From d697dd21e93bf2b6cc74125d708e000c01691d48 Mon Sep 17 00:00:00 2001
From: Jun-te Kim <junte.kim@mealcraft.com>
Date: Sat, 6 Dec 2025 21:48:16 +0000
Subject: [PATCH] save

---
 .github/workflows/k8s_traefik_init_setup.yml | 78 +++++++++++++-------
 github_runner/install/install_arc.sh         | 15 +---
 2 files changed, 54 insertions(+), 39 deletions(-)

diff --git a/.github/workflows/k8s_traefik_init_setup.yml b/.github/workflows/k8s_traefik_init_setup.yml
index 00eb0f4..ee11172 100644
--- a/.github/workflows/k8s_traefik_init_setup.yml
+++ b/.github/workflows/k8s_traefik_init_setup.yml
@@ -7,27 +7,25 @@ jobs:
   bootstrap:
     runs-on: mealcraft-runners
 
-    container:
-      image: docker:24.0-dind
-      options: --privileged
-
     steps:
+    # -----------------------------------------------------
+    # Checkout Repo
+    # -----------------------------------------------------
     - uses: actions/checkout@v4
 
-    # Start the docker daemon manually (REQUIRED)
-    - name: Start Docker daemon
-      run: |
-        dockerd-entrypoint.sh >/tmp/dockerd.log 2>&1 &
-        echo "Waiting for Docker to start..."
-        sleep 10
-        docker info
-
+    # -----------------------------------------------------
+    # Install kubectl
+    # -----------------------------------------------------
     - name: Install kubectl
       run: |
-        apk add --no-cache curl ca-certificates bash
+        sudo apt-get update
+        sudo apt-get install -y ca-certificates curl
         curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
-        install -m 0755 kubectl /usr/local/bin/kubectl
+        sudo install -m 0755 kubectl /usr/local/bin/kubectl
 
+    # -----------------------------------------------------
+    # Configure kubeconfig via ARC pod token
+    # -----------------------------------------------------
     - name: Configure kubeconfig
       run: |
         KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT"
@@ -40,27 +38,31 @@ jobs:
         kubectl config set-context runner-context --cluster=microk8s --user=runner --namespace="$NAMESPACE"
         kubectl config use-context runner-context
 
-    - name: Login to Docker Hub
-      uses: docker/login-action@v3
+    # -----------------------------------------------------
+    # Build & Push Image with Kaniko (ARC-compatible)
+    # -----------------------------------------------------
+    - name: Build and Push Traefik Image (Kaniko)
+      uses: aevea/action-kaniko@v1
       with:
+        registry: docker.io
         username: ${{ secrets.DOCKER_HUB_USERNAME }}
         password: ${{ secrets.DOCKER_HUB_TOKEN }}
+        image: kimjunte/edge_router
+        tag: ${{ github.sha }},latest
+        path: traefik
+        dockerfile: traefik/Dockerfile
 
-    - name: Build and Push Traefik Image
-      uses: docker/build-push-action@v5
-      with:
-        context: ./traefik
-        file: ./traefik/Dockerfile
-        push: true
-        tags: |
-          docker.io/kimjunte/edge_router:${{ github.sha }}
-          docker.io/kimjunte/edge_router:latest
-
+    # -----------------------------------------------------
+    # Apply Storage Classes + PVCs
+    # -----------------------------------------------------
     - name: Apply StorageClass + PV
       run: |
         kubectl apply -f traefik/storageclass/storageclass.yaml
         kubectl apply -f traefik/storageclass/certs-pv.yaml
 
+    # -----------------------------------------------------
+    # Install Traefik CRDs (idempotent)
+    # -----------------------------------------------------
     - name: Install Traefik CRDs
       run: |
         if ! kubectl get crd ingressroutes.traefik.containo.us >/dev/null 2>&1; then
@@ -69,6 +71,9 @@ jobs:
           kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/user-guides/crd-acme/05-tlsoption.yml
         fi
 
+    # -----------------------------------------------------
+    # Deploy Traefik
+    # -----------------------------------------------------
     - name: Deploy Traefik
       run: |
         kubectl apply -f traefik/edge-router/pvc.yaml
@@ -78,7 +83,26 @@ jobs:
         kubectl apply -f traefik/edge-router/secret-dashboard.yml
         kubectl apply -f traefik/edge-router/traefik-ingressroute.yml
 
+    # -----------------------------------------------------
+    # Deploy whoami test service
+    # -----------------------------------------------------
     - name: Deploy whoami
       run: |
         kubectl apply -f traefik/who-am-i/whoami-deployment.yml
-        kubectl apply -f traefik/who-am-i/whoami-servi
+        kubectl apply -f traefik/who-am-i/whoami-service.yml
+        kubectl apply -f traefik/who-am-i/whoami-ingressroute.yml
+
+    # -----------------------------------------------------
+    # Registry secrets
+    # -----------------------------------------------------
+    - name: Create registry secret (default)
+      run: kubectl apply -f traefik/docker-registry-credentials/docker-credentials.yml
+
+    - name: Create staging namespace
+      run: kubectl get ns staging >/dev/null 2>&1 || kubectl create namespace staging
+
+    - name: Registry secret to staging
+      run: |
+        sed 's/namespace: default/namespace: staging/' \
+          traefik/docker-registry-credentials/docker-credentials.yml \
+          | kubectl apply -f -
diff --git a/github_runner/install/install_arc.sh b/github_runner/install/install_arc.sh
index f8b7bd3..cc9d837 100644
--- a/github_runner/install/install_arc.sh
+++ b/github_runner/install/install_arc.sh
@@ -21,6 +21,7 @@ helm install arc \
 
 helm uninstall mealcraft-runners -n arc-systems || true
 
+echo "=== Install MealCraft Runner Scale Set (NO Docker-in-Docker) ==="
 helm install mealcraft-runners \
   --namespace arc-systems \
   --create-namespace \
@@ -28,18 +29,8 @@ helm install mealcraft-runners \
   --set githubConfigUrl="https://github.com/MealCraft" \
   --set githubConfigSecret.name="github-secret" \
   --set githubConfigSecret.github_token="$GITHUB_PAT" \
-  \
-  --set dockerInDockerEnabled=true \
-  \
-  --set containerMode.type="kubernetes" \
-  --set containerMode.kubernetesModeDefaultContainer.image="docker:24.0-dind" \
-  --set containerMode.kubernetesModeDefaultContainer.options="--privileged" \
-  --set containerMode.kubernetesModeDefaultContainer.workDirMountPath="/__w" \
-  \
-  --set containerMode.kubernetesModeWorkVolumeClaim.accessModes[0]="ReadWriteOnce" \
-  --set containerMode.kubernetesModeWorkVolumeClaim.storageClassName="microk8s-hostpath" \
-  --set containerMode.kubernetesModeWorkVolumeClaim.resources.requests.storage="20Gi" \
-  \
+  --set dockerInDockerEnabled=false \
+  --set containerMode.type="runner" \
   --set runnerLabels[0]="mealcraft" \
   oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set