redhat-appstudio · meyrevived · Dec 6, 2025 · Dec 4, 2025 · Dec 5, 2025 · Dec 5, 2025
diff --git a/components/kueue/staging/stone-stage-p01/queue-config/cluster-queue.yaml b/components/kueue/staging/stone-stage-p01/queue-config/cluster-queue.yaml
@@ -108,6 +108,7 @@ spec:
     - linux-x86-64
     - local
     - localhost
+    - macos-mac2metal-arm64
     flavors:
     - name: platform-group-2
       resources:
@@ -137,6 +138,8 @@ spec:
         nominalQuota: '1000'
       - name: localhost
         nominalQuota: '1000'
+      - name: macos-mac2metal-arm64
+        nominalQuota: '5'
   stopPolicy: None
 ---
 apiVersion: kueue.x-k8s.io/v1beta1

diff --git a/components/multi-platform-controller/base/host-config-chart/templates/host-config.yaml b/components/multi-platform-controller/base/host-config-chart/templates/host-config.yaml
@@ -1025,6 +1025,40 @@ data:
   dynamic.linux-extra-fast-amd64.allocation-timeout: "1200"
   {{ end }}
 
+  {{- if hasKey .Values.dynamicConfigs "macos-mac2metal-arm64" }}
+  {{- $config := index .Values.dynamicConfigs "macos-mac2metal-arm64" | default (dict) }}
+  dynamic.macos-mac2metal-arm64.type: {{ index $config "type" | default "aws" | quote }}
+  dynamic.macos-mac2metal-arm64.region: {{ index $config "region" | default "us-east-1" | quote }}
+  dynamic.macos-mac2metal-arm64.ami: {{ default (index $amd "ami") $config.ami | quote }}
+  dynamic.macos-mac2metal-arm64.instance-type: {{ (index $config "instance-type") | default "mac2.metal" | quote }}
+  dynamic.macos-mac2metal-arm64.instance-tag: {{ (index $config "instance-tag") | default (printf "%s-arm64-mac2metal" $environment) | quote }}
+  dynamic.macos-mac2metal-arm64.key-name: {{ default (index $amd "key-name") ((index $config "key-name")) | quote }}
+  dynamic.macos-mac2metal-arm64.aws-secret: {{ (index $config "aws-secret") | default "aws-account" | quote }}
+  dynamic.macos-mac2metal-arm64.ssh-secret: {{ (index $config "ssh-secret") | default "aws-ssh-key" | quote }}
+  dynamic.macos-mac2metal-arm64.security-group-id: {{ default (index $amd "security-group-id") ((index $config "security-group-id")) | quote }}
+  dynamic.macos-mac2metal-arm64.max-instances: {{ (index $config "max-instances") | default "5" | quote }}
+  dynamic.macos-mac2metal-arm64.subnet-id: {{ default (index $amd "subnet-id") ((index $config "subnet-id")) | quote }}
+  dynamic.macos-mac2metal-arm64.disk: {{ index $config "disk" | default "100" | quote }}
+  dynamic.macos-mac2metal-arm64.allocation-timeout: "1200"
+  dynamic.macos-mac2metal-arm64.tenancy: "host"
+  dynamic.macos-mac2metal-arm64.host-resource-group-arn: {{ index $config "host-resource-group-arn" | quote }}
+  dynamic.macos-mac2metal-arm64.license-configuration-arn: {{ index $config "license-configuration-arn" | quote }}
+  {{- if (index $config "iops") }}
+  dynamic.macos-mac2metal-arm64.iops: {{ index $config "iops" | quote }}
+  {{ end }}
+  {{- if (index $config "throughput") }}
+  dynamic.macos-mac2metal-arm64.throughput: {{ index $config "throughput" | quote }}
+  {{ end }}
+  {{- if (index $config "user-data") }}
+  dynamic.macos-mac2metal-arm64.user-data: |
+  {{- $lines := splitList "\n" (index $config "user-data") }}
+  {{- range $line := $lines }}
+    {{ $line }}
+  {{- end }}
+  {{- end }}
+  {{ end }}
+
+
   {{- if hasKey .Values.dynamicConfigs "linux-test-amd64" }}
   {{- $config := index .Values.dynamicConfigs "linux-test-amd64" | default (dict) }}
   dynamic.linux-test-amd64.type: {{ index $config "type" | default "aws" | quote }}

diff --git a/components/multi-platform-controller/staging-downstream/host-values.yaml b/components/multi-platform-controller/staging-downstream/host-values.yaml
@@ -168,6 +168,62 @@ dynamicConfigs:
       chmod a+rw /etc/cdi/nvidia.yaml
       --//--
 
+  macos-mac2metal-arm64:
+    ami: "ami-000ce2c23b96216d3"
+    host-resource-group-arn: "arn:aws:resource-groups:us-east-1:654654171619:group/MacOS-Servers"
+    license-configuration-arn: "arn:aws:license-manager:us-east-1:654654171619:license-configuration:lic-fecd71a2010a12080e452eb28065f489"
+    user-data: |
+      #!/bin/bash
+      set -eu
+      set -x
+
+      user="konflux-builder"
+
+      # Check if user already exists
+      if ! id "$user" &>/dev/null; then
+          # Generate random password
+          random_password=$(openssl rand -base64 32)
+
+          # Create user
+          sudo sysadminctl -addUser "$user" -fullName "Konflux Builder" -password "$random_password" -home /Users/$user
+
+          # Clear password from variable
+          unset random_password
+      else
+          echo "User $user already exists, skipping user creation"
+      fi
+
+      # Create home directory if it doesn't exist
+      sudo mkdir -p /Users/$user
+
+      # Create SSH directory
+      sudo mkdir -p /Users/$user/.ssh
+
+      # Remove existing SSH keys if they exist
+      sudo rm -f /Users/$user/.ssh/id_rsa /Users/$user/.ssh/id_rsa.pub
+
+      # Generate new SSH keys
+      sudo ssh-keygen -t rsa -b 4096 -f /Users/$user/.ssh/id_rsa -N "" -C ""
+
+      # Set proper permissions on .ssh directory
+      sudo chmod 700 /Users/$user/.ssh
+
+      # Create/overwrite authorized_keys
+      sudo chmod 600 /Users/$user/.ssh/authorized_keys 2>/dev/null || true
+      sudo cat /Users/$user/.ssh/id_rsa.pub | sudo tee /Users/$user/.ssh/authorized_keys > /dev/null
+
+      # Set ownership of entire home directory to ensure user has full control
+      sudo chown -R $user:staff /Users/$user
+
+      # Copy private key to ec2-user's directory
+      sudo cp /Users/$user/.ssh/id_rsa /Users/ec2-user/$user
+
+      # Set ownership of the copied private key to ec2-user
+      sudo chown ec2-user:staff /Users/ec2-user/$user
+      sudo chmod 600 /Users/ec2-user/$user
+
+      --//--
+
   linux-root-arm64:
     sudo-commands: "/usr/bin/podman"
     disk: "200"