From 87f5cef31013f835b0d870ac067bae5a5d5b1d9f Mon Sep 17 00:00:00 2001 From: Jun-te Kim Date: Sat, 6 Dec 2025 21:17:31 +0000 Subject: [PATCH] save --- .github/workflows/k8s_traefik_init_setup.yml | 52 +++++++------------- 1 file changed, 19 insertions(+), 33 deletions(-) diff --git a/.github/workflows/k8s_traefik_init_setup.yml b/.github/workflows/k8s_traefik_init_setup.yml index 924f836..d973557 100644 --- a/.github/workflows/k8s_traefik_init_setup.yml +++ b/.github/workflows/k8s_traefik_init_setup.yml @@ -10,9 +10,6 @@ jobs: image: ubuntu:22.04 steps: - # ----------------------------------------------------- - # Checkout Repo - # ----------------------------------------------------- - uses: actions/checkout@v4 # ----------------------------------------------------- @@ -41,50 +38,43 @@ jobs: kubectl config use-context runner-context # ----------------------------------------------------- - # Install buildctl (BuildKit client only) + # Install buildctl (standalone) # ----------------------------------------------------- - name: Install buildctl run: | - apt-get update - apt-get install -y curl + apt-get update && apt-get install -y curl curl -sSL https://github.com/moby/buildkit/releases/download/v0.12.5/buildkit-v0.12.5.linux-amd64.tar.gz -o buildkit.tar.gz tar -xzf buildkit.tar.gz mv bin/buildctl /usr/local/bin/ chmod +x /usr/local/bin/buildctl # ----------------------------------------------------- - # Authenticate to Docker Hub for pushing - # ----------------------------------------------------- - - name: Docker Hub Login (buildctl) - run: | - echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | \ - buildctl login docker.io \ - --username ${{ secrets.DOCKER_HUB_USERNAME }} \ - --password-stdin - - # ----------------------------------------------------- - # Build & Push Docker Image (ARC-compatible, simplest) + # Build & Push Docker Image (NO docker, NO buildx, NO daemon) # ----------------------------------------------------- - name: Build & Push Traefik Image env: + DOCKER_USER: ${{ secrets.DOCKER_HUB_USERNAME }} + DOCKER_PASS: ${{ secrets.DOCKER_HUB_PASSWORD }} IMAGE_SHA: docker.io/kimjunte/edge_router:${{ github.sha }} IMAGE_LATEST: docker.io/kimjunte/edge_router:latest run: | - # Build SHA-tagged image - buildctl build \ - --frontend dockerfile.v0 \ - --local context="${GITHUB_WORKSPACE}/traefik" \ - --local dockerfile="${GITHUB_WORKSPACE}/traefik" \ - --opt platform=linux/amd64 \ - --output type=image,name=${IMAGE_SHA},push=true + AUTH=$(printf "%s:%s" "$DOCKER_USER" "$DOCKER_PASS" | base64 -w0) - # Push latest tag + # Build + Push SHA tag buildctl build \ --frontend dockerfile.v0 \ --local context="${GITHUB_WORKSPACE}/traefik" \ --local dockerfile="${GITHUB_WORKSPACE}/traefik" \ --opt platform=linux/amd64 \ - --output type=image,name=${IMAGE_LATEST},push=true + --output type=registry,name=${IMAGE_SHA},push=true,registry.insecure=false,registry.auth=$AUTH + + # Build + Push latest tag + buildctl build \ + --frontend dockerfile.v0 \ + --local context="${GITHUB_WORKSPACE}/traefik" \ + --local dockerfile="${GITHUB_WORKSPACE}/traefik" \ + --opt platform=linux/amd64 \ + --output type=registry,name=${IMAGE_LATEST},push=true,registry.insecure=false,registry.auth=$AUTH # ----------------------------------------------------- # Apply Storage Classes + PVCs @@ -93,7 +83,6 @@ jobs: run: | kubectl apply -f traefik/storageclass/storageclass.yaml kubectl apply -f traefik/storageclass/certs-pv.yaml - kubectl get storageclass # ----------------------------------------------------- # Install Traefik CRDs (idempotent) @@ -101,12 +90,9 @@ jobs: - name: Install Traefik CRDs run: | if ! kubectl get crd ingressroutes.traefik.containo.us >/dev/null 2>&1; then - echo "Installing Traefik CRDs..." kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/user-guides/crd-acme/05-tlsoption.yml - else - echo "Traefik CRDs already exist — skipping." fi # ----------------------------------------------------- @@ -131,21 +117,21 @@ jobs: kubectl apply -f traefik/who-am-i/whoami-ingressroute.yml # ----------------------------------------------------- - # Default namespace registry secret + # Create registry secret in default namespace # ----------------------------------------------------- - name: Create registry secret (default) run: | kubectl apply -f traefik/docker-registry-credentials/docker-credentials.yml # ----------------------------------------------------- - # Create staging namespace + # Ensure staging namespace exists # ----------------------------------------------------- - name: Create staging namespace run: | kubectl get ns staging >/dev/null 2>&1 || kubectl create namespace staging # ----------------------------------------------------- - # Add registry secret to staging namespace + # Apply registry secret to staging # ----------------------------------------------------- - name: Registry secret to staging run: |