graduate arc and external-dns-cloudflare-tunnel from incubation

hans-m-song · Oct 24, 2024 · dd90400 · dd90400
1 parent 4367ac2
commit dd90400
Show file tree

Hide file tree

Showing 5 changed files with 97 additions and 27 deletions.
diff --git a/k8s/helmfile.incubator.yaml b/k8s/helmfile.incubator.yaml
@@ -1,28 +1,6 @@
 {{- $secrets := readFile "./secrets.yaml" | fromYaml -}}
 
 releases:
-  - name: arc
-    installed: false
-    chart: oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller
-    namespace: arc-systems
-    version: 0.9.3
-    values:
-      - flags:
-          logLevel: debug
-          logFormat: json
-          updateStrategy: eventual
-
-  - name: arc-runner-set
-    installed: false
-    chart: oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set
-    namespace: arc-runners
-    version: 0.9.3
-    values:
-      - flags:
-          logLevel: debug
-          logFormat: json
-          updateStrategy: eventual
-
   - name: mongo
     installed: false
     chart: ./charts/generic

diff --git a/k8s/helmfile.infrastructure.yaml b/k8s/helmfile.infrastructure.yaml
@@ -1,6 +1,48 @@
 {{- $secrets := readFile "./secrets.yaml" | fromYaml -}}
 
 releases:
+  - name: arc
+    chart: oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller
+    namespace: arc-systems
+    version: 0.9.3
+    labels:
+      purpose: deployment
+    values:
+      - flags:
+          logLevel: debug
+          logFormat: text
+          updateStrategy: immediate
+
+  - name: arc-runner-support
+    chart: ./charts/shim
+    namespace: arc-runners
+    values:
+      - ./values/arc-runner-support.yaml
+      - {{- $secrets.arcRunnerSecrets | toYaml | nindent 8 }}
+
+  - name: arc-runner-set-axatol
+    chart: oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set
+    namespace: arc-runners
+    version: 0.9.3
+    labels:
+      purpose: deployment
+    values:
+      - ./values/arc-runner-set.yaml
+      - runnerScaleSetName: axatol
+        githubConfigUrl: https://github.com/axatol
+
+  - name: arc-runner-set-hans-m-song
+    installed: false
+    chart: oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set
+    namespace: arc-runners
+    version: 0.9.3
+    labels:
+      purpose: deployment
+    values:
+      - ./values/arc-runner-set.yaml
+      - runnerScaleSetName: hans-m-song
+        githubConfigUrl: https://github.com/hans-m-song
+
   - name: cert-manager
     chart: jetstack/cert-manager
     namespace: cert-manager
@@ -54,7 +96,6 @@ releases:
       - ./values/csi-driver-nfs.yaml
 
   - name: external-dns-cloudflare-tunnel
-    installed: false
     chart: external-dns/external-dns
     namespace: external-dns
     version: 1.14.5

diff --git a/k8s/values/arc-runner-set.yaml b/k8s/values/arc-runner-set.yaml
@@ -0,0 +1,25 @@
+githubConfigSecret: arc-runner-secrets
+maxRunners: 5
+minRunners: 0
+controllerServiceAccount:
+  name: arc-gha-rs-controller
+  namespace: arc-systems
+containerMode:
+  type: dind
+template:
+  spec:
+    containers:
+      - name: runner
+        image: public.ecr.aws/axatol/github-actions-runner:latest
+        command: ["/home/runner/run.sh"]
+        volumeMounts:
+          - name: cache
+            mountPath: /opt/hostedtoolcache
+            subPath: opt/hostedtoolcache
+          - name: cache
+            mountPath: /home/runner/.cache
+            subPath: home/runner/.cache
+    volumes:
+      - name: cache
+        persistentVolumeClaim:
+          claimName: arc-runner-cache
diff --git a/k8s/values/arc-runner-support.yaml b/k8s/values/arc-runner-support.yaml
@@ -0,0 +1,24 @@
+templates:
+  - apiVersion: v1
+    kind: Secret
+    metadata:
+      name: arc-runner-secrets
+      namespace: "{{ .Release.Namespace }}"
+    type: Opaque
+    data:
+      github_token: "{{ .Values.githubToken | b64enc }}"
+
+  - apiVersion: v1
+    kind: PersistentVolumeClaim
+    metadata:
+      name: arc-runner-cache
+      namespace: "{{ .Release.Namespace }}"
+    spec:
+      resources:
+        requests:
+          storage: 1Gi
+      volumeMode: Filesystem
+      storageClassName: nfs-persistent
+      accessModes:
+        - ReadWriteOnce
+        - ReadWriteMany
diff --git a/k8s/values/external-dns-cloudflare-tunnel.yaml b/k8s/values/external-dns-cloudflare-tunnel.yaml
@@ -16,7 +16,7 @@ provider:
   name: webhook
   webhook:
     image:
-      repository: docker.io/axatol/external-dns-cloudflare-tunnel-webhook
+      repository: public.ecr.aws/axatol/external-dns-cloudflare-tunnel-webhook
       tag: latest
     securityContext:
       allowPrivilegeEscalation: false
@@ -31,8 +31,10 @@ provider:
     env:
       - name: LOG_LEVEL
         value: debug
-      - name: DOMAIN_FILTERS
-        value: axatol.xyz
+      # - name: DOMAIN_FILTERS
+      #   value: axatol.xyz
+      # - name: DRY_RUN
+      #   value: "true"
       - name: CLOUDFLARE_ACCOUNT_ID
         valueFrom:
           secretKeyRef:
@@ -50,4 +52,4 @@ provider:
             key: CLOUDFLARE_API_TOKEN
 
 extraArgs:
-  - --annotation-filter=external-dns.alpha.kubernetes.io/hostname
+  - --domain-filter=axatol.xyz