app.kubernetes.io/name: k8s-runner
+    app.kubernetes.io/instance: k8s-runner
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/part-of: gha-rs
+    actions.github.com/scale-set-name: k8s-runner
+    actions.github.com/scale-set-namespace: action-runner-system
+    app.kubernetes.io/component: manager-role
+  finalizers:
+  - actions.github.com/cleanup-protection
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - create
+  - delete
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - pods/status
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  verbs:
+  - create
+  - delete
+  - get
+  - patch
+  - update
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - roles
+  verbs:
+  - create
+  - delete
+  - get
+  - patch
+  - update
+
--- HelmRelease: action-runner-system/k8s-runner RoleBinding: action-runner-system/k8s-runner-gha-rs-manager

+++ HelmRelease: action-runner-system/k8s-runner RoleBinding: action-runner-system/k8s-runner-gha-rs-manager

@@ -0,0 +1,25 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: k8s-runner-gha-rs-manager
+  namespace: action-runner-system
+  labels:
+    app.kubernetes.io/name: k8s-runner
+    app.kubernetes.io/instance: k8s-runner
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/part-of: gha-rs
+    actions.github.com/scale-set-name: k8s-runner
+    actions.github.com/scale-set-namespace: action-runner-system
+    app.kubernetes.io/component: manager-role-binding
+  finalizers:
+  - actions.github.com/cleanup-protection
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: k8s-runner-gha-rs-manager
+subjects:
+- kind: ServiceAccount
+  name: actions-runner-controller
+  namespace: actions-runner-system
+
--- HelmRelease: action-runner-system/k8s-runner AutoscalingRunnerSet: action-runner-system/k8s-runner

+++ HelmRelease: action-runner-system/k8s-runner AutoscalingRunnerSet: action-runner-system/k8s-runner

@@ -0,0 +1,59 @@

+---
+apiVersion: actions.github.com/v1alpha1
+kind: AutoscalingRunnerSet
+metadata:
+  name: k8s-runner
+  namespace: action-runner-system
+  labels:
+    app.kubernetes.io/component: autoscaling-runner-set
+    app.kubernetes.io/name: k8s-runner
+    app.kubernetes.io/instance: k8s-runner
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/part-of: gha-rs
+    actions.github.com/scale-set-name: k8s-runner
+    actions.github.com/scale-set-namespace: action-runner-system
+  annotations:
+    actions.github.com/values-hash: 9b4f7f00014ca557a91990e221d05c7ac51d8a3ee78e2d6c0ce77137899eab7
+    actions.github.com/cleanup-github-secret-name: k8s-runner-gha-rs-github-secret
+    actions.github.com/cleanup-manager-role-binding: k8s-runner-gha-rs-manager
+    actions.github.com/cleanup-manager-role-name: k8s-runner-gha-rs-manager
+spec:
+  githubConfigUrl: https://github.com/chrede88/home-ops
+  githubConfigSecret: k8s-runner-gha-rs-github-secret
+  maxRunners: 3
+  minRunners: 0
+  template:
+    spec:
+      securityContext:
+        fsGroup: 123
+      restartPolicy: Never
+      serviceAccountName: k8s-runner
+      containers:
+      - name: runner
+        command:
+        - /home/runner/run.sh
+        image: ghcr.io/onedr0p/actions-runner:2.322.0
+        env:
+        - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
+          value: 'false'
+        - name: ACTIONS_RUNNER_CONTAINER_HOOKS
+          value: /home/runner/k8s/index.js
+        - name: ACTIONS_RUNNER_POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        volumeMounts:
+        - name: work
+          mountPath: /home/runner/_work
+      volumes:
+      - name: work
+        ephemeral:
+          volumeClaimTemplate:
+            spec:
+              accessModes:
+              - ReadWriteOnce
+              resources:
+                requests:
+                  storage: 1Gi
+              storageClassName: ceph-block
+
--- HelmRelease: action-runner-system/actions-runner-controller ServiceAccount: action-runner-system/actions-runner-controller

+++ HelmRelease: action-runner-system/actions-runner-controller ServiceAccount: action-runner-system/actions-runner-controller

@@ -0,0 +1,13 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: actions-runner-controller
+  namespace: action-runner-system
+  labels:
+    app.kubernetes.io/name: gha-rs-controller
+    app.kubernetes.io/namespace: action-runner-system
+    app.kubernetes.io/instance: actions-runner-controller
+    app.kubernetes.io/part-of: gha-rs-controller
+    app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: action-runner-system/actions-runner-controller ClusterRole: action-runner-system/actions-runner-controller

+++ HelmRelease: action-runner-system/actions-runner-controller ClusterRole: action-runner-system/actions-runner-controller

@@ -0,0 +1,144 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: actions-runner-controller
+rules:
+- apiGroups:
+  - actions.github.com
+  resources:
+  - autoscalingrunnersets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - actions.github.com
+  resources:
+  - autoscalingrunnersets/finalizers
+  verbs:
+  - patch
+  - update
+- apiGroups:
+  - actions.github.com
+  resources:
+  - autoscalingrunnersets/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - actions.github.com
+  resources:
+  - autoscalinglisteners
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - actions.github.com
+  resources:
+  - autoscalinglisteners/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - actions.github.com
+  resources:
+  - autoscalinglisteners/finalizers
+  verbs:
+  - patch
+  - update
+- apiGroups:
+  - actions.github.com
+  resources:
+  - ephemeralrunnersets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - actions.github.com
+  resources:
+  - ephemeralrunnersets/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - actions.github.com
+  resources:
+  - ephemeralrunnersets/finalizers
+  verbs:
+  - patch
+  - update
+- apiGroups:
+  - actions.github.com
+  resources:
+  - ephemeralrunners
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - actions.github.com
+  resources:
+  - ephemeralrunners/finalizers
+  verbs:
+  - patch
+  - update
+- apiGroups:
+  - actions.github.com
+  resources:
+  - ephemeralrunners/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - roles
+  verbs:
+  - list
+  - watch
+  - patch
+
--- HelmRelease: action-runner-system/actions-runner-controller ClusterRoleBinding: action-runner-system/actions-runner-controller

+++ HelmRelease: action-runner-system/actions-runner-controller ClusterRoleBinding: action-runner-system/actions-runner-controller

@@ -0,0 +1,14 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: actions-runner-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: actions-runner-controller
+subjects:
+- kind: ServiceAccount
+  name: actions-runner-controller
+  namespace: action-runner-system
+
--- HelmRelease: action-runner-system/actions-runner-controller Role: action-runner-system/actions-runner-controller-listener

+++ HelmRelease: action-runner-system/actions-runner-controller Role: action-runner-system/actions-runner-controller-listener

@@ -0,0 +1,42 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: actions-runner-controller-listener
+  namespace: action-runner-system
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - create
+  - delete
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - pods/status
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - patch
+  - update
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts
+  verbs:
+  - create
+  - delete
+  - get
+  - patch
+  - update
+
--- HelmRelease: action-runner-system/actions-runner-controller RoleBinding: action-runner-system/actions-runner-controller-listener

+++ HelmRelease: action-runner-system/actions-runner-controller RoleBinding: action-runner-system/actions-runner-controller-listener

@@ -0,0 +1,15 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: actions-runner-controller-listener
+  namespace: action-runner-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: actions-runner-controller-listener
+subjects:
+- kind: ServiceAccount
+  name: actions-runner-controller
+  namespace: action-runner-system
+
--- HelmRelease: action-runner-system/actions-runner-controller Deployment: action-runner-system/actions-runner-controller

+++ HelmRelease: action-runner-system/actions-runner-controller Deployment: action-runner-system/actions-runner-controller

@@ -0,0 +1,63 @@

+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: actions-runner-controller
+  namespace: action-runner-system
+  labels:
+    app.kubernetes.io/name: gha-rs-controller
+    app.kubernetes.io/namespace: action-runner-system
+    app.kubernetes.io/instance: actions-runner-controller
+    app.kubernetes.io/part-of: gha-rs-controller
+    app.kubernetes.io/managed-by: Helm
+    actions.github.com/controller-service-account-namespace: action-runner-system
+    actions.github.com/controller-service-account-name: actions-runner-controller
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: gha-rs-controller
+      app.kubernetes.io/namespace: action-runner-system
+      app.kubernetes.io/instance: actions-runner-controller
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+      labels:
+        app.kubernetes.io/part-of: gha-rs-controller
+        app.kubernetes.io/component: controller-manager
+        app.kubernetes.io/name: gha-rs-controller
+        app.kubernetes.io/namespace: action-runner-system
+        app.kubernetes.io/instance: actions-runner-controller
+    spec:
+      serviceAccountName: actions-runner-controller
+      containers:
+      - name: manager
+        image: ghcr.io/actions/gha-runner-scale-set-controller:0.10.1
+        imagePullPolicy: IfNotPresent
+        args:
+        - --auto-scaling-runner-set-only
+        - --log-level=debug
+        - --log-format=text
+        - --runner-max-concurrent-reconciles=2
+        - --update-strategy=immediate
+        - --listener-metrics-addr=0
+        - --listener-metrics-endpoint=
+        - --metrics-addr=0
+        command:
+        - /manager
+        env:
+        - name: CONTROLLER_MANAGER_CONTAINER_IMAGE
+          value: ghcr.io/actions/gha-runner-scale-set-controller:0.10.1
+        - name: CONTROLLER_MANAGER_POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        volumeMounts:
+        - mountPath: /tmp
+          name: tmp
+      terminationGracePeriodSeconds: 10
+      volumes:
+      - name: tmp
+        emptyDir: {}
+

@github-actions GitHub Actions
Copy link 

--- cluster/kubernetes/flux/resources Kustomization: flux-system/cluster-resources HelmRepository: flux-system/action-runner-controller

+++ cluster/kubernetes/flux/resources Kustomization: flux-system/cluster-resources HelmRepository: flux-system/action-runner-controller

@@ -0,0 +1,14 @@

+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  labels:
+    kustomize.toolkit.fluxcd.io/name: cluster-resources
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: action-runner-controller
+  namespace: flux-system
+spec:
+  interval: 2h
+  type: oci
+  url: oci://ghcr.io/actions/actions-runner-controller-charts
+
--- cluster/kubernetes/apps Kustomization: flux-system/cluster-apps Namespace: flux-system/action-runner-system

+++ cluster/kubernetes/apps Kustomization: flux-system/cluster-apps Namespace: flux-system/action-runner-system

@@ -0,0 +1,11 @@

+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    kustomize.toolkit.fluxcd.io/prune: disabled
+  labels:
+    kustomize.toolkit.fluxcd.io/name: cluster-apps
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: action-runner-system
+
--- cluster/kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/action-runner-controller

+++ cluster/kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/action-runner-controller

@@ -0,0 +1,26 @@

+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  labels:
+    kustomize.toolkit.fluxcd.io/name: cluster-apps
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: action-runner-controller
+  namespace: flux-system
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: action-runner-controller
+  dependsOn:
+  - name: rook-ceph-cluster
+  interval: 30m
+  path: ./cluster/kubernetes/apps/action-runner-system/action-runner-controller/app
+  prune: true
+  retryInterval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  targetNamespace: action-runner-system
+  timeout: 5m
+  wait: false
+
--- cluster/kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/action-runner-controller-runners

+++ cluster/kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/action-runner-controller-runners

@@ -0,0 +1,26 @@

+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  labels:
+    kustomize.toolkit.fluxcd.io/name: cluster-apps
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: action-runner-controller-runners
+  namespace: flux-system
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: action-runner-controller-runners
+  dependsOn:
+  - name: action-runner-controller
+  interval: 30m
+  path: ./cluster/kubernetes/apps/action-runner-system/action-runner-controller/runners
+  prune: true
+  retryInterval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  targetNamespace: action-runner-system
+  timeout: 5m
+  wait: false
+
--- cluster/kubernetes/apps Kustomization: flux-system/cluster-apps Alert: action-runner-system/alertmanager

+++ cluster/kubernetes/apps Kustomization: flux-system/cluster-apps Alert: action-runner-system/alertmanager

@@ -0,0 +1,27 @@

+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Alert
+metadata:
+  labels:
+    kustomize.toolkit.fluxcd.io/name: cluster-apps
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: alertmanager
+  namespace: action-runner-system
+spec:
+  eventSeverity: error
+  eventSources:
+  - kind: FluxInstance
+    name: '*'
+  - kind: GitRepository
+    name: '*'
+  - kind: HelmRelease
+    name: '*'
+  - kind: HelmRepository
+    name: '*'
+  - kind: Kustomization
+    name: '*'
+  - kind: OCIRepository
+    name: '*'
+  providerRef:
+    name: alertmanager
+
--- cluster/kubernetes/apps Kustomization: flux-system/cluster-apps Provider: action-runner-system/alertmanager

+++ cluster/kubernetes/apps Kustomization: flux-system/cluster-apps Provider: action-runner-system/alertmanager

@@ -0,0 +1,13 @@

+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Provider
+metadata:
+  labels:
+    kustomize.toolkit.fluxcd.io/name: cluster-apps
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: alertmanager
+  namespace: action-runner-system
+spec:
+  address: http://alertmanager-operated.observability.svc.cluster.local:9093/api/v2/alerts/
+  type: alertmanager
+
--- cluster/kubernetes/apps/action-runner-system/action-runner-controller/app Kustomization: flux-system/action-runner-controller HelmRelease: action-runner-system/actions-runner-controller

+++ cluster/kubernetes/apps/action-runner-system/action-runner-controller/app Kustomization: flux-system/action-runner-controller HelmRelease: action-runner-system/actions-runner-controller

@@ -0,0 +1,34 @@

+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  labels:
+    app.kubernetes.io/name: action-runner-controller
+    kustomize.toolkit.fluxcd.io/name: action-runner-controller
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: actions-runner-controller
+  namespace: action-runner-system
+spec:
+  chart:
+    spec:
+      chart: gha-runner-scale-set-controller
+      sourceRef:
+        kind: HelmRepository
+        name: action-runner-controller
+        namespace: flux-system
+      version: 0.10.1
+  install:
+    crds: CreateReplace
+    remediation:
+      retries: 3
+  interval: 30m
+  upgrade:
+    cleanupOnFail: true
+    crds: CreateReplace
+    remediation:
+      retries: 3
+      strategy: rollback
+  values:
+    fullnameOverride: actions-runner-controller
+    replicaCount: 1
+
--- cluster/kubernetes/apps/action-runner-system/action-runner-controller/runners Kustomization: flux-system/action-runner-controller-runners ExternalSecret: action-runner-system/action-runner-controller-secret

+++ cluster/kubernetes/apps/action-runner-system/action-runner-controller/runners Kustomization: flux-system/action-runner-controller-runners ExternalSecret: action-runner-system/action-runner-controller-secret

@@ -0,0 +1,28 @@

+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  labels:
+    app.kubernetes.io/name: action-runner-controller-runners
+    kustomize.toolkit.fluxcd.io/name: action-runner-controller-runners
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: action-runner-controller-secret
+  namespace: action-runner-system
+spec:
+  dataFrom:
+  - extract:
+      key: action-runner-controller-secret
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword
+  target:
+    name: action-runner-controller-secret
+    template:
+      data:
+        ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID: '{{ .ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID
+          }}'
+        ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID: '{{ .ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID
+          }}'
+        ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY: '{{ .ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY
+          }}'
+
--- cluster/kubernetes/apps/action-runner-system/action-runner-controller/runners Kustomization: flux-system/action-runner-controller-runners ServiceAccount: action-runner-system/k8s-runner

+++ cluster/kubernetes/apps/action-runner-system/action-runner-controller/runners Kustomization: flux-system/action-runner-controller-runners ServiceAccount: action-runner-system/k8s-runner

@@ -0,0 +1,11 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: action-runner-controller-runners
+    kustomize.toolkit.fluxcd.io/name: action-runner-controller-runners
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: k8s-runner
+  namespace: action-runner-system
+
--- cluster/kubernetes/apps/action-runner-system/action-runner-controller/runners Kustomization: flux-system/action-runner-controller-runners ClusterRole: flux-system/k8s-runner

+++ cluster/kubernetes/apps/action-runner-system/action-runner-controller/runners Kustomization: flux-system/action-runner-controller-runners ClusterRole: flux-system/k8s-runner

@@ -0,0 +1,19 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: action-runner-controller-runners
+    kustomize.toolkit.fluxcd.io/name: action-runner-controller-runners
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: k8s-runner
+rules:
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+
--- cluster/kubernetes/apps/action-runner-system/action-runner-controller/runners Kustomization: flux-system/action-runner-controller-runners ClusterRoleBinding: flux-system/k8s-runner

+++ cluster/kubernetes/apps/action-runner-system/action-runner-controller/runners Kustomization: flux-system/action-runner-controller-runners ClusterRoleBinding: flux-system/k8s-runner

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: action-runner-controller-runners
+    kustomize.toolkit.fluxcd.io/name: action-runner-controller-runners
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: k8s-runner
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: k8s-runner
+subjects:
+- kind: ServiceAccount
+  name: k8s-runner
+  namespace: actions-runner-system
+
--- cluster/kubernetes/apps/action-runner-system/action-runner-controller/runners Kustomization: flux-system/action-runner-controller-runners HelmRelease: action-runner-system/k8s-runner

+++ cluster/kubernetes/apps/action-runner-system/action-runner-controller/runners Kustomization: flux-system/action-runner-controller-runners HelmRelease: action-runner-system/k8s-runner

@@ -0,0 +1,74 @@

+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  labels:
+    app.kubernetes.io/name: action-runner-controller-runners
+    kustomize.toolkit.fluxcd.io/name: action-runner-controller-runners
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: k8s-runner
+  namespace: action-runner-system
+spec:
+  chart:
+    spec:
+      chart: gha-runner-scale-set
+      sourceRef:
+        kind: HelmRepository
+        name: action-runner-controller
+        namespace: flux-system
+      version: 0.10.1
+  dependsOn:
+  - name: actions-runner-controller
+    namespace: actions-runner-system
+  install:
+    remediation:
+      retries: 3
+  interval: 30m
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+      strategy: rollback
+  values:
+    containerMode:
+      kubernetesModeWorkVolumeClaim:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+        storageClassName: ceph-block
+      type: kubernetes
+    controllerServiceAccount:
+      name: actions-runner-controller
+      namespace: actions-runner-system
+    githubConfigUrl: https://github.com/chrede88/home-ops
+    maxRunners: 3
+    minRunners: 0
+    template:
+      spec:
+        containers:
+        - command:
+          - /home/runner/run.sh
+          env:
+          - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
+            value: 'false'
+          image: ghcr.io/onedr0p/actions-runner:2.322.0
+          name: runner
+        securityContext:
+          fsGroup: 123
+        serviceAccountName: k8s-runner
+  valuesFrom:
+  - kind: Secret
+    name: actions-runner-controller-secret
+    targetPath: githubConfigSecret.github_app_id
+    valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID
+  - kind: Secret
+    name: actions-runner-controller-secret
+    targetPath: githubConfigSecret.github_app_installation_id
+    valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID
+  - kind: Secret
+    name: actions-runner-controller-secret
+    targetPath: githubConfigSecret.github_app_private_key
+    valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY
+

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/kubernetes Changes made to kubernetes resources
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@chrede88