From 9b27dc3a540bcccfd625579a7b4c54b996dd08b5 Mon Sep 17 00:00:00 2001
From: Devin Buhl <devin@buhl.casa>
Date: Mon, 30 Dec 2024 17:15:54 -0500
Subject: [PATCH] feat(arc): use kubernetes mode

Signed-off-by: Devin Buhl <devin@buhl.casa>
---
 .taskfiles/kubernetes/Taskfile.yaml                | 14 ++++++++++++++
 .../gha-runner-scale-set/app/helmrelease.yaml      | 13 +++++++++++--
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/.taskfiles/kubernetes/Taskfile.yaml b/.taskfiles/kubernetes/Taskfile.yaml
index 1cda160b6b6fa..ecf40d98f8b77 100644
--- a/.taskfiles/kubernetes/Taskfile.yaml
+++ b/.taskfiles/kubernetes/Taskfile.yaml
@@ -59,3 +59,17 @@ tasks:
       vars: [CLUSTER]
     preconditions:
       - which kubectl
+
+  # https://docs.github.com/en/enterprise-cloud@latest/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller#upgrading-arc
+  upgrade-arc:
+    desc: Upgrade the ARC [CLUSTER=main]
+    cmds:
+      - helm -n actions-runner-system uninstall gha-runner-scale-set
+      - helm -n actions-runner-system uninstall gha-runner-scale-set-controller
+      - sleep 5
+      - flux -n actions-runner-system reconcile hr gha-runner-scale-set-controller
+      - flux -n actions-runner-system reconcile hr gha-runner-scale-set
+    requires:
+      vars: [CLUSTER]
+    preconditions:
+      - which flux helm
diff --git a/kubernetes/main/apps/actions-runner-system/gha-runner-scale-set/app/helmrelease.yaml b/kubernetes/main/apps/actions-runner-system/gha-runner-scale-set/app/helmrelease.yaml
index dd7eb1eceb62c..fe0b2082099a5 100644
--- a/kubernetes/main/apps/actions-runner-system/gha-runner-scale-set/app/helmrelease.yaml
+++ b/kubernetes/main/apps/actions-runner-system/gha-runner-scale-set/app/helmrelease.yaml
@@ -47,15 +47,22 @@ spec:
     minRunners: 1
     maxRunners: 3
     containerMode:
-      type: dind
+      type: kubernetes
+      kubernetesModeWorkVolumeClaim:
+        accessModes: ["ReadWriteOnce"]
+        storageClassName: ceph-block
+        resources:
+          requests:
+            storage: 20Gi
     template:
       spec:
-        automountServiceAccountToken: true
         containers:
           - name: runner
             image: ghcr.io/onedr0p/actions-runner:2.321.0@sha256:3665cbbcd2a3b7e1626e6100a6924d316d501650b9863a24b5639aee68bdb110
             command: ["/home/runner/run.sh"]
             env:
+              - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
+                value: "false"
               - name: NODE_IP
                 valueFrom:
                   fieldRef:
@@ -64,6 +71,8 @@ spec:
               - mountPath: /var/run/secrets/talos.dev
                 name: talos
                 readOnly: true
+        securityContext:
+          fsGroup: 123
         serviceAccountName: actions-runner
         volumes:
           - name: talos