Feat: Consolidate cache variable and set helm chart defaults (#8)

Co-authored-by: daphney Igwe <daphney.igwe@deimos.co.za>

README.md

@@ -52,7 +52,7 @@ Full contributing guidelines are covered [here](CONTRIBUTING.md).
 
 | Name | Version |
 |------|---------|
-| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.4.1 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.5.1 |
 
 ## Modules
 
@@ -68,26 +68,24 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_azure_cache_conf"></a> [azure\_cache\_conf](#input\_azure\_cache\_conf) | Cache parameters define using Azure Blob Storage for caching as seen https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscacheazure-section. Only used when var.use\_local\_cache is false | `map` | `{}` | no |
+| <a name="input_additional_secrets"></a> [additional\_secrets](#input\_additional\_secrets) | additional secrets to mount into the manager pods | `list(map(string))` | `[]` | no |
+| <a name="input_atomic"></a> [atomic](#input\_atomic) | whether to deploy the entire module as a unit | `bool` | `true` | no |
 | <a name="input_build_dir"></a> [build\_dir](#input\_build\_dir) | Path on nodes for caching | `string` | `null` | no |
 | <a name="input_build_job_default_container_image"></a> [build\_job\_default\_container\_image](#input\_build\_job\_default\_container\_image) | Default container image to use for builds when none is specified | `string` | `"ubuntu:18.04"` | no |
 | <a name="input_build_job_mount_docker_socket"></a> [build\_job\_mount\_docker\_socket](#input\_build\_job\_mount\_docker\_socket) | Path on nodes for caching | `bool` | `false` | no |
 | <a name="input_build_job_node_selectors"></a> [build\_job\_node\_selectors](#input\_build\_job\_node\_selectors) | A map of node selectors to apply to the pods | `map` | `{}` | no |
 | <a name="input_build_job_node_tolerations"></a> [build\_job\_node\_tolerations](#input\_build\_job\_node\_tolerations) | A map of node tolerations to apply to the pods as defined https://docs.gitlab.com/runner/executors/kubernetes.html#other-configtoml-settings | `map` | `{}` | no |
 | <a name="input_build_job_pod_annotations"></a> [build\_job\_pod\_annotations](#input\_build\_job\_pod\_annotations) | A map of annotations to be added to each build pod created by the Runner. The value of these can include environment variables for expansion. Pod annotations can be overwritten in each build. | `map` | `{}` | no |
 | <a name="input_build_job_pod_labels"></a> [build\_job\_pod\_labels](#input\_build\_job\_pod\_labels) | A map of labels to be added to each build pod created by the runner. The value of these can include environment variables for expansion. | `map` | `{}` | no |
-| <a name="input_build_job_priviledged"></a> [build\_job\_priviledged](#input\_build\_job\_priviledged) | Run all containers with the privileged flag enabled. This will allow the docker:dind image to run if you need to run Docker | `bool` | `false` | no |
+| <a name="input_build_job_privileged"></a> [build\_job\_privileged](#input\_build\_job\_privileged) | Run all containers with the privileged flag enabled. This will allow the docker:dind image to run if you need to run Docker | `bool` | `false` | no |
 | <a name="input_build_job_run_container_as_user"></a> [build\_job\_run\_container\_as\_user](#input\_build\_job\_run\_container\_as\_user) | SecurityContext: runAsUser for all running job pods | `string` | `null` | no |
 | <a name="input_build_job_secret_volumes"></a> [build\_job\_secret\_volumes](#input\_build\_job\_secret\_volumes) | Secret volume configuration instructs Kubernetes to use a secret that is defined in Kubernetes cluster and mount it inside of the containes as defined https://docs.gitlab.com/runner/executors/kubernetes.html#secret-volumes | <pre>object({<br>    name       = string<br>    mount_path = string<br>    read_only  = string<br>    items      = map(string)<br>  })</pre> | <pre>{<br>  "items": {},<br>  "mount_path": null,<br>  "name": null,<br>  "read_only": null<br>}</pre> | no |
-| <a name="input_cache_path"></a> [cache\_path](#input\_cache\_path) | Name of the path to prepend to the cache URL. Only used when var.use\_local\_cache is false | `string` | `null` | no |
-| <a name="input_cache_shared"></a> [cache\_shared](#input\_cache\_shared) | Enables cache sharing between runners. Only used when var.use\_local\_cache is false | `bool` | `false` | no |
-| <a name="input_cache_type"></a> [cache\_type](#input\_cache\_type) | One of: s3, gcs, azure. Only used when var.use\_local\_cache is false | `string` | `null` | no |
+| <a name="input_cache"></a> [cache](#input\_cache) | Describes the properties of the cache. type can be either of ['local', 'gcs', 's3', 'azure'], path defines a path to append to the bucket url, shared specifies whether the cache can be shared between runners. you also specify the individual properties of the particular cache type you select. see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscache-section | <pre>object({<br>    type   = string<br>    path   = string<br>    shared = bool<br>    gcs    = map(any)<br>    s3     = map(any)<br>    azure  = map(any)<br>  })</pre> | <pre>{<br>  "azure": {},<br>  "gcs": {},<br>  "path": "",<br>  "s3": {},<br>  "shared": false,<br>  "type": "local"<br>}</pre> | no |
 | <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | The version of the chart | `string` | `"0.36.0"` | no |
 | <a name="input_concurrent"></a> [concurrent](#input\_concurrent) | Configure the maximum number of concurrent jobs | `number` | `10` | no |
 | <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | (Optional) Create the namespace if it does not yet exist. Defaults to false. | `bool` | `true` | no |
 | <a name="input_create_service_account"></a> [create\_service\_account](#input\_create\_service\_account) | If true, the service account, it's role and rolebinding will be created, else, the service account is assumed to already be created | `bool` | `true` | no |
 | <a name="input_docker_fs_group"></a> [docker\_fs\_group](#input\_docker\_fs\_group) | The fsGroup to use for docker. This is added to security context when mount\_docker\_socket is enabled | `number` | `412` | no |
-| <a name="input_gcs_cache_conf"></a> [gcs\_cache\_conf](#input\_gcs\_cache\_conf) | Cache parameters define using Azure Blob Storage for caching as seen https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section. Only used when var.use\_local\_cache is false | `map` | `{}` | no |
 | <a name="input_gitlab_url"></a> [gitlab\_url](#input\_gitlab\_url) | The GitLab Server URL (with protocol) that want to register the runner against | `string` | `"https://gitlab.com/"` | no |
 | <a name="input_image_pull_secrets"></a> [image\_pull\_secrets](#input\_image\_pull\_secrets) | A array of secrets that are used to authenticate Docker image pulling. | `list(string)` | `[]` | no |
 | <a name="input_local_cache_dir"></a> [local\_cache\_dir](#input\_local\_cache\_dir) | Path on nodes for caching | `string` | `"/tmp/gitlab/cache"` | no |
@@ -97,16 +95,18 @@ No modules.
 | <a name="input_manager_pod_labels"></a> [manager\_pod\_labels](#input\_manager\_pod\_labels) | A map of labels to be added to each build pod created by the runner. The value of these can include environment variables for expansion. | `map` | `{}` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | n/a | `string` | `"gitlab-runner"` | no |
 | <a name="input_release_name"></a> [release\_name](#input\_release\_name) | The helm release name | `string` | `"gitlab-runner"` | no |
+| <a name="input_replicas"></a> [replicas](#input\_replicas) | the number of manager pods to create | `number` | `1` | no |
 | <a name="input_run_untagged_jobs"></a> [run\_untagged\_jobs](#input\_run\_untagged\_jobs) | Specify if jobs without tags should be run. https://docs.gitlab.com/ce/ci/runners/#runner-is-allowed-to-run-untagged-jobs | `bool` | `false` | no |
 | <a name="input_runner_image"></a> [runner\_image](#input\_runner\_image) | The docker gitlab runner version. https://hub.docker.com/r/gitlab/gitlab-runner/tags/ | `string` | `null` | no |
 | <a name="input_runner_locked"></a> [runner\_locked](#input\_runner\_locked) | Specify whether the runner should be locked to a specific project/group | `string` | `true` | no |
+| <a name="input_runner_name"></a> [runner\_name](#input\_runner\_name) | name of the runner | `string` | n/a | yes |
 | <a name="input_runner_registration_token"></a> [runner\_registration\_token](#input\_runner\_registration\_token) | runner registration token | `string` | n/a | yes |
 | <a name="input_runner_tags"></a> [runner\_tags](#input\_runner\_tags) | Specify the tags associated with the runner. Comma-separated list of tags. | `string` | n/a | yes |
-| <a name="input_s3_cache_conf"></a> [s3\_cache\_conf](#input\_s3\_cache\_conf) | Cache parameters define using S3 for caching as seen https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscaches3-section. Only used when var.use\_local\_cache is false | `map` | `{}` | no |
+| <a name="input_runner_token"></a> [runner\_token](#input\_runner\_token) | token of already registered runer. to use this var.runner\_registration\_token must be set to null | `string` | `null` | no |
 | <a name="input_service_account"></a> [service\_account](#input\_service\_account) | The name of the Service account to create | `string` | `"gitlab-runner"` | no |
 | <a name="input_service_account_annotations"></a> [service\_account\_annotations](#input\_service\_account\_annotations) | The annotations to add to the service account | `map` | `{}` | no |
 | <a name="input_service_account_clusterwide_access"></a> [service\_account\_clusterwide\_access](#input\_service\_account\_clusterwide\_access) | Run the gitlab-bastion container with the ability to deploy/manage containers of jobs cluster-wide or only within namespace | `bool` | `false` | no |
-| <a name="input_use_local_cache"></a> [use\_local\_cache](#input\_use\_local\_cache) | Use path on nodes for caching | `bool` | `false` | no |
+| <a name="input_unregister_runners"></a> [unregister\_runners](#input\_unregister\_runners) | whether runners should be unregistered when pool is deprovisioned | `bool` | `true` | no |
 | <a name="input_values"></a> [values](#input\_values) | Additional values to be passed to the gitlab-runner helm chart | `map` | `{}` | no |
 | <a name="input_values_file"></a> [values\_file](#input\_values\_file) | Path to Values file to be passed to gitlab-runner helm chart | `string` | `null` | no |
 

config.tf

@@ -1,27 +1,25 @@
 locals {
   config = <<EOF
 [[runners]]
-%{if var.use_local_cache~}
+%{if var.cache.type == "local"~}
   cache_dir = "${var.local_cache_dir}"
 %{~else~}
-  %{if var.cache_type != null~}
   [runners.cache]
-    Type = "${var.cache_type}"
-    Path = "${var.cache_path}"
-    Shared = ${var.cache_shared}
+    Type = "${var.cache.type}"
+    Path = "${var.cache.path}"
+    Shared = ${var.cache.shared}
     [runners.cache.s3]
-    %{~for key, value in var.s3_cache_conf~}
-      ${key} = ${value}
+    %{~for key, value in var.cache.s3~}
+      "${key}" = "${value}"
     %{~endfor~}
     [runners.cache.gcs]
-    %{~for key, value in var.gcs_cache_conf~}
-      ${key} = ${value}
+    %{~for key, value in var.cache.gcs~}
+      "${key}" = "${value}"
     %{~endfor~}
     [runners.cache.azure]
-    %{~for key, value in var.azure_cache_conf~}
-      ${key} = ${value}
+    %{~for key, value in var.cache.azure~}
+      "${key}" = "${value}"
     %{~endfor~}
-    %{~endif~}
 %{~endif}
   [runners.kubernetes]
   %{~if var.build_job_default_container_image != null~}
@@ -66,7 +64,7 @@ locals {
         read_only = true
         host_path = "/var/run/docker.sock"
     %{~endif~}
-    %{~if var.use_local_cache~}
+    %{~if var.cache.type == "local"~}
       [[runners.kubernetes.volumes.host_path]]
         name = "cache"
         mount_path = "${var.local_cache_dir}"

examples/main.tf

@@ -1,3 +1,10 @@
+locals {
+  labels = {
+    "node-kind" = "ci"
+  }
+
+}
+
 
 # ---------------------------------------------------------------------------------------------------------------------
 # PUBLIC GKE WITH NODE POOL AND SERVICE ACCOUNT
@@ -63,13 +70,10 @@ module "gke_node_pool_gitlab" {
   }]
 
   # Labels will be used in node selectors to ensure pods get scheduled to nodes with the same labels
-  labels = {
-    "node-kind" = "ci"
-  }
+  labels = local.labels
 }
 
 
-
 module "gitlab-runner" {
   source = "../"
 
@@ -78,17 +82,23 @@ module "gitlab-runner" {
   runner_registration_token = var.runner_registration_token
   namespace                 = var.runner_namespace
   image_pull_secrets        = ["some-pull-secret"]
+  runner_name               = "my-runner"
 
   # Mount docker socket instead of using docker-in-docker
-  mount_docker_socket = true
+  build_job_mount_docker_socket = true
 
-  # Job pods should be scheduled on nodes with this label
-  node_selectors = {
-    "node-kind" = "ci"
-  }
+  # pods should be scheduled on nodes with this label
+  build_job_node_selectors = local.labels
+  manager_node_selectors   = local.labels
 
   # Pods should be able to tolerate taints
-  node_tolerations = {
+  manager_node_tolerations = [{
+    key      = "node.gitlab.ci/dedicated"
+    operator = "Exists"
+    effect   = "NO_SCHEDULE"
+  }]
+
+  build_job_node_tolerations = {
     "node.gitlab.ci/dedicated=true" = "NO_SCHEDULE"
   }
 

examples/variables.tf

@@ -41,3 +41,4 @@ variable "runner_namespace" {
 variable "runner_machine_type" {
   description = "The machine type to use when creating the node pools"
 }
+

local.tf

@@ -0,0 +1,16 @@
+
+locals {
+  values_file     = var.values_file != null ? file(var.values_file) : ""
+  repository      = "https://charts.gitlab.io"
+  chart_name      = "gitlab-runner"
+  runner_token    = var.runner_registration_token == null ? var.runner_token : null
+  replicas        = var.runner_token != null ? 1 : var.replicas
+  gcs_secret_name = lookup(var.cache.gcs, "CredentialsFile", "") != "" ? "google-application-credentials" : lookup(var.cache.gcs, "AccessID", "") != "" ? "gcsaccess" : ""
+
+  cache_secret_config = {
+    s3    = "s3access"
+    azure = "azureaccess"
+    gcs   = local.gcs_secret_name
+  }
+  cache_secret_name = lookup(local.cache_secret_config, var.cache.type, "")
+}

main.tf

@@ -1,8 +1,3 @@
-locals {
-  values_file = var.values_file != null ? file(var.values_file) : ""
-  repository  = "https://charts.gitlab.io"
-  chart_name  = "gitlab-runner"
-}
 
 //INSTALL HELM CHART
 resource "helm_release" "gitlab_runner" {
@@ -12,32 +7,47 @@ resource "helm_release" "gitlab_runner" {
   namespace        = var.namespace
   version          = var.chart_version
   create_namespace = var.create_namespace
+  atomic           = var.atomic
 
 
   values = [
-    yamlencode(merge({
+    yamlencode({
+
       image                   = var.runner_image
       gitlabUrl               = var.gitlab_url
       concurrent              = var.concurrent
       runnerRegistrationToken = var.runner_registration_token
+      runnerToken             = local.runner_token
+      replicas                = local.replicas
+      unregisterRunners       = var.unregister_runners
+      secrets                 = var.additional_secrets
+
 
       runners = {
+        name        = var.runner_name
         runUntagged = var.run_untagged_jobs
         tags        = var.runner_tags
         locked      = var.runner_locked
         config      = local.config
+
+        cache = {
+          secretName = local.cache_secret_name
+        }
       }
+
       rbac = {
         create                    = var.create_service_account
         serviceAccountAnnotations = var.service_account_annotations
         serviceAccountName        = var.service_account
         clusterWideAccess         = var.service_account_clusterwide_access
       }
+
       nodeSelector   = var.manager_node_selectors
       tolerations    = var.manager_node_tolerations
       podLabels      = var.manager_pod_labels
       podAnnotations = var.manager_pod_annotations
-    }, var.values)),
+    }),
+    yamlencode(var.values),
     local.values_file
   ]