Skip to content

Latest commit

 

History

History
1035 lines (572 loc) · 35.9 KB

File metadata and controls

1035 lines (572 loc) · 35.9 KB

Azure Verified Module for CI/CD Agents and Runners

This module deploys self-hosted Azure DevOps Agents and Github Runners.

Features

  • Deploys and configures Azure DevOps Agents
  • Deploys and configures Github Runners
  • Supports Azure Container Apps with auto scaling from zero
  • Supports Azure Container Instances as an alternative or complementary compute option
  • Supports Public or Private Networking
  • Deploys all Azure resource required or optionally supply your own

Example Usage

This example shows how to deploy Azure DevOps Agents to Azure Container Apps using the minimal set of required variables with private networking.

module "azure_devops_agents" {
  source                                       = "Azure/avm-ptn-cicd-agents-and-runners/azurerm"
  version                                      = "~> 0.2"
  postfix                                      = "my-agents"
  location                                     = "uksouth"
  version_control_system_type                  = "azuredevops"
  version_control_system_personal_access_token = "**************************************"
  version_control_system_organization          = "my-organization"
  version_control_system_pool_name             = "my-agent-pool"
  virtual_network_address_space                = "10.0.0.0/16"
}

This example shows how to deploy GitHub Runners to Azure Container Apps using the minimal set of required variables with private networking.

module "github_runners" {
  source                                       = "Azure/avm-ptn-cicd-agents-and-runners/azurerm"
  version                                      = "~> 0.2"
  postfix                                      = "my-runners"
  location                                     = "uksouth"
  version_control_system_type                  = "github"
  version_control_system_personal_access_token = "**************************************"
  version_control_system_organization          = "my-organization"
  version_control_system_repository            = "my-reository"
  virtual_network_address_space                = "10.0.0.0/16"
}

Requirements

The following requirements are needed by this module:

Resources

The following resources are used by this module:

Required Inputs

The following input variables are required:

Description: Azure region where the resource should be deployed.

Type: string

Description: A postfix used to build default names if no name has been supplied for a specific resource type.

Type: string

Description: The version control system organization to deploy the agents too.

Type: string

Description: The personal access token for the version control system.

Type: string

Description: The type of the version control system to deploy the agents too. Allowed values are 'azuredevops' or 'github'

Type: string

Optional Inputs

The following input variables are optional (have default values):

Description: The types of compute to use. Allowed values are 'azure_container_app' and 'azure_container_instance'.

Type: set(string)

Default:

[
  "azure_container_app"
]

Description: Required CPU in cores, e.g. 0.5

Type: number

Default: 1

Description: Required memory, e.g. '250Mb'

Type: string

Default: "2Gi"

Description: Whether or not to create a Container App Environment.

Type: bool

Default: true

Description: The resource id of the Container App Environment. Only required if container_app_environment_creation_enabled is false.

Type: string

Default: null

Description: The name of the Container App Environment. Only required if container_app_environment_creation_enabled is true.

Type: string

Default: null

Description: List of additional environment variables to pass to the container.

Type:

set(object({
    name  = string
    value = string
  }))

Default: []

Description: The name of the resource group where the Container Apps infrastructure is deployed.

Type: string

Default: null

Description: The name of the container for the runner Container Apps job.

Type: string

Default: null

Description: The name of the Container App runner job.

Type: string

Default: null

Description: The maximum number of executions (ADO jobs) to spawn per polling interval.

Type: number

Default: 100

Description: The minimum number of executions (ADO jobs) to spawn per polling interval.

Type: number

Default: 0

Description: The name of the container for the placeholder Container Apps job.

Type: string

Default: null

Description: The name of the Container App placeholder job.

Type: string

Default: null

Description: The number of times to retry the placeholder Container Apps job.

Type: number

Default: 0

Description: The timeout in seconds for the placeholder Container Apps job.

Type: number

Default: 300

Description: How often should the pipeline queue be checked for new events, in seconds.

Type: number

Default: 30

Description: The number of times to retry the runner Container Apps job.

Type: number

Default: 3

Description: The timeout in seconds for the runner Container Apps job.

Type: number

Default: 1800

Description: List of additional sensitive environment variables to pass to the container.

Type:

set(object({
    name                      = string
    value                     = string
    container_app_secret_name = string
    keda_auth_name            = optional(string)
  }))

Default: []

Description: The address prefix for the Container App Environment. Either subnet_id or subnet_name and subnet_address_prefix must be specified.

Type: string

Default: null

Description: The CIDR size for the container instance subnet.

Type: number

Default: 27

Description: The ID of a pre-existing subnet to use. Required if virtual_network_creation_enabled is false.

Type: string

Default: null

Description: The name of the subnet. Must be specified if virtual_network_creation_enabled is true.

Type: string

Default: null

Description: The CPU value for the container instance

Type: number

Default: 2

Description: The CPU limit value for the container instance

Type: number

Default: 2

Description: The memory value for the container instance

Type: number

Default: 4

Description: The memory limit value for the container instance

Type: number

Default: 4

Description: The name of the container instance

Type: string

Default: null

Description: The number of container instances to create

Type: number

Default: 2

Description: List of additional environment variables to pass to the container.

Type:

set(object({
    name  = string
    value = string
  }))

Default: []

Description: The name prefix of the container instance

Type: string

Default: null

Description: List of additional sensitive environment variables to pass to the container.

Type:

set(object({
    name  = string
    value = string
  }))

Default: []

Description: The address prefix for the Container App Environment. Either subnet_id or subnet_name and subnet_address_prefix must be specified.

Type: string

Default: null

Description: The CIDR size for the container instance subnet.

Type: number

Default: 28

Description: The ID of a pre-existing subnet to use. Required if virtual_network_creation_enabled is false.

Type: string

Default: null

Description: The name of the subnet. Must be specified if virtual_network_creation_enabled == false.

Type: string

Default: null

Description: Whether or not to create a container registry.

Type: bool

Default: true

Description: The ID of the private DNS zone to create for the container registry. Only required if container_registry_private_dns_zone_creation_enabled is false.

Type: string

Default: null

Description: The name of the container registry. Only required if container_registry_creation_enabled is true.

Type: string

Default: null

Description: Whether or not to create a private DNS zone for the container registry.

Type: bool

Default: true

Description: The address prefix for the Container App Environment. Either subnet_id or subnet_name and subnet_address_prefix must be specified.

Type: string

Default: null

Description: The ID of a pre-existing subnet to use. Required if virtual_network_creation_enabled is false.

Type: string

Default: null

Description: The name of the subnet. Must be specified if virtual_network_creation_enabled == false.

Type: string

Default: null

Description: The CIDR size for the container registry subnet.

Type: number

Default: 29

Description: The images to build and push to the container registry. This is only relevant if container_registry_creation_enabled is true and use_default_container_image is set to false.

  • task_name: The name of the task to create for building the image (e.g. image-build-task)
  • dockerfile_path: The path to the Dockerfile to use for building the image (e.g. dockerfile)
  • context_path: The path to the context of the Dockerfile in three sections <repository-url>#<repository-commit>:<repository-folder-path> (e.g. https://github.com/Azure/avm-container-images-cicd-agents-and-runners#bc4087f:azure-devops-agent)
  • context_access_token: The access token to use for accessing the context. Supply a PAT if targetting a private repository.
  • image_names: A list of the names of the images to build (e.g. ["image-name:tag"])

Type:

map(object({
    task_name            = string
    dockerfile_path      = string
    context_path         = string
    context_access_token = optional(string, "a") # This `a` is a dummy value because the context_access_token should not be required in the provider
    image_names          = list(string)
  }))

Default: null

Description: The login server of the container registry to use if container_registry_creation_enabled is false.

Type: string

Default: null

Description: The password of the container registry to use if container_registry_creation_enabled is false.

Type: string

Default: null

Description: The username of the container registry to use if container_registry_creation_enabled is false.

Type: string

Default: null

Description: The default image name to use if no custom image is provided.

Type: string

Default: null

Description: The default image registry Dockerfile path to use if no custom image is provided.

Type: string

Default: "dockerfile"

Description: The default image repository commit to use if no custom image is provided.

Type: string

Default: "bc4087f"

Description: The default image repository folder path to use if no custom image is provided.

Type: map(string)

Default:

{
  "azuredevops-container-app": "azure-devops-agent-aca",
  "azuredevops-container-instance": "azure-devops-agent-aci",
  "github-container-app": "github-runner-aca",
  "github-container-instance": "github-runner-aci"
}

Description: The default image repository URL to use if no custom image is provided.

Type: string

Default: "https://github.com/Azure/avm-container-images-cicd-agents-and-runners"

Description: Delays (in seconds) to apply to the module operations.

Type:

object({
    delay_after_container_image_build = number
  })

Default:

{
  "delay_after_container_image_build": 30
}

Description: This variable controls whether or not telemetry is enabled for the module.
For more information see https://aka.ms/avm/telemetryinfo.
If it is set to false, then no telemetry will be collected.

Type: bool

Default: true

Description: Controls the Resource Lock configuration for this resource. The following properties can be specified:

  • kind - (Required) The type of lock. Possible values are \"CanNotDelete\" and \"ReadOnly\".
  • name - (Optional) The name of the lock. If not specified, a name will be generated based on the kind value. Changing this forces the creation of a new resource.

Type:

object({
    kind = string
    name = optional(string, null)
  })

Default: null

Description: Whether or not to create a log analytics workspace.

Type: bool

Default: true

Description: The resource Id of the Log Analytics Workspace.

Type: string

Default: null

Description: The name of the log analytics workspace. Only required if log_analytics_workspace_creation_enabled == false.

Type: string

Default: null

Description: The retention period for the Log Analytics Workspace.

Type: number

Default: 30

Description: The SKU of the Log Analytics Workspace.

Type: string

Default: "PerGB2018"

Description: Whether or not to create a NAT Gateway.

Type: bool

Default: true

Description: The ID of the NAT Gateway. Only required if nat_gateway_creation_enabled is false.

Type: string

Default: null

Description: The name of the NAT Gateway.

Type: string

Default: null

Description: Whether or not to create a public IP.

Type: bool

Default: true

Description: The ID of the public IP. Only required if public_ip_creation_enabled is false.

Type: string

Default: null

Description: The name of the public IP.

Type: string

Default: null

Description: Whether or not to create a resource group.

Type: bool

Default: true

Description: The resource group where the resources will be deployed. Must be specified if resource_group_creation_enabled == false

Type: string

Default: null

Description: (Optional) Tags of the resource.

Type: map(string)

Default: null

Description: Whether or not to use the default container image provided by the module.

Type: bool

Default: true

Description: Whether or not to use private networking for the container registry.

Type: bool

Default: true

Description: Whether or not to create a user assigned managed identity.

Type: bool

Default: true

Description: The resource Id of the user assigned managed identity. Only required if user_assigned_managed_identity_creation_enabled == false.

Type: string

Default: null

Description: The name of the user assigned managed identity. Must be specified if user_assigned_managed_identity_creation_enabled == true.

Type: string

Default: null

Description: The principal id of the user assigned managed identity. Only required if user_assigned_managed_identity_creation_enabled == false.

Type: string

Default: null

Description: The version control system agent name prefix.

Type: string

Default: null

Description: The target value for the amound of pending jobs to scale on.

Type: number

Default: 1

Description: The enterprise name for the version control system.

Type: string

Default: null

Description: The version control system placeholder agent name.

Type: string

Default: null

Description: The name of the agent pool in the version control system.

Type: string

Default: null

Description: The version control system repository to deploy the agents too.

Type: string

Default: null

Description: The runner group to add the runner to.

Type: string

Default: null

Description: The scope of the runner. Must be ent, org, or repo. This is ignored for Azure DevOps.

Type: string

Default: "repo"

Description: The address space for the virtual network. Must be specified if virtual_network_creation_enabled is true.

Type: string

Default: null

Description: Whether or not to create a virtual network.

Type: bool

Default: true

Description: The ID of the virtual network. Only required if virtual_network_creation_enabled is false.

Type: string

Default: null

Description: The name of the virtual network. Must be specified if virtual_network_creation_enabled is true.

Type: string

Default: null

Outputs

The following outputs are exported:

Description: The subnet id of the container app job.

Description: The names of the container instances.

Description: The resource ids of the container instances.

Description: The container registry login server.

Description: The container registry name.

Description: The container registry resource id.

Description: The name of the container app job.

Description: The resource id of the container app job.

Description: The name of the container app environment.

Description: The name of the placeholder contaienr app job.

Description: The resource id of the placeholder container app job.

Description: The private dns zone id of the container registry.

Description: The resource id of the container app environment.

Description: The resource id of the user assigned managed identity.

Description: The principal id of the user assigned managed identity.

Description: The virtual network name.

Description: The virtual network resource id.

Modules

The following Modules are called:

Source: ./modules/container-app-job

Version:

Source: ./modules/container-instance

Version:

Source: ./modules/container-registry

Version:

Source: Azure/avm-res-operationalinsights-workspace/azurerm

Version: 0.3.3

Source: Azure/avm-res-managedidentity-userassignedidentity/azurerm

Version: 0.3.1

Source: Azure/avm-res-network-virtualnetwork/azurerm

Version: 0.7.1

Data Collection

The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.