diff --git a/.github/.release-please-manifest.json b/.github/.release-please-manifest.json index b7ef03eb..b681d9a9 100644 --- a/.github/.release-please-manifest.json +++ b/.github/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "9.4.0" + ".": "9.5.0" } diff --git a/CHANGELOG.md b/CHANGELOG.md index 11860555..038e78c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## [9.5.0](https://github.com/cattle-ops/terraform-aws-gitlab-runner/compare/9.4.0...9.5.0) (2025-10-27) + + +### Features + +* add `connection_max_age` config ([#1340](https://github.com/cattle-ops/terraform-aws-gitlab-runner/issues/1340)) ([b65acc4](https://github.com/cattle-ops/terraform-aws-gitlab-runner/commit/b65acc4114d4e421636f8e79ba0b2de8c5b7cc5b)) + ## [9.4.0](https://github.com/cattle-ops/terraform-aws-gitlab-runner/compare/9.3.0...9.4.0) (2025-10-20) diff --git a/README.md b/README.md index 2fd9c6e8..ba662d0f 100644 --- a/README.md +++ b/README.md @@ -203,7 +203,7 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file | [runner\_ingress\_rules](#input\_runner\_ingress\_rules) | Map of Ingress rules for the Runner Manager security group. | 
map(object({
    from_port       = optional(number, null)
    to_port         = optional(number, null)
    protocol        = string
    description     = string
    cidr_block      = optional(string, null)
    ipv6_cidr_block = optional(string, null)
    prefix_list_id  = optional(string, null)
    security_group  = optional(string, null)
  }))
| `{}` | no | | [runner\_install](#input\_runner\_install) | amazon\_ecr\_credential\_helper = Install amazon-ecr-credential-helper inside `userdata_pre_install` script
docker\_machine\_download\_url = URL to download docker machine binary. If not set, the docker machine version will be used to download the binary.
docker\_machine\_version = By default docker\_machine\_download\_url is used to set the docker machine version. This version will be ignored once `docker_machine_download_url` is set. The version number is maintained by the CKI project. Check out at https://gitlab.com/cki-project/docker-machine/-/releases
pre\_install\_script = Script to run before installing the Runner
post\_install\_script = Script to run after installing the Runner
start\_script = Script to run after starting the Runner
yum\_update = Update the yum packages before installing the Runner | 
object({
    amazon_ecr_credential_helper = optional(bool, false)
    docker_machine_download_url  = optional(string, "")
    docker_machine_version       = optional(string, "0.16.2-gitlab.19-cki.5")
    pre_install_script           = optional(string, "")
    post_install_script          = optional(string, "")
    start_script                 = optional(string, "")
    yum_update                   = optional(bool, true)
  })
| `{}` | no | | [runner\_instance](#input\_runner\_instance) | additional\_tags = Map of tags that will be added to the Runner instance.
collect\_autoscaling\_metrics = A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances.
ebs\_optimized = Enable EBS optimization for the Runner instance.
max\_lifetime\_seconds = The maximum time a Runner should live before it is killed.
monitoring = Enable the detailed monitoring on the Runner instance.
name = Name of the Runner instance.
name\_prefix = Set the name prefix and override the `Name` tag for the Runner instance.
private\_address\_only = Restrict the Runner to use private IP addresses only. If this is set to `true` the Runner will use a private IP address only in case the Runner Workers use private addresses only.
root\_device\_config = The Runner's root block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops`, `throughput`, `kms_key_id`
spot\_price = By setting a spot price bid price the Runner is created via a spot request. Be aware that spot instances can be stopped by AWS. Choose \"on-demand-price\" to pay up to the current on demand price for the instance type chosen.
ssm\_access = Allows to connect to the Runner via SSM.
type = EC2 instance type used.
use\_eip = Assigns an EIP to the Runner. | 
object({
    additional_tags             = optional(map(string))
    collect_autoscaling_metrics = optional(list(string), null)
    ebs_optimized               = optional(bool, true)
    max_lifetime_seconds        = optional(number, null)
    monitoring                  = optional(bool, true)
    name                        = string
    name_prefix                 = optional(string)
    private_address_only        = optional(bool, true)
    root_device_config          = optional(map(string), {})
    spot_price                  = optional(string, null)
    ssm_access                  = optional(bool, false)
    type                        = optional(string, "t3.micro")
    use_eip                     = optional(bool, false)
  })
| 
{
  "name": "gitlab-runner"
}
| no | -| [runner\_manager](#input\_runner\_manager) | For details check https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section

gitlab\_check\_interval = Number of seconds between checking for available jobs (check\_interval)
maximum\_concurrent\_jobs = The maximum number of jobs which can be processed by all Runners at the same time (concurrent).
prometheus\_listen\_address = Defines an address (:) the Prometheus metrics HTTP server should listen on (listen\_address).
sentry\_dsn = Sentry DSN of the project for the Runner Manager to use (uses legacy DSN format) (sentry\_dsn) | 
object({
    gitlab_check_interval     = optional(number, 3)
    maximum_concurrent_jobs   = optional(number, 10)
    prometheus_listen_address = optional(string, "")
    sentry_dsn                = optional(string, "__SENTRY_DSN_REPLACED_BY_USER_DATA__")
  })
| `{}` | no | +| [runner\_manager](#input\_runner\_manager) | For details check https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section

gitlab\_check\_interval = Number of seconds between checking for available jobs (check\_interval)
maximum\_concurrent\_jobs = The maximum number of jobs which can be processed by all Runners at the same time (concurrent).
prometheus\_listen\_address = Defines an address (:) the Prometheus metrics HTTP server should listen on (listen\_address).
sentry\_dsn = Sentry DSN of the project for the Runner Manager to use (uses legacy DSN format) (sentry\_dsn)
connection\_max\_age = The maximum age of a connection to the Runner Manager (connection\_max\_age). | 
object({
    gitlab_check_interval     = optional(number, 3)
    maximum_concurrent_jobs   = optional(number, 10)
    prometheus_listen_address = optional(string, "")
    sentry_dsn                = optional(string, "__SENTRY_DSN_REPLACED_BY_USER_DATA__")
    connection_max_age        = optional(string, "15m")
  })
| `{}` | no | | [runner\_metadata\_options](#input\_runner\_metadata\_options) | Enable the Runner instance metadata service. IMDSv2 is enabled by default. | 
object({
    http_endpoint               = string
    http_tokens                 = string
    http_put_response_hop_limit = number
    instance_metadata_tags      = string
  })
| 
{
  "http_endpoint": "enabled",
  "http_put_response_hop_limit": 2,
  "http_tokens": "required",
  "instance_metadata_tags": "disabled"
}
| no | | [runner\_networking](#input\_runner\_networking) | allow\_incoming\_ping = Allow ICMP Ping to the Runner. Specify `allow_incoming_ping_security_group_ids` too!
allow\_incoming\_ping\_security\_group\_ids = A list of security group ids that are allowed to ping the Runner.
security\_group\_description = A description for the Runner's security group
security\_group\_ids = IDs of security groups to add to the Runner. | 
object({
    allow_incoming_ping                    = optional(bool, false)
    allow_incoming_ping_security_group_ids = optional(list(string), [])
    security_group_description             = optional(string, "A security group containing gitlab-runner agent instances")
    security_group_ids                     = optional(list(string), [])
  })
| `{}` | no | | [runner\_role](#input\_runner\_role) | additional\_tags = Map of tags that will be added to the role created. Useful for tag based authorization.
allow\_iam\_service\_linked\_role\_creation = Boolean used to control attaching the policy to the Runner to create service linked roles.
assume\_role\_policy\_json = The assume role policy for the Runner.
create\_role\_profile = Whether to create the IAM role/profile for the Runner. If you provide your own role, make sure that it has the required permissions.
policy\_arns = List of policy ARNs to be added to the instance profile of the Runner.
role\_profile\_name = IAM role/profile name for the Runner. If unspecified then `${var.iam_object_prefix}-instance` is used. | 
object({
    additional_tags                        = optional(map(string))
    allow_iam_service_linked_role_creation = optional(bool, true)
    assume_role_policy_json                = optional(string, "")
    create_role_profile                    = optional(bool, true)
    policy_arns                            = optional(list(string), [])
    role_profile_name                      = optional(string)
  })
| `{}` | no |