-
-
Notifications
You must be signed in to change notification settings - Fork 320
/
main.tf
156 lines (130 loc) · 3.88 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
data "aws_availability_zones" "available" {
state = "available"
}
data "aws_security_group" "default" {
name = "default"
vpc_id = module.vpc.vpc_id
}
# VPC Flow logs are not needed here
# kics-scan ignore-line
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "5.8.1"
name = "vpc-${var.environment}"
cidr = "10.0.0.0/16"
azs = [data.aws_availability_zones.available.names[0]]
private_subnets = ["10.0.1.0/24"]
public_subnets = ["10.0.101.0/24"]
map_public_ip_on_launch = false
enable_nat_gateway = true
single_nat_gateway = true
tags = {
Environment = var.environment
}
}
module "vpc_endpoints" {
source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
version = "5.8.1"
vpc_id = module.vpc.vpc_id
endpoints = {
s3 = {
service = "s3"
tags = { Name = "s3-vpc-endpoint" }
}
}
tags = {
Environment = var.environment
}
}
module "runner" {
source = "../../"
environment = var.environment
vpc_id = module.vpc.vpc_id
subnet_id = element(module.vpc.private_subnets, 0)
runner_instance = {
collect_autoscaling_metrics = ["GroupDesiredCapacity", "GroupInServiceCapacity"]
name = var.runner_name
ssm_access = true
}
runner_networking = {
allow_incoming_ping_security_group_ids = [data.aws_security_group.default.id]
}
runner_gitlab = {
url = var.gitlab_url
preregistered_runner_token_ssm_parameter_name = var.preregistered_runner_token_ssm_parameter_name
}
runner_worker_gitlab_pipeline = {
pre_build_script = <<EOT
'''
echo 'multiline 1'
echo 'multiline 2'
'''
EOT
post_build_script = "\"echo 'single line'\""
}
runner_worker_docker_options = {
privileged = "true"
volumes = ["/cache", "/certs/client"]
}
runner_worker_docker_volumes_tmpfs = [
{
volume = "/var/opt/cache",
options = "rw,noexec"
}
]
runner_worker_docker_services_volumes_tmpfs = [
{
volume = "/var/lib/mysql",
options = "rw,noexec"
}
]
runner_worker_docker_machine_autoscaling_options = [
# working 9 to 5 :)
{
periods = ["* * 0-9,17-23 * * mon-fri *", "* * * * * sat,sun *"]
idle_count = 0
idle_time = 60
timezone = var.timezone
}
]
tags = {
"tf-aws-gitlab-runner:example" = "runner-default"
"tf-aws-gitlab-runner:instancelifecycle" = "spot:yes"
}
# Uncomment the HCL code below to configure a docker service so that registry mirror is used in auto-devops jobs
# See https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27171 and https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#the-service-in-the-gitlab-runner-configuration-file
# You can check this works with a CI job like:
# <pre>
# default:
# tags:
# - "docker_spot_runner"
# docker-mirror-check:
# image: docker:20.10.16
# stage: build
# variables:
# DOCKER_TLS_CERTDIR: ''
# script:
# - |
# - docker info
# if ! docker info | grep -i mirror
# then
# exit 1
# echo "No mirror config found"
# fi
# </pre>
#
# If not using an official docker image for your job, you may need to specify `DOCKER_HOST: tcp://docker:2375`
## UNCOMMENT 6 LINES BELOW
# runner_worker_docker_services = [{
# name = "docker:20.10.16-dind"
# alias = "docker"
# command = ["--registry-mirror", "https://mirror.gcr.io"]
# entrypoint = ["dockerd-entrypoint.sh"]
# }]
# Example how to configure runners, to utilize EC2 user-data feature
# example template, creates (configurable) swap file for the runner
# runner_worker_docker_machine_instance = {
# start_script = templatefile("${path.module}/../../templates/swap.tpl", {
# swap_size = "512"
# }
}