From d38b0780d137a253c90717e3f06bc6ad8ab2103f Mon Sep 17 00:00:00 2001 From: Flip Hess Date: Mon, 12 Oct 2020 23:29:30 +0200 Subject: [PATCH 01/21] feat: Random suffix to s3 bucket (#252) * Set a random suffix on the bucket name for easy recreation * Add new module option to main module * Update readme * Fix oopsy while copy pasting * Replace a tab with 2 spaces * Use format() for both string formattings * Make the linter happy * Rename variable * Set a count on random_string so it's only used when applicable * update readme for cache module * Update modules/cache/variables.tf Co-authored-by: Niek Palm * Update modules/cache/main.tf Co-authored-by: Niek Palm * Update modules/cache/main.tf Co-authored-by: Niek Palm Co-authored-by: Niek Palm --- README.md | 1 + main.tf | 1 + modules/cache/README.md | 5 +++-- modules/cache/main.tf | 11 ++++++++++- modules/cache/variables.tf | 6 ++++++ variables.tf | 6 ++++++ 6 files changed, 27 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 779bd0de1..00d87e0c1 100644 --- a/README.md +++ b/README.md @@ -276,6 +276,7 @@ terraform destroy | cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache across multiple runners disable the creation of the cache and provide a policy and bucket name. See the public runner example for more details. | `map` | 
{
  "bucket": "",
  "create": true,
  "policy": ""
}
| no | | cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | `bool` | `true` | no | | cache\_bucket\_prefix | Prefix for s3 cache bucket name. | `string` | `""` | no | +| cache\_bucket\_set\_random\_suffix | Boolean used to append a random string to the bucket name | `bool` | `false` | no | | cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | `bool` | `false` | no | | cache\_expiration\_days | Number of days before cache objects expires. | `number` | `1` | no | | cache\_shared | Enables cache sharing between runners, false by default. | `bool` | `false` | no | diff --git a/main.tf b/main.tf index 59ca7d6de..c6f7bdd71 100644 --- a/main.tf +++ b/main.tf @@ -243,6 +243,7 @@ module "cache" { create_cache_bucket = var.cache_bucket["create"] cache_bucket_prefix = var.cache_bucket_prefix cache_bucket_name_include_account_id = var.cache_bucket_name_include_account_id + cache_bucket_set_random_suffix = var.cache_bucket_set_random_suffix cache_bucket_versioning = var.cache_bucket_versioning cache_expiration_days = var.cache_expiration_days } diff --git a/modules/cache/README.md b/modules/cache/README.md index 64de338d6..d7f021358 100644 --- a/modules/cache/README.md +++ b/modules/cache/README.md @@ -4,7 +4,7 @@ This sub module creates an S3 bucket for build caches. The cache will have by de ## Usages -``` +``` module "cache" { source = "https://github.com/npalm/terraform-aws-gitlab-runner/tree/move-cache-to-moudle/cache" @@ -44,6 +44,7 @@ module "runner" { | arn\_format | ARN format to be used. May be changed to support deployment in GovCloud/China regions. | `string` | `"arn:aws"` | no | | cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | `bool` | `true` | no | | cache\_bucket\_prefix | Prefix for s3 cache bucket name. | `string` | `""` | no | +| cache\_bucket\_set\_suffix | `bool` | `false` | no | | cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | `string` | `"false"` | no | | cache\_expiration\_days | Number of days before cache objects expires. | `number` | `1` | no | | cache\_lifecycle\_clear | Enable the rule to cleanup the cache for expired objects. | `bool` | `true` | no | @@ -60,4 +61,4 @@ module "runner" { | bucket | Name of the created bucket. | | policy\_arn | Policy for users of the cache (bucket). | - \ No newline at end of file + diff --git a/modules/cache/main.tf b/modules/cache/main.tf index ae98f0aae..7b5ca48d5 100644 --- a/modules/cache/main.tf +++ b/modules/cache/main.tf @@ -1,5 +1,6 @@ data "aws_caller_identity" "current" {} + locals { tags = merge( { @@ -11,7 +12,15 @@ locals { var.tags, ) - cache_bucket_name = var.cache_bucket_name_include_account_id ? "${var.cache_bucket_prefix}${data.aws_caller_identity.current.account_id}-gitlab-runner-cache" : "${var.cache_bucket_prefix}-gitlab-runner-cache" + cache_bucket_string = var.cache_bucket_name_include_account_id ? format("%s%s-gitlab-runner-cache", var.cache_bucket_prefix, data.aws_caller_identity.current.account_id) : format("%s-gitlab-runner-cache", var.cache_bucket_prefix) + cache_bucket_name = var.cache_bucket_set_random_suffix ? format("%s-%s", local.cache_bucket_string, random_string.s3_suffix[0].result) : local.cache_bucket_string +} + +resource "random_string" "s3_suffix" { + count = var.cache_bucket_set_random_suffix ? 1 : 0 + length = 8 + upper = false + special = false } resource "aws_s3_bucket" "build_cache" { diff --git a/modules/cache/variables.tf b/modules/cache/variables.tf index b2ddb5f8c..5e824625c 100644 --- a/modules/cache/variables.tf +++ b/modules/cache/variables.tf @@ -9,6 +9,12 @@ variable "cache_bucket_prefix" { default = "" } +variable "cache_bucket_set_random_suffix" { + description = "Random string suffix for s3 cache bucket" + type = bool + default = false +} + variable "cache_bucket_name_include_account_id" { description = "Boolean to add current account ID to cache bucket name." type = bool diff --git a/variables.tf b/variables.tf index 2414a3b69..117dd0730 100644 --- a/variables.tf +++ b/variables.tf @@ -308,6 +308,12 @@ variable "cache_bucket_name_include_account_id" { default = true } +variable "cache_bucket_set_random_suffix" { + description = "Append the cache bucket name with a random string suffix" + type = bool + default = false +} + variable "cache_bucket_versioning" { description = "Boolean used to enable versioning on the cache bucket, false by default." type = bool From 920d9c7e1a03a46d99a4f64795eb1b786676b642 Mon Sep 17 00:00:00 2001 From: Brandon Liles Date: Mon, 23 Nov 2020 15:59:12 -0500 Subject: [PATCH 02/21] Allow custom policies to be attached to the docker machine runner profile (#269) --- README.md | 1 + main.tf | 10 ++++++++++ variables.tf | 6 ++++++ 3 files changed, 17 insertions(+) diff --git a/README.md b/README.md index 00d87e0c1..b57b2a4cd 100644 --- a/README.md +++ b/README.md @@ -285,6 +285,7 @@ terraform destroy | docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | `string` | `"m5.large"` | no | | docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | `list(string)` | `[]` | no | | docker\_machine\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | `string` | `""` | no | +| docker\_machine\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the docker machine runners. | `list(string)` | `[]` | no | | docker\_machine\_spot\_price\_bid | Spot price bid. | `string` | `"0.06"` | no | | docker\_machine\_version | Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set. | `string` | `"0.16.2"` | no | | enable\_asg\_recreation | Enable automatic redeployment of the Runner ASG when the Launch Configs change. | `bool` | `true` | no | diff --git a/main.tf b/main.tf index c6f7bdd71..308c0882a 100644 --- a/main.tf +++ b/main.tf @@ -337,6 +337,16 @@ resource "aws_iam_instance_profile" "docker_machine" { role = aws_iam_role.docker_machine.name } +################################################################################ +### Add user defined policies +################################################################################ +resource "aws_iam_role_policy_attachment" "docker_machine_user_defined_policies" { + count = length(var.docker_machine_iam_policy_arns) + role = aws_iam_role.docker_machine.name + policy_arn = var.docker_machine_iam_policy_arns[count.index] +} + +################################################################################ resource "aws_iam_role_policy_attachment" "docker_machine_session_manager_aws_managed" { count = var.enable_docker_machine_ssm_access ? 1 : 0 diff --git a/variables.tf b/variables.tf index 117dd0730..9a39b0cbe 100644 --- a/variables.tf +++ b/variables.tf @@ -633,3 +633,9 @@ variable "runner_iam_policy_arns" { description = "List of policy ARNs to be added to the instance profile of the runners." default = [] } + +variable "docker_machine_iam_policy_arns" { + type = list(string) + description = "List of policy ARNs to be added to the instance profile of the docker machine runners." + default = [] +} From dd6cda8f01131b4a90eb016a9b7eab82cfdee50c Mon Sep 17 00:00:00 2001 From: thomaskelm Date: Wed, 9 Dec 2020 15:54:15 -0600 Subject: [PATCH 03/21] Update runner-config.tpl --- template/runner-config.tpl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/template/runner-config.tpl b/template/runner-config.tpl index 02c578a5e..ca9ed9bcb 100644 --- a/template/runner-config.tpl +++ b/template/runner-config.tpl @@ -21,6 +21,7 @@ check_interval = 0 volumes = ["/cache"${runners_additional_volumes}] shm_size = ${runners_shm_size} pull_policy = "${runners_pull_policy}" + runtime = "${runners_docker_runtime}" [runners.docker.tmpfs] ${runners_volumes_tmpfs} [runners.docker.services_tmpfs] @@ -63,4 +64,4 @@ check_interval = 0 ${runners_off_peak_idle_count} ${runners_off_peak_idle_time} ${runners_off_peak_periods_string} - ${runners_machine_autoscaling} \ No newline at end of file + ${runners_machine_autoscaling} From a23a3b7d2c6018b6d420dc77a5a935bac86e60f6 Mon Sep 17 00:00:00 2001 From: thomaskelm Date: Wed, 9 Dec 2020 15:55:00 -0600 Subject: [PATCH 04/21] Update variables.tf --- variables.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/variables.tf b/variables.tf index bd639f5bc..d2bc07b6c 100644 --- a/variables.tf +++ b/variables.tf @@ -171,6 +171,12 @@ variable "runners_shm_size" { default = 0 } +variable "runners_docker_runtime" { + description = "docker runtime for runners, will be used in the runner config.toml" + type = string + default = "containerd" +} + variable "runners_pull_policy" { description = "pull_policy for the runners, will be used in the runner config.toml" type = string From 4314bc9574edaf9e9d54e3df11536a0de4111986 Mon Sep 17 00:00:00 2001 From: thomaskelm Date: Wed, 9 Dec 2020 15:55:33 -0600 Subject: [PATCH 05/21] Update main.tf --- main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/main.tf b/main.tf index 59ca7d6de..76893516d 100644 --- a/main.tf +++ b/main.tf @@ -108,6 +108,7 @@ locals { runners_concurrent = var.runners_concurrent runners_image = var.runners_image runners_privileged = var.runners_privileged + runners_docker_runtime = var.runners_docker_runtime runners_shm_size = var.runners_shm_size runners_pull_policy = var.runners_pull_policy runners_idle_count = var.runners_idle_count From ae424567f59bfddb8fbed23a456981a5ea53b1da Mon Sep 17 00:00:00 2001 From: thomaskelm Date: Wed, 9 Dec 2020 15:58:35 -0600 Subject: [PATCH 06/21] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 5ff30f9d1..460b93359 100644 --- a/README.md +++ b/README.md @@ -345,6 +345,7 @@ terraform destroy | runners\_pre\_build\_script | Script to execute in the pipeline just before the build, will be used in the runner config.toml | `string` | `""` | no | | runners\_pre\_clone\_script | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | `string` | `""` | no | | runners\_privileged | Runners will run in privileged mode, will be used in the runner config.toml | `bool` | `true` | no | +| runners\_docker\_runtime| Runtime that rocker will be used, will be used in the runner config.toml | `string` | `containerd` | no | | runners\_pull\_policy | pull\_policy for the runners, will be used in the runner config.toml | `string` | `"always"` | no | | runners\_request\_concurrency | Limit number of concurrent requests for new jobs from GitLab (default 1) | `number` | `1` | no | | runners\_request\_spot\_instance | Whether or not to request spot instances via docker-machine | `bool` | `true` | no | From afdf923d3b1046b695f04eea580a325900cff2a2 Mon Sep 17 00:00:00 2001 From: thomaskelm Date: Wed, 9 Dec 2020 16:58:35 -0600 Subject: [PATCH 07/21] Update variables.tf --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index d2bc07b6c..a0a81b140 100644 --- a/variables.tf +++ b/variables.tf @@ -174,7 +174,7 @@ variable "runners_shm_size" { variable "runners_docker_runtime" { description = "docker runtime for runners, will be used in the runner config.toml" type = string - default = "containerd" + default = "dockerd" } variable "runners_pull_policy" { From b2a6cdd54700de9d51f79f1fb9fd607b6d411026 Mon Sep 17 00:00:00 2001 From: thomaskelm Date: Wed, 9 Dec 2020 17:49:22 -0600 Subject: [PATCH 08/21] Update variables.tf --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index a0a81b140..54413b444 100644 --- a/variables.tf +++ b/variables.tf @@ -174,7 +174,7 @@ variable "runners_shm_size" { variable "runners_docker_runtime" { description = "docker runtime for runners, will be used in the runner config.toml" type = string - default = "dockerd" + default = "" } variable "runners_pull_policy" { From 4b6b0645a73dd05416919dd2ddb64990a1de5ddc Mon Sep 17 00:00:00 2001 From: thomaskelm Date: Wed, 9 Dec 2020 17:52:30 -0600 Subject: [PATCH 09/21] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 460b93359..80d04625f 100644 --- a/README.md +++ b/README.md @@ -345,7 +345,7 @@ terraform destroy | runners\_pre\_build\_script | Script to execute in the pipeline just before the build, will be used in the runner config.toml | `string` | `""` | no | | runners\_pre\_clone\_script | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | `string` | `""` | no | | runners\_privileged | Runners will run in privileged mode, will be used in the runner config.toml | `bool` | `true` | no | -| runners\_docker\_runtime| Runtime that rocker will be used, will be used in the runner config.toml | `string` | `containerd` | no | +| runners\_docker\_runtime| Runtime that rocker will be used, will be used in the runner config.toml | `string` | `""` | no | | runners\_pull\_policy | pull\_policy for the runners, will be used in the runner config.toml | `string` | `"always"` | no | | runners\_request\_concurrency | Limit number of concurrent requests for new jobs from GitLab (default 1) | `number` | `1` | no | | runners\_request\_spot\_instance | Whether or not to request spot instances via docker-machine | `bool` | `true` | no | From 15173ae7c4add150c35ee84b194d62a3cfd4ecca Mon Sep 17 00:00:00 2001 From: thomaskelm Date: Wed, 9 Dec 2020 17:57:06 -0600 Subject: [PATCH 10/21] Update runner-config.tpl --- template/runner-config.tpl | 1 - 1 file changed, 1 deletion(-) diff --git a/template/runner-config.tpl b/template/runner-config.tpl index ca9ed9bcb..95de5593d 100644 --- a/template/runner-config.tpl +++ b/template/runner-config.tpl @@ -64,4 +64,3 @@ check_interval = 0 ${runners_off_peak_idle_count} ${runners_off_peak_idle_time} ${runners_off_peak_periods_string} - ${runners_machine_autoscaling} From 8105961e638a3eff76d83e54dc0fcf7398250bf1 Mon Sep 17 00:00:00 2001 From: thomaskelm Date: Wed, 9 Dec 2020 17:57:37 -0600 Subject: [PATCH 11/21] Update runner-config.tpl --- template/runner-config.tpl | 1 + 1 file changed, 1 insertion(+) diff --git a/template/runner-config.tpl b/template/runner-config.tpl index 95de5593d..e65869e56 100644 --- a/template/runner-config.tpl +++ b/template/runner-config.tpl @@ -64,3 +64,4 @@ check_interval = 0 ${runners_off_peak_idle_count} ${runners_off_peak_idle_time} ${runners_off_peak_periods_string} + ${runners_machine_autoscaling} From 9701575023378c9676e22d11d021b1e2023cbb93 Mon Sep 17 00:00:00 2001 From: thomaskelm Date: Wed, 9 Dec 2020 17:58:01 -0600 Subject: [PATCH 12/21] Update runner-config.tpl --- template/runner-config.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/runner-config.tpl b/template/runner-config.tpl index e65869e56..d7dffb139 100644 --- a/template/runner-config.tpl +++ b/template/runner-config.tpl @@ -64,4 +64,4 @@ check_interval = 0 ${runners_off_peak_idle_count} ${runners_off_peak_idle_time} ${runners_off_peak_periods_string} - ${runners_machine_autoscaling} + ${runners_machine_autoscaling} From a91b47a99cb655baa3c277d4014ff984e3b57912 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Wed, 13 Jan 2021 21:41:25 +0100 Subject: [PATCH 13/21] Update version add dependabot (#250) --- README.md | 234 +++++++++++++++++++++++++++--------------------------- 1 file changed, 117 insertions(+), 117 deletions(-) diff --git a/README.md b/README.md index 80d04625f..865c0e1cf 100644 --- a/README.md +++ b/README.md @@ -251,133 +251,133 @@ terraform destroy ## Requirements -| Name | Version | -|------|---------| +| Name | Version | +| --------- | ------- | | terraform | >= 0.12 | ## Providers | Name | Version | -|------|---------| -| aws | n/a | -| null | n/a | +| ---- | ------- | +| aws | n/a | +| null | n/a | ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| agent\_tags | Map of tags that will be added to agent EC2 instances. | `map(string)` | `{}` | no | -| allow\_iam\_service\_linked\_role\_creation | Boolean used to control attaching the policy to a runner instance to create service linked roles. | `bool` | `true` | no | -| ami\_filter | List of maps used to create the AMI filter for the Gitlab runner agent AMI. Must resolve to an Amazon Linux 1 or 2 image. | `map(list(string))` | 
{
  "name": [
    "amzn2-ami-hvm-2.*-x86_64-ebs"
  ]
}
| no | -| ami\_owners | The list of owners used to select the AMI of Gitlab runner agent instances. | `list(string)` | 
[
  "amazon"
]
| no | -| arn\_format | ARN format to be used. May be changed to support deployment in GovCloud/China regions. | `string` | `"arn:aws"` | no | -| aws\_region | AWS region. | `string` | n/a | yes | -| aws\_zone | Deprecated. Will be removed in the next major release. | `string` | `"a"` | no | -| cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache across multiple runners disable the creation of the cache and provide a policy and bucket name. See the public runner example for more details. | `map` | 
{
  "bucket": "",
  "create": true,
  "policy": ""
}
| no | -| cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | `bool` | `true` | no | -| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | `string` | `""` | no | -| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | `bool` | `false` | no | -| cache\_expiration\_days | Number of days before cache objects expires. | `number` | `1` | no | -| cache\_shared | Enables cache sharing between runners, false by default. | `bool` | `false` | no | -| cloudwatch\_logging\_retention\_in\_days | Retention for cloudwatch logs. Defaults to unlimited | `number` | `0` | no | -| docker\_machine\_download\_url | Full url pointing to a linux x64 distribution of docker machine. Once set `docker_machine_version` will be ingored. For example the GitLab version, https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.2/docker-machine. | `string` | `""` | no | -| docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | `string` | `"m5.large"` | no | -| docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | `list(string)` | `[]` | no | -| docker\_machine\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | `string` | `""` | no | -| docker\_machine\_spot\_price\_bid | Spot price bid. | `string` | `"0.06"` | no | -| docker\_machine\_version | Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set. | `string` | `"0.16.2"` | no | -| enable\_asg\_recreation | Enable automatic redeployment of the Runner ASG when the Launch Configs change. | `bool` | `true` | no | -| enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | `bool` | `true` | no | -| enable\_docker\_machine\_ssm\_access | Add IAM policies to the docker-machine instances to connect via the Session Manager. | `bool` | `false` | no | -| enable\_eip | Enable the assignment of an EIP to the gitlab runner instance | `bool` | `false` | no | -| enable\_forced\_updates | DEPRECATED! and is replaced by `enable_asg_recreation. Setting this variable to true will do the oposite as expected. For backward compatibility the variable will remain some releases. Old desription: Enable automatic redeployment of the Runner ASG when the Launch Configs change.` | `string` | `null` | no | -| enable\_gitlab\_runner\_ssh\_access | Enables SSH Access to the gitlab runner instance. | `bool` | `false` | no | -| enable\_kms | Let the module manage a KMS key, logs will be encrypted via KMS. Be-aware of the costs of an custom key. | `bool` | `false` | no | -| enable\_manage\_gitlab\_token | Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | `bool` | `true` | no | -| enable\_ping | Allow ICMP Ping to the ec2 instances. | `bool` | `false` | no | -| enable\_runner\_ssm\_access | Add IAM policies to the runner agent instance to connect via the Session Manager. | `bool` | `false` | no | -| enable\_runner\_user\_data\_trace\_log | Enable bash xtrace for the user data script that creates the EC2 instance for the runner agent. Be aware this could log sensitive data such as you GitLab runner token. | `bool` | `false` | no | -| enable\_schedule | Flag used to enable/disable auto scaling group schedule for the runner instance. | `bool` | `false` | no | -| environment | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes | -| gitlab\_runner\_egress\_rules | List of egress rules for the gitlab runner instance. | 
list(object({
    cidr_blocks      = list(string)
    ipv6_cidr_blocks = list(string)
    prefix_list_ids  = list(string)
    from_port        = number
    protocol         = string
    security_groups  = list(string)
    self             = bool
    to_port          = number
    description      = string
  }))
| 
[
  {
    "cidr_blocks": [
      "0.0.0.0/0"
    ],
    "description": null,
    "from_port": 0,
    "ipv6_cidr_blocks": [
      "::/0"
    ],
    "prefix_list_ids": null,
    "protocol": "-1",
    "security_groups": null,
    "self": null,
    "to_port": 0
  }
]
| no | -| gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | `map(string)` | 
{
  "access_level": "",
  "description": "",
  "locked_to_project": "",
  "maximum_timeout": "",
  "registration_token": "",
  "run_untagged": "",
  "tag_list": ""
}
| no | -| gitlab\_runner\_security\_group\_ids | A list of security group ids that are allowed to access the gitlab runner agent | `list(string)` | `[]` | no | -| gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | `list(string)` | `[]` | no | -| gitlab\_runner\_version | Version of the GitLab runner. | `string` | `"13.4.0"` | no | -| instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | `string` | `""` | no | -| instance\_type | Instance type used for the GitLab runner. | `string` | `"t3.micro"` | no | -| kms\_alias\_name | Alias added to the kms\_key (if created and not provided by kms\_key\_id) | `string` | `""` | no | -| kms\_deletion\_window\_in\_days | Key rotation window, set to 0 for no rotation. Only used when `enable_kms` is set to `true`. | `number` | `7` | no | -| kms\_key\_id | KMS key id to encrypted the CloudWatch logs. Ensure CloudWatch has access to the provided KMS key. | `string` | `""` | no | -| log\_group\_name | Option to override the default name (`environment`) of the log group, requires `enable_cloudwatch_logging = true`. | `string` | `null` | no | -| metrics\_autoscaling | A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances. | `list(string)` | `null` | no | -| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | `map(string)` | 
{
  "name_docker_machine_runners": "",
  "name_runner_agent_instance": "",
  "name_sg": ""
}
| no | -| permissions\_boundary | Name of permissions boundary policy to attach to AWS IAM roles | `string` | `""` | no | -| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | `map(list(string))` | 
{
  "name": [
    "ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"
  ]
}
| no | -| runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | `list(string)` | 
[
  "099720109477"
]
| no | -| runner\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the runners. | `list(string)` | `[]` | no | -| runner\_instance\_ebs\_optimized | Enable the GitLab runner instance to be EBS-optimized. | `bool` | `true` | no | -| runner\_instance\_enable\_monitoring | Enable the GitLab runner instance to have detailed monitoring. | `bool` | `true` | no | -| runner\_instance\_spot\_price | By setting a spot price bid price the runner agent will be created via a spot request. Be aware that spot instances can be stopped by AWS. | `string` | `null` | no | -| runner\_root\_block\_device | The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops` | `map(string)` | `{}` | no | -| runner\_tags | Map of tags that will be added to runner EC2 instances. | `map(string)` | `{}` | no | -| runners\_additional\_volumes | Additional volumes that will be used in the runner config.toml, e.g Docker socket | `list` | `[]` | no | -| runners\_concurrent | Concurrent value for the runners, will be used in the runner config.toml. | `number` | `10` | no | -| runners\_ebs\_optimized | Enable runners to be EBS-optimized. | `bool` | `true` | no | -| runners\_environment\_vars | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | `list(string)` | `[]` | no | -| runners\_executor | The executor to use. Currently supports `docker+machine` or `docker`. | `string` | `"docker+machine"` | no | -| runners\_gitlab\_url | URL of the GitLab instance to connect to. | `string` | n/a | yes | -| runners\_iam\_instance\_profile\_name | IAM instance profile name of the runners, will be used in the runner config.toml | `string` | `""` | no | -| runners\_idle\_count | Idle count of the runners, will be used in the runner config.toml. | `number` | `0` | no | -| runners\_idle\_time | Idle time of the runners, will be used in the runner config.toml. | `number` | `600` | no | -| runners\_image | Image to run builds, will be used in the runner config.toml | `string` | `"docker:18.03.1-ce"` | no | -| runners\_limit | Limit for the runners, will be used in the runner config.toml. | `number` | `0` | no | -| runners\_machine\_autoscaling | Set autoscaling parameters based on periods, see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersmachine-section | 
list(object({
    periods    = list(string)
    idle_count = number
    idle_time  = number
    timezone   = string
  }))
| `[]` | no | -| runners\_max\_builds | Max builds for each runner after which it will be removed, will be used in the runner config.toml. By default set to 0, no maxBuilds will be set in the configuration. | `number` | `0` | no | -| runners\_monitoring | Enable detailed cloudwatch monitoring for spot instances. | `bool` | `false` | no | -| runners\_name | Name of the runner, will be used in the runner config.toml. | `string` | n/a | yes | -| runners\_off\_peak\_idle\_count | Deprecated, please use `runners_machine_autoscaling`. Off peak idle count of the runners, will be used in the runner config.toml. | `string` | `-1` | no | -| runners\_off\_peak\_idle\_time | Deprecated, please use `runners_machine_autoscaling`. Off peak idle time of the runners, will be used in the runner config.toml. | `string` | `-1` | no | -| runners\_off\_peak\_periods | Deprecated, please use `runners_machine_autoscaling`. Off peak periods of the runners, will be used in the runner config.toml. | `string` | `null` | no | -| runners\_off\_peak\_timezone | Deprecated, please use `runners_machine_autoscaling`. Off peak idle time zone of the runners, will be used in the runner config.toml. | `string` | `null` | no | -| runners\_output\_limit | Sets the maximum build log size in kilobytes, by default set to 4096 (4MB) | `number` | `4096` | no | -| runners\_post\_build\_script | Commands to be executed on the Runner just after executing the build, but before executing after\_script. | `string` | `""` | no | -| runners\_pre\_build\_script | Script to execute in the pipeline just before the build, will be used in the runner config.toml | `string` | `""` | no | -| runners\_pre\_clone\_script | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | `string` | `""` | no | -| runners\_privileged | Runners will run in privileged mode, will be used in the runner config.toml | `bool` | `true` | no | -| runners\_docker\_runtime| Runtime that rocker will be used, will be used in the runner config.toml | `string` | `""` | no | -| runners\_pull\_policy | pull\_policy for the runners, will be used in the runner config.toml | `string` | `"always"` | no | -| runners\_request\_concurrency | Limit number of concurrent requests for new jobs from GitLab (default 1) | `number` | `1` | no | -| runners\_request\_spot\_instance | Whether or not to request spot instances via docker-machine | `bool` | `true` | no | -| runners\_root\_size | Runner instance root size in GB. | `number` | `16` | no | -| runners\_services\_volumes\_tmpfs | n/a | 
list(object({
    volume  = string
    options = string
  }))
| `[]` | no | -| runners\_shm\_size | shm\_size for the runners, will be used in the runner config.toml | `number` | `0` | no | -| runners\_token | Token for the runner, will be used in the runner config.toml. | `string` | `"__REPLACED_BY_USER_DATA__"` | no | -| runners\_use\_private\_address | Restrict runners to the use of a private IP address | `bool` | `true` | no | -| runners\_volumes\_tmpfs | n/a | 
list(object({
    volume  = string
    options = string
  }))
| `[]` | no | -| schedule\_config | Map containing the configuration of the ASG scale-in and scale-up for the runner instance. Will only be used if enable\_schedule is set to true. | `map` | 
{
  "scale_in_count": 0,
  "scale_in_recurrence": "0 18 * * 1-5",
  "scale_out_count": 1,
  "scale_out_recurrence": "0 8 * * 1-5"
}
| no | -| secure\_parameter\_store\_runner\_token\_key | The key name used store the Gitlab runner token in Secure Parameter Store | `string` | `"runner-token"` | no | -| ssh\_key\_pair | Set this to use existing AWS key pair | `string` | `null` | no | -| subnet\_id\_runners | List of subnets used for hosting the gitlab-runners. | `string` | n/a | yes | -| subnet\_ids\_gitlab\_runner | Subnet used for hosting the GitLab runner. | `list(string)` | n/a | yes | -| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no | -| userdata\_post\_install | User-data script snippet to insert after GitLab runner install | `string` | `""` | no | -| userdata\_pre\_install | User-data script snippet to insert before GitLab runner install | `string` | `""` | no | -| vpc\_id | The target VPC for the docker-machine and runner instances. | `string` | n/a | yes | +| Name | Description | Type | Default | Required | +| -------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------: | +| agent\_tags | Map of tags that will be added to agent EC2 instances. | `map(string)` | `{}` | no | +| allow\_iam\_service\_linked\_role\_creation | Boolean used to control attaching the policy to a runner instance to create service linked roles. | `bool` | `true` | no | +| ami\_filter | List of maps used to create the AMI filter for the Gitlab runner agent AMI. Must resolve to an Amazon Linux 1 or 2 image. | `map(list(string))` | 
{
  "name": [
    "amzn2-ami-hvm-2.*-x86_64-ebs"
  ]
}
| no | +| ami\_owners | The list of owners used to select the AMI of Gitlab runner agent instances. | `list(string)` | 
[
  "amazon"
]
| no | +| arn\_format | ARN format to be used. May be changed to support deployment in GovCloud/China regions. | `string` | `"arn:aws"` | no | +| aws\_region | AWS region. | `string` | n/a | yes | +| aws\_zone | Deprecated. Will be removed in the next major release. | `string` | `"a"` | no | +| cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache across multiple runners disable the creation of the cache and provide a policy and bucket name. See the public runner example for more details. | `map` | 
{
  "bucket": "",
  "create": true,
  "policy": ""
}
| no | +| cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | `bool` | `true` | no | +| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | `string` | `""` | no | +| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | `bool` | `false` | no | +| cache\_expiration\_days | Number of days before cache objects expires. | `number` | `1` | no | +| cache\_shared | Enables cache sharing between runners, false by default. | `bool` | `false` | no | +| cloudwatch\_logging\_retention\_in\_days | Retention for cloudwatch logs. Defaults to unlimited | `number` | `0` | no | +| docker\_machine\_download\_url | Full url pointing to a linux x64 distribution of docker machine. Once set `docker_machine_version` will be ingored. For example the GitLab version, https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.2/docker-machine. | `string` | `""` | no | +| docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | `string` | `"m5.large"` | no | +| docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | `list(string)` | `[]` | no | +| docker\_machine\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | `string` | `""` | no | +| docker\_machine\_spot\_price\_bid | Spot price bid. | `string` | `"0.06"` | no | +| docker\_machine\_version | Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set. | `string` | `"0.16.2"` | no | +| enable\_asg\_recreation | Enable automatic redeployment of the Runner ASG when the Launch Configs change. | `bool` | `true` | no | +| enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | `bool` | `true` | no | +| enable\_docker\_machine\_ssm\_access | Add IAM policies to the docker-machine instances to connect via the Session Manager. | `bool` | `false` | no | +| enable\_eip | Enable the assignment of an EIP to the gitlab runner instance | `bool` | `false` | no | +| enable\_forced\_updates | DEPRECATED! and is replaced by `enable_asg_recreation. Setting this variable to true will do the oposite as expected. For backward compatibility the variable will remain some releases. Old desription: Enable automatic redeployment of the Runner ASG when the Launch Configs change.` | `string` | `null` | no | +| enable\_gitlab\_runner\_ssh\_access | Enables SSH Access to the gitlab runner instance. | `bool` | `false` | no | +| enable\_kms | Let the module manage a KMS key, logs will be encrypted via KMS. Be-aware of the costs of an custom key. | `bool` | `false` | no | +| enable\_manage\_gitlab\_token | Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | `bool` | `true` | no | +| enable\_ping | Allow ICMP Ping to the ec2 instances. | `bool` | `false` | no | +| enable\_runner\_ssm\_access | Add IAM policies to the runner agent instance to connect via the Session Manager. | `bool` | `false` | no | +| enable\_runner\_user\_data\_trace\_log | Enable bash xtrace for the user data script that creates the EC2 instance for the runner agent. Be aware this could log sensitive data such as you GitLab runner token. | `bool` | `false` | no | +| enable\_schedule | Flag used to enable/disable auto scaling group schedule for the runner instance. | `bool` | `false` | no | +| environment | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes | +| gitlab\_runner\_egress\_rules | List of egress rules for the gitlab runner instance. | 
list(object({
    cidr_blocks      = list(string)
    ipv6_cidr_blocks = list(string)
    prefix_list_ids  = list(string)
    from_port        = number
    protocol         = string
    security_groups  = list(string)
    self             = bool
    to_port          = number
    description      = string
  }))
| 
[
  {
    "cidr_blocks": [
      "0.0.0.0/0"
    ],
    "description": null,
    "from_port": 0,
    "ipv6_cidr_blocks": [
      "::/0"
    ],
    "prefix_list_ids": null,
    "protocol": "-1",
    "security_groups": null,
    "self": null,
    "to_port": 0
  }
]
| no | +| gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | `map(string)` | 
{
  "access_level": "",
  "description": "",
  "locked_to_project": "",
  "maximum_timeout": "",
  "registration_token": "",
  "run_untagged": "",
  "tag_list": ""
}
| no | +| gitlab\_runner\_security\_group\_ids | A list of security group ids that are allowed to access the gitlab runner agent | `list(string)` | `[]` | no | +| gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | `list(string)` | `[]` | no | +| gitlab\_runner\_version | Version of the GitLab runner. | `string` | `"13.4.0"` | no | +| instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | `string` | `""` | no | +| instance\_type | Instance type used for the GitLab runner. | `string` | `"t3.micro"` | no | +| kms\_alias\_name | Alias added to the kms\_key (if created and not provided by kms\_key\_id) | `string` | `""` | no | +| kms\_deletion\_window\_in\_days | Key rotation window, set to 0 for no rotation. Only used when `enable_kms` is set to `true`. | `number` | `7` | no | +| kms\_key\_id | KMS key id to encrypted the CloudWatch logs. Ensure CloudWatch has access to the provided KMS key. | `string` | `""` | no | +| log\_group\_name | Option to override the default name (`environment`) of the log group, requires `enable_cloudwatch_logging = true`. | `string` | `null` | no | +| metrics\_autoscaling | A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances. | `list(string)` | `null` | no | +| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | `map(string)` | 
{
  "name_docker_machine_runners": "",
  "name_runner_agent_instance": "",
  "name_sg": ""
}
| no | +| permissions\_boundary | Name of permissions boundary policy to attach to AWS IAM roles | `string` | `""` | no | +| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | `map(list(string))` | 
{
  "name": [
    "ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"
  ]
}
| no | +| runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | `list(string)` | 
[
  "099720109477"
]
| no | +| runner\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the runners. | `list(string)` | `[]` | no | +| runner\_instance\_ebs\_optimized | Enable the GitLab runner instance to be EBS-optimized. | `bool` | `true` | no | +| runner\_instance\_enable\_monitoring | Enable the GitLab runner instance to have detailed monitoring. | `bool` | `true` | no | +| runner\_instance\_spot\_price | By setting a spot price bid price the runner agent will be created via a spot request. Be aware that spot instances can be stopped by AWS. | `string` | `null` | no | +| runner\_root\_block\_device | The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops` | `map(string)` | `{}` | no | +| runner\_tags | Map of tags that will be added to runner EC2 instances. | `map(string)` | `{}` | no | +| runners\_additional\_volumes | Additional volumes that will be used in the runner config.toml, e.g Docker socket | `list` | `[]` | no | +| runners\_concurrent | Concurrent value for the runners, will be used in the runner config.toml. | `number` | `10` | no | +| runners\_ebs\_optimized | Enable runners to be EBS-optimized. | `bool` | `true` | no | +| runners\_environment\_vars | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | `list(string)` | `[]` | no | +| runners\_executor | The executor to use. Currently supports `docker+machine` or `docker`. | `string` | `"docker+machine"` | no | +| runners\_gitlab\_url | URL of the GitLab instance to connect to. | `string` | n/a | yes | +| runners\_iam\_instance\_profile\_name | IAM instance profile name of the runners, will be used in the runner config.toml | `string` | `""` | no | +| runners\_idle\_count | Idle count of the runners, will be used in the runner config.toml. | `number` | `0` | no | +| runners\_idle\_time | Idle time of the runners, will be used in the runner config.toml. | `number` | `600` | no | +| runners\_image | Image to run builds, will be used in the runner config.toml | `string` | `"docker:18.03.1-ce"` | no | +| runners\_limit | Limit for the runners, will be used in the runner config.toml. | `number` | `0` | no | +| runners\_machine\_autoscaling | Set autoscaling parameters based on periods, see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersmachine-section | 
list(object({
    periods    = list(string)
    idle_count = number
    idle_time  = number
    timezone   = string
  }))
| `[]` | no | +| runners\_max\_builds | Max builds for each runner after which it will be removed, will be used in the runner config.toml. By default set to 0, no maxBuilds will be set in the configuration. | `number` | `0` | no | +| runners\_monitoring | Enable detailed cloudwatch monitoring for spot instances. | `bool` | `false` | no | +| runners\_name | Name of the runner, will be used in the runner config.toml. | `string` | n/a | yes | +| runners\_off\_peak\_idle\_count | Deprecated, please use `runners_machine_autoscaling`. Off peak idle count of the runners, will be used in the runner config.toml. | `string` | `-1` | no | +| runners\_off\_peak\_idle\_time | Deprecated, please use `runners_machine_autoscaling`. Off peak idle time of the runners, will be used in the runner config.toml. | `string` | `-1` | no | +| runners\_off\_peak\_periods | Deprecated, please use `runners_machine_autoscaling`. Off peak periods of the runners, will be used in the runner config.toml. | `string` | `null` | no | +| runners\_off\_peak\_timezone | Deprecated, please use `runners_machine_autoscaling`. Off peak idle time zone of the runners, will be used in the runner config.toml. | `string` | `null` | no | +| runners\_output\_limit | Sets the maximum build log size in kilobytes, by default set to 4096 (4MB) | `number` | `4096` | no | +| runners\_post\_build\_script | Commands to be executed on the Runner just after executing the build, but before executing after\_script. | `string` | `""` | no | +| runners\_pre\_build\_script | Script to execute in the pipeline just before the build, will be used in the runner config.toml | `string` | `""` | no | +| runners\_pre\_clone\_script | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | `string` | `""` | no | +| runners\_privileged | Runners will run in privileged mode, will be used in the runner config.toml | `bool` | `true` | no | +| runners\_docker\_runtime | Runtime that rocker will be used, will be used in the runner config.toml | `string` | `""` | no | +| runners\_pull\_policy | pull\_policy for the runners, will be used in the runner config.toml | `string` | `"always"` | no | +| runners\_request\_concurrency | Limit number of concurrent requests for new jobs from GitLab (default 1) | `number` | `1` | no | +| runners\_request\_spot\_instance | Whether or not to request spot instances via docker-machine | `bool` | `true` | no | +| runners\_root\_size | Runner instance root size in GB. | `number` | `16` | no | +| runners\_services\_volumes\_tmpfs | n/a | 
list(object({
    volume  = string
    options = string
  }))
| `[]` | no | +| runners\_shm\_size | shm\_size for the runners, will be used in the runner config.toml | `number` | `0` | no | +| runners\_token | Token for the runner, will be used in the runner config.toml. | `string` | `"__REPLACED_BY_USER_DATA__"` | no | +| runners\_use\_private\_address | Restrict runners to the use of a private IP address | `bool` | `true` | no | +| runners\_volumes\_tmpfs | n/a | 
list(object({
    volume  = string
    options = string
  }))
| `[]` | no | +| schedule\_config | Map containing the configuration of the ASG scale-in and scale-up for the runner instance. Will only be used if enable\_schedule is set to true. | `map` | 
{
  "scale_in_count": 0,
  "scale_in_recurrence": "0 18 * * 1-5",
  "scale_out_count": 1,
  "scale_out_recurrence": "0 8 * * 1-5"
}
| no | +| secure\_parameter\_store\_runner\_token\_key | The key name used store the Gitlab runner token in Secure Parameter Store | `string` | `"runner-token"` | no | +| ssh\_key\_pair | Set this to use existing AWS key pair | `string` | `null` | no | +| subnet\_id\_runners | List of subnets used for hosting the gitlab-runners. | `string` | n/a | yes | +| subnet\_ids\_gitlab\_runner | Subnet used for hosting the GitLab runner. | `list(string)` | n/a | yes | +| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no | +| userdata\_post\_install | User-data script snippet to insert after GitLab runner install | `string` | `""` | no | +| userdata\_pre\_install | User-data script snippet to insert before GitLab runner install | `string` | `""` | no | +| vpc\_id | The target VPC for the docker-machine and runner instances. | `string` | n/a | yes | ## Outputs -| Name | Description | -|------|-------------| -| runner\_agent\_role\_arn | ARN of the role used for the ec2 instance for the GitLab runner agent. | -| runner\_agent\_role\_name | Name of the role used for the ec2 instance for the GitLab runner agent. | -| runner\_agent\_sg\_id | ID of the security group attached to the GitLab runner agent. | -| runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance | -| runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. | -| runner\_cache\_bucket\_name | Name of the S3 for the build cache. | -| runner\_eip | EIP of the Gitlab Runner | -| runner\_role\_arn | ARN of the role used for the docker machine runners. | -| runner\_role\_name | Name of the role used for the docker machine runners. | -| runner\_sg\_id | ID of the security group attached to the docker machine runners. | +| Name | Description | +| --------------------------- | ----------------------------------------------------------------------- | +| runner\_agent\_role\_arn | ARN of the role used for the ec2 instance for the GitLab runner agent. | +| runner\_agent\_role\_name | Name of the role used for the ec2 instance for the GitLab runner agent. | +| runner\_agent\_sg\_id | ID of the security group attached to the GitLab runner agent. | +| runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance | +| runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. | +| runner\_cache\_bucket\_name | Name of the S3 for the build cache. | +| runner\_eip | EIP of the Gitlab Runner | +| runner\_role\_arn | ARN of the role used for the docker machine runners. | +| runner\_role\_name | Name of the role used for the docker machine runners. | +| runner\_sg\_id | ID of the security group attached to the docker machine runners. | From cfc472012179951b53461f66d6865ccfbbf0cdb4 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Wed, 13 Jan 2021 21:28:57 +0100 Subject: [PATCH 14/21] Update version add dependabot (#250) --- README.md | 234 +++++++++++++++++++++++++++--------------------------- 1 file changed, 117 insertions(+), 117 deletions(-) diff --git a/README.md b/README.md index 865c0e1cf..b67d4e3d3 100644 --- a/README.md +++ b/README.md @@ -251,133 +251,133 @@ terraform destroy ## Requirements -| Name | Version | -| --------- | ------- | +| Name | Version | +|------|---------| | terraform | >= 0.12 | ## Providers | Name | Version | -| ---- | ------- | -| aws | n/a | -| null | n/a | +|------|---------| +| aws | n/a | +| null | n/a | ## Inputs -| Name | Description | Type | Default | Required | -| -------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------: | -| agent\_tags | Map of tags that will be added to agent EC2 instances. | `map(string)` | `{}` | no | -| allow\_iam\_service\_linked\_role\_creation | Boolean used to control attaching the policy to a runner instance to create service linked roles. | `bool` | `true` | no | -| ami\_filter | List of maps used to create the AMI filter for the Gitlab runner agent AMI. Must resolve to an Amazon Linux 1 or 2 image. | `map(list(string))` | 
{
  "name": [
    "amzn2-ami-hvm-2.*-x86_64-ebs"
  ]
}
| no | -| ami\_owners | The list of owners used to select the AMI of Gitlab runner agent instances. | `list(string)` | 
[
  "amazon"
]
| no | -| arn\_format | ARN format to be used. May be changed to support deployment in GovCloud/China regions. | `string` | `"arn:aws"` | no | -| aws\_region | AWS region. | `string` | n/a | yes | -| aws\_zone | Deprecated. Will be removed in the next major release. | `string` | `"a"` | no | -| cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache across multiple runners disable the creation of the cache and provide a policy and bucket name. See the public runner example for more details. | `map` | 
{
  "bucket": "",
  "create": true,
  "policy": ""
}
| no | -| cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | `bool` | `true` | no | -| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | `string` | `""` | no | -| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | `bool` | `false` | no | -| cache\_expiration\_days | Number of days before cache objects expires. | `number` | `1` | no | -| cache\_shared | Enables cache sharing between runners, false by default. | `bool` | `false` | no | -| cloudwatch\_logging\_retention\_in\_days | Retention for cloudwatch logs. Defaults to unlimited | `number` | `0` | no | -| docker\_machine\_download\_url | Full url pointing to a linux x64 distribution of docker machine. Once set `docker_machine_version` will be ingored. For example the GitLab version, https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.2/docker-machine. | `string` | `""` | no | -| docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | `string` | `"m5.large"` | no | -| docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | `list(string)` | `[]` | no | -| docker\_machine\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | `string` | `""` | no | -| docker\_machine\_spot\_price\_bid | Spot price bid. | `string` | `"0.06"` | no | -| docker\_machine\_version | Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set. | `string` | `"0.16.2"` | no | -| enable\_asg\_recreation | Enable automatic redeployment of the Runner ASG when the Launch Configs change. | `bool` | `true` | no | -| enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | `bool` | `true` | no | -| enable\_docker\_machine\_ssm\_access | Add IAM policies to the docker-machine instances to connect via the Session Manager. | `bool` | `false` | no | -| enable\_eip | Enable the assignment of an EIP to the gitlab runner instance | `bool` | `false` | no | -| enable\_forced\_updates | DEPRECATED! and is replaced by `enable_asg_recreation. Setting this variable to true will do the oposite as expected. For backward compatibility the variable will remain some releases. Old desription: Enable automatic redeployment of the Runner ASG when the Launch Configs change.` | `string` | `null` | no | -| enable\_gitlab\_runner\_ssh\_access | Enables SSH Access to the gitlab runner instance. | `bool` | `false` | no | -| enable\_kms | Let the module manage a KMS key, logs will be encrypted via KMS. Be-aware of the costs of an custom key. | `bool` | `false` | no | -| enable\_manage\_gitlab\_token | Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | `bool` | `true` | no | -| enable\_ping | Allow ICMP Ping to the ec2 instances. | `bool` | `false` | no | -| enable\_runner\_ssm\_access | Add IAM policies to the runner agent instance to connect via the Session Manager. | `bool` | `false` | no | -| enable\_runner\_user\_data\_trace\_log | Enable bash xtrace for the user data script that creates the EC2 instance for the runner agent. Be aware this could log sensitive data such as you GitLab runner token. | `bool` | `false` | no | -| enable\_schedule | Flag used to enable/disable auto scaling group schedule for the runner instance. | `bool` | `false` | no | -| environment | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes | -| gitlab\_runner\_egress\_rules | List of egress rules for the gitlab runner instance. | 
list(object({
    cidr_blocks      = list(string)
    ipv6_cidr_blocks = list(string)
    prefix_list_ids  = list(string)
    from_port        = number
    protocol         = string
    security_groups  = list(string)
    self             = bool
    to_port          = number
    description      = string
  }))
| 
[
  {
    "cidr_blocks": [
      "0.0.0.0/0"
    ],
    "description": null,
    "from_port": 0,
    "ipv6_cidr_blocks": [
      "::/0"
    ],
    "prefix_list_ids": null,
    "protocol": "-1",
    "security_groups": null,
    "self": null,
    "to_port": 0
  }
]
| no | -| gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | `map(string)` | 
{
  "access_level": "",
  "description": "",
  "locked_to_project": "",
  "maximum_timeout": "",
  "registration_token": "",
  "run_untagged": "",
  "tag_list": ""
}
| no | -| gitlab\_runner\_security\_group\_ids | A list of security group ids that are allowed to access the gitlab runner agent | `list(string)` | `[]` | no | -| gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | `list(string)` | `[]` | no | -| gitlab\_runner\_version | Version of the GitLab runner. | `string` | `"13.4.0"` | no | -| instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | `string` | `""` | no | -| instance\_type | Instance type used for the GitLab runner. | `string` | `"t3.micro"` | no | -| kms\_alias\_name | Alias added to the kms\_key (if created and not provided by kms\_key\_id) | `string` | `""` | no | -| kms\_deletion\_window\_in\_days | Key rotation window, set to 0 for no rotation. Only used when `enable_kms` is set to `true`. | `number` | `7` | no | -| kms\_key\_id | KMS key id to encrypted the CloudWatch logs. Ensure CloudWatch has access to the provided KMS key. | `string` | `""` | no | -| log\_group\_name | Option to override the default name (`environment`) of the log group, requires `enable_cloudwatch_logging = true`. | `string` | `null` | no | -| metrics\_autoscaling | A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances. | `list(string)` | `null` | no | -| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | `map(string)` | 
{
  "name_docker_machine_runners": "",
  "name_runner_agent_instance": "",
  "name_sg": ""
}
| no | -| permissions\_boundary | Name of permissions boundary policy to attach to AWS IAM roles | `string` | `""` | no | -| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | `map(list(string))` | 
{
  "name": [
    "ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"
  ]
}
| no | -| runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | `list(string)` | 
[
  "099720109477"
]
| no | -| runner\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the runners. | `list(string)` | `[]` | no | -| runner\_instance\_ebs\_optimized | Enable the GitLab runner instance to be EBS-optimized. | `bool` | `true` | no | -| runner\_instance\_enable\_monitoring | Enable the GitLab runner instance to have detailed monitoring. | `bool` | `true` | no | -| runner\_instance\_spot\_price | By setting a spot price bid price the runner agent will be created via a spot request. Be aware that spot instances can be stopped by AWS. | `string` | `null` | no | -| runner\_root\_block\_device | The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops` | `map(string)` | `{}` | no | -| runner\_tags | Map of tags that will be added to runner EC2 instances. | `map(string)` | `{}` | no | -| runners\_additional\_volumes | Additional volumes that will be used in the runner config.toml, e.g Docker socket | `list` | `[]` | no | -| runners\_concurrent | Concurrent value for the runners, will be used in the runner config.toml. | `number` | `10` | no | -| runners\_ebs\_optimized | Enable runners to be EBS-optimized. | `bool` | `true` | no | -| runners\_environment\_vars | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | `list(string)` | `[]` | no | -| runners\_executor | The executor to use. Currently supports `docker+machine` or `docker`. | `string` | `"docker+machine"` | no | -| runners\_gitlab\_url | URL of the GitLab instance to connect to. | `string` | n/a | yes | -| runners\_iam\_instance\_profile\_name | IAM instance profile name of the runners, will be used in the runner config.toml | `string` | `""` | no | -| runners\_idle\_count | Idle count of the runners, will be used in the runner config.toml. | `number` | `0` | no | -| runners\_idle\_time | Idle time of the runners, will be used in the runner config.toml. | `number` | `600` | no | -| runners\_image | Image to run builds, will be used in the runner config.toml | `string` | `"docker:18.03.1-ce"` | no | -| runners\_limit | Limit for the runners, will be used in the runner config.toml. | `number` | `0` | no | -| runners\_machine\_autoscaling | Set autoscaling parameters based on periods, see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersmachine-section | 
list(object({
    periods    = list(string)
    idle_count = number
    idle_time  = number
    timezone   = string
  }))
| `[]` | no | -| runners\_max\_builds | Max builds for each runner after which it will be removed, will be used in the runner config.toml. By default set to 0, no maxBuilds will be set in the configuration. | `number` | `0` | no | -| runners\_monitoring | Enable detailed cloudwatch monitoring for spot instances. | `bool` | `false` | no | -| runners\_name | Name of the runner, will be used in the runner config.toml. | `string` | n/a | yes | -| runners\_off\_peak\_idle\_count | Deprecated, please use `runners_machine_autoscaling`. Off peak idle count of the runners, will be used in the runner config.toml. | `string` | `-1` | no | -| runners\_off\_peak\_idle\_time | Deprecated, please use `runners_machine_autoscaling`. Off peak idle time of the runners, will be used in the runner config.toml. | `string` | `-1` | no | -| runners\_off\_peak\_periods | Deprecated, please use `runners_machine_autoscaling`. Off peak periods of the runners, will be used in the runner config.toml. | `string` | `null` | no | -| runners\_off\_peak\_timezone | Deprecated, please use `runners_machine_autoscaling`. Off peak idle time zone of the runners, will be used in the runner config.toml. | `string` | `null` | no | -| runners\_output\_limit | Sets the maximum build log size in kilobytes, by default set to 4096 (4MB) | `number` | `4096` | no | -| runners\_post\_build\_script | Commands to be executed on the Runner just after executing the build, but before executing after\_script. | `string` | `""` | no | -| runners\_pre\_build\_script | Script to execute in the pipeline just before the build, will be used in the runner config.toml | `string` | `""` | no | -| runners\_pre\_clone\_script | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | `string` | `""` | no | -| runners\_privileged | Runners will run in privileged mode, will be used in the runner config.toml | `bool` | `true` | no | -| runners\_docker\_runtime | Runtime that rocker will be used, will be used in the runner config.toml | `string` | `""` | no | -| runners\_pull\_policy | pull\_policy for the runners, will be used in the runner config.toml | `string` | `"always"` | no | -| runners\_request\_concurrency | Limit number of concurrent requests for new jobs from GitLab (default 1) | `number` | `1` | no | -| runners\_request\_spot\_instance | Whether or not to request spot instances via docker-machine | `bool` | `true` | no | -| runners\_root\_size | Runner instance root size in GB. | `number` | `16` | no | -| runners\_services\_volumes\_tmpfs | n/a | 
list(object({
    volume  = string
    options = string
  }))
| `[]` | no | -| runners\_shm\_size | shm\_size for the runners, will be used in the runner config.toml | `number` | `0` | no | -| runners\_token | Token for the runner, will be used in the runner config.toml. | `string` | `"__REPLACED_BY_USER_DATA__"` | no | -| runners\_use\_private\_address | Restrict runners to the use of a private IP address | `bool` | `true` | no | -| runners\_volumes\_tmpfs | n/a | 
list(object({
    volume  = string
    options = string
  }))
| `[]` | no | -| schedule\_config | Map containing the configuration of the ASG scale-in and scale-up for the runner instance. Will only be used if enable\_schedule is set to true. | `map` | 
{
  "scale_in_count": 0,
  "scale_in_recurrence": "0 18 * * 1-5",
  "scale_out_count": 1,
  "scale_out_recurrence": "0 8 * * 1-5"
}
| no | -| secure\_parameter\_store\_runner\_token\_key | The key name used store the Gitlab runner token in Secure Parameter Store | `string` | `"runner-token"` | no | -| ssh\_key\_pair | Set this to use existing AWS key pair | `string` | `null` | no | -| subnet\_id\_runners | List of subnets used for hosting the gitlab-runners. | `string` | n/a | yes | -| subnet\_ids\_gitlab\_runner | Subnet used for hosting the GitLab runner. | `list(string)` | n/a | yes | -| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no | -| userdata\_post\_install | User-data script snippet to insert after GitLab runner install | `string` | `""` | no | -| userdata\_pre\_install | User-data script snippet to insert before GitLab runner install | `string` | `""` | no | -| vpc\_id | The target VPC for the docker-machine and runner instances. | `string` | n/a | yes | +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| agent\_tags | Map of tags that will be added to agent EC2 instances. | `map(string)` | `{}` | no | +| allow\_iam\_service\_linked\_role\_creation | Boolean used to control attaching the policy to a runner instance to create service linked roles. | `bool` | `true` | no | +| ami\_filter | List of maps used to create the AMI filter for the Gitlab runner agent AMI. Must resolve to an Amazon Linux 1 or 2 image. | `map(list(string))` | 
{
  "name": [
    "amzn2-ami-hvm-2.*-x86_64-ebs"
  ]
}
| no | +| ami\_owners | The list of owners used to select the AMI of Gitlab runner agent instances. | `list(string)` | 
[
  "amazon"
]
| no | +| arn\_format | ARN format to be used. May be changed to support deployment in GovCloud/China regions. | `string` | `"arn:aws"` | no | +| aws\_region | AWS region. | `string` | n/a | yes | +| aws\_zone | Deprecated. Will be removed in the next major release. | `string` | `"a"` | no | +| cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache across multiple runners disable the creation of the cache and provide a policy and bucket name. See the public runner example for more details. | `map` | 
{
  "bucket": "",
  "create": true,
  "policy": ""
}
| no | +| cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | `bool` | `true` | no | +| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | `string` | `""` | no | +| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | `bool` | `false` | no | +| cache\_expiration\_days | Number of days before cache objects expires. | `number` | `1` | no | +| cache\_shared | Enables cache sharing between runners, false by default. | `bool` | `false` | no | +| cloudwatch\_logging\_retention\_in\_days | Retention for cloudwatch logs. Defaults to unlimited | `number` | `0` | no | +| docker\_machine\_download\_url | Full url pointing to a linux x64 distribution of docker machine. Once set `docker_machine_version` will be ingored. For example the GitLab version, https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.2/docker-machine. | `string` | `""` | no | +| docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | `string` | `"m5.large"` | no | +| docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | `list(string)` | `[]` | no | +| docker\_machine\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | `string` | `""` | no | +| docker\_machine\_spot\_price\_bid | Spot price bid. | `string` | `"0.06"` | no | +| docker\_machine\_version | Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set. | `string` | `"0.16.2"` | no | +| enable\_asg\_recreation | Enable automatic redeployment of the Runner ASG when the Launch Configs change. | `bool` | `true` | no | +| enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | `bool` | `true` | no | +| enable\_docker\_machine\_ssm\_access | Add IAM policies to the docker-machine instances to connect via the Session Manager. | `bool` | `false` | no | +| enable\_eip | Enable the assignment of an EIP to the gitlab runner instance | `bool` | `false` | no | +| enable\_forced\_updates | DEPRECATED! and is replaced by `enable_asg_recreation. Setting this variable to true will do the oposite as expected. For backward compatibility the variable will remain some releases. Old desription: Enable automatic redeployment of the Runner ASG when the Launch Configs change.` | `string` | `null` | no | +| enable\_gitlab\_runner\_ssh\_access | Enables SSH Access to the gitlab runner instance. | `bool` | `false` | no | +| enable\_kms | Let the module manage a KMS key, logs will be encrypted via KMS. Be-aware of the costs of an custom key. | `bool` | `false` | no | +| enable\_manage\_gitlab\_token | Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | `bool` | `true` | no | +| enable\_ping | Allow ICMP Ping to the ec2 instances. | `bool` | `false` | no | +| enable\_runner\_ssm\_access | Add IAM policies to the runner agent instance to connect via the Session Manager. | `bool` | `false` | no | +| enable\_runner\_user\_data\_trace\_log | Enable bash xtrace for the user data script that creates the EC2 instance for the runner agent. Be aware this could log sensitive data such as you GitLab runner token. | `bool` | `false` | no | +| enable\_schedule | Flag used to enable/disable auto scaling group schedule for the runner instance. | `bool` | `false` | no | +| environment | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes | +| gitlab\_runner\_egress\_rules | List of egress rules for the gitlab runner instance. | 
list(object({
    cidr_blocks      = list(string)
    ipv6_cidr_blocks = list(string)
    prefix_list_ids  = list(string)
    from_port        = number
    protocol         = string
    security_groups  = list(string)
    self             = bool
    to_port          = number
    description      = string
  }))
| 
[
  {
    "cidr_blocks": [
      "0.0.0.0/0"
    ],
    "description": null,
    "from_port": 0,
    "ipv6_cidr_blocks": [
      "::/0"
    ],
    "prefix_list_ids": null,
    "protocol": "-1",
    "security_groups": null,
    "self": null,
    "to_port": 0
  }
]
| no | +| gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | `map(string)` | 
{
  "access_level": "",
  "description": "",
  "locked_to_project": "",
  "maximum_timeout": "",
  "registration_token": "",
  "run_untagged": "",
  "tag_list": ""
}
| no | +| gitlab\_runner\_security\_group\_ids | A list of security group ids that are allowed to access the gitlab runner agent | `list(string)` | `[]` | no | +| gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | `list(string)` | `[]` | no | +| gitlab\_runner\_version | Version of the GitLab runner. | `string` | `"13.4.0"` | no | +| instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | `string` | `""` | no | +| instance\_type | Instance type used for the GitLab runner. | `string` | `"t3.micro"` | no | +| kms\_alias\_name | Alias added to the kms\_key (if created and not provided by kms\_key\_id) | `string` | `""` | no | +| kms\_deletion\_window\_in\_days | Key rotation window, set to 0 for no rotation. Only used when `enable_kms` is set to `true`. | `number` | `7` | no | +| kms\_key\_id | KMS key id to encrypted the CloudWatch logs. Ensure CloudWatch has access to the provided KMS key. | `string` | `""` | no | +| log\_group\_name | Option to override the default name (`environment`) of the log group, requires `enable_cloudwatch_logging = true`. | `string` | `null` | no | +| metrics\_autoscaling | A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances. | `list(string)` | `null` | no | +| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | `map(string)` | 
{
  "name_docker_machine_runners": "",
  "name_runner_agent_instance": "",
  "name_sg": ""
}
| no | +| permissions\_boundary | Name of permissions boundary policy to attach to AWS IAM roles | `string` | `""` | no | +| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | `map(list(string))` | 
{
  "name": [
    "ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"
  ]
}
| no | +| runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | `list(string)` | 
[
  "099720109477"
]
| no | +| runner\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the gitlab runner agent ec2 instance. | `list(string)` | `[]` | no | +| runner\_instance\_ebs\_optimized | Enable the GitLab runner instance to be EBS-optimized. | `bool` | `true` | no | +| runner\_instance\_enable\_monitoring | Enable the GitLab runner instance to have detailed monitoring. | `bool` | `true` | no | +| runner\_instance\_spot\_price | By setting a spot price bid price the runner agent will be created via a spot request. Be aware that spot instances can be stopped by AWS. | `string` | `null` | no | +| runner\_root\_block\_device | The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops` | `map(string)` | `{}` | no | +| runner\_tags | Map of tags that will be added to runner EC2 instances. | `map(string)` | `{}` | no | +| runners\_additional\_volumes | Additional volumes that will be used in the runner config.toml, e.g Docker socket | `list` | `[]` | no | +| runners\_concurrent | Concurrent value for the runners, will be used in the runner config.toml. | `number` | `10` | no | +| runners\_docker\_runtime | docker runtime for runners, will be used in the runner config.toml | `string` | `""` | no | +| runners\_ebs\_optimized | Enable runners to be EBS-optimized. | `bool` | `true` | no | +| runners\_environment\_vars | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | `list(string)` | `[]` | no | +| runners\_executor | The executor to use. Currently supports `docker+machine` or `docker`. | `string` | `"docker+machine"` | no | +| runners\_gitlab\_url | URL of the GitLab instance to connect to. | `string` | n/a | yes | +| runners\_iam\_instance\_profile\_name | IAM instance profile name of the runners, will be used in the runner config.toml | `string` | `""` | no | +| runners\_idle\_count | Idle count of the runners, will be used in the runner config.toml. | `number` | `0` | no | +| runners\_idle\_time | Idle time of the runners, will be used in the runner config.toml. | `number` | `600` | no | +| runners\_image | Image to run builds, will be used in the runner config.toml | `string` | `"docker:18.03.1-ce"` | no | +| runners\_limit | Limit for the runners, will be used in the runner config.toml. | `number` | `0` | no | +| runners\_machine\_autoscaling | Set autoscaling parameters based on periods, see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersmachine-section | 
list(object({
    periods    = list(string)
    idle_count = number
    idle_time  = number
    timezone   = string
  }))
| `[]` | no | +| runners\_max\_builds | Max builds for each runner after which it will be removed, will be used in the runner config.toml. By default set to 0, no maxBuilds will be set in the configuration. | `number` | `0` | no | +| runners\_monitoring | Enable detailed cloudwatch monitoring for spot instances. | `bool` | `false` | no | +| runners\_name | Name of the runner, will be used in the runner config.toml. | `string` | n/a | yes | +| runners\_off\_peak\_idle\_count | Deprecated, please use `runners_machine_autoscaling`. Off peak idle count of the runners, will be used in the runner config.toml. | `string` | `-1` | no | +| runners\_off\_peak\_idle\_time | Deprecated, please use `runners_machine_autoscaling`. Off peak idle time of the runners, will be used in the runner config.toml. | `string` | `-1` | no | +| runners\_off\_peak\_periods | Deprecated, please use `runners_machine_autoscaling`. Off peak periods of the runners, will be used in the runner config.toml. | `string` | `null` | no | +| runners\_off\_peak\_timezone | Deprecated, please use `runners_machine_autoscaling`. Off peak idle time zone of the runners, will be used in the runner config.toml. | `string` | `null` | no | +| runners\_output\_limit | Sets the maximum build log size in kilobytes, by default set to 4096 (4MB) | `number` | `4096` | no | +| runners\_post\_build\_script | Commands to be executed on the Runner just after executing the build, but before executing after\_script. | `string` | `""` | no | +| runners\_pre\_build\_script | Script to execute in the pipeline just before the build, will be used in the runner config.toml | `string` | `""` | no | +| runners\_pre\_clone\_script | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | `string` | `""` | no | +| runners\_privileged | Runners will run in privileged mode, will be used in the runner config.toml | `bool` | `true` | no | +| runners\_pull\_policy | pull\_policy for the runners, will be used in the runner config.toml | `string` | `"always"` | no | +| runners\_request\_concurrency | Limit number of concurrent requests for new jobs from GitLab (default 1) | `number` | `1` | no | +| runners\_request\_spot\_instance | Whether or not to request spot instances via docker-machine | `bool` | `true` | no | +| runners\_root\_size | Runner instance root size in GB. | `number` | `16` | no | +| runners\_services\_volumes\_tmpfs | n/a | 
list(object({
    volume  = string
    options = string
  }))
| `[]` | no | +| runners\_shm\_size | shm\_size for the runners, will be used in the runner config.toml | `number` | `0` | no | +| runners\_token | Token for the runner, will be used in the runner config.toml. | `string` | `"__REPLACED_BY_USER_DATA__"` | no | +| runners\_use\_private\_address | Restrict runners to the use of a private IP address | `bool` | `true` | no | +| runners\_volumes\_tmpfs | n/a | 
list(object({
    volume  = string
    options = string
  }))
| `[]` | no | +| schedule\_config | Map containing the configuration of the ASG scale-in and scale-up for the runner instance. Will only be used if enable\_schedule is set to true. | `map` | 
{
  "scale_in_count": 0,
  "scale_in_recurrence": "0 18 * * 1-5",
  "scale_out_count": 1,
  "scale_out_recurrence": "0 8 * * 1-5"
}
| no | +| secure\_parameter\_store\_runner\_token\_key | The key name used store the Gitlab runner token in Secure Parameter Store | `string` | `"runner-token"` | no | +| ssh\_key\_pair | Set this to use existing AWS key pair | `string` | `null` | no | +| subnet\_id\_runners | List of subnets used for hosting the gitlab-runners. | `string` | n/a | yes | +| subnet\_ids\_gitlab\_runner | Subnet used for hosting the GitLab runner. | `list(string)` | n/a | yes | +| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no | +| userdata\_post\_install | User-data script snippet to insert after GitLab runner install | `string` | `""` | no | +| userdata\_pre\_install | User-data script snippet to insert before GitLab runner install | `string` | `""` | no | +| vpc\_id | The target VPC for the docker-machine and runner instances. | `string` | n/a | yes | ## Outputs -| Name | Description | -| --------------------------- | ----------------------------------------------------------------------- | -| runner\_agent\_role\_arn | ARN of the role used for the ec2 instance for the GitLab runner agent. | -| runner\_agent\_role\_name | Name of the role used for the ec2 instance for the GitLab runner agent. | -| runner\_agent\_sg\_id | ID of the security group attached to the GitLab runner agent. | -| runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance | -| runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. | -| runner\_cache\_bucket\_name | Name of the S3 for the build cache. | -| runner\_eip | EIP of the Gitlab Runner | -| runner\_role\_arn | ARN of the role used for the docker machine runners. | -| runner\_role\_name | Name of the role used for the docker machine runners. | -| runner\_sg\_id | ID of the security group attached to the docker machine runners. | +| Name | Description | +|------|-------------| +| runner\_agent\_role\_arn | ARN of the role used for the ec2 instance for the GitLab runner agent. | +| runner\_agent\_role\_name | Name of the role used for the ec2 instance for the GitLab runner agent. | +| runner\_agent\_sg\_id | ID of the security group attached to the GitLab runner agent. | +| runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance | +| runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. | +| runner\_cache\_bucket\_name | Name of the S3 for the build cache. | +| runner\_eip | EIP of the Gitlab Runner | +| runner\_role\_arn | ARN of the role used for the docker machine runners. | +| runner\_role\_name | Name of the role used for the docker machine runners. | +| runner\_sg\_id | ID of the security group attached to the docker machine runners. | From a6aaa172e31d57f9940f8e3610809fa5d813404a Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Wed, 13 Jan 2021 22:52:39 +0100 Subject: [PATCH 15/21] Update version of runner, update from ubuntu18 tot ubuntu20 and set docker machien version to gitlab maintained one (#276) --- .github/workflows/verify.yml | 11 ++++++++--- README.md | 12 ++++++------ ci/bin/terraform.sh | 4 ++-- modules/cache/README.md | 3 ++- variables.tf | 10 +++++----- 5 files changed, 23 insertions(+), 17 deletions(-) diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 91e0d726f..e8e5b0fc7 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -1,5 +1,10 @@ name: Verify -on: [push, pull_request] +on: + push: + branches: + - master + - develop + pull_request: jobs: verify: @@ -9,7 +14,7 @@ jobs: - uses: actions/checkout@v1 - name: verify run: | - ./ci/bin/install.sh + source ./ci/bin/install.sh ./ci/bin/verify.sh verify-examples: @@ -19,5 +24,5 @@ jobs: - uses: actions/checkout@v1 - name: verify-examples run: | - ./ci/bin/install.sh + source ./ci/bin/install.sh ./ci/bin/verify-examples.sh diff --git a/README.md b/README.md index 724ecfd39..684c98c71 100644 --- a/README.md +++ b/README.md @@ -276,18 +276,18 @@ terraform destroy | cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache across multiple runners disable the creation of the cache and provide a policy and bucket name. See the public runner example for more details. | `map` | 
{
  "bucket": "",
  "create": true,
  "policy": ""
}
| no | | cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | `bool` | `true` | no | | cache\_bucket\_prefix | Prefix for s3 cache bucket name. | `string` | `""` | no | -| cache\_bucket\_set\_random\_suffix | Boolean used to append a random string to the bucket name | `bool` | `false` | no | +| cache\_bucket\_set\_random\_suffix | Append the cache bucket name with a random string suffix | `bool` | `false` | no | | cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | `bool` | `false` | no | | cache\_expiration\_days | Number of days before cache objects expires. | `number` | `1` | no | | cache\_shared | Enables cache sharing between runners, false by default. | `bool` | `false` | no | | cloudwatch\_logging\_retention\_in\_days | Retention for cloudwatch logs. Defaults to unlimited | `number` | `0` | no | -| docker\_machine\_download\_url | Full url pointing to a linux x64 distribution of docker machine. Once set `docker_machine_version` will be ingored. For example the GitLab version, https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.2/docker-machine. | `string` | `""` | no | +| docker\_machine\_download\_url | Full url pointing to a linux x64 distribution of docker machine. Once set `docker_machine_version` will be ingored. For example the GitLab version, https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.2/docker-machine. | `string` | `"https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.10/docker-machine-Linux-aarch64"` | no | +| docker\_machine\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the docker machine runners. | `list(string)` | `[]` | no | | docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | `string` | `"m5.large"` | no | | docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | `list(string)` | `[]` | no | | docker\_machine\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | `string` | `""` | no | -| docker\_machine\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the docker machine runners. | `list(string)` | `[]` | no | | docker\_machine\_spot\_price\_bid | Spot price bid. | `string` | `"0.06"` | no | -| docker\_machine\_version | Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set. | `string` | `"0.16.2"` | no | +| docker\_machine\_version | By default docker\_machine\_download\_url is used to set the docker machine version. Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set. | `string` | `""` | no | | enable\_asg\_recreation | Enable automatic redeployment of the Runner ASG when the Launch Configs change. | `bool` | `true` | no | | enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | `bool` | `true` | no | | enable\_docker\_machine\_ssm\_access | Add IAM policies to the docker-machine instances to connect via the Session Manager. | `bool` | `false` | no | @@ -305,7 +305,7 @@ terraform destroy | gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | `map(string)` | 
{
  "access_level": "",
  "description": "",
  "locked_to_project": "",
  "maximum_timeout": "",
  "registration_token": "",
  "run_untagged": "",
  "tag_list": ""
}
| no | | gitlab\_runner\_security\_group\_ids | A list of security group ids that are allowed to access the gitlab runner agent | `list(string)` | `[]` | no | | gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | `list(string)` | `[]` | no | -| gitlab\_runner\_version | Version of the GitLab runner. | `string` | `"13.4.0"` | no | +| gitlab\_runner\_version | Version of the GitLab runner. | `string` | `"13.7.0"` | no | | instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | `string` | `""` | no | | instance\_type | Instance type used for the GitLab runner. | `string` | `"t3.micro"` | no | | kms\_alias\_name | Alias added to the kms\_key (if created and not provided by kms\_key\_id) | `string` | `""` | no | @@ -315,7 +315,7 @@ terraform destroy | metrics\_autoscaling | A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances. | `list(string)` | `null` | no | | overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | `map(string)` | 
{
  "name_docker_machine_runners": "",
  "name_runner_agent_instance": "",
  "name_sg": ""
}
| no | | permissions\_boundary | Name of permissions boundary policy to attach to AWS IAM roles | `string` | `""` | no | -| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | `map(list(string))` | 
{
  "name": [
    "ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"
  ]
}
| no | +| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | `map(list(string))` | 
{
  "name": [
    "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"
  ]
}
| no | | runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | `list(string)` | 
[
  "099720109477"
]
| no | | runner\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the gitlab runner agent ec2 instance. | `list(string)` | `[]` | no | | runner\_instance\_ebs\_optimized | Enable the GitLab runner instance to be EBS-optimized. | `bool` | `true` | no | diff --git a/ci/bin/terraform.sh b/ci/bin/terraform.sh index f82da61d9..c5891ccb0 100755 --- a/ci/bin/terraform.sh +++ b/ci/bin/terraform.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash -TARGET_DIR=/opt -PATH=${PATH}:${TARGET_DIR} +export TARGET_DIR=/opt +export PATH=${TARGET_DIR}:${PATH} TERRAFORM_VERSION=${1:-"0.12.29"} OS=${2:-"linux"} diff --git a/modules/cache/README.md b/modules/cache/README.md index d7f021358..5ac84e53c 100644 --- a/modules/cache/README.md +++ b/modules/cache/README.md @@ -36,6 +36,7 @@ module "runner" { | Name | Version | |------|---------| | aws | n/a | +| random | n/a | ## Inputs @@ -44,7 +45,7 @@ module "runner" { | arn\_format | ARN format to be used. May be changed to support deployment in GovCloud/China regions. | `string` | `"arn:aws"` | no | | cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | `bool` | `true` | no | | cache\_bucket\_prefix | Prefix for s3 cache bucket name. | `string` | `""` | no | -| cache\_bucket\_set\_suffix | `bool` | `false` | no | +| cache\_bucket\_set\_random\_suffix | Random string suffix for s3 cache bucket | `bool` | `false` | no | | cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | `string` | `"false"` | no | | cache\_expiration\_days | Number of days before cache objects expires. | `number` | `1` | no | | cache\_lifecycle\_clear | Enable the rule to cleanup the cache for expired objects. | `bool` | `true` | no | diff --git a/variables.tf b/variables.tf index 77db43560..020ffeeed 100644 --- a/variables.tf +++ b/variables.tf @@ -86,13 +86,13 @@ variable "docker_machine_spot_price_bid" { variable "docker_machine_download_url" { description = "Full url pointing to a linux x64 distribution of docker machine. Once set `docker_machine_version` will be ingored. For example the GitLab version, https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.2/docker-machine." type = string - default = "" + default = "https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.10/docker-machine-Linux-aarch64" } variable "docker_machine_version" { - description = "Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set." + description = "By default docker_machine_download_url is used to set the docker machine version. Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set." type = string - default = "0.16.2" + default = "" } variable "runners_name" { @@ -341,7 +341,7 @@ variable "cache_shared" { variable "gitlab_runner_version" { description = "Version of the GitLab runner." type = string - default = "13.4.0" + default = "13.7.0" } variable "enable_ping" { @@ -468,7 +468,7 @@ variable "runner_ami_filter" { type = map(list(string)) default = { - name = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"] + name = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"] } } From b94728c05f18d62431d51f54f00625ce3fd268e2 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Wed, 13 Jan 2021 23:11:17 +0100 Subject: [PATCH 16/21] Upgrade to Terraform 13 (#251) * Upgrade to Terraform 13 * Update version add dependabot (#250) * Upgrade to terraform 13 * Upgrade to terraform 13 --- README.md | 17 ----------------- ci/bin/terraform.sh | 2 +- examples/.terraform-version | 2 +- examples/runner-default/providers.tf | 8 ++++++-- examples/runner-default/versions.tf | 16 +++++++++++++++- examples/runner-docker/versions.tf | 17 +++++++++++++++-- examples/runner-pre-registered/versions.tf | 16 +++++++++++++++- examples/runner-public/versions.tf | 16 +++++++++++++++- versions.tf | 8 ++++++++ 9 files changed, 76 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 684c98c71..f90407101 100644 --- a/README.md +++ b/README.md @@ -6,23 +6,6 @@ > "Added support to download docker machine from a different location, e.g. " -## Terraform versions - -### Terraform 0.12 - -Module is available as Terraform 0.12 module, pin to version 4.x. Please submit pull-requests to the `develop` branch. - -Migration from 0.11 to 0.12 is tested for the `runner-default` example. To migrate the runner, execute the following steps. - -- Update to Terraform 0.12 -- Migrate your Terraform code via Terraform `terraform 0.12upgrade`. -- Update the module from 3.10.0 to 4.0.0, next run `terraform init` -- Run `terraform apply`. This should trigger only a re-creation of the the auto launch configuration and a minor change in the auto-scaling group. - -### Terraform 0.11 - -Module is available as Terraform 0.11 module, pin module to version 3.x. Please submit pull-requests to the `terraform011` branch. - ## The module This [Terraform](https://www.terraform.io/) modules creates a [GitLab CI runner](https://docs.gitlab.com/runner/). A blog post describes the original version of the the runner. See the post at [040code](https://040code.github.io/2017/12/09/runners-on-the-spot/). The original setup of the module is based on the blog post: [Auto scale GitLab CI runners and save 90% on EC2 costs](https://about.gitlab.com/2017/11/23/autoscale-ci-runners/). diff --git a/ci/bin/terraform.sh b/ci/bin/terraform.sh index c5891ccb0..b73df51a7 100755 --- a/ci/bin/terraform.sh +++ b/ci/bin/terraform.sh @@ -3,7 +3,7 @@ export TARGET_DIR=/opt export PATH=${TARGET_DIR}:${PATH} -TERRAFORM_VERSION=${1:-"0.12.29"} +TERRAFORM_VERSION=${1:-"0.13.6"} OS=${2:-"linux"} TERRAFORM_URL="https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_${OS}_amd64.zip" diff --git a/examples/.terraform-version b/examples/.terraform-version index 58828a74c..047fab311 100644 --- a/examples/.terraform-version +++ b/examples/.terraform-version @@ -1 +1 @@ -0.12.29 +0.13.6 \ No newline at end of file diff --git a/examples/runner-default/providers.tf b/examples/runner-default/providers.tf index 085b5b68e..9e46c4e6a 100644 --- a/examples/runner-default/providers.tf +++ b/examples/runner-default/providers.tf @@ -1,6 +1,6 @@ provider "aws" { region = var.aws_region - version = "2.68" + version = "~> 3.23.0" } provider "local" { @@ -8,9 +8,13 @@ provider "local" { } provider "null" { - version = "2.1.2" + version = "~> 3.0.0" } provider "tls" { version = "2.2.0" } + +provider "random" { + version = "~> 3.0.1" +} diff --git a/examples/runner-default/versions.tf b/examples/runner-default/versions.tf index ac97c6ac8..4df1c6260 100644 --- a/examples/runner-default/versions.tf +++ b/examples/runner-default/versions.tf @@ -1,4 +1,18 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + } + local = { + source = "hashicorp/local" + } + null = { + source = "hashicorp/null" + } + tls = { + source = "hashicorp/tls" + } + } } diff --git a/examples/runner-docker/versions.tf b/examples/runner-docker/versions.tf index ac97c6ac8..fd286dcbc 100644 --- a/examples/runner-docker/versions.tf +++ b/examples/runner-docker/versions.tf @@ -1,4 +1,17 @@ - terraform { - required_version = ">= 0.12" + required_providers { + aws = { + source = "hashicorp/aws" + } + local = { + source = "hashicorp/local" + } + null = { + source = "hashicorp/null" + } + tls = { + source = "hashicorp/tls" + } + } + required_version = ">= 0.13" } diff --git a/examples/runner-pre-registered/versions.tf b/examples/runner-pre-registered/versions.tf index ac97c6ac8..4df1c6260 100644 --- a/examples/runner-pre-registered/versions.tf +++ b/examples/runner-pre-registered/versions.tf @@ -1,4 +1,18 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + } + local = { + source = "hashicorp/local" + } + null = { + source = "hashicorp/null" + } + tls = { + source = "hashicorp/tls" + } + } } diff --git a/examples/runner-public/versions.tf b/examples/runner-public/versions.tf index ac97c6ac8..4df1c6260 100644 --- a/examples/runner-public/versions.tf +++ b/examples/runner-public/versions.tf @@ -1,4 +1,18 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + aws = { + source = "hashicorp/aws" + } + local = { + source = "hashicorp/local" + } + null = { + source = "hashicorp/null" + } + tls = { + source = "hashicorp/tls" + } + } } diff --git a/versions.tf b/versions.tf index ac97c6ac8..dca70d759 100644 --- a/versions.tf +++ b/versions.tf @@ -1,4 +1,12 @@ terraform { required_version = ">= 0.12" + required_providers { + aws = { + source = "hashicorp/aws" + } + null = { + source = "hashicorp/null" + } + } } From ea222a97ecdbae0a9a4be05159e206c778e8acde Mon Sep 17 00:00:00 2001 From: Brandon Liles Date: Mon, 23 Nov 2020 15:59:12 -0500 Subject: [PATCH 17/21] Allow custom policies to be attached to the docker machine runner profile (#269) --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f90407101..34d508731 100644 --- a/README.md +++ b/README.md @@ -269,6 +269,7 @@ terraform destroy | docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | `string` | `"m5.large"` | no | | docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | `list(string)` | `[]` | no | | docker\_machine\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | `string` | `""` | no | +| docker\_machine\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the docker machine runners. | `list(string)` | `[]` | no | | docker\_machine\_spot\_price\_bid | Spot price bid. | `string` | `"0.06"` | no | | docker\_machine\_version | By default docker\_machine\_download\_url is used to set the docker machine version. Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set. | `string` | `""` | no | | enable\_asg\_recreation | Enable automatic redeployment of the Runner ASG when the Launch Configs change. | `bool` | `true` | no | From fcee583f67ce67d50a31cbc40b36e9fc93274367 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Wed, 13 Jan 2021 23:15:37 +0100 Subject: [PATCH 18/21] Update version add dependabot (#250) --- README.md | 239 +++++++++++++++++++++++++++--------------------------- 1 file changed, 119 insertions(+), 120 deletions(-) diff --git a/README.md b/README.md index 34d508731..3358f7a61 100644 --- a/README.md +++ b/README.md @@ -234,136 +234,135 @@ terraform destroy ## Requirements -| Name | Version | -|------|---------| +| Name | Version | +| --------- | ------- | | terraform | >= 0.12 | ## Providers | Name | Version | -|------|---------| -| aws | n/a | -| null | n/a | +| ---- | ------- | +| aws | n/a | +| null | n/a | ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| agent\_tags | Map of tags that will be added to agent EC2 instances. | `map(string)` | `{}` | no | -| allow\_iam\_service\_linked\_role\_creation | Boolean used to control attaching the policy to a runner instance to create service linked roles. | `bool` | `true` | no | -| ami\_filter | List of maps used to create the AMI filter for the Gitlab runner agent AMI. Must resolve to an Amazon Linux 1 or 2 image. | `map(list(string))` | 
{
  "name": [
    "amzn2-ami-hvm-2.*-x86_64-ebs"
  ]
}
| no | -| ami\_owners | The list of owners used to select the AMI of Gitlab runner agent instances. | `list(string)` | 
[
  "amazon"
]
| no | -| arn\_format | ARN format to be used. May be changed to support deployment in GovCloud/China regions. | `string` | `"arn:aws"` | no | -| aws\_region | AWS region. | `string` | n/a | yes | -| aws\_zone | Deprecated. Will be removed in the next major release. | `string` | `"a"` | no | -| cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache across multiple runners disable the creation of the cache and provide a policy and bucket name. See the public runner example for more details. | `map` | 
{
  "bucket": "",
  "create": true,
  "policy": ""
}
| no | -| cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | `bool` | `true` | no | -| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | `string` | `""` | no | -| cache\_bucket\_set\_random\_suffix | Append the cache bucket name with a random string suffix | `bool` | `false` | no | -| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | `bool` | `false` | no | -| cache\_expiration\_days | Number of days before cache objects expires. | `number` | `1` | no | -| cache\_shared | Enables cache sharing between runners, false by default. | `bool` | `false` | no | -| cloudwatch\_logging\_retention\_in\_days | Retention for cloudwatch logs. Defaults to unlimited | `number` | `0` | no | -| docker\_machine\_download\_url | Full url pointing to a linux x64 distribution of docker machine. Once set `docker_machine_version` will be ingored. For example the GitLab version, https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.2/docker-machine. | `string` | `"https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.10/docker-machine-Linux-aarch64"` | no | -| docker\_machine\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the docker machine runners. | `list(string)` | `[]` | no | -| docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | `string` | `"m5.large"` | no | -| docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | `list(string)` | `[]` | no | -| docker\_machine\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | `string` | `""` | no | -| docker\_machine\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the docker machine runners. | `list(string)` | `[]` | no | -| docker\_machine\_spot\_price\_bid | Spot price bid. | `string` | `"0.06"` | no | -| docker\_machine\_version | By default docker\_machine\_download\_url is used to set the docker machine version. Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set. | `string` | `""` | no | -| enable\_asg\_recreation | Enable automatic redeployment of the Runner ASG when the Launch Configs change. | `bool` | `true` | no | -| enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | `bool` | `true` | no | -| enable\_docker\_machine\_ssm\_access | Add IAM policies to the docker-machine instances to connect via the Session Manager. | `bool` | `false` | no | -| enable\_eip | Enable the assignment of an EIP to the gitlab runner instance | `bool` | `false` | no | -| enable\_forced\_updates | DEPRECATED! and is replaced by `enable_asg_recreation. Setting this variable to true will do the oposite as expected. For backward compatibility the variable will remain some releases. Old desription: Enable automatic redeployment of the Runner ASG when the Launch Configs change.` | `string` | `null` | no | -| enable\_gitlab\_runner\_ssh\_access | Enables SSH Access to the gitlab runner instance. | `bool` | `false` | no | -| enable\_kms | Let the module manage a KMS key, logs will be encrypted via KMS. Be-aware of the costs of an custom key. | `bool` | `false` | no | -| enable\_manage\_gitlab\_token | Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | `bool` | `true` | no | -| enable\_ping | Allow ICMP Ping to the ec2 instances. | `bool` | `false` | no | -| enable\_runner\_ssm\_access | Add IAM policies to the runner agent instance to connect via the Session Manager. | `bool` | `false` | no | -| enable\_runner\_user\_data\_trace\_log | Enable bash xtrace for the user data script that creates the EC2 instance for the runner agent. Be aware this could log sensitive data such as you GitLab runner token. | `bool` | `false` | no | -| enable\_schedule | Flag used to enable/disable auto scaling group schedule for the runner instance. | `bool` | `false` | no | -| environment | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes | -| gitlab\_runner\_egress\_rules | List of egress rules for the gitlab runner instance. | 
list(object({
    cidr_blocks      = list(string)
    ipv6_cidr_blocks = list(string)
    prefix_list_ids  = list(string)
    from_port        = number
    protocol         = string
    security_groups  = list(string)
    self             = bool
    to_port          = number
    description      = string
  }))
| 
[
  {
    "cidr_blocks": [
      "0.0.0.0/0"
    ],
    "description": null,
    "from_port": 0,
    "ipv6_cidr_blocks": [
      "::/0"
    ],
    "prefix_list_ids": null,
    "protocol": "-1",
    "security_groups": null,
    "self": null,
    "to_port": 0
  }
]
| no | -| gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | `map(string)` | 
{
  "access_level": "",
  "description": "",
  "locked_to_project": "",
  "maximum_timeout": "",
  "registration_token": "",
  "run_untagged": "",
  "tag_list": ""
}
| no | -| gitlab\_runner\_security\_group\_ids | A list of security group ids that are allowed to access the gitlab runner agent | `list(string)` | `[]` | no | -| gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | `list(string)` | `[]` | no | -| gitlab\_runner\_version | Version of the GitLab runner. | `string` | `"13.7.0"` | no | -| instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | `string` | `""` | no | -| instance\_type | Instance type used for the GitLab runner. | `string` | `"t3.micro"` | no | -| kms\_alias\_name | Alias added to the kms\_key (if created and not provided by kms\_key\_id) | `string` | `""` | no | -| kms\_deletion\_window\_in\_days | Key rotation window, set to 0 for no rotation. Only used when `enable_kms` is set to `true`. | `number` | `7` | no | -| kms\_key\_id | KMS key id to encrypted the CloudWatch logs. Ensure CloudWatch has access to the provided KMS key. | `string` | `""` | no | -| log\_group\_name | Option to override the default name (`environment`) of the log group, requires `enable_cloudwatch_logging = true`. | `string` | `null` | no | -| metrics\_autoscaling | A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances. | `list(string)` | `null` | no | -| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | `map(string)` | 
{
  "name_docker_machine_runners": "",
  "name_runner_agent_instance": "",
  "name_sg": ""
}
| no | -| permissions\_boundary | Name of permissions boundary policy to attach to AWS IAM roles | `string` | `""` | no | -| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | `map(list(string))` | 
{
  "name": [
    "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"
  ]
}
| no | -| runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | `list(string)` | 
[
  "099720109477"
]
| no | -| runner\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the gitlab runner agent ec2 instance. | `list(string)` | `[]` | no | -| runner\_instance\_ebs\_optimized | Enable the GitLab runner instance to be EBS-optimized. | `bool` | `true` | no | -| runner\_instance\_enable\_monitoring | Enable the GitLab runner instance to have detailed monitoring. | `bool` | `true` | no | -| runner\_instance\_spot\_price | By setting a spot price bid price the runner agent will be created via a spot request. Be aware that spot instances can be stopped by AWS. | `string` | `null` | no | -| runner\_root\_block\_device | The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops` | `map(string)` | `{}` | no | -| runner\_tags | Map of tags that will be added to runner EC2 instances. | `map(string)` | `{}` | no | -| runners\_additional\_volumes | Additional volumes that will be used in the runner config.toml, e.g Docker socket | `list` | `[]` | no | -| runners\_concurrent | Concurrent value for the runners, will be used in the runner config.toml. | `number` | `10` | no | -| runners\_docker\_runtime | docker runtime for runners, will be used in the runner config.toml | `string` | `""` | no | -| runners\_ebs\_optimized | Enable runners to be EBS-optimized. | `bool` | `true` | no | -| runners\_environment\_vars | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | `list(string)` | `[]` | no | -| runners\_executor | The executor to use. Currently supports `docker+machine` or `docker`. | `string` | `"docker+machine"` | no | -| runners\_gitlab\_url | URL of the GitLab instance to connect to. | `string` | n/a | yes | -| runners\_iam\_instance\_profile\_name | IAM instance profile name of the runners, will be used in the runner config.toml | `string` | `""` | no | -| runners\_idle\_count | Idle count of the runners, will be used in the runner config.toml. | `number` | `0` | no | -| runners\_idle\_time | Idle time of the runners, will be used in the runner config.toml. | `number` | `600` | no | -| runners\_image | Image to run builds, will be used in the runner config.toml | `string` | `"docker:18.03.1-ce"` | no | -| runners\_limit | Limit for the runners, will be used in the runner config.toml. | `number` | `0` | no | -| runners\_machine\_autoscaling | Set autoscaling parameters based on periods, see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersmachine-section | 
list(object({
    periods    = list(string)
    idle_count = number
    idle_time  = number
    timezone   = string
  }))
| `[]` | no | -| runners\_max\_builds | Max builds for each runner after which it will be removed, will be used in the runner config.toml. By default set to 0, no maxBuilds will be set in the configuration. | `number` | `0` | no | -| runners\_monitoring | Enable detailed cloudwatch monitoring for spot instances. | `bool` | `false` | no | -| runners\_name | Name of the runner, will be used in the runner config.toml. | `string` | n/a | yes | -| runners\_off\_peak\_idle\_count | Deprecated, please use `runners_machine_autoscaling`. Off peak idle count of the runners, will be used in the runner config.toml. | `string` | `-1` | no | -| runners\_off\_peak\_idle\_time | Deprecated, please use `runners_machine_autoscaling`. Off peak idle time of the runners, will be used in the runner config.toml. | `string` | `-1` | no | -| runners\_off\_peak\_periods | Deprecated, please use `runners_machine_autoscaling`. Off peak periods of the runners, will be used in the runner config.toml. | `string` | `null` | no | -| runners\_off\_peak\_timezone | Deprecated, please use `runners_machine_autoscaling`. Off peak idle time zone of the runners, will be used in the runner config.toml. | `string` | `null` | no | -| runners\_output\_limit | Sets the maximum build log size in kilobytes, by default set to 4096 (4MB) | `number` | `4096` | no | -| runners\_post\_build\_script | Commands to be executed on the Runner just after executing the build, but before executing after\_script. | `string` | `""` | no | -| runners\_pre\_build\_script | Script to execute in the pipeline just before the build, will be used in the runner config.toml | `string` | `""` | no | -| runners\_pre\_clone\_script | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | `string` | `""` | no | -| runners\_privileged | Runners will run in privileged mode, will be used in the runner config.toml | `bool` | `true` | no | -| runners\_pull\_policy | pull\_policy for the runners, will be used in the runner config.toml | `string` | `"always"` | no | -| runners\_request\_concurrency | Limit number of concurrent requests for new jobs from GitLab (default 1) | `number` | `1` | no | -| runners\_request\_spot\_instance | Whether or not to request spot instances via docker-machine | `bool` | `true` | no | -| runners\_root\_size | Runner instance root size in GB. | `number` | `16` | no | -| runners\_services\_volumes\_tmpfs | n/a | 
list(object({
    volume  = string
    options = string
  }))
| `[]` | no | -| runners\_shm\_size | shm\_size for the runners, will be used in the runner config.toml | `number` | `0` | no | -| runners\_token | Token for the runner, will be used in the runner config.toml. | `string` | `"__REPLACED_BY_USER_DATA__"` | no | -| runners\_use\_private\_address | Restrict runners to the use of a private IP address | `bool` | `true` | no | -| runners\_volumes\_tmpfs | n/a | 
list(object({
    volume  = string
    options = string
  }))
| `[]` | no | -| schedule\_config | Map containing the configuration of the ASG scale-in and scale-up for the runner instance. Will only be used if enable\_schedule is set to true. | `map` | 
{
  "scale_in_count": 0,
  "scale_in_recurrence": "0 18 * * 1-5",
  "scale_out_count": 1,
  "scale_out_recurrence": "0 8 * * 1-5"
}
| no | -| secure\_parameter\_store\_runner\_token\_key | The key name used store the Gitlab runner token in Secure Parameter Store | `string` | `"runner-token"` | no | -| ssh\_key\_pair | Set this to use existing AWS key pair | `string` | `null` | no | -| subnet\_id\_runners | List of subnets used for hosting the gitlab-runners. | `string` | n/a | yes | -| subnet\_ids\_gitlab\_runner | Subnet used for hosting the GitLab runner. | `list(string)` | n/a | yes | -| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no | -| userdata\_post\_install | User-data script snippet to insert after GitLab runner install | `string` | `""` | no | -| userdata\_pre\_install | User-data script snippet to insert before GitLab runner install | `string` | `""` | no | -| vpc\_id | The target VPC for the docker-machine and runner instances. | `string` | n/a | yes | +| Name | Description | Type | Default | Required | +| -------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------: | +| agent\_tags | Map of tags that will be added to agent EC2 instances. | `map(string)` | `{}` | no | +| allow\_iam\_service\_linked\_role\_creation | Boolean used to control attaching the policy to a runner instance to create service linked roles. | `bool` | `true` | no | +| ami\_filter | List of maps used to create the AMI filter for the Gitlab runner agent AMI. Must resolve to an Amazon Linux 1 or 2 image. | `map(list(string))` | 
{
  "name": [
    "amzn2-ami-hvm-2.*-x86_64-ebs"
  ]
}
| no | +| ami\_owners | The list of owners used to select the AMI of Gitlab runner agent instances. | `list(string)` | 
[
  "amazon"
]
| no | +| arn\_format | ARN format to be used. May be changed to support deployment in GovCloud/China regions. | `string` | `"arn:aws"` | no | +| aws\_region | AWS region. | `string` | n/a | yes | +| aws\_zone | Deprecated. Will be removed in the next major release. | `string` | `"a"` | no | +| cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache across multiple runners disable the creation of the cache and provide a policy and bucket name. See the public runner example for more details. | `map` | 
{
  "bucket": "",
  "create": true,
  "policy": ""
}
| no | +| cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | `bool` | `true` | no | +| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | `string` | `""` | no | +| cache\_bucket\_set\_random\_suffix | Boolean used to append a random string to the bucket name | `bool` | `false` | no | +| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | `bool` | `false` | no | +| cache\_expiration\_days | Number of days before cache objects expires. | `number` | `1` | no | +| cache\_shared | Enables cache sharing between runners, false by default. | `bool` | `false` | no | +| cloudwatch\_logging\_retention\_in\_days | Retention for cloudwatch logs. Defaults to unlimited | `number` | `0` | no | +| docker\_machine\_download\_url | Full url pointing to a linux x64 distribution of docker machine. Once set `docker_machine_version` will be ingored. For example the GitLab version, https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.2/docker-machine. | `string` | `""` | no | +| docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | `string` | `"m5.large"` | no | +| docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | `list(string)` | `[]` | no | +| docker\_machine\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | `string` | `""` | no | +| docker\_machine\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the docker machine runners. | `list(string)` | `[]` | no | +| docker\_machine\_spot\_price\_bid | Spot price bid. | `string` | `"0.06"` | no | +| docker\_machine\_version | Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set. | `string` | `"0.16.2"` | no | +| enable\_asg\_recreation | Enable automatic redeployment of the Runner ASG when the Launch Configs change. | `bool` | `true` | no | +| enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | `bool` | `true` | no | +| enable\_docker\_machine\_ssm\_access | Add IAM policies to the docker-machine instances to connect via the Session Manager. | `bool` | `false` | no | +| enable\_eip | Enable the assignment of an EIP to the gitlab runner instance | `bool` | `false` | no | +| enable\_forced\_updates | DEPRECATED! and is replaced by `enable_asg_recreation. Setting this variable to true will do the oposite as expected. For backward compatibility the variable will remain some releases. Old desription: Enable automatic redeployment of the Runner ASG when the Launch Configs change.` | `string` | `null` | no | +| enable\_gitlab\_runner\_ssh\_access | Enables SSH Access to the gitlab runner instance. | `bool` | `false` | no | +| enable\_kms | Let the module manage a KMS key, logs will be encrypted via KMS. Be-aware of the costs of an custom key. | `bool` | `false` | no | +| enable\_manage\_gitlab\_token | Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | `bool` | `true` | no | +| enable\_ping | Allow ICMP Ping to the ec2 instances. | `bool` | `false` | no | +| enable\_runner\_ssm\_access | Add IAM policies to the runner agent instance to connect via the Session Manager. | `bool` | `false` | no | +| enable\_runner\_user\_data\_trace\_log | Enable bash xtrace for the user data script that creates the EC2 instance for the runner agent. Be aware this could log sensitive data such as you GitLab runner token. | `bool` | `false` | no | +| enable\_schedule | Flag used to enable/disable auto scaling group schedule for the runner instance. | `bool` | `false` | no | +| environment | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes | +| gitlab\_runner\_egress\_rules | List of egress rules for the gitlab runner instance. | 
list(object({
    cidr_blocks      = list(string)
    ipv6_cidr_blocks = list(string)
    prefix_list_ids  = list(string)
    from_port        = number
    protocol         = string
    security_groups  = list(string)
    self             = bool
    to_port          = number
    description      = string
  }))
| 
[
  {
    "cidr_blocks": [
      "0.0.0.0/0"
    ],
    "description": null,
    "from_port": 0,
    "ipv6_cidr_blocks": [
      "::/0"
    ],
    "prefix_list_ids": null,
    "protocol": "-1",
    "security_groups": null,
    "self": null,
    "to_port": 0
  }
]
| no | +| gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | `map(string)` | 
{
  "access_level": "",
  "description": "",
  "locked_to_project": "",
  "maximum_timeout": "",
  "registration_token": "",
  "run_untagged": "",
  "tag_list": ""
}
| no | +| gitlab\_runner\_security\_group\_ids | A list of security group ids that are allowed to access the gitlab runner agent | `list(string)` | `[]` | no | +| gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | `list(string)` | `[]` | no | +| gitlab\_runner\_version | Version of the GitLab runner. | `string` | `"13.4.0"` | no | +| instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | `string` | `""` | no | +| instance\_type | Instance type used for the GitLab runner. | `string` | `"t3.micro"` | no | +| kms\_alias\_name | Alias added to the kms\_key (if created and not provided by kms\_key\_id) | `string` | `""` | no | +| kms\_deletion\_window\_in\_days | Key rotation window, set to 0 for no rotation. Only used when `enable_kms` is set to `true`. | `number` | `7` | no | +| kms\_key\_id | KMS key id to encrypted the CloudWatch logs. Ensure CloudWatch has access to the provided KMS key. | `string` | `""` | no | +| log\_group\_name | Option to override the default name (`environment`) of the log group, requires `enable_cloudwatch_logging = true`. | `string` | `null` | no | +| metrics\_autoscaling | A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances. | `list(string)` | `null` | no | +| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | `map(string)` | 
{
  "name_docker_machine_runners": "",
  "name_runner_agent_instance": "",
  "name_sg": ""
}
| no | +| permissions\_boundary | Name of permissions boundary policy to attach to AWS IAM roles | `string` | `""` | no | +| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | `map(list(string))` | 
{
  "name": [
    "ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"
  ]
}
| no | +| runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | `list(string)` | 
[
  "099720109477"
]
| no | +| runner\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the runners. | `list(string)` | `[]` | no | +| runner\_instance\_ebs\_optimized | Enable the GitLab runner instance to be EBS-optimized. | `bool` | `true` | no | +| runner\_instance\_enable\_monitoring | Enable the GitLab runner instance to have detailed monitoring. | `bool` | `true` | no | +| runner\_instance\_spot\_price | By setting a spot price bid price the runner agent will be created via a spot request. Be aware that spot instances can be stopped by AWS. | `string` | `null` | no | +| runner\_root\_block\_device | The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops` | `map(string)` | `{}` | no | +| runner\_tags | Map of tags that will be added to runner EC2 instances. | `map(string)` | `{}` | no | +| runners\_additional\_volumes | Additional volumes that will be used in the runner config.toml, e.g Docker socket | `list` | `[]` | no | +| runners\_concurrent | Concurrent value for the runners, will be used in the runner config.toml. | `number` | `10` | no | +| runners\_ebs\_optimized | Enable runners to be EBS-optimized. | `bool` | `true` | no | +| runners\_environment\_vars | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | `list(string)` | `[]` | no | +| runners\_executor | The executor to use. Currently supports `docker+machine` or `docker`. | `string` | `"docker+machine"` | no | +| runners\_gitlab\_url | URL of the GitLab instance to connect to. | `string` | n/a | yes | +| runners\_iam\_instance\_profile\_name | IAM instance profile name of the runners, will be used in the runner config.toml | `string` | `""` | no | +| runners\_idle\_count | Idle count of the runners, will be used in the runner config.toml. | `number` | `0` | no | +| runners\_idle\_time | Idle time of the runners, will be used in the runner config.toml. | `number` | `600` | no | +| runners\_image | Image to run builds, will be used in the runner config.toml | `string` | `"docker:18.03.1-ce"` | no | +| runners\_limit | Limit for the runners, will be used in the runner config.toml. | `number` | `0` | no | +| runners\_machine\_autoscaling | Set autoscaling parameters based on periods, see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersmachine-section | 
list(object({
    periods    = list(string)
    idle_count = number
    idle_time  = number
    timezone   = string
  }))
| `[]` | no | +| runners\_max\_builds | Max builds for each runner after which it will be removed, will be used in the runner config.toml. By default set to 0, no maxBuilds will be set in the configuration. | `number` | `0` | no | +| runners\_monitoring | Enable detailed cloudwatch monitoring for spot instances. | `bool` | `false` | no | +| runners\_name | Name of the runner, will be used in the runner config.toml. | `string` | n/a | yes | +| runners\_off\_peak\_idle\_count | Deprecated, please use `runners_machine_autoscaling`. Off peak idle count of the runners, will be used in the runner config.toml. | `string` | `-1` | no | +| runners\_off\_peak\_idle\_time | Deprecated, please use `runners_machine_autoscaling`. Off peak idle time of the runners, will be used in the runner config.toml. | `string` | `-1` | no | +| runners\_off\_peak\_periods | Deprecated, please use `runners_machine_autoscaling`. Off peak periods of the runners, will be used in the runner config.toml. | `string` | `null` | no | +| runners\_off\_peak\_timezone | Deprecated, please use `runners_machine_autoscaling`. Off peak idle time zone of the runners, will be used in the runner config.toml. | `string` | `null` | no | +| runners\_output\_limit | Sets the maximum build log size in kilobytes, by default set to 4096 (4MB) | `number` | `4096` | no | +| runners\_post\_build\_script | Commands to be executed on the Runner just after executing the build, but before executing after\_script. | `string` | `""` | no | +| runners\_pre\_build\_script | Script to execute in the pipeline just before the build, will be used in the runner config.toml | `string` | `""` | no | +| runners\_pre\_clone\_script | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | `string` | `""` | no | +| runners\_privileged | Runners will run in privileged mode, will be used in the runner config.toml | `bool` | `true` | no | +| runners\_docker\_runtime | Runtime that rocker will be used, will be used in the runner config.toml | `string` | `""` | no | +| runners\_pull\_policy | pull\_policy for the runners, will be used in the runner config.toml | `string` | `"always"` | no | +| runners\_request\_concurrency | Limit number of concurrent requests for new jobs from GitLab (default 1) | `number` | `1` | no | +| runners\_request\_spot\_instance | Whether or not to request spot instances via docker-machine | `bool` | `true` | no | +| runners\_root\_size | Runner instance root size in GB. | `number` | `16` | no | +| runners\_services\_volumes\_tmpfs | n/a | 
list(object({
    volume  = string
    options = string
  }))
| `[]` | no | +| runners\_shm\_size | shm\_size for the runners, will be used in the runner config.toml | `number` | `0` | no | +| runners\_token | Token for the runner, will be used in the runner config.toml. | `string` | `"__REPLACED_BY_USER_DATA__"` | no | +| runners\_use\_private\_address | Restrict runners to the use of a private IP address | `bool` | `true` | no | +| runners\_volumes\_tmpfs | n/a | 
list(object({
    volume  = string
    options = string
  }))
| `[]` | no | +| schedule\_config | Map containing the configuration of the ASG scale-in and scale-up for the runner instance. Will only be used if enable\_schedule is set to true. | `map` | 
{
  "scale_in_count": 0,
  "scale_in_recurrence": "0 18 * * 1-5",
  "scale_out_count": 1,
  "scale_out_recurrence": "0 8 * * 1-5"
}
| no | +| secure\_parameter\_store\_runner\_token\_key | The key name used store the Gitlab runner token in Secure Parameter Store | `string` | `"runner-token"` | no | +| ssh\_key\_pair | Set this to use existing AWS key pair | `string` | `null` | no | +| subnet\_id\_runners | List of subnets used for hosting the gitlab-runners. | `string` | n/a | yes | +| subnet\_ids\_gitlab\_runner | Subnet used for hosting the GitLab runner. | `list(string)` | n/a | yes | +| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no | +| userdata\_post\_install | User-data script snippet to insert after GitLab runner install | `string` | `""` | no | +| userdata\_pre\_install | User-data script snippet to insert before GitLab runner install | `string` | `""` | no | +| vpc\_id | The target VPC for the docker-machine and runner instances. | `string` | n/a | yes | ## Outputs -| Name | Description | -|------|-------------| -| runner\_agent\_role\_arn | ARN of the role used for the ec2 instance for the GitLab runner agent. | -| runner\_agent\_role\_name | Name of the role used for the ec2 instance for the GitLab runner agent. | -| runner\_agent\_sg\_id | ID of the security group attached to the GitLab runner agent. | -| runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance | -| runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. | -| runner\_cache\_bucket\_name | Name of the S3 for the build cache. | -| runner\_eip | EIP of the Gitlab Runner | -| runner\_role\_arn | ARN of the role used for the docker machine runners. | -| runner\_role\_name | Name of the role used for the docker machine runners. | -| runner\_sg\_id | ID of the security group attached to the docker machine runners. | +| Name | Description | +| --------------------------- | ----------------------------------------------------------------------- | +| runner\_agent\_role\_arn | ARN of the role used for the ec2 instance for the GitLab runner agent. | +| runner\_agent\_role\_name | Name of the role used for the ec2 instance for the GitLab runner agent. | +| runner\_agent\_sg\_id | ID of the security group attached to the GitLab runner agent. | +| runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance | +| runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. | +| runner\_cache\_bucket\_name | Name of the S3 for the build cache. | +| runner\_eip | EIP of the Gitlab Runner | +| runner\_role\_arn | ARN of the role used for the docker machine runners. | +| runner\_role\_name | Name of the role used for the docker machine runners. | +| runner\_sg\_id | ID of the security group attached to the docker machine runners. | From 92f787225ae95b193df5ad18a2259efbb9c4a929 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Wed, 13 Jan 2021 22:52:39 +0100 Subject: [PATCH 19/21] Update version of runner, update from ubuntu18 tot ubuntu20 and set docker machien version to gitlab maintained one (#276) --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 3358f7a61..1dab6955d 100644 --- a/README.md +++ b/README.md @@ -259,18 +259,18 @@ terraform destroy | cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache across multiple runners disable the creation of the cache and provide a policy and bucket name. See the public runner example for more details. | `map` | 
{
  "bucket": "",
  "create": true,
  "policy": ""
}
| no | | cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | `bool` | `true` | no | | cache\_bucket\_prefix | Prefix for s3 cache bucket name. | `string` | `""` | no | -| cache\_bucket\_set\_random\_suffix | Boolean used to append a random string to the bucket name | `bool` | `false` | no | +| cache\_bucket\_set\_random\_suffix | Append the cache bucket name with a random string suffix | `bool` | `false` | no | | cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | `bool` | `false` | no | | cache\_expiration\_days | Number of days before cache objects expires. | `number` | `1` | no | | cache\_shared | Enables cache sharing between runners, false by default. | `bool` | `false` | no | | cloudwatch\_logging\_retention\_in\_days | Retention for cloudwatch logs. Defaults to unlimited | `number` | `0` | no | -| docker\_machine\_download\_url | Full url pointing to a linux x64 distribution of docker machine. Once set `docker_machine_version` will be ingored. For example the GitLab version, https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.2/docker-machine. | `string` | `""` | no | +| docker\_machine\_download\_url | Full url pointing to a linux x64 distribution of docker machine. Once set `docker_machine_version` will be ingored. For example the GitLab version, https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.2/docker-machine. | `string` | `"https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.10/docker-machine-Linux-aarch64"` | no | +| docker\_machine\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the docker machine runners. | `list(string)` | `[]` | no | | docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | `string` | `"m5.large"` | no | | docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | `list(string)` | `[]` | no | | docker\_machine\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | `string` | `""` | no | -| docker\_machine\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the docker machine runners. | `list(string)` | `[]` | no | | docker\_machine\_spot\_price\_bid | Spot price bid. | `string` | `"0.06"` | no | -| docker\_machine\_version | Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set. | `string` | `"0.16.2"` | no | +| docker\_machine\_version | By default docker\_machine\_download\_url is used to set the docker machine version. Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set. | `string` | `""` | no | | enable\_asg\_recreation | Enable automatic redeployment of the Runner ASG when the Launch Configs change. | `bool` | `true` | no | | enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | `bool` | `true` | no | | enable\_docker\_machine\_ssm\_access | Add IAM policies to the docker-machine instances to connect via the Session Manager. | `bool` | `false` | no | @@ -288,7 +288,7 @@ terraform destroy | gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | `map(string)` | 
{
  "access_level": "",
  "description": "",
  "locked_to_project": "",
  "maximum_timeout": "",
  "registration_token": "",
  "run_untagged": "",
  "tag_list": ""
}
| no | | gitlab\_runner\_security\_group\_ids | A list of security group ids that are allowed to access the gitlab runner agent | `list(string)` | `[]` | no | | gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | `list(string)` | `[]` | no | -| gitlab\_runner\_version | Version of the GitLab runner. | `string` | `"13.4.0"` | no | +| gitlab\_runner\_version | Version of the GitLab runner. | `string` | `"13.7.0"` | no | | instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | `string` | `""` | no | | instance\_type | Instance type used for the GitLab runner. | `string` | `"t3.micro"` | no | | kms\_alias\_name | Alias added to the kms\_key (if created and not provided by kms\_key\_id) | `string` | `""` | no | @@ -298,9 +298,9 @@ terraform destroy | metrics\_autoscaling | A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances. | `list(string)` | `null` | no | | overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | `map(string)` | 
{
  "name_docker_machine_runners": "",
  "name_runner_agent_instance": "",
  "name_sg": ""
}
| no | | permissions\_boundary | Name of permissions boundary policy to attach to AWS IAM roles | `string` | `""` | no | -| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | `map(list(string))` | 
{
  "name": [
    "ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"
  ]
}
| no | +| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | `map(list(string))` | 
{
  "name": [
    "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"
  ]
}
| no | | runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | `list(string)` | 
[
  "099720109477"
]
| no | -| runner\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the runners. | `list(string)` | `[]` | no | +| runner\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the gitlab runner agent ec2 instance. | `list(string)` | `[]` | no | | runner\_instance\_ebs\_optimized | Enable the GitLab runner instance to be EBS-optimized. | `bool` | `true` | no | | runner\_instance\_enable\_monitoring | Enable the GitLab runner instance to have detailed monitoring. | `bool` | `true` | no | | runner\_instance\_spot\_price | By setting a spot price bid price the runner agent will be created via a spot request. Be aware that spot instances can be stopped by AWS. | `string` | `null` | no | @@ -308,6 +308,7 @@ terraform destroy | runner\_tags | Map of tags that will be added to runner EC2 instances. | `map(string)` | `{}` | no | | runners\_additional\_volumes | Additional volumes that will be used in the runner config.toml, e.g Docker socket | `list` | `[]` | no | | runners\_concurrent | Concurrent value for the runners, will be used in the runner config.toml. | `number` | `10` | no | +| runners\_docker\_runtime | docker runtime for runners, will be used in the runner config.toml | `string` | `""` | no | | runners\_ebs\_optimized | Enable runners to be EBS-optimized. | `bool` | `true` | no | | runners\_environment\_vars | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | `list(string)` | `[]` | no | | runners\_executor | The executor to use. Currently supports `docker+machine` or `docker`. | `string` | `"docker+machine"` | no | @@ -330,7 +331,6 @@ terraform destroy | runners\_pre\_build\_script | Script to execute in the pipeline just before the build, will be used in the runner config.toml | `string` | `""` | no | | runners\_pre\_clone\_script | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | `string` | `""` | no | | runners\_privileged | Runners will run in privileged mode, will be used in the runner config.toml | `bool` | `true` | no | -| runners\_docker\_runtime | Runtime that rocker will be used, will be used in the runner config.toml | `string` | `""` | no | | runners\_pull\_policy | pull\_policy for the runners, will be used in the runner config.toml | `string` | `"always"` | no | | runners\_request\_concurrency | Limit number of concurrent requests for new jobs from GitLab (default 1) | `number` | `1` | no | | runners\_request\_spot\_instance | Whether or not to request spot instances via docker-machine | `bool` | `true` | no | From 22e733c80be8c7131687f782059fa64e015026be Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Wed, 13 Jan 2021 23:16:58 +0100 Subject: [PATCH 20/21] Update README --- README.md | 238 +++++++++++++++++++++++++++--------------------------- 1 file changed, 119 insertions(+), 119 deletions(-) diff --git a/README.md b/README.md index 1dab6955d..f90407101 100644 --- a/README.md +++ b/README.md @@ -234,135 +234,135 @@ terraform destroy ## Requirements -| Name | Version | -| --------- | ------- | +| Name | Version | +|------|---------| | terraform | >= 0.12 | ## Providers | Name | Version | -| ---- | ------- | -| aws | n/a | -| null | n/a | +|------|---------| +| aws | n/a | +| null | n/a | ## Inputs -| Name | Description | Type | Default | Required | -| -------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------: | -| agent\_tags | Map of tags that will be added to agent EC2 instances. | `map(string)` | `{}` | no | -| allow\_iam\_service\_linked\_role\_creation | Boolean used to control attaching the policy to a runner instance to create service linked roles. | `bool` | `true` | no | -| ami\_filter | List of maps used to create the AMI filter for the Gitlab runner agent AMI. Must resolve to an Amazon Linux 1 or 2 image. | `map(list(string))` | 
{
  "name": [
    "amzn2-ami-hvm-2.*-x86_64-ebs"
  ]
}
| no | -| ami\_owners | The list of owners used to select the AMI of Gitlab runner agent instances. | `list(string)` | 
[
  "amazon"
]
| no | -| arn\_format | ARN format to be used. May be changed to support deployment in GovCloud/China regions. | `string` | `"arn:aws"` | no | -| aws\_region | AWS region. | `string` | n/a | yes | -| aws\_zone | Deprecated. Will be removed in the next major release. | `string` | `"a"` | no | -| cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache across multiple runners disable the creation of the cache and provide a policy and bucket name. See the public runner example for more details. | `map` | 
{
  "bucket": "",
  "create": true,
  "policy": ""
}
| no | -| cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | `bool` | `true` | no | -| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | `string` | `""` | no | -| cache\_bucket\_set\_random\_suffix | Append the cache bucket name with a random string suffix | `bool` | `false` | no | -| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | `bool` | `false` | no | -| cache\_expiration\_days | Number of days before cache objects expires. | `number` | `1` | no | -| cache\_shared | Enables cache sharing between runners, false by default. | `bool` | `false` | no | -| cloudwatch\_logging\_retention\_in\_days | Retention for cloudwatch logs. Defaults to unlimited | `number` | `0` | no | -| docker\_machine\_download\_url | Full url pointing to a linux x64 distribution of docker machine. Once set `docker_machine_version` will be ingored. For example the GitLab version, https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.2/docker-machine. | `string` | `"https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.10/docker-machine-Linux-aarch64"` | no | -| docker\_machine\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the docker machine runners. | `list(string)` | `[]` | no | -| docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | `string` | `"m5.large"` | no | -| docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | `list(string)` | `[]` | no | -| docker\_machine\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | `string` | `""` | no | -| docker\_machine\_spot\_price\_bid | Spot price bid. | `string` | `"0.06"` | no | -| docker\_machine\_version | By default docker\_machine\_download\_url is used to set the docker machine version. Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set. | `string` | `""` | no | -| enable\_asg\_recreation | Enable automatic redeployment of the Runner ASG when the Launch Configs change. | `bool` | `true` | no | -| enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | `bool` | `true` | no | -| enable\_docker\_machine\_ssm\_access | Add IAM policies to the docker-machine instances to connect via the Session Manager. | `bool` | `false` | no | -| enable\_eip | Enable the assignment of an EIP to the gitlab runner instance | `bool` | `false` | no | -| enable\_forced\_updates | DEPRECATED! and is replaced by `enable_asg_recreation. Setting this variable to true will do the oposite as expected. For backward compatibility the variable will remain some releases. Old desription: Enable automatic redeployment of the Runner ASG when the Launch Configs change.` | `string` | `null` | no | -| enable\_gitlab\_runner\_ssh\_access | Enables SSH Access to the gitlab runner instance. | `bool` | `false` | no | -| enable\_kms | Let the module manage a KMS key, logs will be encrypted via KMS. Be-aware of the costs of an custom key. | `bool` | `false` | no | -| enable\_manage\_gitlab\_token | Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | `bool` | `true` | no | -| enable\_ping | Allow ICMP Ping to the ec2 instances. | `bool` | `false` | no | -| enable\_runner\_ssm\_access | Add IAM policies to the runner agent instance to connect via the Session Manager. | `bool` | `false` | no | -| enable\_runner\_user\_data\_trace\_log | Enable bash xtrace for the user data script that creates the EC2 instance for the runner agent. Be aware this could log sensitive data such as you GitLab runner token. | `bool` | `false` | no | -| enable\_schedule | Flag used to enable/disable auto scaling group schedule for the runner instance. | `bool` | `false` | no | -| environment | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes | -| gitlab\_runner\_egress\_rules | List of egress rules for the gitlab runner instance. | 
list(object({
    cidr_blocks      = list(string)
    ipv6_cidr_blocks = list(string)
    prefix_list_ids  = list(string)
    from_port        = number
    protocol         = string
    security_groups  = list(string)
    self             = bool
    to_port          = number
    description      = string
  }))
| 
[
  {
    "cidr_blocks": [
      "0.0.0.0/0"
    ],
    "description": null,
    "from_port": 0,
    "ipv6_cidr_blocks": [
      "::/0"
    ],
    "prefix_list_ids": null,
    "protocol": "-1",
    "security_groups": null,
    "self": null,
    "to_port": 0
  }
]
| no | -| gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | `map(string)` | 
{
  "access_level": "",
  "description": "",
  "locked_to_project": "",
  "maximum_timeout": "",
  "registration_token": "",
  "run_untagged": "",
  "tag_list": ""
}
| no | -| gitlab\_runner\_security\_group\_ids | A list of security group ids that are allowed to access the gitlab runner agent | `list(string)` | `[]` | no | -| gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | `list(string)` | `[]` | no | -| gitlab\_runner\_version | Version of the GitLab runner. | `string` | `"13.7.0"` | no | -| instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | `string` | `""` | no | -| instance\_type | Instance type used for the GitLab runner. | `string` | `"t3.micro"` | no | -| kms\_alias\_name | Alias added to the kms\_key (if created and not provided by kms\_key\_id) | `string` | `""` | no | -| kms\_deletion\_window\_in\_days | Key rotation window, set to 0 for no rotation. Only used when `enable_kms` is set to `true`. | `number` | `7` | no | -| kms\_key\_id | KMS key id to encrypted the CloudWatch logs. Ensure CloudWatch has access to the provided KMS key. | `string` | `""` | no | -| log\_group\_name | Option to override the default name (`environment`) of the log group, requires `enable_cloudwatch_logging = true`. | `string` | `null` | no | -| metrics\_autoscaling | A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances. | `list(string)` | `null` | no | -| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | `map(string)` | 
{
  "name_docker_machine_runners": "",
  "name_runner_agent_instance": "",
  "name_sg": ""
}
| no | -| permissions\_boundary | Name of permissions boundary policy to attach to AWS IAM roles | `string` | `""` | no | -| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | `map(list(string))` | 
{
  "name": [
    "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"
  ]
}
| no | -| runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | `list(string)` | 
[
  "099720109477"
]
| no | -| runner\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the gitlab runner agent ec2 instance. | `list(string)` | `[]` | no | -| runner\_instance\_ebs\_optimized | Enable the GitLab runner instance to be EBS-optimized. | `bool` | `true` | no | -| runner\_instance\_enable\_monitoring | Enable the GitLab runner instance to have detailed monitoring. | `bool` | `true` | no | -| runner\_instance\_spot\_price | By setting a spot price bid price the runner agent will be created via a spot request. Be aware that spot instances can be stopped by AWS. | `string` | `null` | no | -| runner\_root\_block\_device | The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops` | `map(string)` | `{}` | no | -| runner\_tags | Map of tags that will be added to runner EC2 instances. | `map(string)` | `{}` | no | -| runners\_additional\_volumes | Additional volumes that will be used in the runner config.toml, e.g Docker socket | `list` | `[]` | no | -| runners\_concurrent | Concurrent value for the runners, will be used in the runner config.toml. | `number` | `10` | no | -| runners\_docker\_runtime | docker runtime for runners, will be used in the runner config.toml | `string` | `""` | no | -| runners\_ebs\_optimized | Enable runners to be EBS-optimized. | `bool` | `true` | no | -| runners\_environment\_vars | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | `list(string)` | `[]` | no | -| runners\_executor | The executor to use. Currently supports `docker+machine` or `docker`. | `string` | `"docker+machine"` | no | -| runners\_gitlab\_url | URL of the GitLab instance to connect to. | `string` | n/a | yes | -| runners\_iam\_instance\_profile\_name | IAM instance profile name of the runners, will be used in the runner config.toml | `string` | `""` | no | -| runners\_idle\_count | Idle count of the runners, will be used in the runner config.toml. | `number` | `0` | no | -| runners\_idle\_time | Idle time of the runners, will be used in the runner config.toml. | `number` | `600` | no | -| runners\_image | Image to run builds, will be used in the runner config.toml | `string` | `"docker:18.03.1-ce"` | no | -| runners\_limit | Limit for the runners, will be used in the runner config.toml. | `number` | `0` | no | -| runners\_machine\_autoscaling | Set autoscaling parameters based on periods, see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersmachine-section | 
list(object({
    periods    = list(string)
    idle_count = number
    idle_time  = number
    timezone   = string
  }))
| `[]` | no | -| runners\_max\_builds | Max builds for each runner after which it will be removed, will be used in the runner config.toml. By default set to 0, no maxBuilds will be set in the configuration. | `number` | `0` | no | -| runners\_monitoring | Enable detailed cloudwatch monitoring for spot instances. | `bool` | `false` | no | -| runners\_name | Name of the runner, will be used in the runner config.toml. | `string` | n/a | yes | -| runners\_off\_peak\_idle\_count | Deprecated, please use `runners_machine_autoscaling`. Off peak idle count of the runners, will be used in the runner config.toml. | `string` | `-1` | no | -| runners\_off\_peak\_idle\_time | Deprecated, please use `runners_machine_autoscaling`. Off peak idle time of the runners, will be used in the runner config.toml. | `string` | `-1` | no | -| runners\_off\_peak\_periods | Deprecated, please use `runners_machine_autoscaling`. Off peak periods of the runners, will be used in the runner config.toml. | `string` | `null` | no | -| runners\_off\_peak\_timezone | Deprecated, please use `runners_machine_autoscaling`. Off peak idle time zone of the runners, will be used in the runner config.toml. | `string` | `null` | no | -| runners\_output\_limit | Sets the maximum build log size in kilobytes, by default set to 4096 (4MB) | `number` | `4096` | no | -| runners\_post\_build\_script | Commands to be executed on the Runner just after executing the build, but before executing after\_script. | `string` | `""` | no | -| runners\_pre\_build\_script | Script to execute in the pipeline just before the build, will be used in the runner config.toml | `string` | `""` | no | -| runners\_pre\_clone\_script | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | `string` | `""` | no | -| runners\_privileged | Runners will run in privileged mode, will be used in the runner config.toml | `bool` | `true` | no | -| runners\_pull\_policy | pull\_policy for the runners, will be used in the runner config.toml | `string` | `"always"` | no | -| runners\_request\_concurrency | Limit number of concurrent requests for new jobs from GitLab (default 1) | `number` | `1` | no | -| runners\_request\_spot\_instance | Whether or not to request spot instances via docker-machine | `bool` | `true` | no | -| runners\_root\_size | Runner instance root size in GB. | `number` | `16` | no | -| runners\_services\_volumes\_tmpfs | n/a | 
list(object({
    volume  = string
    options = string
  }))
| `[]` | no | -| runners\_shm\_size | shm\_size for the runners, will be used in the runner config.toml | `number` | `0` | no | -| runners\_token | Token for the runner, will be used in the runner config.toml. | `string` | `"__REPLACED_BY_USER_DATA__"` | no | -| runners\_use\_private\_address | Restrict runners to the use of a private IP address | `bool` | `true` | no | -| runners\_volumes\_tmpfs | n/a | 
list(object({
    volume  = string
    options = string
  }))
| `[]` | no | -| schedule\_config | Map containing the configuration of the ASG scale-in and scale-up for the runner instance. Will only be used if enable\_schedule is set to true. | `map` | 
{
  "scale_in_count": 0,
  "scale_in_recurrence": "0 18 * * 1-5",
  "scale_out_count": 1,
  "scale_out_recurrence": "0 8 * * 1-5"
}
| no | -| secure\_parameter\_store\_runner\_token\_key | The key name used store the Gitlab runner token in Secure Parameter Store | `string` | `"runner-token"` | no | -| ssh\_key\_pair | Set this to use existing AWS key pair | `string` | `null` | no | -| subnet\_id\_runners | List of subnets used for hosting the gitlab-runners. | `string` | n/a | yes | -| subnet\_ids\_gitlab\_runner | Subnet used for hosting the GitLab runner. | `list(string)` | n/a | yes | -| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no | -| userdata\_post\_install | User-data script snippet to insert after GitLab runner install | `string` | `""` | no | -| userdata\_pre\_install | User-data script snippet to insert before GitLab runner install | `string` | `""` | no | -| vpc\_id | The target VPC for the docker-machine and runner instances. | `string` | n/a | yes | +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| agent\_tags | Map of tags that will be added to agent EC2 instances. | `map(string)` | `{}` | no | +| allow\_iam\_service\_linked\_role\_creation | Boolean used to control attaching the policy to a runner instance to create service linked roles. | `bool` | `true` | no | +| ami\_filter | List of maps used to create the AMI filter for the Gitlab runner agent AMI. Must resolve to an Amazon Linux 1 or 2 image. | `map(list(string))` | 
{
  "name": [
    "amzn2-ami-hvm-2.*-x86_64-ebs"
  ]
}
| no | +| ami\_owners | The list of owners used to select the AMI of Gitlab runner agent instances. | `list(string)` | 
[
  "amazon"
]
| no | +| arn\_format | ARN format to be used. May be changed to support deployment in GovCloud/China regions. | `string` | `"arn:aws"` | no | +| aws\_region | AWS region. | `string` | n/a | yes | +| aws\_zone | Deprecated. Will be removed in the next major release. | `string` | `"a"` | no | +| cache\_bucket | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared cache. To use the same cache across multiple runners disable the creation of the cache and provide a policy and bucket name. See the public runner example for more details. | `map` | 
{
  "bucket": "",
  "create": true,
  "policy": ""
}
| no | +| cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | `bool` | `true` | no | +| cache\_bucket\_prefix | Prefix for s3 cache bucket name. | `string` | `""` | no | +| cache\_bucket\_set\_random\_suffix | Append the cache bucket name with a random string suffix | `bool` | `false` | no | +| cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | `bool` | `false` | no | +| cache\_expiration\_days | Number of days before cache objects expires. | `number` | `1` | no | +| cache\_shared | Enables cache sharing between runners, false by default. | `bool` | `false` | no | +| cloudwatch\_logging\_retention\_in\_days | Retention for cloudwatch logs. Defaults to unlimited | `number` | `0` | no | +| docker\_machine\_download\_url | Full url pointing to a linux x64 distribution of docker machine. Once set `docker_machine_version` will be ingored. For example the GitLab version, https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.2/docker-machine. | `string` | `"https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.10/docker-machine-Linux-aarch64"` | no | +| docker\_machine\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the docker machine runners. | `list(string)` | `[]` | no | +| docker\_machine\_instance\_type | Instance type used for the instances hosting docker-machine. | `string` | `"m5.large"` | no | +| docker\_machine\_options | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | `list(string)` | `[]` | no | +| docker\_machine\_role\_json | Docker machine runner instance override policy, expected to be in JSON format. | `string` | `""` | no | +| docker\_machine\_spot\_price\_bid | Spot price bid. | `string` | `"0.06"` | no | +| docker\_machine\_version | By default docker\_machine\_download\_url is used to set the docker machine version. Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set. | `string` | `""` | no | +| enable\_asg\_recreation | Enable automatic redeployment of the Runner ASG when the Launch Configs change. | `bool` | `true` | no | +| enable\_cloudwatch\_logging | Boolean used to enable or disable the CloudWatch logging. | `bool` | `true` | no | +| enable\_docker\_machine\_ssm\_access | Add IAM policies to the docker-machine instances to connect via the Session Manager. | `bool` | `false` | no | +| enable\_eip | Enable the assignment of an EIP to the gitlab runner instance | `bool` | `false` | no | +| enable\_forced\_updates | DEPRECATED! and is replaced by `enable_asg_recreation. Setting this variable to true will do the oposite as expected. For backward compatibility the variable will remain some releases. Old desription: Enable automatic redeployment of the Runner ASG when the Launch Configs change.` | `string` | `null` | no | +| enable\_gitlab\_runner\_ssh\_access | Enables SSH Access to the gitlab runner instance. | `bool` | `false` | no | +| enable\_kms | Let the module manage a KMS key, logs will be encrypted via KMS. Be-aware of the costs of an custom key. | `bool` | `false` | no | +| enable\_manage\_gitlab\_token | Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | `bool` | `true` | no | +| enable\_ping | Allow ICMP Ping to the ec2 instances. | `bool` | `false` | no | +| enable\_runner\_ssm\_access | Add IAM policies to the runner agent instance to connect via the Session Manager. | `bool` | `false` | no | +| enable\_runner\_user\_data\_trace\_log | Enable bash xtrace for the user data script that creates the EC2 instance for the runner agent. Be aware this could log sensitive data such as you GitLab runner token. | `bool` | `false` | no | +| enable\_schedule | Flag used to enable/disable auto scaling group schedule for the runner instance. | `bool` | `false` | no | +| environment | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes | +| gitlab\_runner\_egress\_rules | List of egress rules for the gitlab runner instance. | 
list(object({
    cidr_blocks      = list(string)
    ipv6_cidr_blocks = list(string)
    prefix_list_ids  = list(string)
    from_port        = number
    protocol         = string
    security_groups  = list(string)
    self             = bool
    to_port          = number
    description      = string
  }))
| 
[
  {
    "cidr_blocks": [
      "0.0.0.0/0"
    ],
    "description": null,
    "from_port": 0,
    "ipv6_cidr_blocks": [
      "::/0"
    ],
    "prefix_list_ids": null,
    "protocol": "-1",
    "security_groups": null,
    "self": null,
    "to_port": 0
  }
]
| no | +| gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | `map(string)` | 
{
  "access_level": "",
  "description": "",
  "locked_to_project": "",
  "maximum_timeout": "",
  "registration_token": "",
  "run_untagged": "",
  "tag_list": ""
}
| no | +| gitlab\_runner\_security\_group\_ids | A list of security group ids that are allowed to access the gitlab runner agent | `list(string)` | `[]` | no | +| gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | `list(string)` | `[]` | no | +| gitlab\_runner\_version | Version of the GitLab runner. | `string` | `"13.7.0"` | no | +| instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | `string` | `""` | no | +| instance\_type | Instance type used for the GitLab runner. | `string` | `"t3.micro"` | no | +| kms\_alias\_name | Alias added to the kms\_key (if created and not provided by kms\_key\_id) | `string` | `""` | no | +| kms\_deletion\_window\_in\_days | Key rotation window, set to 0 for no rotation. Only used when `enable_kms` is set to `true`. | `number` | `7` | no | +| kms\_key\_id | KMS key id to encrypted the CloudWatch logs. Ensure CloudWatch has access to the provided KMS key. | `string` | `""` | no | +| log\_group\_name | Option to override the default name (`environment`) of the log group, requires `enable_cloudwatch_logging = true`. | `string` | `null` | no | +| metrics\_autoscaling | A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances. | `list(string)` | `null` | no | +| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | `map(string)` | 
{
  "name_docker_machine_runners": "",
  "name_runner_agent_instance": "",
  "name_sg": ""
}
| no | +| permissions\_boundary | Name of permissions boundary policy to attach to AWS IAM roles | `string` | `""` | no | +| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | `map(list(string))` | 
{
  "name": [
    "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"
  ]
}
| no | +| runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | `list(string)` | 
[
  "099720109477"
]
| no | +| runner\_iam\_policy\_arns | List of policy ARNs to be added to the instance profile of the gitlab runner agent ec2 instance. | `list(string)` | `[]` | no | +| runner\_instance\_ebs\_optimized | Enable the GitLab runner instance to be EBS-optimized. | `bool` | `true` | no | +| runner\_instance\_enable\_monitoring | Enable the GitLab runner instance to have detailed monitoring. | `bool` | `true` | no | +| runner\_instance\_spot\_price | By setting a spot price bid price the runner agent will be created via a spot request. Be aware that spot instances can be stopped by AWS. | `string` | `null` | no | +| runner\_root\_block\_device | The EC2 instance root block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops` | `map(string)` | `{}` | no | +| runner\_tags | Map of tags that will be added to runner EC2 instances. | `map(string)` | `{}` | no | +| runners\_additional\_volumes | Additional volumes that will be used in the runner config.toml, e.g Docker socket | `list` | `[]` | no | +| runners\_concurrent | Concurrent value for the runners, will be used in the runner config.toml. | `number` | `10` | no | +| runners\_docker\_runtime | docker runtime for runners, will be used in the runner config.toml | `string` | `""` | no | +| runners\_ebs\_optimized | Enable runners to be EBS-optimized. | `bool` | `true` | no | +| runners\_environment\_vars | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | `list(string)` | `[]` | no | +| runners\_executor | The executor to use. Currently supports `docker+machine` or `docker`. | `string` | `"docker+machine"` | no | +| runners\_gitlab\_url | URL of the GitLab instance to connect to. | `string` | n/a | yes | +| runners\_iam\_instance\_profile\_name | IAM instance profile name of the runners, will be used in the runner config.toml | `string` | `""` | no | +| runners\_idle\_count | Idle count of the runners, will be used in the runner config.toml. | `number` | `0` | no | +| runners\_idle\_time | Idle time of the runners, will be used in the runner config.toml. | `number` | `600` | no | +| runners\_image | Image to run builds, will be used in the runner config.toml | `string` | `"docker:18.03.1-ce"` | no | +| runners\_limit | Limit for the runners, will be used in the runner config.toml. | `number` | `0` | no | +| runners\_machine\_autoscaling | Set autoscaling parameters based on periods, see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersmachine-section | 
list(object({
    periods    = list(string)
    idle_count = number
    idle_time  = number
    timezone   = string
  }))
| `[]` | no | +| runners\_max\_builds | Max builds for each runner after which it will be removed, will be used in the runner config.toml. By default set to 0, no maxBuilds will be set in the configuration. | `number` | `0` | no | +| runners\_monitoring | Enable detailed cloudwatch monitoring for spot instances. | `bool` | `false` | no | +| runners\_name | Name of the runner, will be used in the runner config.toml. | `string` | n/a | yes | +| runners\_off\_peak\_idle\_count | Deprecated, please use `runners_machine_autoscaling`. Off peak idle count of the runners, will be used in the runner config.toml. | `string` | `-1` | no | +| runners\_off\_peak\_idle\_time | Deprecated, please use `runners_machine_autoscaling`. Off peak idle time of the runners, will be used in the runner config.toml. | `string` | `-1` | no | +| runners\_off\_peak\_periods | Deprecated, please use `runners_machine_autoscaling`. Off peak periods of the runners, will be used in the runner config.toml. | `string` | `null` | no | +| runners\_off\_peak\_timezone | Deprecated, please use `runners_machine_autoscaling`. Off peak idle time zone of the runners, will be used in the runner config.toml. | `string` | `null` | no | +| runners\_output\_limit | Sets the maximum build log size in kilobytes, by default set to 4096 (4MB) | `number` | `4096` | no | +| runners\_post\_build\_script | Commands to be executed on the Runner just after executing the build, but before executing after\_script. | `string` | `""` | no | +| runners\_pre\_build\_script | Script to execute in the pipeline just before the build, will be used in the runner config.toml | `string` | `""` | no | +| runners\_pre\_clone\_script | Commands to be executed on the Runner before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | `string` | `""` | no | +| runners\_privileged | Runners will run in privileged mode, will be used in the runner config.toml | `bool` | `true` | no | +| runners\_pull\_policy | pull\_policy for the runners, will be used in the runner config.toml | `string` | `"always"` | no | +| runners\_request\_concurrency | Limit number of concurrent requests for new jobs from GitLab (default 1) | `number` | `1` | no | +| runners\_request\_spot\_instance | Whether or not to request spot instances via docker-machine | `bool` | `true` | no | +| runners\_root\_size | Runner instance root size in GB. | `number` | `16` | no | +| runners\_services\_volumes\_tmpfs | n/a | 
list(object({
    volume  = string
    options = string
  }))
| `[]` | no | +| runners\_shm\_size | shm\_size for the runners, will be used in the runner config.toml | `number` | `0` | no | +| runners\_token | Token for the runner, will be used in the runner config.toml. | `string` | `"__REPLACED_BY_USER_DATA__"` | no | +| runners\_use\_private\_address | Restrict runners to the use of a private IP address | `bool` | `true` | no | +| runners\_volumes\_tmpfs | n/a | 
list(object({
    volume  = string
    options = string
  }))
| `[]` | no | +| schedule\_config | Map containing the configuration of the ASG scale-in and scale-up for the runner instance. Will only be used if enable\_schedule is set to true. | `map` | 
{
  "scale_in_count": 0,
  "scale_in_recurrence": "0 18 * * 1-5",
  "scale_out_count": 1,
  "scale_out_recurrence": "0 8 * * 1-5"
}
| no | +| secure\_parameter\_store\_runner\_token\_key | The key name used store the Gitlab runner token in Secure Parameter Store | `string` | `"runner-token"` | no | +| ssh\_key\_pair | Set this to use existing AWS key pair | `string` | `null` | no | +| subnet\_id\_runners | List of subnets used for hosting the gitlab-runners. | `string` | n/a | yes | +| subnet\_ids\_gitlab\_runner | Subnet used for hosting the GitLab runner. | `list(string)` | n/a | yes | +| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no | +| userdata\_post\_install | User-data script snippet to insert after GitLab runner install | `string` | `""` | no | +| userdata\_pre\_install | User-data script snippet to insert before GitLab runner install | `string` | `""` | no | +| vpc\_id | The target VPC for the docker-machine and runner instances. | `string` | n/a | yes | ## Outputs -| Name | Description | -| --------------------------- | ----------------------------------------------------------------------- | -| runner\_agent\_role\_arn | ARN of the role used for the ec2 instance for the GitLab runner agent. | -| runner\_agent\_role\_name | Name of the role used for the ec2 instance for the GitLab runner agent. | -| runner\_agent\_sg\_id | ID of the security group attached to the GitLab runner agent. | -| runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance | -| runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. | -| runner\_cache\_bucket\_name | Name of the S3 for the build cache. | -| runner\_eip | EIP of the Gitlab Runner | -| runner\_role\_arn | ARN of the role used for the docker machine runners. | -| runner\_role\_name | Name of the role used for the docker machine runners. | -| runner\_sg\_id | ID of the security group attached to the docker machine runners. | +| Name | Description | +|------|-------------| +| runner\_agent\_role\_arn | ARN of the role used for the ec2 instance for the GitLab runner agent. | +| runner\_agent\_role\_name | Name of the role used for the ec2 instance for the GitLab runner agent. | +| runner\_agent\_sg\_id | ID of the security group attached to the GitLab runner agent. | +| runner\_as\_group\_name | Name of the autoscaling group for the gitlab-runner instance | +| runner\_cache\_bucket\_arn | ARN of the S3 for the build cache. | +| runner\_cache\_bucket\_name | Name of the S3 for the build cache. | +| runner\_eip | EIP of the Gitlab Runner | +| runner\_role\_arn | ARN of the role used for the docker machine runners. | +| runner\_role\_name | Name of the role used for the docker machine runners. | +| runner\_sg\_id | ID of the security group attached to the docker machine runners. | From 98988624b3f59c0684b7b6aeca703f59131dc546 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Wed, 13 Jan 2021 23:26:11 +0100 Subject: [PATCH 21/21] Updage changelog for release 4.21.0 --- CHANGELOG.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c57fcf132..9f1b3900b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## Unreleased + +## 4.21.0 - 2021-01-13 +- Changed: Updated default version of runner to 13.7 +- Changed: Updated default version of docker machine to GitLab v0.16.2-gitlab.2 +- Changed: Updated default runner ami to ubuntu 20.04 +- Added: Option to set docker runtime (#273) by @thomaskelm +- Added: Option to attach additional policies to the runner (#269) by @bliles +- Added: Random suffix to s3 bucket (#252) by @fliphess + + ## 4.20.0 - 2020-10-08 - Changed: upgrade default version for gitlab runner to 13.4.0 (#261) @@ -387,7 +397,8 @@ Module is available as Terraform 0.11 module, pin module to version 3.x. Please - Update default AMI's to The latest Amazon Linux AMI 2017.09.1 - released on 2018-01-17. - Minor updates in the example -[unreleased]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.20.0...HEAD +[unreleased]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.21.0...HEAD +[4.21.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.21.0...4.20.0 [4.20.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.20.0...4.19.0 [4.19.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.19.0...4.18.0 [4.18.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.18.0...4.17.0