diff --git a/github_runner/install/install_arc.sh b/github_runner/install/install_arc.sh index 2229204..60b41c9 100644 --- a/github_runner/install/install_arc.sh +++ b/github_runner/install/install_arc.sh @@ -18,37 +18,37 @@ set -ex NAMESPACE="arc-systems" RUNNER_NAME="mealcraft-runners" -# ===================================================================== -# Remove previous ARC installation (safe even if missing) -# ===================================================================== -helm uninstall arc -n "${NAMESPACE}" || true -helm uninstall "${RUNNER_NAME}" -n "${NAMESPACE}" || true +# # ===================================================================== +# # Remove previous ARC installation (safe even if missing) +# # ===================================================================== +# helm uninstall arc -n "${NAMESPACE}" || true +# helm uninstall "${RUNNER_NAME}" -n "${NAMESPACE}" || true -echo "=== Installing ARC Scale Set Controller ===" +# echo "=== Installing ARC Scale Set Controller ===" -helm install arc \ - --namespace "${NAMESPACE}" \ - --create-namespace \ - oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller +# helm install arc \ +# --namespace "${NAMESPACE}" \ +# --create-namespace \ +# oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller -echo "=== Installing MealCraft Runner Scale Set (NO Docker-in-Docker) ===" +# echo "=== Installing MealCraft Runner Scale Set (NO Docker-in-Docker) ===" -helm install "${RUNNER_NAME}" \ - --namespace "${NAMESPACE}" \ - --create-namespace \ - --set runnerScaleSetName="${RUNNER_NAME}" \ - --set githubConfigUrl="https://github.com/MealCraft" \ - --set githubConfigSecret.name="github-secret" \ - --set githubConfigSecret.github_token="$GITHUB_PAT" \ - --set dockerInDockerEnabled=false \ - --set containerMode.type="runner" \ - --set runnerLabels[0]="mealcraft" \ - oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set +# helm install "${RUNNER_NAME}" \ +# --namespace "${NAMESPACE}" \ +# --create-namespace \ +# --set runnerScaleSetName="${RUNNER_NAME}" \ +# --set githubConfigUrl="https://github.com/MealCraft" \ +# --set githubConfigSecret.name="github-secret" \ +# --set githubConfigSecret.github_token="$GITHUB_PAT" \ +# --set dockerInDockerEnabled=false \ +# --set containerMode.type="runner" \ +# --set runnerLabels[0]="mealcraft" \ +# oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set -# ===================================================================== -# RBAC — IMPORTANT -# Grants permissions to the exact ARC runner SA detected earlier. -# ===================================================================== +# # ===================================================================== +# # RBAC — IMPORTANT +# # Grants permissions to the exact ARC runner SA detected earlier. +# # ===================================================================== echo "=== Applying RBAC for all ARC runners ===" @@ -65,14 +65,7 @@ rules: # Core API: PV, PVC, namespaces, secrets, configmaps, services, serviceaccounts (NEW) - apiGroups: [""] - resources: - - persistentvolumes - - persistentvolumeclaims - - namespaces - - secrets - - configmaps - - services - - serviceaccounts # <── NEW + resources: ["persistentvolumes", "persistentvolumeclaims", "namespaces", "secrets", "configmaps", "services", "serviceaccounts"] verbs: ["*"] # Apps (Deployments, DS, etc) diff --git a/traefik/edge-router/middleware.yaml b/traefik/edge-router/middleware.yaml index 4ba3ac7..9cf5963 100644 --- a/traefik/edge-router/middleware.yaml +++ b/traefik/edge-router/middleware.yaml @@ -1,6 +1,7 @@ apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: + namespace: default name: test-auth spec: basicAuth: diff --git a/traefik/edge-router/traefik-deployment.yml b/traefik/edge-router/traefik-deployment.yml index 1775c45..392207d 100644 --- a/traefik/edge-router/traefik-deployment.yml +++ b/traefik/edge-router/traefik-deployment.yml @@ -9,6 +9,7 @@ metadata: kind: Deployment apiVersion: apps/v1 metadata: + namespace: default name: traefik-deployment labels: app: traefik diff --git a/traefik/who-am-i/whoami-service.yml b/traefik/who-am-i/whoami-service.yml index e369c53..ee0ad1e 100644 --- a/traefik/who-am-i/whoami-service.yml +++ b/traefik/who-am-i/whoami-service.yml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: whoami + namespace: default spec: ports: