casa-vlan-cicd-runners - kustomization implementation

.gitignore

@@ -12,3 +12,4 @@ gitignore/*
 ansible/inventory.yml
 .env.d/*
 .tmp/**
+storage-limbosolutions-com/deploy/helm/values.private.yaml

README.md

@@ -17,6 +17,7 @@ For more information about k3s cluster/nodes setup check [readme](./docs/k3s-clu
 - [Zigbee2mqtt](#zigbee2mqtt)
 - [node-red](#node-red)
 - [core-dns](#core-dns)
+- [casa-vlan-cicd-runners (gitea act runners)](#casa-vlan-cicd-runners-gitea-act-runners)
 
 ## Home Assistant
 
@@ -97,3 +98,17 @@ data:
     #
 
 ```
+
+## casa-vlan-cicd-runners (gitea act runners)
+
+**Deploy app:**
+
+```bash
+./services/casa-vlan-cicd-runners/ops-scripts/apply-app.sh
+```
+
+**Deploy Infra:**
+
+```bash
+./services/casa-vlan-cicd-runners/ops-scripts/apply-infra.sh
+```

docs/k3s-cluster.md

@@ -7,6 +7,7 @@
 - [Master Node](#master-node)
   - [Master Node - proxmox vm](#master-node---proxmox-vm)
   - [Master Node - network configuration](#master-node---network-configuration)
+  - [Master Node - k3s setup](#master-node---k3s-setup)
 - [minion01 - worker node](#minion01---worker-node)
   - [Minion01 - proxmox vm](#minion01---proxmox-vm)
   - [Minion01 - k3s -setup](#minion01---k3s--setup)
@@ -45,8 +46,7 @@ EOF
 | **VLAN** | casa                           |
 | **IP**   | 192.168.14.9                   |
 | **OS**   | Debian GNU/Linux 12 (bookworm) |
-| **k3s**  | v1.34.3+k3s1 (48ffa7b6)        |
-| **go**   | go1.24.11                      |
+| **k3s**  | v1.35.0+k3s3                   |
 
 ### Master Node - proxmox vm
 
@@ -91,8 +91,10 @@ EOF
 
 ```
 
+### Master Node - k3s setup
+
 ``` bash
-curl -sfL https://get.k3s.io | sh -
+curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.35.0+k3s3 sh -
 ```
 
 **Taint NoSchedule on master node:**
@@ -146,8 +148,8 @@ sockets: 1
 # execute on server to get token
 # cat /var/lib/rancher/k3s/server/node-token
 
-TOKEN="???"
-curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="agent --data-dir /dataDisk/k3s --server https://casa.dev.lan:6443 --token ${TOKEN}" sh -s -
+K3S_TOKEN="???"
+curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.35.0+k3s3 INSTALL_K3S_EXEC="agent --data-dir /dataDisk/k3s --server https://casa.dev.lan:6443 --token ${K3S_TOKEN}" sh -s -
 ```
 
 Change kubectl -n kube-system edit configmap local-path-config on kube-system to set path to provisioner.

gitea-casa-vlan-cicd-runner/deploy/README.md

@@ -1,9 +0,0 @@
-# Deploy
-
-```bash
-set -a
-source ./.env
-set +a
-envsubst < ./secrets.yaml | kubectl apply -f -
-kubectl apply -f deploy.yaml
-```

gitea-casa-vlan-cicd-runner/deploy/secrets.yaml

@@ -1,13 +0,0 @@
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: casa-vlan-cicd-runners
-  namespace: casa-vlan-cicd
-stringData:
-  GITEA_INSTANCE_URL: ${GITEA_INSTANCE_URL}
-  GITEA_RUNNER_REGISTRATION_TOKEN: ${GITEA_RUNNER_REGISTRATION_TOKEN}
-  GITEA_MYLIMBO_RUNNER_NAME: ${GITEA_MYLIMBO_RUNNER_NAME}
-  GITEA_MYLIMBO_RUNNER_REGISTRATION_TOKEN: ${GITEA_MYLIMBO_RUNNER_REGISTRATION_TOKEN}
-  GITEA_MF_RUNNER_NAME: ${GITEA_MF_RUNNER_NAME}
-  GITEA_MF_RUNNER_REGISTRATION_TOKEN: ${GITEA_MF_RUNNER_REGISTRATION_TOKEN}

services/casa-vlan-cicd-runners/deploy/configmap.yaml

@@ -1,127 +1,9 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: casa-vlan-cicd
-
----
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  namespace: casa-vlan-cicd
-  name: casa-vlan-cicd-runners
-  labels:
-    app: casa-vlan-cicd-runners
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: casa-vlan-cicd-runners
-  template:
-    metadata:
-      labels:
-        app: casa-vlan-cicd-runners
-    spec:
-      nodeSelector:
-        role: worker-node
-      containers:
-        - name: mylimbo-casa-vlan-cicd-runners
-          image: git.limbosolutions.com/kb/gitea/act_runner:0.2.13-network-stack
-          imagePullPolicy: Always
-          env:
-            - name: LOG_LEVEL
-              value: "trace"
-        
-            - name: CONFIG_FILE
-              value: /config.yaml
-            - name: GITEA_INSTANCE_URL
-              valueFrom:
-                secretKeyRef:
-                  name: casa-vlan-cicd-runners
-                  key: GITEA_INSTANCE_URL
-            - name: GITEA_RUNNER_REGISTRATION_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  name: casa-vlan-cicd-runners
-                  key: GITEA_MYLIMBO_RUNNER_REGISTRATION_TOKEN
-            - name: GITEA_RUNNER_NAME
-              valueFrom:
-                secretKeyRef:
-                  name: casa-vlan-cicd-runners
-                  key: GITEA_MYLIMBO_RUNNER_NAME
-
-            - name: GITEA_RUNNER_CAPACITY
-              value: "1"
-            - name: GITEA_RUNNER_EPHEMERAL
-              value: "0"
-              
-          resources:
-            requests:
-              memory: "128Mi"
-              cpu: "100m"
-            limits:
-              memory: "512Mi"
-              cpu: "400m"
-          volumeMounts:
-            - name: config-map
-              mountPath: /config.yaml
-              subPath: config.yaml
-
-        - name: mf-casa-vlan-cicd-runners
-          image: git.limbosolutions.com/kb/gitea/act_runner:0.2.13-network-stack
-          imagePullPolicy: Always
-          env:
-            - name: LOG_LEVEL
-              value: "trace"
-        
-            - name: CONFIG_FILE
-              value: /config.yaml
-            - name: GITEA_INSTANCE_URL
-              valueFrom:
-                secretKeyRef:
-                  name: casa-vlan-cicd-runners
-                  key: GITEA_INSTANCE_URL
-            - name: GITEA_RUNNER_REGISTRATION_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  name: casa-vlan-cicd-runners
-                  key: GITEA_MF_RUNNER_REGISTRATION_TOKEN
-            - name: GITEA_RUNNER_NAME
-              valueFrom:
-                secretKeyRef:
-                  name: casa-vlan-cicd-runners
-                  key: GITEA_MF_RUNNER_NAME
-                  
-            - name: GITEA_RUNNER_CAPACITY
-              value: "1"
-            - name: GITEA_RUNNER_EPHEMERAL
-              value: "0"
-          resources:
-            requests:
-              memory: "128Mi"
-              cpu: "100m"
-            limits:
-              memory: " 512Mi"
-              cpu: "400m"
-          volumeMounts:
-            - name: config-map
-              mountPath: /config.yaml
-              subPath: config.yaml
-
-      
-      volumes:
-      - name: config-map
-        configMap: 
-          name: casa-vlan-cicd-runners
-
----
 
 
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: casa-vlan-cicd-runners
-  namespace: casa-vlan-cicd
 data: 
   config.yaml: |
     # Example configuration file, it's safe to copy this as the default config file without any modification.

services/casa-vlan-cicd-runners/deploy/deployment.yaml

@@ -0,0 +1,103 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: casa-vlan-cicd-runners
+  labels:
+    app: casa-vlan-cicd-runners
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: casa-vlan-cicd-runners
+  template:
+    metadata:
+      labels:
+        app: casa-vlan-cicd-runners
+    spec:
+      nodeSelector:
+        role: worker-node
+      containers:
+        - name: mylimbo-casa-vlan-cicd-runner
+          image: git.limbosolutions.com/kb/gitea/act_runner:0.2.13-network-stack
+          imagePullPolicy: Always
+          env:
+            - name: LOG_LEVEL
+              value: "trace"
+        
+            - name: CONFIG_FILE
+              value: /config.yaml
+            - name: GITEA_INSTANCE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: casa-vlan-cicd-runners
+                  key: GITEA_INSTANCE_URL
+            - name: GITEA_RUNNER_REGISTRATION_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: casa-vlan-cicd-runners
+                  key: GITEA_MYLIMBO_RUNNER_REGISTRATION_TOKEN
+            - name: GITEA_RUNNER_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: casa-vlan-cicd-runners
+                  key: GITEA_MYLIMBO_RUNNER_NAME
+
+            - name: GITEA_RUNNER_EPHEMERAL
+              value: "0"
+              
+          resources:
+            requests:
+              memory: "128Mi"
+              cpu: "100m"
+            limits:
+              memory: "512Mi"
+              cpu: "400m"
+          volumeMounts:
+            - name: config-map
+              mountPath: /config.yaml
+              subPath: config.yaml
+
+        - name: mf-casa-vlan-cicd-runner
+          image: git.limbosolutions.com/kb/gitea/act_runner:0.2.13-network-stack
+          imagePullPolicy: Always
+          env:
+            - name: LOG_LEVEL
+              value: "trace"
+        
+            - name: CONFIG_FILE
+              value: /config.yaml
+            - name: GITEA_INSTANCE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: casa-vlan-cicd-runners
+                  key: GITEA_INSTANCE_URL
+            - name: GITEA_RUNNER_REGISTRATION_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: casa-vlan-cicd-runners
+                  key: GITEA_MF_RUNNER_REGISTRATION_TOKEN
+            - name: GITEA_RUNNER_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: casa-vlan-cicd-runners
+                  key: GITEA_MF_RUNNER_NAME
+
+            - name: GITEA_RUNNER_EPHEMERAL
+              value: "0"
+          resources:
+            requests:
+              memory: "128Mi"
+              cpu: "100m"
+            limits:
+              memory: " 512Mi"
+              cpu: "400m"
+          volumeMounts:
+            - name: config-map
+              mountPath: /config.yaml
+              subPath: config.yaml
+
+      
+      volumes:
+      - name: config-map
+        configMap: 
+          name: casa-vlan-cicd-runners

services/casa-vlan-cicd-runners/deploy/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - configmap.yaml
+  - deployment.yaml
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+secretGenerator:
+  - name: casa-vlan-cicd-runners
+    envs: 
+      - .env.d/.env
+

services/casa-vlan-cicd-runners/ops-scripts/apply-app.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+set -e
+NAMESPACE=casa-vlan-cicd
+kubectl kustomize ./services/casa-vlan-cicd-runners/deploy | kubectl --namespace ${NAMESPACE} apply -f -

services/casa-vlan-cicd-runners/ops-scripts/apply-infra.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+set -e
+NAMESPACE=casa-vlan-cicd
+kubectl create namespace ${NAMESPACE} || true

storage-limbosolutions-com/deploy/helm/values.yaml

@@ -1,15 +1,43 @@
-
-seaweedfsFiler: "????:????" # # host and port of your SeaweedFs filer replace helm --set  
-storageClassName: storage-limbosolutions-com
+# host and port of your SeaweedFs filer
+seaweedfsFiler: "f???:8888"
+storageClassName: "storage-limbosolutions-com"
 storageClassVolumeBindingMode: Immediate
 isDefaultStorageClass: false
 tlsSecret: ""
-imagePullPolicy: "Always" # "Always"
-driverName: storage-limbosolutions-com-seaweedfs-csi
+imagePullPolicy: "Always"
+driverName: storage-limbosolutions-com-csi-driver
 
 controller:
-  # nodeSelector:
-  #   role: worker-node
+  hostNetwork: true
+  dnsPolicy: ClusterFirstWithHostNet
+  # tolerations:
+  # - key: "dedicated"
+  #   operator: "Equal"
+  #   value: "reserved"
+  #   effect: "NoSchedule"
+
+  # affinity:
+  #   nodeAffinity:
+  #     requiredDuringSchedulingIgnoredDuringExecution:
+  #       nodeSelectorTerms:
+  #       - matchExpressions:
+  #         - key: kubernetes.io/hostname
+  #           operator: "In"
+  #           values:
+  #           - worker-node
+mountService:
+  # Must be enabled for the CSI driver node component to mount volumes
+  enabled: true
+  # o ultimo chart values tem um bug que o latest não é verdadeira ultima versão
+  # a versão que está puxar com latest tem um bug que o path para o volume náo é respeitado e usa o handle como nome da coleção
+  image: chrislusf/seaweedfs-mount:v1.4.4
+
+  # tolerations:
+  # - key: "dedicated"
+  #   operator: "Equal"
+  #   value: "reserved"
+  #   effect: "NoSchedule"
+
   resources: {}
   livenessProbe:
     failureThreshold:
@@ -23,30 +51,37 @@ controller:
 # Example-Value: "write_preferlocaldc"
 dataLocality: "none"
 
-mountService:
-  # Must be enabled for the CSI driver node component to mount volumes
-  enabled: true
-  image:  chrislusf/seaweedfs-mount:latest
-
 node:
-  # Deploy node daemonset
+  hostNetwork: true
+  dnsPolicy: ClusterFirstWithHostNet
   enabled: true
-  # When seaweedfs-csi-driver-node pod on node is recreated, all pods on same node using seaweed-csi PV will stop working.
-  # For safe update set updateStrategy.type: OnDelete and manually move pods who use seaweed-csi PV, then delete  seaweedfs-csi-driver-node damonset pod
   updateStrategy:
     type: RollingUpdate
     rollingUpdate:
       maxUnavailable: 25%
   affinity: {}
-  # dont set tolerations so is not installed on control-plane/master node
-  # tolerations: #dedicated=reserved:NoSchedule
-  # - key: "dedicated"
-  #   operator: "Equal"
-  #   value: "reserved"
-  #   effect: "NoSchedule"
+  tolerations: #dedicated=reserved:NoSchedule
+  - key: "dedicated"
+    operator: "Equal"
+    value: "reserved"
+    effect: "NoSchedule"
+
   livenessProbe:
     failureThreshold:
     initialDelaySeconds: 10
     timeoutSeconds: 3
     periodSeconds: 60
 
+# o ultimo chart values tem um bug que o latest não é verdadeira ultima versão
+# a versão que está puxar com latest tem um bug que o path para o volume náo é respeitado e usa o handle como nome da coleção
+
+seaweedfsCsiPlugin:
+  image: chrislusf/seaweedfs-csi-driver:v1.4.4
+  #image: chrislusf/seaweedfs-csi-driver:latest
+  securityContext:
+    privileged: true
+    capabilities:
+      add: ["SYS_ADMIN"]
+    allowPrivilegeEscalation: true
+
+

storage-limbosolutions-com/ops-scripts/apply.sh

@@ -7,6 +7,6 @@ helm repo add seaweedfs-csi-driver https://seaweedfs.github.io/seaweedfs-csi-dri
 helm repo update seaweedfs-csi-driver
 
 helm upgrade --install \
---set seaweedfsFiler=192.168.14.32:7888 \
 --values=./storage-limbosolutions-com/deploy/helm/values.yaml \
+--values=./storage-limbosolutions-com/deploy/helm/values.private.yaml \
 storage-limbosolutions-com-seaweedfs-csi-driver seaweedfs-csi-driver/seaweedfs-csi-driver --namespace storage-limbosolutions-com