This repository contains Terraform scripts for setting up the infrastructure required to deploy self-hosted runners on GKE.
Imp notes:
- This code assumes you already have a GKE cluster up and running with Workload Identity enabled at CLUSTER level, hence it DOES NOT create a new GKE cluster. It only adds a new node pool to the existing GKE cluster. Information about the existing GKE cluster can be passed to the Terraform scripts via the tfvars file.
- Do not remove the labels and node selectors values for the nodepools and helm charts. These have been designed in a way so that all the deployments would get deployed to the desired nodepools.
- User running this code should have the following roles at minimum:
- Artifact Registry admin
- GKE admin
- Service Account Admin
- Project IAM Admin
- Clone the repository
- Create a Github Personal Access Token(PAT). Personal Access Tokens can be used to register a self-hosted runner by actions-runner-controller. Create a Personal Access Token by following the steps below:
- Login to your GitHub account, locate the "Create new Token." button
- Select repo.
- Click Generate Token and then copy the token locally ( we’ll need it in the next step).
- Create a secret in Secret Manager with the GitHub PAT that we created in the previous step as its value.
- Optional - Go to the Dockerfile that is present in the modules/custom-image directory. Modify it according to your requirements.
- Update the values of variables in the .tfvars file. You can refer to the README file for descriptions about the variables.
- Execute the Terraform scripts using the following commands-
- terraform init
- terraform plan
- terraform apply --target=module.docker_image --target=module.gh_actions_controller
- terraform apply
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| gke_location | Location of the GKE cluster | string |
n/a | yes |
| gke_name | Name of the existing GKE cluster | string |
n/a | yes |
| gke_np_machine_type | Machine type for the nodepool | string |
n/a | yes |
| gke_np_max_nodes | Max no. of nodes in the nodepool | number |
5 |
no |
| gke_np_min_nodes | Min no. of nodes in the nodepool | number |
1 |
no |
| gke_project_id | Project ID where the GKE cluster resides | string |
n/a | yes |
| gke_sa_iam_bindings | List of roles that needs to be assigned to the GKE service account | list(string) |
n/a | yes |
| namespace | Namespace name for deploying the Runner deployments | string |
"github-runner" |
no |
| repo_name | Name of the Github repository whose workflows will use self hosted runners for running builds | string |
n/a | yes |
| repository_id | The last part of the Artifact Registry repository name, for example: repo1 | string |
n/a | yes |
| repository_location | The name of the location this repository is located in | string |
n/a | yes |
| repository_project_id | The ID of the project in which the repository belongs | string |
n/a | yes |
| runner_autoscaler_max_replicas | Maximum number of replicas for the HorizontalRunnerAutoscaler resource | number |
5 |
no |
| runner_autoscaler_min_replicas | Minimum number of replicas for the HorizontalRunnerAutoscaler resource | number |
1 |
no |
| runner_deployment_name | Name of the RunnerDeployment resource | string |
"gh-runner-deployment" |
no |
| secret_name | Name of the secret that contains GitHub PAT | string |
n/a | yes |
| secret_project_id | Project ID where the GitHub PAT secret resides | string |
n/a | yes |
| service_account_name | Name of the service account to be created for GKE Workload Identity (the part before @) | string |
"gh-arc-sa" |
no |