Setup Gitlab Runner on cluster using terraform. The runner is installed via the Gitlab Runner Helm Chart
Ensure Kubernetes Provider and Helm Provider settings are correct https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/guides/getting-started#provider-setup
module "gitlab_runner" {
source = "DeimosCloud/gitlab-runner/kubernetes"
release_name = "${var.project_name}-runner-${var.environment}"
runner_tags = var.runner_tags
runner_registration_token = var.runner_registration_token
default_runner_image = var.default_runner_image
namespace = var.gitlab_runner_namespace
# Pass annotations to service account. This can be for workload/pod/ identity
service_account_annotations = {
"iam.gke.io/gcp-service-account" = module.workload_identity["gitlab-runner"].gcp_service_account_email
}
# Use Local cache on Kubernetes nodes
use_local_cache = true
# Mount docker socket instead of using docker-in-docker
mount_docker_socket = true
depends_on = [module.gke_cluster, module.gke_node_pool]
}To pass in custom values use the var.values input which specifies a map of values in terraform map format or var.values_file which specifies a path containing a valid yaml values file to pass to the Chart
Report issues/questions/feature requests on in the issues section.
Full contributing guidelines are covered here.
| Name | Version |
|---|---|
| terraform | >= 0.12 |
| helm | >= 1.3 |
| kubernetes | >= 1.13 |
| Name | Version |
|---|---|
| helm | 2.4.1 |
No modules.
| Name | Type |
|---|---|
| helm_release.gitlab_runner | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| azure_cache_conf | Cache parameters define using Azure Blob Storage for caching as seen https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscacheazure-section. Only used when var.use_local_cache is false | map |
{} |
no |
| build_dir | Path on nodes for caching | string |
null |
no |
| build_job_default_container_image | Default container image to use for builds when none is specified | string |
"ubuntu:18.04" |
no |
| build_job_mount_docker_socket | Path on nodes for caching | bool |
false |
no |
| build_job_node_selectors | A map of node selectors to apply to the pods | map |
{} |
no |
| build_job_node_tolerations | A map of node tolerations to apply to the pods as defined https://docs.gitlab.com/runner/executors/kubernetes.html#other-configtoml-settings | map |
{} |
no |
| build_job_pod_annotations | A map of annotations to be added to each build pod created by the Runner. The value of these can include environment variables for expansion. Pod annotations can be overwritten in each build. | map |
{} |
no |
| build_job_pod_labels | A map of labels to be added to each build pod created by the runner. The value of these can include environment variables for expansion. | map |
{} |
no |
| build_job_priviledged | Run all containers with the privileged flag enabled. This will allow the docker:dind image to run if you need to run Docker | bool |
false |
no |
| build_job_run_container_as_user | SecurityContext: runAsUser for all running job pods | string |
null |
no |
| build_job_secret_volumes | Secret volume configuration instructs Kubernetes to use a secret that is defined in Kubernetes cluster and mount it inside of the containes as defined https://docs.gitlab.com/runner/executors/kubernetes.html#secret-volumes | object({ |
{ |
no |
| cache_path | Name of the path to prepend to the cache URL. Only used when var.use_local_cache is false | string |
null |
no |
| cache_shared | Enables cache sharing between runners. Only used when var.use_local_cache is false | bool |
false |
no |
| cache_type | One of: s3, gcs, azure. Only used when var.use_local_cache is false | string |
null |
no |
| chart_version | The version of the chart | string |
"0.36.0" |
no |
| concurrent | Configure the maximum number of concurrent jobs | number |
10 |
no |
| create_namespace | (Optional) Create the namespace if it does not yet exist. Defaults to false. | bool |
true |
no |
| create_service_account | If true, the service account, it's role and rolebinding will be created, else, the service account is assumed to already be created | bool |
true |
no |
| docker_fs_group | The fsGroup to use for docker. This is added to security context when mount_docker_socket is enabled | number |
412 |
no |
| gcs_cache_conf | Cache parameters define using Azure Blob Storage for caching as seen https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section. Only used when var.use_local_cache is false | map |
{} |
no |
| gitlab_url | The GitLab Server URL (with protocol) that want to register the runner against | string |
"https://gitlab.com/" |
no |
| image_pull_secrets | A array of secrets that are used to authenticate Docker image pulling. | list(string) |
[] |
no |
| local_cache_dir | Path on nodes for caching | string |
"/tmp/gitlab/cache" |
no |
| manager_node_selectors | A map of node selectors to apply to the pods | map |
{} |
no |
| manager_node_tolerations | A map of node tolerations to apply to the pods as defined https://docs.gitlab.com/runner/executors/kubernetes.html#other-configtoml-settings | map |
{} |
no |
| manager_pod_annotations | A map of annotations to be added to each build pod created by the Runner. The value of these can include environment variables for expansion. Pod annotations can be overwritten in each build. | map |
{} |
no |
| manager_pod_labels | A map of labels to be added to each build pod created by the runner. The value of these can include environment variables for expansion. | map |
{} |
no |
| namespace | n/a | string |
"gitlab-runner" |
no |
| release_name | The helm release name | string |
"gitlab-runner" |
no |
| run_untagged_jobs | Specify if jobs without tags should be run. https://docs.gitlab.com/ce/ci/runners/#runner-is-allowed-to-run-untagged-jobs | bool |
false |
no |
| runner_image | The docker gitlab runner version. https://hub.docker.com/r/gitlab/gitlab-runner/tags/ | string |
null |
no |
| runner_locked | Specify whether the runner should be locked to a specific project/group | string |
true |
no |
| runner_registration_token | runner registration token | string |
n/a | yes |
| runner_tags | Specify the tags associated with the runner. Comma-separated list of tags. | string |
n/a | yes |
| s3_cache_conf | Cache parameters define using S3 for caching as seen https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscaches3-section. Only used when var.use_local_cache is false | map |
{} |
no |
| service_account | The name of the Service account to create | string |
"gitlab-runner" |
no |
| service_account_annotations | The annotations to add to the service account | map |
{} |
no |
| service_account_clusterwide_access | Run the gitlab-bastion container with the ability to deploy/manage containers of jobs cluster-wide or only within namespace | bool |
false |
no |
| use_local_cache | Use path on nodes for caching | bool |
false |
no |
| values | Additional values to be passed to the gitlab-runner helm chart | map |
{} |
no |
| values_file | Path to Values file to be passed to gitlab-runner helm chart | string |
null |
no |
| Name | Description |
|---|---|
| chart_version | The chart version |
| namespace | The namespace gitlab-runner was deployed in |
| release_name | The helm release name |