From e879150b2d6292d593788966b2405c16eed7ae5a Mon Sep 17 00:00:00 2001
From: Steven Kreitzer <skre@skre.me>
Date: Mon, 13 Jan 2025 07:49:21 -0600
Subject: [PATCH] refactor(arc): actions-runner-controller namespace (#3300)

---
 .github/workflows/helm-repository-sync.yaml   |  2 +-
 .github/workflows/pre-pull-images.yaml        |  2 +-
 .taskfiles/kubernetes/Taskfile.yaml           |  8 ++--
 .../app/externalsecret.yaml                   |  4 +-
 .../app/helmrelease.yaml                      |  7 ++-
 .../app/kustomization.yaml                    |  0
 .../actions-runner-controller/ks.yaml         | 45 +++++++++++++++++++
 .../runners/k8s-gitops}/helmrelease.yaml      | 32 +++++++------
 .../runners/k8s-gitops}/kustomization.yaml    |  0
 .../runners/k8s-gitops}/rbac.yaml             |  8 ++--
 .../runners/kustomization.yaml                |  5 +++
 .../gha-runner-scale-set-controller/ks.yaml   | 22 ---------
 .../gha-runner-scale-set/ks.yaml              | 23 ----------
 .../actions-runner-system/kustomization.yaml  |  3 +-
 14 files changed, 81 insertions(+), 80 deletions(-)
 rename kubernetes/apps/actions-runner-system/{gha-runner-scale-set-controller => actions-runner-controller}/app/externalsecret.yaml (90%)
 rename kubernetes/apps/actions-runner-system/{gha-runner-scale-set-controller => actions-runner-controller}/app/helmrelease.yaml (82%)
 rename kubernetes/apps/actions-runner-system/{gha-runner-scale-set-controller => actions-runner-controller}/app/kustomization.yaml (100%)
 create mode 100644 kubernetes/apps/actions-runner-system/actions-runner-controller/ks.yaml
 rename kubernetes/apps/actions-runner-system/{gha-runner-scale-set/app => actions-runner-controller/runners/k8s-gitops}/helmrelease.yaml (75%)
 rename kubernetes/apps/actions-runner-system/{gha-runner-scale-set/app => actions-runner-controller/runners/k8s-gitops}/kustomization.yaml (100%)
 rename kubernetes/apps/actions-runner-system/{gha-runner-scale-set/app => actions-runner-controller/runners/k8s-gitops}/rbac.yaml (78%)
 create mode 100644 kubernetes/apps/actions-runner-system/actions-runner-controller/runners/kustomization.yaml
 delete mode 100644 kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/ks.yaml
 delete mode 100644 kubernetes/apps/actions-runner-system/gha-runner-scale-set/ks.yaml

diff --git a/.github/workflows/helm-repository-sync.yaml b/.github/workflows/helm-repository-sync.yaml
index e1862de8b7..dc38d8cea6 100644
--- a/.github/workflows/helm-repository-sync.yaml
+++ b/.github/workflows/helm-repository-sync.yaml
@@ -18,7 +18,7 @@ on:
 jobs:
   sync:
     name: Helm Repository Sync
-    runs-on: ["gha-runner-scale-set"]
+    runs-on: ["k8s-gitops-runner"]
     steps:
       - name: Setup Homebrew
         uses: Homebrew/actions/setup-homebrew@master
diff --git a/.github/workflows/pre-pull-images.yaml b/.github/workflows/pre-pull-images.yaml
index 1d5cf09391..862ef89956 100644
--- a/.github/workflows/pre-pull-images.yaml
+++ b/.github/workflows/pre-pull-images.yaml
@@ -75,7 +75,7 @@ jobs:
   pre-pull-images:
     if: ${{ needs.compare-images.outputs.images != '[]' }}
     name: Pre-pull Images
-    runs-on: ["gha-runner-scale-set"]
+    runs-on: ["k8s-gitops-runner"]
     needs: ["compare-images"]
     strategy:
       matrix:
diff --git a/.taskfiles/kubernetes/Taskfile.yaml b/.taskfiles/kubernetes/Taskfile.yaml
index 4ac8405757..42b1697a3b 100644
--- a/.taskfiles/kubernetes/Taskfile.yaml
+++ b/.taskfiles/kubernetes/Taskfile.yaml
@@ -72,10 +72,10 @@ tasks:
   upgrade-arc:
     desc: Upgrade the ARC
     cmds:
-      - helm -n actions-runner-system uninstall gha-runner-scale-set
-      - helm -n actions-runner-system uninstall gha-runner-scale-set-controller
+      - helm -n actions-runner-system uninstall k8s-gitops-runner
+      - helm -n actions-runner-system uninstall actions-runner-controller
       - sleep 5
-      - flux -n actions-runner-system reconcile hr gha-runner-scale-set-controller
-      - flux -n actions-runner-system reconcile hr gha-runner-scale-set
+      - flux -n actions-runner-system reconcile hr actions-runner-controller
+      - flux -n actions-runner-system reconcile hr k8s-gitops-runner
     preconditions:
       - which flux helm
diff --git a/kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app/externalsecret.yaml b/kubernetes/apps/actions-runner-system/actions-runner-controller/app/externalsecret.yaml
similarity index 90%
rename from kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app/externalsecret.yaml
rename to kubernetes/apps/actions-runner-system/actions-runner-controller/app/externalsecret.yaml
index 09f96d185f..e9c9a967d0 100644
--- a/kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app/externalsecret.yaml
+++ b/kubernetes/apps/actions-runner-system/actions-runner-controller/app/externalsecret.yaml
@@ -2,13 +2,13 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: actions-runner-controller-auth
+  name: actions-runner-controller
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
     name: onepassword-connect
   target:
-    name: actions-runner-controller-auth-secret
+    name: actions-runner-controller-secret
     creationPolicy: Owner
     template:
       engineVersion: v2
diff --git a/kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app/helmrelease.yaml b/kubernetes/apps/actions-runner-system/actions-runner-controller/app/helmrelease.yaml
similarity index 82%
rename from kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app/helmrelease.yaml
rename to kubernetes/apps/actions-runner-system/actions-runner-controller/app/helmrelease.yaml
index f30c7bbd17..d5f0bd5bba 100644
--- a/kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app/helmrelease.yaml
+++ b/kubernetes/apps/actions-runner-system/actions-runner-controller/app/helmrelease.yaml
@@ -2,7 +2,7 @@
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
-  name: &app gha-runner-scale-set-controller
+  name: &name actions-runner-controller
 spec:
   interval: 30m
   chart:
@@ -13,8 +13,6 @@ spec:
         kind: HelmRepository
         name: actions-runner-controller
         namespace: flux-system
-  driftDetection:
-    mode: enabled
   install:
     crds: CreateReplace
     remediation:
@@ -26,4 +24,5 @@ spec:
       strategy: rollback
       retries: 3
   values:
-    fullnameOverride: *app
+    fullnameOverride: *name
+    replicaCount: 1
diff --git a/kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app/kustomization.yaml b/kubernetes/apps/actions-runner-system/actions-runner-controller/app/kustomization.yaml
similarity index 100%
rename from kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app/kustomization.yaml
rename to kubernetes/apps/actions-runner-system/actions-runner-controller/app/kustomization.yaml
diff --git a/kubernetes/apps/actions-runner-system/actions-runner-controller/ks.yaml b/kubernetes/apps/actions-runner-system/actions-runner-controller/ks.yaml
new file mode 100644
index 0000000000..c4df72651f
--- /dev/null
+++ b/kubernetes/apps/actions-runner-system/actions-runner-controller/ks.yaml
@@ -0,0 +1,45 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app actions-runner-controller
+  namespace: flux-system
+spec:
+  targetNamespace: actions-runner-system
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: external-secrets-stores
+  path: ./kubernetes/apps/actions-runner-system/actions-runner-controller/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app actions-runner-controller-runners
+  namespace: flux-system
+spec:
+  targetNamespace: actions-runner-system
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: actions-runner-controller
+    - name: openebs
+  path: ./kubernetes/apps/actions-runner-system/actions-runner-controller/runners
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
diff --git a/kubernetes/apps/actions-runner-system/gha-runner-scale-set/app/helmrelease.yaml b/kubernetes/apps/actions-runner-system/actions-runner-controller/runners/k8s-gitops/helmrelease.yaml
similarity index 75%
rename from kubernetes/apps/actions-runner-system/gha-runner-scale-set/app/helmrelease.yaml
rename to kubernetes/apps/actions-runner-system/actions-runner-controller/runners/k8s-gitops/helmrelease.yaml
index 0126f6acf4..5d9646d662 100644
--- a/kubernetes/apps/actions-runner-system/gha-runner-scale-set/app/helmrelease.yaml
+++ b/kubernetes/apps/actions-runner-system/actions-runner-controller/runners/k8s-gitops/helmrelease.yaml
@@ -2,7 +2,7 @@
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
-  name: &app gha-runner-scale-set
+  name: &app k8s-gitops-runner
 spec:
   interval: 30m
   chart:
@@ -13,8 +13,6 @@ spec:
         kind: HelmRepository
         name: actions-runner-controller
         namespace: flux-system
-  driftDetection:
-    mode: enabled
   install:
     remediation:
       retries: 3
@@ -24,18 +22,18 @@ spec:
       strategy: rollback
       retries: 3
   valuesFrom:
-    - kind: Secret
-      name: actions-runner-controller-auth-secret
+    - targetPath: githubConfigSecret.github_app_id
+      kind: Secret
+      name: actions-runner-controller-secret
       valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID
-      targetPath: githubConfigSecret.github_app_id
-    - kind: Secret
-      name: actions-runner-controller-auth-secret
+    - targetPath: githubConfigSecret.github_app_installation_id
+      kind: Secret
+      name: actions-runner-controller-secret
       valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID
-      targetPath: githubConfigSecret.github_app_installation_id
-    - kind: Secret
-      name: actions-runner-controller-auth-secret
+    - targetPath: githubConfigSecret.github_app_private_key
+      kind: Secret
+      name: actions-runner-controller-secret
       valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY
-      targetPath: githubConfigSecret.github_app_private_key
   values:
     nameOverride: *app
     runnerScaleSetName: *app
@@ -50,6 +48,9 @@ spec:
           requests:
             storage: 25Gi
         storageClassName: openebs-hostpath
+    controllerServiceAccount:
+      name: actions-runner-controller
+      namespace: actions-runner-system
     template:
       spec:
         containers:
@@ -68,11 +69,8 @@ spec:
               - mountPath: /var/run/secrets/talos.dev
                 name: talos
                 readOnly: true
-        serviceAccountName: actions-runner
+        serviceAccountName: *app
         volumes:
           - name: talos
             secret:
-              secretName: actions-runner
-    controllerServiceAccount:
-      name: gha-runner-scale-set-controller
-      namespace: actions-runner-system
+              secretName: *app
diff --git a/kubernetes/apps/actions-runner-system/gha-runner-scale-set/app/kustomization.yaml b/kubernetes/apps/actions-runner-system/actions-runner-controller/runners/k8s-gitops/kustomization.yaml
similarity index 100%
rename from kubernetes/apps/actions-runner-system/gha-runner-scale-set/app/kustomization.yaml
rename to kubernetes/apps/actions-runner-system/actions-runner-controller/runners/k8s-gitops/kustomization.yaml
diff --git a/kubernetes/apps/actions-runner-system/gha-runner-scale-set/app/rbac.yaml b/kubernetes/apps/actions-runner-system/actions-runner-controller/runners/k8s-gitops/rbac.yaml
similarity index 78%
rename from kubernetes/apps/actions-runner-system/gha-runner-scale-set/app/rbac.yaml
rename to kubernetes/apps/actions-runner-system/actions-runner-controller/runners/k8s-gitops/rbac.yaml
index 6518dc44e2..dbd971e438 100644
--- a/kubernetes/apps/actions-runner-system/gha-runner-scale-set/app/rbac.yaml
+++ b/kubernetes/apps/actions-runner-system/actions-runner-controller/runners/k8s-gitops/rbac.yaml
@@ -2,25 +2,25 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: actions-runner
+  name: k8s-gitops-runner
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: actions-runner
+  name: k8s-gitops-runner
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: cluster-admin
 subjects:
   - kind: ServiceAccount
-    name: actions-runner
+    name: k8s-gitops-runner
     namespace: actions-runner-system
 ---
 apiVersion: talos.dev/v1alpha1
 kind: ServiceAccount
 metadata:
-  name: actions-runner
+  name: k8s-gitops-runner
 spec:
   roles:
     - os:admin
diff --git a/kubernetes/apps/actions-runner-system/actions-runner-controller/runners/kustomization.yaml b/kubernetes/apps/actions-runner-system/actions-runner-controller/runners/kustomization.yaml
new file mode 100644
index 0000000000..4905906c95
--- /dev/null
+++ b/kubernetes/apps/actions-runner-system/actions-runner-controller/runners/kustomization.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./k8s-gitops
diff --git a/kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/ks.yaml b/kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/ks.yaml
deleted file mode 100644
index 0f783b032a..0000000000
--- a/kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/ks.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app gha-runner-scale-set-controller
-  namespace: flux-system
-spec:
-  targetNamespace: actions-runner-system
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  dependsOn:
-    - name: external-secrets-stores
-  path: ./kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  wait: true
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
diff --git a/kubernetes/apps/actions-runner-system/gha-runner-scale-set/ks.yaml b/kubernetes/apps/actions-runner-system/gha-runner-scale-set/ks.yaml
deleted file mode 100644
index e60cfedaf5..0000000000
--- a/kubernetes/apps/actions-runner-system/gha-runner-scale-set/ks.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app gha-runner-scale-set
-  namespace: flux-system
-spec:
-  targetNamespace: actions-runner-system
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  dependsOn:
-    - name: gha-runner-scale-set-controller
-    - name: openebs
-  path: ./kubernetes/apps/actions-runner-system/gha-runner-scale-set/app
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  wait: true
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
diff --git a/kubernetes/apps/actions-runner-system/kustomization.yaml b/kubernetes/apps/actions-runner-system/kustomization.yaml
index 1c2f9a4893..eaf0931160 100644
--- a/kubernetes/apps/actions-runner-system/kustomization.yaml
+++ b/kubernetes/apps/actions-runner-system/kustomization.yaml
@@ -3,5 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./namespace.yaml
-  - ./gha-runner-scale-set/ks.yaml
-  - ./gha-runner-scale-set-controller/ks.yaml
+  - ./actions-runner-controller/ks.yaml