Allow arc namespaced deployments

electrocucaracha · Dec 12, 2024 · 1047aa9 · 1047aa9
1 parent d8f2e8e
commit 1047aa9
Show file tree

Hide file tree

Showing 6 changed files with 64 additions and 34 deletions.
diff --git a/_chart_installers.sh b/_chart_installers.sh
@@ -280,14 +280,17 @@ function _install_arc_controller {
 function install_chart_arc {
     ! kubectl get crds autoscalinglisteners.actions.github.com >/dev/null && _install_arc_controller
 
-    namespace="default"
+    namespace="${KRD_ARC_GITHUB_URL##*/}"
     KRD_CHART_VALUES="githubConfigUrl=$KRD_ARC_GITHUB_URL,githubConfigSecret=gh-runners-token"
+    ! kubectl get namespaces "${namespace}" && kubectl create namespace "${namespace}"
     ! kubectl get secrets -n "${namespace}" gh-runners-token && kubectl -n "${namespace}" create secret generic gh-runners-token --from-literal=github_token="$KRD_ARC_TOKEN"
-    ! helm get metadata arc-runner-set -n "${namespace}" >/dev/null && _install_chart arc-runner-set oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set "$namespace" "false"
+    ! helm get metadata arc-runner-set -n "${namespace}" >/dev/null && _install_chart self-runner oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set "$namespace" "false"
     if kubectl get crds virtualmachines.kubevirt.io >/dev/null; then
-        kubectl apply -f resources/kubevirt-runner.yml -n "$namespace"
+        kubectl apply -f resources/kubevirt-runner/rbac.yml -n "$namespace"
         kubectl create rolebinding kubevirt-actions-runner -n "$namespace" --serviceaccount "${namespace}:kubevirt-actions-runner" --role=kubevirt-actions-runner || :
-        KRD_CHART_FILE="helm/arc/kubevirt-values.yml" _install_chart kubevirt-runner-set oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set "$namespace" "false"
+        kubectl create rolebinding "${namespace}-cdi-cloner" --serviceaccount "${namespace}:default" --clusterrole=cdi-cloner || :
+        kubectl apply -f resources/kubevirt-runner/vm.yml -n "$namespace"
+        KRD_CHART_FILE="helm/arc/ubuntu-jammy-values.yml" _install_chart vm-self-runner oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set "$namespace" "false"
     fi
 }
 

diff --git a/helm/arc/kubevirt-values.yml → helm/arc/ubuntu-jammy-values.yml b/helm/arc/kubevirt-values.yml → helm/arc/ubuntu-jammy-values.yml
@@ -16,4 +16,8 @@ template:
         command: []
         env:
           - name: KUBEVIRT_VM_TEMPLATE
-            value: vm-template
+            value: ubuntu-jammy-vm
+          - name: RUNNER_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
diff --git a/resources/kubevirt-runner/rbac.yml b/resources/kubevirt-runner/rbac.yml
@@ -0,0 +1,34 @@
+---
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2024
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kubevirt-actions-runner
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: kubevirt-actions-runner
+rules:
+  - apiGroups: ["kubevirt.io"]
+    resources: ["virtualmachines"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: ["kubevirt.io"]
+    resources: ["virtualmachineinstances"]
+    verbs: ["get", "watch", "list", "create", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cdi-cloner
+rules:
+  - apiGroups: ["cdi.kubevirt.io"]
+    resources: ["datavolumes/source"]
+    verbs: ["create"]
diff --git a/resources/kubevirt-runner.yml → resources/kubevirt-runner/vm.yml b/resources/kubevirt-runner.yml → resources/kubevirt-runner/vm.yml
@@ -10,21 +10,20 @@
 apiVersion: kubevirt.io/v1
 kind: VirtualMachine
 metadata:
-  name: vm-template
+  name: ubuntu-jammy-vm
 spec:
   dataVolumeTemplates:
     - metadata:
-        name: ubuntu-dv
+        name: ubuntu-jammy-dv
       spec:
         storage:
           volumeMode: Filesystem
         source:
           pvc:
             name: ubuntu-img-jammy
+            namespace: default
   runStrategy: Manual
   template:
-    metadata:
-      name: runner
     spec:
       terminationGracePeriodSeconds: 30
       domain:
@@ -43,16 +42,16 @@ spec:
             - name: default
               masquerade: {}
         cpu:
-          cores: 2
+          cores: 4
         resources:
           requests:
-            memory: 8G
+            memory: 16G
       networks:
         - name: default
           pod: {}
       volumes:
         - dataVolume:
-            name: ubuntu-dv
+            name: ubuntu-jammy-dv
           name: os
         - name: cloudinitdisk
           cloudInitNoCloud:
@@ -68,20 +67,3 @@ spec:
                 message: Runner completed
                 timeout: 2
                 condition: true
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kubevirt-actions-runner
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: kubevirt-actions-runner
-rules:
-  - apiGroups: ["kubevirt.io"]
-    resources: ["virtualmachines"]
-    verbs: ["get", "watch", "list"]
-  - apiGroups: ["kubevirt.io"]
-    resources: ["virtualmachineinstances"]
-    verbs: ["get", "watch", "list", "create", "delete"]
diff --git a/resources/create-ubuntu-runner-pipeline.yml → resources/ubuntu-runner-pipeline.yml b/resources/create-ubuntu-runner-pipeline.yml → resources/ubuntu-runner-pipeline.yml
@@ -40,7 +40,7 @@ spec:
                   - ReadWriteOnce
                 resources:
                   requests:
-                    storage: 5Gi
+                    storage: 14G
                 volumeMode: Filesystem
               source:
                 http:
@@ -64,15 +64,13 @@ spec:
               terminationGracePeriodSeconds: 5
               running: true
               template:
-                metadata:
-                  name: runner
                 spec:
                   domain:
                     cpu:
-                      cores: 2
+                      cores: 4
                     resources:
                       requests:
-                        memory: 8Gi
+                        memory: 16G
                     devices:
                       disks:
                         - name: rootdisk
@@ -99,6 +97,8 @@ spec:
                             - name: runner
                           packages:
                             - jq
+                            - virtualbox
+                            - vagrant
                           bootcmd:
                             - "sudo mkdir /opt/runner"
                             - "curl -sL https://github.com/actions/runner/releases/download/v$(params.RUNNER_VERSION)/actions-runner-linux-x64-$(params.RUNNER_VERSION).tar.gz | sudo tar -xz -C /opt/runner"
@@ -111,6 +111,13 @@ spec:
                             message: Bootstrap completed
                             timeout: 1
                             condition: true
+                          sources:
+                            virtualbox:
+                              source: "deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian $(params.RELEASE_NAME) contrib"
+                              keyid: B9F8D658297AF3EFC18D5CDFA2F683C52980AECF
+                            hashicorp:
+                              source: "deb [arch=amd64] https://apt.releases.hashicorp.com $(params.RELEASE_NAME) main"
+                              keyid: 798AEC654E5C15428C8E42EEAA16FCBCA621E701
       runAfter:
         - pull-ubuntu-img
       taskRef:

diff --git a/...reate-ubuntu-jammy-runner-pipelinerun.yml → resources/ubuntu-runner-pipelineruns.yml b/...reate-ubuntu-jammy-runner-pipelinerun.yml → resources/ubuntu-runner-pipelineruns.yml