certs pv update

github_runner/install/install_arc.sh

@@ -18,37 +18,37 @@ set -ex
 NAMESPACE="arc-systems"
 RUNNER_NAME="mealcraft-runners"
 
-# =====================================================================
+# # =====================================================================
-# Remove previous ARC installation (safe even if missing)
+# # Remove previous ARC installation (safe even if missing)
-# =====================================================================
+# # =====================================================================
-helm uninstall arc -n "${NAMESPACE}" || true
+# helm uninstall arc -n "${NAMESPACE}" || true
-helm uninstall "${RUNNER_NAME}" -n "${NAMESPACE}" || true
+# helm uninstall "${RUNNER_NAME}" -n "${NAMESPACE}" || true
 
-echo "=== Installing ARC Scale Set Controller ==="
+# echo "=== Installing ARC Scale Set Controller ==="
 
-helm install arc \
+# helm install arc \
-  --namespace "${NAMESPACE}" \
+#   --namespace "${NAMESPACE}" \
-  --create-namespace \
+#   --create-namespace \
-  oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller
+#   oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller
 
-echo "=== Installing MealCraft Runner Scale Set (NO Docker-in-Docker) ==="
+# echo "=== Installing MealCraft Runner Scale Set (NO Docker-in-Docker) ==="
 
-helm install "${RUNNER_NAME}" \
+# helm install "${RUNNER_NAME}" \
-  --namespace "${NAMESPACE}" \
+#   --namespace "${NAMESPACE}" \
-  --create-namespace \
+#   --create-namespace \
-  --set runnerScaleSetName="${RUNNER_NAME}" \
+#   --set runnerScaleSetName="${RUNNER_NAME}" \
-  --set githubConfigUrl="https://github.com/MealCraft" \
+#   --set githubConfigUrl="https://github.com/MealCraft" \
-  --set githubConfigSecret.name="github-secret" \
+#   --set githubConfigSecret.name="github-secret" \
-  --set githubConfigSecret.github_token="$GITHUB_PAT" \
+#   --set githubConfigSecret.github_token="$GITHUB_PAT" \
-  --set dockerInDockerEnabled=false \
+#   --set dockerInDockerEnabled=false \
-  --set containerMode.type="runner" \
+#   --set containerMode.type="runner" \
-  --set runnerLabels[0]="mealcraft" \
+#   --set runnerLabels[0]="mealcraft" \
-  oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set
+#   oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set
 
-# =====================================================================
+# # =====================================================================
-# RBAC — IMPORTANT
+# # RBAC — IMPORTANT
-# Grants permissions to the exact ARC runner SA detected earlier.
+# # Grants permissions to the exact ARC runner SA detected earlier.
-# =====================================================================
+# # =====================================================================
 
 echo "=== Applying RBAC for all ARC runners ==="
 
@@ -65,14 +65,7 @@ rules:
 
   # Core API: PV, PVC, namespaces, secrets, configmaps, services, serviceaccounts (NEW)
   - apiGroups: [""]
-    resources:
+    resources: ["persistentvolumes", "persistentvolumeclaims", "namespaces", "secrets", "configmaps", "services", "serviceaccounts"]
-      - persistentvolumes
-      - persistentvolumeclaims
-      - namespaces
-      - secrets
-      - configmaps
-      - services
-      - serviceaccounts     # <── NEW
     verbs: ["*"]
 
   # Apps (Deployments, DS, etc)

traefik/edge-router/middleware.yaml

@@ -1,6 +1,7 @@
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
+  namespace: default
   name: test-auth
 spec:
   basicAuth:

traefik/edge-router/traefik-deployment.yml

@@ -9,6 +9,7 @@ metadata:
 kind: Deployment
 apiVersion: apps/v1
 metadata:
+  namespace: default
   name: traefik-deployment
   labels:
     app: traefik

traefik/who-am-i/whoami-service.yml

@@ -2,6 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: whoami
+  namespace: default
 
 spec:
   ports: