This module handles the opinionated creation of infrastructure necessary to deploy GitHub Actions Runners on GKE. This module follows the guide provided by GitHub for Quickstart for Actions Runner Controller.
This includes:
- Enabling necessary APIs
- VPC
- GKE Cluster
- Kubernetes Secret
- Installation via Helm Chart
See below for example usage of this module:
module "runner-gke" {
source = "terraform-google-modules/github-actions-runners/google//modules/gh-runner-gke"
version = "~> 5.0"
project_id = "PROJECT_ID"
create_network = true
cluster_suffix = "k8s"
gh_app_id = "123456"
gh_app_installation_id = "12345678"
gh_app_private_key = "sample"
gh_config_url = "https://github.com/ORGANIZATION"
}It's recommended to authenticate to GitHub via a GitHub App. Follow the instructions at Authenticating ARC with a GitHub App to retrieve the necessary prerequisites:
- GitHub App ID
- GitHub App Installation ID
- GitHub App Private Key
Install the app in the organization or account for which the runners should be available.
Substitute these values gathered from creating the GitHub App installation into the variables in the module.
Before this module can be used on a project, you must ensure that the following pre-requisites are fulfilled:
-
Required APIs are activated
"cloudresourcemanager.googleapis.com", "storage-api.googleapis.com", "iam.googleapis.com", "container.googleapis.com", "serviceusage.googleapis.com"
This example shows how to deploy a simple GKE Self Hosted Runner.
Below are some examples:
This example shows how to deploy Self Hosted Runners on GKE that supports Docker Workflows.
This example shows how to deploy Self Hosted Runners on GKE that supports Docker Workflows in a rootless configuration.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| arc_container_mode | value of containerMode.type in ARC runner scale set helm chart. If set, value can be dind or kubernetes |
string |
"" |
no |
| arc_controller_values | List of values in raw yaml format to pass to helm for ARC runners scale set controller chart | list(string) |
[] |
no |
| arc_controller_version | Version tag for the ARC image. See https://github.com/actions/actions-runner-controller/pkgs/container/actions-runner-controller-charts%2Fgha-runner-scale-set-controller for releases. | string |
"0.9.3" |
no |
| arc_runners_namespace | Namespace created for the ARC runner pods. | string |
"arc-runners" |
no |
| arc_runners_values | List of values in raw yaml format to pass to helm for ARC runners scale set chart | list(string) |
[] |
no |
| arc_runners_version | Version tag for the ARC image. See https://github.com/actions/actions-runner-controller/pkgs/container/actions-runner-controller-charts%2Fgha-runner-scale-set for releases. | string |
"0.9.3" |
no |
| arc_systems_namespace | Namespace created for the ARC operator pods. | string |
"arc-systems" |
no |
| cluster_suffix | Name of the GitHub organization associated with this runner cluster. | string |
"arc" |
no |
| create_network | When set to true, VPC will be auto created | bool |
true |
no |
| enable_private_nodes | Whether nodes have internal IP addresses only. | bool |
false |
no |
| gh_app_id | After creating the GitHub App, on the GitHub App's page, note the value for "App ID". | string |
n/a | yes |
| gh_app_installation_id | You can find the app installation ID on the app installation page, which has the following URL format: https://github.com/organizations/ORGANIZATION/settings/installations/INSTALLATION_ID |
string |
n/a | yes |
| gh_app_pre_defined_secret_name | Name for the k8s secret required to configure gh runners on GKE via GitHub App authentication | string |
"gh-app-pre-defined-secret" |
no |
| gh_app_private_key | Under "Private keys", click Generate a private key, and save the .pem file. Use the contents of this file for this variable. | string |
n/a | yes |
| gh_config_url | URL of GitHub App config. If installed in an organization, this is in the format "https://github.com/ORGANIZATION" | string |
n/a | yes |
| ip_range_pods_cidr | The secondary ip range cidr to use for pods | string |
"192.168.0.0/18" |
no |
| ip_range_pods_name | The secondary ip range to use for pods | string |
"ip-range-pods" |
no |
| ip_range_services_cider | The secondary ip range cidr to use for services | string |
"192.168.64.0/18" |
no |
| ip_range_services_name | The secondary ip range to use for services | string |
"ip-range-scv" |
no |
| machine_type | Machine type for runner node pool | string |
"n1-standard-4" |
no |
| max_node_count | Maximum number of nodes in the runner node pool | number |
4 |
no |
| min_node_count | Minimum number of nodes in the runner node pool | number |
2 |
no |
| network_name | Name for the VPC network | string |
"runner-network" |
no |
| project_id | The project id to deploy Github Runner cluster | string |
n/a | yes |
| region | The GCP region to deploy instances into | string |
"us-east4" |
no |
| service_account | Optional Service Account for the nodes | string |
"" |
no |
| subnet_ip | IP range for the subnet | string |
"10.0.0.0/17" |
no |
| subnet_name | Name for the subnet | string |
"runner-subnet" |
no |
| subnetwork_project | The ID of the project in which the subnetwork belongs. If it is not provided, the project_id is used. | string |
"" |
no |
| zones | The GCP zone to deploy gke into | list(string) |
[ |
no |
| Name | Description |
|---|---|
| ca_certificate | The cluster ca certificate (base64 encoded) |
| client_token | The bearer token for auth |
| cluster_name | Cluster name |
| kubernetes_endpoint | The cluster endpoint |
| location | Cluster location |
| network_name | Name of VPC |
| service_account | The default service account used for running nodes. |
| subnet_name | Name of VPC |