Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: actions-runner-controller namespace #8647

Merged
merged 2 commits into from
Jan 13, 2025
Merged

Conversation

onedr0p
Copy link
Owner

@onedr0p onedr0p commented Jan 13, 2025

No description provided.

@bot-ross bot-ross bot added the area/kubernetes Changes made in the kubernetes directory label Jan 13, 2025
@bot-ross
Copy link
Contributor

bot-ross bot commented Jan 13, 2025

--- HelmRelease: actions-runner-system/gha-runner-scale-set-controller ServiceAccount: actions-runner-system/gha-runner-scale-set-controller

+++ HelmRelease: actions-runner-system/gha-runner-scale-set-controller ServiceAccount: actions-runner-system/gha-runner-scale-set-controller

@@ -1,13 +0,0 @@

----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: gha-runner-scale-set-controller
-  namespace: actions-runner-system
-  labels:
-    app.kubernetes.io/name: gha-rs-controller
-    app.kubernetes.io/namespace: actions-runner-system
-    app.kubernetes.io/instance: gha-runner-scale-set-controller
-    app.kubernetes.io/part-of: gha-rs-controller
-    app.kubernetes.io/managed-by: Helm
-
--- HelmRelease: actions-runner-system/gha-runner-scale-set-controller ClusterRole: actions-runner-system/gha-runner-scale-set-controller

+++ HelmRelease: actions-runner-system/gha-runner-scale-set-controller ClusterRole: actions-runner-system/gha-runner-scale-set-controller

@@ -1,144 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: gha-runner-scale-set-controller
-rules:
-- apiGroups:
-  - actions.github.com
-  resources:
-  - autoscalingrunnersets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - actions.github.com
-  resources:
-  - autoscalingrunnersets/finalizers
-  verbs:
-  - patch
-  - update
-- apiGroups:
-  - actions.github.com
-  resources:
-  - autoscalingrunnersets/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - actions.github.com
-  resources:
-  - autoscalinglisteners
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - actions.github.com
-  resources:
-  - autoscalinglisteners/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - actions.github.com
-  resources:
-  - autoscalinglisteners/finalizers
-  verbs:
-  - patch
-  - update
-- apiGroups:
-  - actions.github.com
-  resources:
-  - ephemeralrunnersets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - actions.github.com
-  resources:
-  - ephemeralrunnersets/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - actions.github.com
-  resources:
-  - ephemeralrunnersets/finalizers
-  verbs:
-  - patch
-  - update
-- apiGroups:
-  - actions.github.com
-  resources:
-  - ephemeralrunners
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - actions.github.com
-  resources:
-  - ephemeralrunners/finalizers
-  verbs:
-  - patch
-  - update
-- apiGroups:
-  - actions.github.com
-  resources:
-  - ephemeralrunners/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - ''
-  resources:
-  - pods
-  verbs:
-  - list
-  - watch
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts
-  verbs:
-  - list
-  - watch
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - rolebindings
-  verbs:
-  - list
-  - watch
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - roles
-  verbs:
-  - list
-  - watch
-  - patch
-
--- HelmRelease: actions-runner-system/gha-runner-scale-set-controller ClusterRoleBinding: actions-runner-system/gha-runner-scale-set-controller

+++ HelmRelease: actions-runner-system/gha-runner-scale-set-controller ClusterRoleBinding: actions-runner-system/gha-runner-scale-set-controller

@@ -1,14 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: gha-runner-scale-set-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: gha-runner-scale-set-controller
-subjects:
-- kind: ServiceAccount
-  name: gha-runner-scale-set-controller
-  namespace: actions-runner-system
-
--- HelmRelease: actions-runner-system/gha-runner-scale-set-controller Role: actions-runner-system/gha-runner-scale-set-controller-listener

+++ HelmRelease: actions-runner-system/gha-runner-scale-set-controller Role: actions-runner-system/gha-runner-scale-set-controller-listener

@@ -1,42 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: gha-runner-scale-set-controller-listener
-  namespace: actions-runner-system
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - pods
-  verbs:
-  - create
-  - delete
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - pods/status
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - create
-  - delete
-  - get
-  - patch
-  - update
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts
-  verbs:
-  - create
-  - delete
-  - get
-  - patch
-  - update
-
--- HelmRelease: actions-runner-system/gha-runner-scale-set-controller RoleBinding: actions-runner-system/gha-runner-scale-set-controller-listener

+++ HelmRelease: actions-runner-system/gha-runner-scale-set-controller RoleBinding: actions-runner-system/gha-runner-scale-set-controller-listener

@@ -1,15 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: gha-runner-scale-set-controller-listener
-  namespace: actions-runner-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: gha-runner-scale-set-controller-listener
-subjects:
-- kind: ServiceAccount
-  name: gha-runner-scale-set-controller
-  namespace: actions-runner-system
-
--- HelmRelease: actions-runner-system/gha-runner-scale-set-controller Deployment: actions-runner-system/gha-runner-scale-set-controller

+++ HelmRelease: actions-runner-system/gha-runner-scale-set-controller Deployment: actions-runner-system/gha-runner-scale-set-controller

@@ -1,63 +0,0 @@

----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: gha-runner-scale-set-controller
-  namespace: actions-runner-system
-  labels:
-    app.kubernetes.io/name: gha-rs-controller
-    app.kubernetes.io/namespace: actions-runner-system
-    app.kubernetes.io/instance: gha-runner-scale-set-controller
-    app.kubernetes.io/part-of: gha-rs-controller
-    app.kubernetes.io/managed-by: Helm
-    actions.github.com/controller-service-account-namespace: actions-runner-system
-    actions.github.com/controller-service-account-name: gha-runner-scale-set-controller
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: gha-rs-controller
-      app.kubernetes.io/namespace: actions-runner-system
-      app.kubernetes.io/instance: gha-runner-scale-set-controller
-  template:
-    metadata:
-      annotations:
-        kubectl.kubernetes.io/default-container: manager
-      labels:
-        app.kubernetes.io/part-of: gha-rs-controller
-        app.kubernetes.io/component: controller-manager
-        app.kubernetes.io/name: gha-rs-controller
-        app.kubernetes.io/namespace: actions-runner-system
-        app.kubernetes.io/instance: gha-runner-scale-set-controller
-    spec:
-      serviceAccountName: gha-runner-scale-set-controller
-      containers:
-      - name: manager
-        image: ghcr.io/actions/gha-runner-scale-set-controller:0.10.1
-        imagePullPolicy: IfNotPresent
-        args:
-        - --auto-scaling-runner-set-only
-        - --log-level=debug
-        - --log-format=text
-        - --runner-max-concurrent-reconciles=2
-        - --update-strategy=immediate
-        - --listener-metrics-addr=0
-        - --listener-metrics-endpoint=
-        - --metrics-addr=0
-        command:
-        - /manager
-        env:
-        - name: CONTROLLER_MANAGER_CONTAINER_IMAGE
-          value: ghcr.io/actions/gha-runner-scale-set-controller:0.10.1
-        - name: CONTROLLER_MANAGER_POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        volumeMounts:
-        - mountPath: /tmp
-          name: tmp
-      terminationGracePeriodSeconds: 10
-      volumes:
-      - name: tmp
-        emptyDir: {}
-
--- HelmRelease: actions-runner-system/gha-runner-scale-set Role: actions-runner-system/gha-runner-scale-set-gha-rs-manager

+++ HelmRelease: actions-runner-system/gha-runner-scale-set Role: actions-runner-system/gha-runner-scale-set-gha-rs-manager

@@ -1,74 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: gha-runner-scale-set-gha-rs-manager
-  namespace: actions-runner-system
-  labels:
-    app.kubernetes.io/name: gha-runner-scale-set
-    app.kubernetes.io/instance: gha-runner-scale-set
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: gha-rs
-    actions.github.com/scale-set-name: gha-runner-scale-set
-    actions.github.com/scale-set-namespace: actions-runner-system
-    app.kubernetes.io/component: manager-role
-  finalizers:
-  - actions.github.com/cleanup-protection
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - pods
-  verbs:
-  - create
-  - delete
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - pods/status
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - rolebindings
-  verbs:
-  - create
-  - delete
-  - get
-  - patch
-  - update
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - roles
-  verbs:
-  - create
-  - delete
-  - get
-  - patch
-  - update
-
--- HelmRelease: actions-runner-system/gha-runner-scale-set RoleBinding: actions-runner-system/gha-runner-scale-set-gha-rs-manager

+++ HelmRelease: actions-runner-system/gha-runner-scale-set RoleBinding: actions-runner-system/gha-runner-scale-set-gha-rs-manager

@@ -1,25 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: gha-runner-scale-set-gha-rs-manager
-  namespace: actions-runner-system
-  labels:
-    app.kubernetes.io/name: gha-runner-scale-set
-    app.kubernetes.io/instance: gha-runner-scale-set
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: gha-rs
-    actions.github.com/scale-set-name: gha-runner-scale-set
-    actions.github.com/scale-set-namespace: actions-runner-system
-    app.kubernetes.io/component: manager-role-binding
-  finalizers:
-  - actions.github.com/cleanup-protection
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: gha-runner-scale-set-gha-rs-manager
-subjects:
-- kind: ServiceAccount
-  name: gha-runner-scale-set-controller
-  namespace: actions-runner-system
-
--- HelmRelease: actions-runner-system/gha-runner-scale-set AutoscalingRunnerSet: actions-runner-system/gha-runner-scale-set

+++ HelmRelease: actions-runner-system/gha-runner-scale-set AutoscalingRunnerSet: actions-runner-system/gha-runner-scale-set

@@ -1,68 +0,0 @@

----
-apiVersion: actions.github.com/v1alpha1
-kind: AutoscalingRunnerSet
-metadata:
-  name: gha-runner-scale-set
-  namespace: actions-runner-system
-  labels:
-    app.kubernetes.io/component: autoscaling-runner-set
-    app.kubernetes.io/name: gha-runner-scale-set
-    app.kubernetes.io/instance: gha-runner-scale-set
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: gha-rs
-    actions.github.com/scale-set-name: gha-runner-scale-set
-    actions.github.com/scale-set-namespace: actions-runner-system
-  annotations:
-    actions.github.com/values-hash: 9c58c6fe7898a80b85e3640c9ca8f6ebcd0452ae9f7e776d62c058707c28280
-    actions.github.com/cleanup-github-secret-name: gha-runner-scale-set-gha-rs-github-secret
-    actions.github.com/cleanup-manager-role-binding: gha-runner-scale-set-gha-rs-manager
-    actions.github.com/cleanup-manager-role-name: gha-runner-scale-set-gha-rs-manager
-spec:
-  githubConfigUrl: https://github.com/onedr0p/home-ops
-  githubConfigSecret: gha-runner-scale-set-gha-rs-github-secret
-  runnerScaleSetName: gha-runner-scale-set
-  maxRunners: 3
-  minRunners: 1
-  template:
-    spec:
-      restartPolicy: Never
-      serviceAccountName: actions-runner
-      containers:
-      - name: runner
-        command:
-        - /home/runner/run.sh
-        image: ghcr.io/onedr0p/actions-runner:2.321.0@sha256:a7539dc157f3f0129f49459826576ab53a529580916bb8a09a395e61e38354c0
-        env:
-        - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
-          value: 'false'
-        - name: NODE_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.hostIP
-        - name: ACTIONS_RUNNER_CONTAINER_HOOKS
-          value: /home/runner/k8s/index.js
-        - name: ACTIONS_RUNNER_POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        volumeMounts:
-        - mountPath: /var/run/secrets/talos.dev
-          name: talos
-          readOnly: true
-        - name: work
-          mountPath: /home/runner/_work
-      volumes:
-      - name: work
-        ephemeral:
-          volumeClaimTemplate:
-            spec:
-              accessModes:
-              - ReadWriteOnce
-              resources:
-                requests:
-                  storage: 25Gi
-              storageClassName: openebs-hostpath
-      - name: talos
-        secret:
-          secretName: actions-runner
-
--- HelmRelease: actions-runner-system/home-ops-runner Role: actions-runner-system/home-ops-runner-gha-rs-manager

+++ HelmRelease: actions-runner-system/home-ops-runner Role: actions-runner-system/home-ops-runner-gha-rs-manager

@@ -0,0 +1,74 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: home-ops-runner-gha-rs-manager
+  namespace: actions-runner-system
+  labels:
+    app.kubernetes.io/name: home-ops-runner
+    app.kubernetes.io/instance: home-ops-runner
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/part-of: gha-rs
+    actions.github.com/scale-set-name: home-ops-runner
+    actions.github.com/scale-set-namespace: actions-runner-system
+    app.kubernetes.io/component: manager-role
+  finalizers:
+  - actions.github.com/cleanup-protection
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - create
+  - delete
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - pods/status
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  verbs:
+  - create
+  - delete
+  - get
+  - patch
+  - update
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - roles
+  verbs:
+  - create
+  - delete
+  - get
+  - patch
+  - update
+
--- HelmRelease: actions-runner-system/home-ops-runner RoleBinding: actions-runner-system/home-ops-runner-gha-rs-manager

+++ HelmRelease: actions-runner-system/home-ops-runner RoleBinding: actions-runner-system/home-ops-runner-gha-rs-manager

@@ -0,0 +1,25 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: home-ops-runner-gha-rs-manager
+  namespace: actions-runner-system
+  labels:
+    app.kubernetes.io/name: home-ops-runner
+    app.kubernetes.io/instance: home-ops-runner
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/part-of: gha-rs
+    actions.github.com/scale-set-name: home-ops-runner
+    actions.github.com/scale-set-namespace: actions-runner-system
+    app.kubernetes.io/component: manager-role-binding
+  finalizers:
+  - actions.github.com/cleanup-protection
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: home-ops-runner-gha-rs-manager
+subjects:
+- kind: ServiceAccount
+  name: actions-runner-controller
+  namespace: actions-runner-system
+
--- HelmRelease: actions-runner-system/home-ops-runner AutoscalingRunnerSet: actions-runner-system/home-ops-runner

+++ HelmRelease: actions-runner-system/home-ops-runner AutoscalingRunnerSet: actions-runner-system/home-ops-runner

@@ -0,0 +1,68 @@

+---
+apiVersion: actions.github.com/v1alpha1
+kind: AutoscalingRunnerSet
+metadata:
+  name: home-ops-runner
+  namespace: actions-runner-system
+  labels:
+    app.kubernetes.io/component: autoscaling-runner-set
+    app.kubernetes.io/name: home-ops-runner
+    app.kubernetes.io/instance: home-ops-runner
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/part-of: gha-rs
+    actions.github.com/scale-set-name: home-ops-runner
+    actions.github.com/scale-set-namespace: actions-runner-system
+  annotations:
+    actions.github.com/values-hash: fa5bba8f3d62c54dcb07756e2fb4d773065da790535c03685dddad9ce75cf4b
+    actions.github.com/cleanup-github-secret-name: home-ops-runner-gha-rs-github-secret
+    actions.github.com/cleanup-manager-role-binding: home-ops-runner-gha-rs-manager
+    actions.github.com/cleanup-manager-role-name: home-ops-runner-gha-rs-manager
+spec:
+  githubConfigUrl: https://github.com/onedr0p/home-ops
+  githubConfigSecret: home-ops-runner-gha-rs-github-secret
+  runnerScaleSetName: home-ops-runner
+  maxRunners: 3
+  minRunners: 1
+  template:
+    spec:
+      restartPolicy: Never
+      serviceAccountName: home-ops-runner
+      containers:
+      - name: runner
+        command:
+        - /home/runner/run.sh
+        image: ghcr.io/onedr0p/actions-runner:2.321.0@sha256:a7539dc157f3f0129f49459826576ab53a529580916bb8a09a395e61e38354c0
+        env:
+        - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
+          value: 'false'
+        - name: NODE_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.hostIP
+        - name: ACTIONS_RUNNER_CONTAINER_HOOKS
+          value: /home/runner/k8s/index.js
+        - name: ACTIONS_RUNNER_POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        volumeMounts:
+        - mountPath: /var/run/secrets/talos.dev
+          name: talos
+          readOnly: true
+        - name: work
+          mountPath: /home/runner/_work
+      volumes:
+      - name: work
+        ephemeral:
+          volumeClaimTemplate:
+            spec:
+              accessModes:
+              - ReadWriteOnce
+              resources:
+                requests:
+                  storage: 25Gi
+              storageClassName: openebs-hostpath
+      - name: talos
+        secret:
+          secretName: home-ops-runner
+
--- HelmRelease: actions-runner-system/actions-runner-controller ServiceAccount: actions-runner-system/actions-runner-controller

+++ HelmRelease: actions-runner-system/actions-runner-controller ServiceAccount: actions-runner-system/actions-runner-controller

@@ -0,0 +1,13 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: actions-runner-controller
+  namespace: actions-runner-system
+  labels:
+    app.kubernetes.io/name: gha-rs-controller
+    app.kubernetes.io/namespace: actions-runner-system
+    app.kubernetes.io/instance: actions-runner-controller
+    app.kubernetes.io/part-of: gha-rs-controller
+    app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: actions-runner-system/actions-runner-controller ClusterRole: actions-runner-system/actions-runner-controller

+++ HelmRelease: actions-runner-system/actions-runner-controller ClusterRole: actions-runner-system/actions-runner-controller

@@ -0,0 +1,144 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: actions-runner-controller
+rules:
+- apiGroups:
+  - actions.github.com
+  resources:
+  - autoscalingrunnersets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - actions.github.com
+  resources:
+  - autoscalingrunnersets/finalizers
+  verbs:
+  - patch
+  - update
+- apiGroups:
+  - actions.github.com
+  resources:
+  - autoscalingrunnersets/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - actions.github.com
+  resources:
+  - autoscalinglisteners
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - actions.github.com
+  resources:
+  - autoscalinglisteners/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - actions.github.com
+  resources:
+  - autoscalinglisteners/finalizers
+  verbs:
+  - patch
+  - update
+- apiGroups:
+  - actions.github.com
+  resources:
+  - ephemeralrunnersets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - actions.github.com
+  resources:
+  - ephemeralrunnersets/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - actions.github.com
+  resources:
+  - ephemeralrunnersets/finalizers
+  verbs:
+  - patch
+  - update
+- apiGroups:
+  - actions.github.com
+  resources:
+  - ephemeralrunners
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - actions.github.com
+  resources:
+  - ephemeralrunners/finalizers
+  verbs:
+  - patch
+  - update
+- apiGroups:
+  - actions.github.com
+  resources:
+  - ephemeralrunners/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - roles
+  verbs:
+  - list
+  - watch
+  - patch
+
--- HelmRelease: actions-runner-system/actions-runner-controller ClusterRoleBinding: actions-runner-system/actions-runner-controller

+++ HelmRelease: actions-runner-system/actions-runner-controller ClusterRoleBinding: actions-runner-system/actions-runner-controller

@@ -0,0 +1,14 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: actions-runner-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: actions-runner-controller
+subjects:
+- kind: ServiceAccount
+  name: actions-runner-controller
+  namespace: actions-runner-system
+
--- HelmRelease: actions-runner-system/actions-runner-controller Role: actions-runner-system/actions-runner-controller-listener

+++ HelmRelease: actions-runner-system/actions-runner-controller Role: actions-runner-system/actions-runner-controller-listener

@@ -0,0 +1,42 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: actions-runner-controller-listener
+  namespace: actions-runner-system
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - create
+  - delete
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - pods/status
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - patch
+  - update
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts
+  verbs:
+  - create
+  - delete
+  - get
+  - patch
+  - update
+
--- HelmRelease: actions-runner-system/actions-runner-controller RoleBinding: actions-runner-system/actions-runner-controller-listener

+++ HelmRelease: actions-runner-system/actions-runner-controller RoleBinding: actions-runner-system/actions-runner-controller-listener

@@ -0,0 +1,15 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: actions-runner-controller-listener
+  namespace: actions-runner-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: actions-runner-controller-listener
+subjects:
+- kind: ServiceAccount
+  name: actions-runner-controller
+  namespace: actions-runner-system
+
--- HelmRelease: actions-runner-system/actions-runner-controller Deployment: actions-runner-system/actions-runner-controller

+++ HelmRelease: actions-runner-system/actions-runner-controller Deployment: actions-runner-system/actions-runner-controller

@@ -0,0 +1,63 @@

+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: actions-runner-controller
+  namespace: actions-runner-system
+  labels:
+    app.kubernetes.io/name: gha-rs-controller
+    app.kubernetes.io/namespace: actions-runner-system
+    app.kubernetes.io/instance: actions-runner-controller
+    app.kubernetes.io/part-of: gha-rs-controller
+    app.kubernetes.io/managed-by: Helm
+    actions.github.com/controller-service-account-namespace: actions-runner-system
+    actions.github.com/controller-service-account-name: actions-runner-controller
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: gha-rs-controller
+      app.kubernetes.io/namespace: actions-runner-system
+      app.kubernetes.io/instance: actions-runner-controller
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+      labels:
+        app.kubernetes.io/part-of: gha-rs-controller
+        app.kubernetes.io/component: controller-manager
+        app.kubernetes.io/name: gha-rs-controller
+        app.kubernetes.io/namespace: actions-runner-system
+        app.kubernetes.io/instance: actions-runner-controller
+    spec:
+      serviceAccountName: actions-runner-controller
+      containers:
+      - name: manager
+        image: ghcr.io/actions/gha-runner-scale-set-controller:0.10.1
+        imagePullPolicy: IfNotPresent
+        args:
+        - --auto-scaling-runner-set-only
+        - --log-level=debug
+        - --log-format=text
+        - --runner-max-concurrent-reconciles=2
+        - --update-strategy=immediate
+        - --listener-metrics-addr=0
+        - --listener-metrics-endpoint=
+        - --metrics-addr=0
+        command:
+        - /manager
+        env:
+        - name: CONTROLLER_MANAGER_CONTAINER_IMAGE
+          value: ghcr.io/actions/gha-runner-scale-set-controller:0.10.1
+        - name: CONTROLLER_MANAGER_POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        volumeMounts:
+        - mountPath: /tmp
+          name: tmp
+      terminationGracePeriodSeconds: 10
+      volumes:
+      - name: tmp
+        emptyDir: {}
+

@bot-ross
Copy link
Contributor

bot-ross bot commented Jan 13, 2025

--- kubernetes/apps/actions-runner-system/gha-runner-scale-set/app Kustomization: flux-system/gha-runner-scale-set ServiceAccount: actions-runner-system/actions-runner

+++ kubernetes/apps/actions-runner-system/gha-runner-scale-set/app Kustomization: flux-system/gha-runner-scale-set ServiceAccount: actions-runner-system/actions-runner

@@ -1,14 +0,0 @@

----
-apiVersion: talos.dev/v1alpha1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: gha-runner-scale-set
-    kustomize.toolkit.fluxcd.io/name: gha-runner-scale-set
-    kustomize.toolkit.fluxcd.io/namespace: flux-system
-  name: actions-runner
-  namespace: actions-runner-system
-spec:
-  roles:
-  - os:admin
-
--- kubernetes/apps/actions-runner-system/gha-runner-scale-set/app Kustomization: flux-system/gha-runner-scale-set ClusterRoleBinding: flux-system/actions-runner

+++ kubernetes/apps/actions-runner-system/gha-runner-scale-set/app Kustomization: flux-system/gha-runner-scale-set ClusterRoleBinding: flux-system/actions-runner

@@ -1,18 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/name: gha-runner-scale-set
-    kustomize.toolkit.fluxcd.io/name: gha-runner-scale-set
-    kustomize.toolkit.fluxcd.io/namespace: flux-system
-  name: actions-runner
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: cluster-admin
-subjects:
-- kind: ServiceAccount
-  name: actions-runner
-  namespace: actions-runner-system
-
--- kubernetes/apps/actions-runner-system/gha-runner-scale-set/app Kustomization: flux-system/gha-runner-scale-set HelmRelease: actions-runner-system/gha-runner-scale-set

+++ kubernetes/apps/actions-runner-system/gha-runner-scale-set/app Kustomization: flux-system/gha-runner-scale-set HelmRelease: actions-runner-system/gha-runner-scale-set

@@ -1,90 +0,0 @@

----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  labels:
-    app.kubernetes.io/name: gha-runner-scale-set
-    kustomize.toolkit.fluxcd.io/name: gha-runner-scale-set
-    kustomize.toolkit.fluxcd.io/namespace: flux-system
-  name: gha-runner-scale-set
-  namespace: actions-runner-system
-spec:
-  chart:
-    spec:
-      chart: gha-runner-scale-set
-      sourceRef:
-        kind: HelmRepository
-        name: actions-runner-controller
-        namespace: flux-system
-      version: 0.10.1
-  dependsOn:
-  - name: gha-runner-scale-set-controller
-    namespace: actions-runner-system
-  - name: openebs
-    namespace: openebs-system
-  driftDetection:
-    mode: enabled
-  install:
-    remediation:
-      retries: 3
-  interval: 30m
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-      strategy: rollback
-  values:
-    containerMode:
-      kubernetesModeWorkVolumeClaim:
-        accessModes:
-        - ReadWriteOnce
-        resources:
-          requests:
-            storage: 25Gi
-        storageClassName: openebs-hostpath
-      type: kubernetes
-    controllerServiceAccount:
-      name: gha-runner-scale-set-controller
-      namespace: actions-runner-system
-    githubConfigUrl: https://github.com/onedr0p/home-ops
-    maxRunners: 3
-    minRunners: 1
-    nameOverride: gha-runner-scale-set
-    runnerScaleSetName: gha-runner-scale-set
-    template:
-      spec:
-        containers:
-        - command:
-          - /home/runner/run.sh
-          env:
-          - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
-            value: 'false'
-          - name: NODE_IP
-            valueFrom:
-              fieldRef:
-                fieldPath: status.hostIP
-          image: ghcr.io/onedr0p/actions-runner:2.321.0@sha256:a7539dc157f3f0129f49459826576ab53a529580916bb8a09a395e61e38354c0
-          name: runner
-          volumeMounts:
-          - mountPath: /var/run/secrets/talos.dev
-            name: talos
-            readOnly: true
-        serviceAccountName: actions-runner
-        volumes:
-        - name: talos
-          secret:
-            secretName: actions-runner
-  valuesFrom:
-  - kind: Secret
-    name: actions-runner-controller-auth-secret
-    targetPath: githubConfigSecret.github_app_id
-    valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID
-  - kind: Secret
-    name: actions-runner-controller-auth-secret
-    targetPath: githubConfigSecret.github_app_installation_id
-    valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID
-  - kind: Secret
-    name: actions-runner-controller-auth-secret
-    targetPath: githubConfigSecret.github_app_private_key
-    valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY
-
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/gha-runner-scale-set-controller

+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/gha-runner-scale-set-controller

@@ -1,37 +0,0 @@

----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  labels:
-    kustomize.toolkit.fluxcd.io/name: cluster-apps
-    kustomize.toolkit.fluxcd.io/namespace: flux-system
-  name: gha-runner-scale-set-controller
-  namespace: flux-system
-spec:
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: gha-runner-scale-set-controller
-  decryption:
-    provider: sops
-    secretRef:
-      name: sops-age
-  dependsOn:
-  - name: external-secrets-stores
-  interval: 30m
-  path: ./kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app
-  postBuild:
-    substituteFrom:
-    - kind: ConfigMap
-      name: cluster-settings
-      optional: true
-    - kind: Secret
-      name: cluster-secrets
-      optional: true
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  targetNamespace: actions-runner-system
-  timeout: 5m
-  wait: false
-
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/gha-runner-scale-set

+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/gha-runner-scale-set

@@ -1,35 +0,0 @@

----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  labels:
-    kustomize.toolkit.fluxcd.io/name: cluster-apps
-    kustomize.toolkit.fluxcd.io/namespace: flux-system
-  name: gha-runner-scale-set
-  namespace: flux-system
-spec:
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: gha-runner-scale-set
-  decryption:
-    provider: sops
-    secretRef:
-      name: sops-age
-  interval: 30m
-  path: ./kubernetes/apps/actions-runner-system/gha-runner-scale-set/app
-  postBuild:
-    substituteFrom:
-    - kind: ConfigMap
-      name: cluster-settings
-      optional: true
-    - kind: Secret
-      name: cluster-secrets
-      optional: true
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  targetNamespace: actions-runner-system
-  timeout: 5m
-  wait: false
-
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/actions-runner-controller

+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/actions-runner-controller

@@ -0,0 +1,37 @@

+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  labels:
+    kustomize.toolkit.fluxcd.io/name: cluster-apps
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: actions-runner-controller
+  namespace: flux-system
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: actions-runner-controller
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+  dependsOn:
+  - name: external-secrets-stores
+  interval: 30m
+  path: ./kubernetes/apps/actions-runner-system/actions-runner-controller/app
+  postBuild:
+    substituteFrom:
+    - kind: ConfigMap
+      name: cluster-settings
+      optional: true
+    - kind: Secret
+      name: cluster-secrets
+      optional: true
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  targetNamespace: actions-runner-system
+  timeout: 5m
+  wait: false
+
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/actions-runner-controller-runners

+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/actions-runner-controller-runners

@@ -0,0 +1,35 @@

+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  labels:
+    kustomize.toolkit.fluxcd.io/name: cluster-apps
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: actions-runner-controller-runners
+  namespace: flux-system
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: actions-runner-controller-runners
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+  interval: 30m
+  path: ./kubernetes/apps/actions-runner-system/actions-runner-controller/runners
+  postBuild:
+    substituteFrom:
+    - kind: ConfigMap
+      name: cluster-settings
+      optional: true
+    - kind: Secret
+      name: cluster-secrets
+      optional: true
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  targetNamespace: actions-runner-system
+  timeout: 5m
+  wait: false
+
--- kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app Kustomization: flux-system/gha-runner-scale-set-controller ExternalSecret: actions-runner-system/actions-runner-controller-auth

+++ kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app Kustomization: flux-system/gha-runner-scale-set-controller ExternalSecret: actions-runner-system/actions-runner-controller-auth

@@ -1,31 +0,0 @@

----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  labels:
-    app.kubernetes.io/name: gha-runner-scale-set-controller
-    kustomize.toolkit.fluxcd.io/name: gha-runner-scale-set-controller
-    kustomize.toolkit.fluxcd.io/namespace: flux-system
-  name: actions-runner-controller-auth
-  namespace: actions-runner-system
-spec:
-  dataFrom:
-  - extract:
-      key: actions-runner-controller
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: onepassword-connect
-  target:
-    name: actions-runner-controller-auth-secret
-    template:
-      data:
-        ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID: '{{ .ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID
-          }}'
-        ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID: '{{ .ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID
-          }}'
-        ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY: '{{ .ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY
-          }}'
-        ACTION_RUNNER_CONTROLLER_GITHUB_WEBHOOK_SECRET_TOKEN: '{{ .ACTION_RUNNER_CONTROLLER_GITHUB_WEBHOOK_SECRET_TOKEN
-          }}'
-      engineVersion: v2
-
--- kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app Kustomization: flux-system/gha-runner-scale-set-controller HelmRelease: actions-runner-system/gha-runner-scale-set-controller

+++ kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app Kustomization: flux-system/gha-runner-scale-set-controller HelmRelease: actions-runner-system/gha-runner-scale-set-controller

@@ -1,36 +0,0 @@

----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  labels:
-    app.kubernetes.io/name: gha-runner-scale-set-controller
-    kustomize.toolkit.fluxcd.io/name: gha-runner-scale-set-controller
-    kustomize.toolkit.fluxcd.io/namespace: flux-system
-  name: gha-runner-scale-set-controller
-  namespace: actions-runner-system
-spec:
-  chart:
-    spec:
-      chart: gha-runner-scale-set-controller
-      sourceRef:
-        kind: HelmRepository
-        name: actions-runner-controller
-        namespace: flux-system
-      version: 0.10.1
-  driftDetection:
-    mode: enabled
-  install:
-    crds: CreateReplace
-    remediation:
-      retries: 3
-  interval: 30m
-  upgrade:
-    cleanupOnFail: true
-    crds: CreateReplace
-    remediation:
-      retries: 3
-      strategy: rollback
-  values:
-    fullnameOverride: gha-runner-scale-set-controller
-    replicaCount: 1
-
--- kubernetes/apps/actions-runner-system/actions-runner-controller/runners Kustomization: flux-system/actions-runner-controller-runners HelmRelease: actions-runner-system/home-ops-runner

+++ kubernetes/apps/actions-runner-system/actions-runner-controller/runners Kustomization: flux-system/actions-runner-controller-runners HelmRelease: actions-runner-system/home-ops-runner

@@ -0,0 +1,88 @@

+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  labels:
+    app.kubernetes.io/name: actions-runner-controller-runners
+    kustomize.toolkit.fluxcd.io/name: actions-runner-controller-runners
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: home-ops-runner
+  namespace: actions-runner-system
+spec:
+  chart:
+    spec:
+      chart: gha-runner-scale-set
+      sourceRef:
+        kind: HelmRepository
+        name: actions-runner-controller
+        namespace: flux-system
+      version: 0.10.1
+  dependsOn:
+  - name: actions-runner-controller
+    namespace: actions-runner-system
+  - name: openebs
+    namespace: openebs-system
+  install:
+    remediation:
+      retries: 3
+  interval: 30m
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+      strategy: rollback
+  values:
+    containerMode:
+      kubernetesModeWorkVolumeClaim:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 25Gi
+        storageClassName: openebs-hostpath
+      type: kubernetes
+    controllerServiceAccount:
+      name: actions-runner-controller
+      namespace: actions-runner-system
+    githubConfigUrl: https://github.com/onedr0p/home-ops
+    maxRunners: 3
+    minRunners: 1
+    nameOverride: home-ops-runner
+    runnerScaleSetName: home-ops-runner
+    template:
+      spec:
+        containers:
+        - command:
+          - /home/runner/run.sh
+          env:
+          - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
+            value: 'false'
+          - name: NODE_IP
+            valueFrom:
+              fieldRef:
+                fieldPath: status.hostIP
+          image: ghcr.io/onedr0p/actions-runner:2.321.0@sha256:a7539dc157f3f0129f49459826576ab53a529580916bb8a09a395e61e38354c0
+          name: runner
+          volumeMounts:
+          - mountPath: /var/run/secrets/talos.dev
+            name: talos
+            readOnly: true
+        serviceAccountName: home-ops-runner
+        volumes:
+        - name: talos
+          secret:
+            secretName: home-ops-runner
+  valuesFrom:
+  - kind: Secret
+    name: actions-runner-controller-secret
+    targetPath: githubConfigSecret.github_app_id
+    valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID
+  - kind: Secret
+    name: actions-runner-controller-secret
+    targetPath: githubConfigSecret.github_app_installation_id
+    valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID
+  - kind: Secret
+    name: actions-runner-controller-secret
+    targetPath: githubConfigSecret.github_app_private_key
+    valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY
+
--- kubernetes/apps/actions-runner-system/actions-runner-controller/runners Kustomization: flux-system/actions-runner-controller-runners ServiceAccount: actions-runner-system/home-ops-runner

+++ kubernetes/apps/actions-runner-system/actions-runner-controller/runners Kustomization: flux-system/actions-runner-controller-runners ServiceAccount: actions-runner-system/home-ops-runner

@@ -0,0 +1,14 @@

+---
+apiVersion: talos.dev/v1alpha1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: actions-runner-controller-runners
+    kustomize.toolkit.fluxcd.io/name: actions-runner-controller-runners
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: home-ops-runner
+  namespace: actions-runner-system
+spec:
+  roles:
+  - os:admin
+
--- kubernetes/apps/actions-runner-system/actions-runner-controller/runners Kustomization: flux-system/actions-runner-controller-runners ClusterRoleBinding: flux-system/home-ops-runner

+++ kubernetes/apps/actions-runner-system/actions-runner-controller/runners Kustomization: flux-system/actions-runner-controller-runners ClusterRoleBinding: flux-system/home-ops-runner

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: actions-runner-controller-runners
+    kustomize.toolkit.fluxcd.io/name: actions-runner-controller-runners
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: home-ops-runner
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: home-ops-runner
+  namespace: actions-runner-system
+
--- kubernetes/apps/actions-runner-system/actions-runner-controller/app Kustomization: flux-system/actions-runner-controller ExternalSecret: actions-runner-system/actions-runner-controller

+++ kubernetes/apps/actions-runner-system/actions-runner-controller/app Kustomization: flux-system/actions-runner-controller ExternalSecret: actions-runner-system/actions-runner-controller

@@ -0,0 +1,31 @@

+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  labels:
+    app.kubernetes.io/name: actions-runner-controller
+    kustomize.toolkit.fluxcd.io/name: actions-runner-controller
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: actions-runner-controller
+  namespace: actions-runner-system
+spec:
+  dataFrom:
+  - extract:
+      key: actions-runner-controller
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: actions-runner-controller-secret
+    template:
+      data:
+        ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID: '{{ .ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID
+          }}'
+        ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID: '{{ .ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID
+          }}'
+        ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY: '{{ .ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY
+          }}'
+        ACTION_RUNNER_CONTROLLER_GITHUB_WEBHOOK_SECRET_TOKEN: '{{ .ACTION_RUNNER_CONTROLLER_GITHUB_WEBHOOK_SECRET_TOKEN
+          }}'
+      engineVersion: v2
+
--- kubernetes/apps/actions-runner-system/actions-runner-controller/app Kustomization: flux-system/actions-runner-controller HelmRelease: actions-runner-system/actions-runner-controller

+++ kubernetes/apps/actions-runner-system/actions-runner-controller/app Kustomization: flux-system/actions-runner-controller HelmRelease: actions-runner-system/actions-runner-controller

@@ -0,0 +1,34 @@

+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  labels:
+    app.kubernetes.io/name: actions-runner-controller
+    kustomize.toolkit.fluxcd.io/name: actions-runner-controller
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: actions-runner-controller
+  namespace: actions-runner-system
+spec:
+  chart:
+    spec:
+      chart: gha-runner-scale-set-controller
+      sourceRef:
+        kind: HelmRepository
+        name: actions-runner-controller
+        namespace: flux-system
+      version: 0.10.1
+  install:
+    crds: CreateReplace
+    remediation:
+      retries: 3
+  interval: 30m
+  upgrade:
+    cleanupOnFail: true
+    crds: CreateReplace
+    remediation:
+      retries: 3
+      strategy: rollback
+  values:
+    fullnameOverride: actions-runner-controller
+    replicaCount: 1
+

@onedr0p onedr0p merged commit e09fe04 into main Jan 13, 2025
10 checks passed
@onedr0p onedr0p deleted the refactor-actions-runner-ns branch January 13, 2025 01:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/kubernetes Changes made in the kubernetes directory
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant