runner-aws-spot
aleks-fofanov/runner-aws-spot/gitlab
Terraform Module
HCL
GITLAB
Terraform module to provision a self-hosted auto-scaling Gitlab runner on AWS spot or on-demand instances
Install
module "runner-aws-spot" {
source = "aleks-fofanov/runner-aws-spot/gitlab"
version = "2.3.0"
}
README
AWS Gitlab Runner Terraform module Introduction This module provisions a self-hosted Gitlab runner with docker+machine executor and auto-scaling configuration. Architecture The architecture is quite standard and mainly consists of EC2 instance (aka manager) which has all required software installed and automatically registers itself with Gitlab. It spawns worker instances which run CI/CD jobs and doesn't run any jobs itself. Features: - Allows to use both spot and regular on-demand EC2 instances for workers instance which run CI/CD jobs - Registration token can be passed to the module directly via variable or parameter in SSM Parameter Store (Recommended!) - Authentication token is stored in SSM Parameter Store - Utilizes forked version of Docker Machine - Supports docker images for CI/CD
Inputs (33)
| Name | Type | Description | Default |
|---|---|---|---|
| authentication_token_ssm_param_kms_key | string | Identifier of KMS key used for encryption of SSM Parameter that will store authe | |
| manager | object({ ami_id | Runners' manager (aka bastion) configuration | |
| registration_token_ssm_param_kms_key | string | Identifier of KMS key used for encryption of SSM Parameter that stores registrat | |
| authentication_token_ssm_param | string | An override for SSM Parameter name that will store runner authentication token | |
| registration_token | string | Runner registration token | |
| cloudwatch_logs_kms_key_arn | string | The ARN of the KMS Key to use when encrypting log data. Please note, after the A | |
| runner | object({ concurrent = numb | Gitlab runner configuration. See https://docs.gitlab.com/runner/configuration/ad | |
| name | string | Solution name, e.g. 'app' or 'jenkins' | |
| registration_token_ssm_param | string | SSM Parameter name that stored runner registration token. This parameter takes p | |
| vpc | object({ vpc_id = stri | VPC configuration | |
| allowed_metrics_cidr_blocks | list(object({ cidr_blocks | CIDR blocks that should be able to access metrics port exposed on manager instan | [] |
| enable_access_to_ecr_repositories | list(string) | A list of ECR repositories in specified `region` that manager instance should ha | [] |
| gitlab_runner_version | string | Gitlab runner version to be installed on manager instance | "14.2.0" |
| stage | string | Stage (e.g. `prod`, `dev`, `staging`) | "" |
| cloudwatch_logs_retention | number | Number of days you want to retain log events in Cloudwatch log group | 30 |
| enable_s3_cache | bool | Defines whether s3 should be created and used as a source for distributed cache | true |
| s3_cache_infrequent_access_transition | number | Number of days to persist in the standard storage tier before moving to the infr | 30 |
| additional_security_groups | list(string) | List of Security Group IDs allowed to be associated with manager instance | [] |
| attributes | list(string) | Additional attributes, e.g. `1` | [] |
| availability_zone | string | Availability Zone (e.g. `a`, `b`, `c` etc.) for instances to be launched in | "a" |
| gitlab_url | string | Gitlab URL | "https://gitlab.com" |
| runner_advanced_config | object({ pre_build_script | Advanced configuration options for gitlab runner | {
"additional_docker_machine_options": |
| create_spot_service_linked_role | bool | Defines whether to create service-linked role for EC2 spot instances | true |
| create_autoscaling_service_linked_role | bool | Defines whether to create service-linked role for EC2 autoscaling | true |
| namespace | string | Namespace (e.g. `cp` or `cloudposse`) | "" |
| allowed_ssh_cidr_blocks | list(object({ cidr_blocks | CIDR blocks that should be able to communicate with manager's 22 port | [] |
| docker_machine_version | string | Docker machine version to be installed on manager instance | "0.16.2-gitlab.13" |
| enable_ssm_sessions | bool | Defines whether access via SSM Session Manager should be enabled for manager ins | true |
| enable_cloudwatch_logs | bool | Defines whether manager instance should ship its logs to Cloudwatch | true |
| s3_cache_expiration | number | Number of days you want to retain cache in S3 bucket | 45 |
Outputs (23)
runner_instance_primary_security_group_id — An ID of security group created for and associated with manager instancerunner_instance_role_arn — ARN of AWS IAM Role associated with runner instance(s)manager_instance_policy_arn — ARN of AWS IAM Policy associated with manager instance IAM rolemanager_instance_cloudwatch_log_group_name — Name of CloudWatch Log Group created for manager instancemanager_instance_private_ip — Private IP of manager instancemanager_instance_private_dns — Private DNS of manager instancemanager_instance — Disambiguated ID of manager instancemanager_instance_name — Manager instance namemanager_instance_cloudwatch_alarm — CloudWatch Alarm ID created for manager instanceauth_token_ssm_param_name — Name of SSM Parameter that stores runner's authentication tokenauth_token_ssm_param_arn — ARN of SSM Parameter that stores runner's authentication tokenmanager_instance_ssh_key_pair — Name of the SSH key pair provisioned on manager instancemanager_instance_role_name — Name of AWS IAM Role associated with manager instancerunner_instance_role_name — Name of AWS IAM Role associated with runner instance(s)s3_cache_bucket_arn — Cache bucket ARNmanager_instance_cloudwatch_log_group_arn — ARN of CloudWatch Log Group created for manager instancemanager_instance_role_arn — ARN of AWS IAM Role associated with manager instancemanager_instance_policy_name — Name of AWS IAM Policy associated with manager instance IAM roles3_cache_bucket_id — Cache bucket Name (aka ID)manager_instance_public_ip — Public IP of manager instance (or EIP)manager_instance_public_dns — Public DNS of manager instance (or DNS of EIP)manager_instance_primary_security_group_id — An ID of security group created for and associated with manager instancemanager_instance_security_group_ids — List of all security groups ID associated with manager instanceResources (10)
aws_cloudwatch_log_groupaws_iam_instance_profileaws_iam_policyaws_iam_roleaws_iam_role_policy_attachmentaws_iam_service_linked_roleaws_s3_bucket_public_access_blockaws_security_groupaws_security_group_ruleaws_ssm_parameter
Topics & Tags
Details
FrameworkTerraform Module
LanguageHCL
Version2.3.0
Cloud GITLAB
★ Stars14
Forks10
Total downloads1.6k
Inputs33
Outputs23
Resources10
Examples1
LicenseApache-2.0
Namespacealeks-fofanov
Updated
Similar packages
next-js
Terraform module for building and deploying Next.js apps to AWS. Supports SSR (L
★ 1.5kaws
eks-cluster
Terraform module for provisioning an EKS cluster
★ 548aws
ecs-container-definition
Terraform module to generate well-formed JSON documents (container definitions)
★ 350aws
tfstate-backend
Terraform module that provision an S3 bucket to store the terraform.tfstate file
★ 437aws