Create IAM role for EKS:
aws iam create-role --role-name GithubRunnerArcEksRole --assume-role-policy-document file://"eks-iam-policy/eks-iam-role-trust-policy.json"Attach IAM policy role to the new EKS role created in the previous step:
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy --role-name GithubRunnerArcEksRoleShow the new IAM role created for EKS:
aws iam get-role --role-name GithubRunnerArcEksRoleCreate EKS cluster using eksctl:
eksctl create cluster -f ./eks-cluster-config/eks-cluster.yaml --timeout 15mEnable EKS logging cloudwatch:
eksctl utils update-cluster-logging --enable-types all --cluster "<eks-cluster-name>" --approveSet up kubeconfig:
aws eks update-kubeconfig --name "<eks-cluster-name>"To delete the EKS cluster, run this command:
eksctl delete cluster -f ./eks-cluster-config/eks-cluster.yaml --disable-nodegroup-eviction --timeout 15m --forceDeploy actions Runner controller operator:
helm install arc -n arc-systems \
--create-namespace \
oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controllerCheck if the ARC operator is running:
kubectl get po -A | grep "arc"To enable ARC to authenticate to GitHub, generate a personal access token or create GitHub App.
// to do
// to do
Create new namespace for arc runner scale set:
kubectl create ns arc-runnersCreate kubernetes secret for arc runner scale set using GitHub App:
kubectl create secret generic pre-defined-secret \
--namespace="arc-runners" \
--from-literal=github_app_id="<github-app-id>" \
--from-literal=github_app_installation_id="<github-app-installation-id>" \
--from-literal=github_app_private_key='<github-app-private-key>'Create kubernetes secret for arc runner scale set using personal access token (PAT):
kubectl create secret generic pre-defined-secret \
--namespace="arc-runners" \
--from-literal=github_token='<github-personal-access-token>'Check if the secret was created in arc-runners namespace:
kubectl get secret -n arc-runnersDeploy actions runner controller scale set:
GITHUB_CONFIG_URL="https://github.com/<github-org-name>"helm install arc-runner-set -n arc-runners \
--create-namespace \
--set githubConfigUrl="${GITHUB_CONFIG_URL}" \
--set githubConfigSecret="pre-defined-secret" \
oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-setNOTE: If you got error when installing arc-runner-set using personal access token (PAT), installing as follow:
Get logs from listener pod:
kubectl logs -n arc-systems -l app.kubernetes.io/component=runner-scale-set-listenerError
2024-04-16T08:30:52Z INFO listener-app app initialized
2024-04-16T08:30:52Z INFO listener-app Starting listener
2024-04-16T08:30:52Z INFO listener-app refreshing token {"githubConfigUrl": "https://github.com/my-org-testnet"}
2024-04-16T08:30:52Z INFO listener-app getting runner registration token {"registrationTokenURL": "https://api.github.com/orgs/my-org-testnet/actions/runners/registration-token"}
2024-04-16T08:30:52Z INFO listener-app getting Actions tenant URL and JWT {"registrationURL": "https://api.github.com/actions/runner-registration"} 2024/04/16 08:30:52 Application returned an error: createSession failed: failed to create session: 409 - had issue communicating with Actions backend: The runner scale set arc-runner-set already has an active session for owner arc-runner-set-754b578d-listener.Workaround
helm install arc-runner-set -n arc-runners \
--create-namespace \
--set githubConfigUrl="${GITHUB_CONFIG_URL}" \
--set githubConfigSecret="pre-defined-secret" \
--set env="LISTENER_ENTRYPOINT=github-runnerscaleset-listener" \
oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-setYou can see more about this issue in this link ARC - createSession 409 error
Check helm release installations:
helm ls -A -o yamlGet status from helm release chart:
helm status arc -n arc-systemsCheck controller and operator manager pods in the arc-systems namespace:
kubectl get po -n arc-systemsDeregister github runner arc:
helm uninstall arc-runner-set -n arc-runners