From cb5b325790242b0f085317935ce754dfbf1116fa Mon Sep 17 00:00:00 2001
From: Jun-te Kim <junte.kim@mealcraft.com>
Date: Sat, 6 Dec 2025 21:31:51 +0000
Subject: [PATCH] save

---
 .github/workflows/k8s_traefik_init_setup.yml | 75 ++++++++------------
 github_runner/install/install_arc.sh         | 48 +++++++------
 2 files changed, 55 insertions(+), 68 deletions(-)

diff --git a/.github/workflows/k8s_traefik_init_setup.yml b/.github/workflows/k8s_traefik_init_setup.yml
index 24b975e..8ff8907 100644
--- a/.github/workflows/k8s_traefik_init_setup.yml
+++ b/.github/workflows/k8s_traefik_init_setup.yml
@@ -7,6 +7,13 @@ jobs:
   bootstrap:
     runs-on: mealcraft-runners
 
+    # -----------------------------------------------------
+    # REQUIRED: Use Docker DinD job container
+    # -----------------------------------------------------
+    container:
+      image: docker:24.0-dind
+      options: --privileged
+
     steps:
     # -----------------------------------------------------
     # Checkout Repo
@@ -18,10 +25,9 @@ jobs:
     # -----------------------------------------------------
     - name: Install kubectl
       run: |
-        sudo apt-get update
-        sudo apt-get install -y ca-certificates curl
+        apk add --no-cache curl ca-certificates bash
         curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
-        sudo install -m 0755 kubectl /usr/local/bin/kubectl
+        install -m 0755 kubectl /usr/local/bin/kubectl
 
     # -----------------------------------------------------
     # Configure kubeconfig via ARC pod token
@@ -39,43 +45,26 @@ jobs:
         kubectl config use-context runner-context
 
     # -----------------------------------------------------
-    # Install buildctl (standalone BuildKit client)
+    # Docker Login
     # -----------------------------------------------------
-    - name: Install buildctl
-      run: |
-        sudo apt-get update && sudo apt-get install -y curl
-        curl -sSL https://github.com/moby/buildkit/releases/download/v0.12.5/buildkit-v0.12.5.linux-amd64.tar.gz -o buildkit.tar.gz
-        tar -xzf buildkit.tar.gz
-        sudo mv bin/buildctl /usr/local/bin/
-        sudo chmod +x /usr/local/bin/buildctl
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKER_HUB_USERNAME }}
+        password: ${{ secrets.DOCKER_HUB_PASSWORD }}
 
     # -----------------------------------------------------
-    # Build & Push Docker Image (NO docker, NO buildx, NO daemon)
+    # Build & Push Docker Image (Docker-in-Docker)
     # -----------------------------------------------------
-    - name: Build & Push Traefik Image
-      env:
-        DOCKER_USER: ${{ secrets.DOCKER_HUB_USERNAME }}
-        DOCKER_PASS: ${{ secrets.DOCKER_HUB_PASSWORD }}
-        IMAGE_SHA: docker.io/kimjunte/edge_router:${{ github.sha }}
-        IMAGE_LATEST: docker.io/kimjunte/edge_router:latest
-      run: |
-        AUTH=$(printf "%s:%s" "$DOCKER_USER" "$DOCKER_PASS" | base64 -w0)
-
-        # Build + Push SHA tag
-        buildctl build \
-          --frontend dockerfile.v0 \
-          --local context="${GITHUB_WORKSPACE}/traefik" \
-          --local dockerfile="${GITHUB_WORKSPACE}/traefik" \
-          --opt platform=linux/amd64 \
-          --output type=registry,name=${IMAGE_SHA},push=true,registry.auth=${AUTH}
-
-        # Build + Push latest tag
-        buildctl build \
-          --frontend dockerfile.v0 \
-          --local context="${GITHUB_WORKSPACE}/traefik" \
-          --local dockerfile="${GITHUB_WORKSPACE}/traefik" \
-          --opt platform=linux/amd64 \
-          --output type=registry,name=${IMAGE_LATEST},push=true,registry.auth=${AUTH}
+    - name: Build and Push Traefik Image
+      uses: docker/build-push-action@v5
+      with:
+        context: ./traefik
+        file: ./traefik/Dockerfile
+        push: true
+        tags: |
+          docker.io/kimjunte/edge_router:${{ github.sha }}
+          docker.io/kimjunte/edge_router:latest
 
     # -----------------------------------------------------
     # Apply Storage Classes + PVCs
@@ -118,22 +107,14 @@ jobs:
         kubectl apply -f traefik/who-am-i/whoami-ingressroute.yml
 
     # -----------------------------------------------------
-    # Create registry secret in default namespace
+    # Registry secrets
     # -----------------------------------------------------
     - name: Create registry secret (default)
-      run: |
-        kubectl apply -f traefik/docker-registry-credentials/docker-credentials.yml
+      run: kubectl apply -f traefik/docker-registry-credentials/docker-credentials.yml
 
-    # -----------------------------------------------------
-    # Ensure staging namespace exists
-    # -----------------------------------------------------
     - name: Create staging namespace
-      run: |
-        kubectl get ns staging >/dev/null 2>&1 || kubectl create namespace staging
+      run: kubectl get ns staging >/dev/null 2>&1 || kubectl create namespace staging
 
-    # -----------------------------------------------------
-    # Apply registry secret to staging
-    # -----------------------------------------------------
     - name: Registry secret to staging
       run: |
         sed 's/namespace: default/namespace: staging/' \
diff --git a/github_runner/install/install_arc.sh b/github_runner/install/install_arc.sh
index 9e16758..830ab53 100644
--- a/github_runner/install/install_arc.sh
+++ b/github_runner/install/install_arc.sh
@@ -11,30 +11,36 @@ set -ex
 # sudo usermod -aG microk8s $USER
 # sudo chown -f -R $USER ~/.kube
 
-# helm uninstall arc -n arc-systems || true
+helm uninstall arc -n arc-systems || true
 
-# echo "=== Install ARC Scale Set Controller ==="
-# helm install arc \
-#   --namespace arc-systems \
-#   --create-namespace \
-#   oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller
+echo "=== Install ARC Scale Set Controller ==="
+helm install arc \
+  --namespace arc-systems \
+  --create-namespace \
+  oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller
 
-# helm uninstall mealcraft-runners -n arc-systems || true
+helm uninstall mealcraft-runners -n arc-systems || true
 
-# helm install mealcraft-runners \
-#   --namespace arc-systems \
-#   --create-namespace \
-#   --set runnerScaleSetName="mealcraft-runners" \
-#   --set githubConfigUrl="https://github.com/MealCraft" \
-#   --set githubConfigSecret.name="github-secret" \
-#   --set githubConfigSecret.github_token="$GITHUB_PAT" \
-#   --set containerMode.type="kubernetes" \
-#   --set containerMode.kubernetesModeDefaultContainer.image="ubuntu:22.04" \
-#   --set containerMode.kubernetesModeWorkVolumeClaim.accessModes[0]="ReadWriteOnce" \
-#   --set containerMode.kubernetesModeWorkVolumeClaim.storageClassName="microk8s-hostpath" \
-#   --set containerMode.kubernetesModeWorkVolumeClaim.resources.requests.storage="1Gi" \
-#   --set runnerLabels[0]="mealcraft" \
-#   oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set
+helm install mealcraft-runners \
+  --namespace arc-systems \
+  --create-namespace \
+  --set runnerScaleSetName="mealcraft-runners" \
+  --set githubConfigUrl="https://github.com/MealCraft" \
+  --set githubConfigSecret.name="github-secret" \
+  --set githubConfigSecret.github_token="$GITHUB_PAT" \
+  \
+  --set dockerInDockerEnabled=true \
+  \
+  --set containerMode.type="kubernetes" \
+  --set containerMode.kubernetesModeDefaultContainer.image="docker:24.0-dind" \
+  --set containerMode.kubernetesModeDefaultContainer.options="--privileged" \
+  \
+  --set containerMode.kubernetesModeWorkVolumeClaim.accessModes[0]="ReadWriteOnce" \
+  --set containerMode.kubernetesModeWorkVolumeClaim.storageClassName="microk8s-hostpath" \
+  --set containerMode.kubernetesModeWorkVolumeClaim.resources.requests.storage="20Gi" \
+  \
+  --set runnerLabels[0]="mealcraft" \
+  oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set
 
 echo "=== Applying RBAC for runner ==="