From 58104a9706c49f9424d3e58e7e37e3e0992c8b73 Mon Sep 17 00:00:00 2001 From: Jun-te Kim Date: Sat, 6 Dec 2025 20:47:50 +0000 Subject: [PATCH] save --- .github/workflows/k8s_traefik_init_setup.yml | 62 +++++++++++--------- 1 file changed, 33 insertions(+), 29 deletions(-) diff --git a/.github/workflows/k8s_traefik_init_setup.yml b/.github/workflows/k8s_traefik_init_setup.yml index 6489730..6fc03a5 100644 --- a/.github/workflows/k8s_traefik_init_setup.yml +++ b/.github/workflows/k8s_traefik_init_setup.yml @@ -6,7 +6,8 @@ on: jobs: bootstrap: runs-on: mealcraft-runners - container: ubuntu:22.04 + container: + image: ubuntu:22.04 steps: # ----------------------------------------------------- @@ -25,7 +26,7 @@ jobs: install -m 0755 kubectl /usr/local/bin/kubectl # ----------------------------------------------------- - # Configure kubeconfig using the ARC pod token + # Configure kubeconfig using ARC pod token # ----------------------------------------------------- - name: Configure kubeconfig run: | @@ -40,29 +41,33 @@ jobs: kubectl config use-context runner-context # ----------------------------------------------------- - # Docker Login + # Build & Push Docker image (ARC-safe, no Docker daemon) # ----------------------------------------------------- - - name: Docker Login - uses: ./.github/actions/docker-login + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx (rootless) + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_TOKEN }} - # ----------------------------------------------------- - # Build & Push the Docker Image (idempotent) - # ----------------------------------------------------- - - name: Build Traefik Image - run: | - docker build traefik \ - --file traefik/Dockerfile \ - --tag docker.io/kimjunte/edge_router:$GITHUB_SHA - - - name: Push Traefik Image - run: | - docker push docker.io/kimjunte/edge_router:$GITHUB_SHA + - name: Build & Push Traefik Image + uses: docker/build-push-action@v5 + with: + context: ./traefik + file: traefik/Dockerfile + push: true + tags: | + docker.io/kimjunte/edge_router:${{ github.sha }} + docker.io/kimjunte/edge_router:latest # ----------------------------------------------------- - # Apply Storage Classes + PVCs — idempotent with apply + # Apply Storage Classes + PVCs # ----------------------------------------------------- - name: Apply StorageClass + PV run: | @@ -71,25 +76,24 @@ jobs: kubectl get storageclass # ----------------------------------------------------- - # Apply Traefik CRDs only if missing + # Install Traefik CRDs (idempotent) # ----------------------------------------------------- - - name: Install Traefik CRDs (idempotent) + - name: Install Traefik CRDs run: | if ! kubectl get crd ingressroutes.traefik.containo.us >/dev/null 2>&1; then - echo "Traefik CRDs not found — installing..." + echo "Installing Traefik CRDs..." kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/user-guides/crd-acme/05-tlsoption.yml else - echo "Traefik CRDs already installed — skipping." + echo "CRDs already exist — skipping." fi # ----------------------------------------------------- - # Deploy Traefik — idempotent with kubectl apply + # Deploy Traefik # ----------------------------------------------------- - - name: Deploy Traefik (safe repeat) + - name: Deploy Traefik run: | - echo "Applying Traefik PVC/Deployments/Services/etc…" kubectl apply -f traefik/edge-router/pvc.yaml kubectl apply -f traefik/edge-router/traefik-deployment.yml kubectl apply -f traefik/edge-router/traefik-services.yml @@ -98,7 +102,7 @@ jobs: kubectl apply -f traefik/edge-router/traefik-ingressroute.yml # ----------------------------------------------------- - # Deploy whoami — idempotent + # Deploy whoami # ----------------------------------------------------- - name: Deploy whoami test service run: | @@ -107,21 +111,21 @@ jobs: kubectl apply -f traefik/who-am-i/whoami-ingressroute.yml # ----------------------------------------------------- - # Create Docker Registry Secrets — idempotent + # Create registry secret # ----------------------------------------------------- - name: Create registry secret (default ns) run: | kubectl apply -f traefik/docker-registry-credentials/docker-credentials.yml # ----------------------------------------------------- - # Create staging namespace if not exists + # Create staging namespace # ----------------------------------------------------- - name: Create staging namespace run: | kubectl get namespace staging >/dev/null 2>&1 || kubectl create namespace staging # ----------------------------------------------------- - # Apply registry secret to staging — idempotent + # Apply registry secret to staging # ----------------------------------------------------- - name: Registry secret in staging namespace run: |