update garm to main branch

apps/garm/README.md

@@ -0,0 +1,49 @@
+# garm
+
+This app deploys `garm` with external `garm-provider-k8s`.
+
+- API/UI ingress: `https://garm.lumpiasty.xyz`
+- Internal service DNS: `http://garm.garm.svc.cluster.local:9997`
+
+## Vault secret requirements
+
+`VaultStaticSecret` reads `secret/data/garm` and expects at least:
+
+- `jwt_auth_secret`
+- `database_passphrase` (must be 32 characters)
+
+## Connect garm to Gitea
+
+After Flux reconciles this app, initialize garm and add Gitea endpoint/credentials.
+
+```bash
+# 1) Initialize garm (from your local devenv shell)
+garm-cli init \
+  --name homelab \
+  --url https://garm.lumpiasty.xyz \
+  --username admin \
+  --email admin@lumpiasty.xyz \
+  --password '<STRONG_ADMIN_PASSWORD>' \
+  --metadata-url http://garm.garm.svc.cluster.local:9997/api/v1/metadata \
+  --callback-url http://garm.garm.svc.cluster.local:9997/api/v1/callbacks \
+  --webhook-url http://garm.garm.svc.cluster.local:9997/webhooks
+
+# 2) Add Gitea endpoint
+garm-cli gitea endpoint create \
+  --name local-gitea \
+  --description 'Cluster Gitea' \
+  --base-url http://gitea-http.gitea.svc.cluster.local:3000 \
+  --api-base-url http://gitea-http.gitea.svc.cluster.local:3000/api/v1
+
+# 3) Add Gitea PAT credentials
+garm-cli gitea credentials add \
+  --name gitea-pat \
+  --description 'PAT for garm' \
+  --endpoint local-gitea \
+  --auth-type pat \
+  --pat-oauth-token '<GITEA_PAT_WITH_write:repository,write:organization>'
+```
+
+Then add repositories/orgs and create pools against provider `kubernetes_external`.
+
+If Gitea refuses webhook installation to cluster-local URLs, set `gitea.config.webhook.ALLOWED_HOST_LIST` in `apps/gitea/release.yaml`.

apps/garm/deployment.yaml

@@ -15,18 +15,6 @@ spec:
     spec:
       serviceAccountName: garm
       initContainers:
-        - name: install-garm-provider-k8s
-          image: alpine:3.21
-          command:
-            - /bin/sh
-            - -ec
-            - |
-              wget -qO /tmp/garm-provider-k8s.tar.gz "https://github.com/mercedes-benz/garm-provider-k8s/releases/download/v0.3.2/garm-provider-k8s_Linux_x86_64.tar.gz"
-              tar -xzf /tmp/garm-provider-k8s.tar.gz -C /opt/garm/providers.d
-              chmod 0755 /opt/garm/providers.d/garm-provider-k8s
-          volumeMounts:
-            - name: provider-dir
-              mountPath: /opt/garm/providers.d
         - name: render-garm-config
           image: alpine:3.21
           env:
@@ -90,7 +78,7 @@ spec:
               mountPath: /etc/garm
       containers:
         - name: garm
-          image: ghcr.io/cloudbase/garm:v0.1.7
+          image: gitea.lumpiasty.xyz/lumpiasty/garm-k8s:r1380
           imagePullPolicy: IfNotPresent
           command:
             - /bin/garm
@@ -104,8 +92,6 @@ spec:
               mountPath: /data
             - name: config-dir
               mountPath: /etc/garm
-            - name: provider-dir
-              mountPath: /opt/garm/providers.d
             - name: provider-config
               mountPath: /etc/garm/provider-config.yaml
               subPath: provider-config.yaml
@@ -115,8 +101,6 @@ spec:
             claimName: garm-lvmhdd
         - name: config-dir
           emptyDir: {}
-        - name: provider-dir
-          emptyDir: {}
         - name: provider-config
           configMap:
             name: garm-provider-k8s-config

apps/garm/image-source.env

@@ -0,0 +1,5 @@
+# renovate: datasource=github-refs depName=cloudbase/garm versioning=git
+GARM_COMMIT=818a9dddccba5f2843f185e6a846770988f31fc5
+GARM_COMMIT_NUMBER=1380
+GARM_IMAGE_REPO=gitea.lumpiasty.xyz/lumpiasty/garm-k8s
+GARM_IMAGE=gitea.lumpiasty.xyz/lumpiasty/garm-k8s:r1380

apps/renovate/configmap.yaml

@@ -9,3 +9,4 @@ data:
   RENOVATE_ENDPOINT: https://gitea.lumpiasty.xyz/api/v1
   RENOVATE_PLATFORM: gitea
   RENOVATE_GIT_AUTHOR: Renovate Bot <renovate@lumpiasty.xyz>
+  RENOVATE_ALLOWED_COMMANDS: '["^node utils/update-garm-cli-hash\\.mjs$"]'