refactor(arc): actions-runner-controller namespace (#3300)

.github/workflows/helm-repository-sync.yaml

@@ -18,7 +18,7 @@ on:
 jobs:
   sync:
     name: Helm Repository Sync
-    runs-on: ["gha-runner-scale-set"]
+    runs-on: ["k8s-gitops-runner"]
     steps:
       - name: Setup Homebrew
         uses: Homebrew/actions/setup-homebrew@master

.github/workflows/pre-pull-images.yaml

@@ -75,7 +75,7 @@ jobs:
   pre-pull-images:
     if: ${{ needs.compare-images.outputs.images != '[]' }}
     name: Pre-pull Images
-    runs-on: ["gha-runner-scale-set"]
+    runs-on: ["k8s-gitops-runner"]
     needs: ["compare-images"]
     strategy:
       matrix:

.taskfiles/kubernetes/Taskfile.yaml

@@ -72,10 +72,10 @@ tasks:
   upgrade-arc:
     desc: Upgrade the ARC
     cmds:
-      - helm -n actions-runner-system uninstall gha-runner-scale-set
-      - helm -n actions-runner-system uninstall gha-runner-scale-set-controller
+      - helm -n actions-runner-system uninstall k8s-gitops-runner
+      - helm -n actions-runner-system uninstall actions-runner-controller
       - sleep 5
-      - flux -n actions-runner-system reconcile hr gha-runner-scale-set-controller
-      - flux -n actions-runner-system reconcile hr gha-runner-scale-set
+      - flux -n actions-runner-system reconcile hr actions-runner-controller
+      - flux -n actions-runner-system reconcile hr k8s-gitops-runner
     preconditions:
       - which flux helm

kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app/externalsecret.yaml → kubernetes/apps/actions-runner-system/actions-runner-controller/app/externalsecret.yaml

@@ -2,13 +2,13 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: actions-runner-controller-auth
+  name: actions-runner-controller
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
     name: onepassword-connect
   target:
-    name: actions-runner-controller-auth-secret
+    name: actions-runner-controller-secret
     creationPolicy: Owner
     template:
       engineVersion: v2

kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app/helmrelease.yaml → kubernetes/apps/actions-runner-system/actions-runner-controller/app/helmrelease.yaml

@@ -2,7 +2,7 @@
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
-  name: &app gha-runner-scale-set-controller
+  name: &name actions-runner-controller
 spec:
   interval: 30m
   chart:
@@ -13,8 +13,6 @@ spec:
         kind: HelmRepository
         name: actions-runner-controller
         namespace: flux-system
-  driftDetection:
-    mode: enabled
   install:
     crds: CreateReplace
     remediation:
@@ -26,4 +24,5 @@ spec:
       strategy: rollback
       retries: 3
   values:
-    fullnameOverride: *app
+    fullnameOverride: *name
+    replicaCount: 1

kubernetes/apps/actions-runner-system/actions-runner-controller/ks.yaml

@@ -0,0 +1,45 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app actions-runner-controller
+  namespace: flux-system
+spec:
+  targetNamespace: actions-runner-system
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: external-secrets-stores
+  path: ./kubernetes/apps/actions-runner-system/actions-runner-controller/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app actions-runner-controller-runners
+  namespace: flux-system
+spec:
+  targetNamespace: actions-runner-system
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: actions-runner-controller
+    - name: openebs
+  path: ./kubernetes/apps/actions-runner-system/actions-runner-controller/runners
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m

kubernetes/apps/actions-runner-system/gha-runner-scale-set/app/helmrelease.yaml → kubernetes/apps/actions-runner-system/actions-runner-controller/runners/k8s-gitops/helmrelease.yaml

@@ -2,7 +2,7 @@
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
-  name: &app gha-runner-scale-set
+  name: &app k8s-gitops-runner
 spec:
   interval: 30m
   chart:
@@ -13,8 +13,6 @@ spec:
         kind: HelmRepository
         name: actions-runner-controller
         namespace: flux-system
-  driftDetection:
-    mode: enabled
   install:
     remediation:
       retries: 3
@@ -24,18 +22,18 @@ spec:
       strategy: rollback
       retries: 3
   valuesFrom:
-    - kind: Secret
-      name: actions-runner-controller-auth-secret
+    - targetPath: githubConfigSecret.github_app_id
+      kind: Secret
+      name: actions-runner-controller-secret
       valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID
-      targetPath: githubConfigSecret.github_app_id
-    - kind: Secret
-      name: actions-runner-controller-auth-secret
+    - targetPath: githubConfigSecret.github_app_installation_id
+      kind: Secret
+      name: actions-runner-controller-secret
       valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID
-      targetPath: githubConfigSecret.github_app_installation_id
-    - kind: Secret
-      name: actions-runner-controller-auth-secret
+    - targetPath: githubConfigSecret.github_app_private_key
+      kind: Secret
+      name: actions-runner-controller-secret
       valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY
-      targetPath: githubConfigSecret.github_app_private_key
   values:
     nameOverride: *app
     runnerScaleSetName: *app
@@ -50,6 +48,9 @@ spec:
           requests:
             storage: 25Gi
         storageClassName: openebs-hostpath
+    controllerServiceAccount:
+      name: actions-runner-controller
+      namespace: actions-runner-system
     template:
       spec:
         containers:
@@ -68,11 +69,8 @@ spec:
               - mountPath: /var/run/secrets/talos.dev
                 name: talos
                 readOnly: true
-        serviceAccountName: actions-runner
+        serviceAccountName: *app
         volumes:
           - name: talos
             secret:
-              secretName: actions-runner
-    controllerServiceAccount:
-      name: gha-runner-scale-set-controller
-      namespace: actions-runner-system
+              secretName: *app

kubernetes/apps/actions-runner-system/gha-runner-scale-set/app/rbac.yaml → kubernetes/apps/actions-runner-system/actions-runner-controller/runners/k8s-gitops/rbac.yaml

@@ -2,25 +2,25 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: actions-runner
+  name: k8s-gitops-runner
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: actions-runner
+  name: k8s-gitops-runner
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: cluster-admin
 subjects:
   - kind: ServiceAccount
-    name: actions-runner
+    name: k8s-gitops-runner
     namespace: actions-runner-system
 ---
 apiVersion: talos.dev/v1alpha1
 kind: ServiceAccount
 metadata:
-  name: actions-runner
+  name: k8s-gitops-runner
 spec:
   roles:
     - os:admin

kubernetes/apps/actions-runner-system/actions-runner-controller/runners/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./k8s-gitops

kubernetes/apps/actions-runner-system/kustomization.yaml

@@ -3,5 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./namespace.yaml
-  - ./gha-runner-scale-set/ks.yaml
-  - ./gha-runner-scale-set-controller/ks.yaml
+  - ./actions-runner-controller/ks.yaml