GitHub Actions Runner Controller

Deploys actions-runner-controller.

Additonal Note:

This runs version 1 of ARC, the following files are only applied the following objects are not empty within the module:

• org_runners.tf for github_org_runners
• ent_runners.tf for github_ent_runners
• ent_runners_dind.tf for github_ent_runners_dind
• ent_runners_dind_rootless.tf for github_ent_runners_dind_rootless

They are required for creating the necessary CRDs for deploying the runners.

Requirements

Name	Version
terraform	>= 1.3
helm	>= 2.6
kubernetes	>= 2.12

Providers

Name	Version
helm	2.7.1
kubernetes	2.14.0

Modules

Name	Source	Version
action_runner_irsa	terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks	~> 5.1.0

Resources

Name	Type
helm_release.release	resource
kubernetes_manifest.github_org_runners	resource

Inputs

Name	Description	Type	Default	Required
auth_method	GitHub authentication method to be deployed.	string	"pat"	no
auth_secret_annotations	Set the annotations of the auth secret.	map(string)	{}	no
auth_secret_created	Create Kubernetes secrets to authenticate with GitHub API.	bool	false	no
auth_secret_enabled	Expose GITHUB_* Environment variables manager container	bool	true	no
auth_secret_name	Set the name of the auth secret.	string	"controller-manager"	no
cert_manager_enabled	Whether to enable the cert manager.	bool	true	no
chart_labels	Set labels to apply to all resources in the chart.	map(string)	{}	no
chart_name	Helm chart name to provision.	string	"actions-runner-controller"	no
chart_namespace	Namespace to install the chart into.	string	"default"	no
chart_namespace_create	Create the namespace if it does not yet exist.	bool	false	no
chart_repository	Helm repository for the chart.	string	"https://actions-runner-controller.github.io/actions-runner-controller"	no
chart_timeout	Timeout to wait for the Chart to be deployed.	number	300	no
chart_version	Version of Chart to install. Set to empty to install the latest version.	string	"0.20.0"	no
controller_affinity	Set the controller pod affinity rules.	any	{}	no
controller_env	Set environment variables for the controller container.	map(any)	{}	no
controller_image_tag	The tag of the controller container. If not specified, it's the appVersion inside Chart.yaml	string	"v0.25.0"	no
controller_node_selector	Set the controller pod nodeSelector.	map(any)	{}	no
controller_pod_annotations	Set annotations for the controller pod.	map(string)	{}	no
controller_pod_disruption_budget	Pod disruption budget for controller	any	{ "enabled": true, "minAvailable": 1 }	no
controller_pod_labels	Set labels for the controller pod.	map(string)	{}	no
controller_pod_security_context	Set the security context to controller pod.	map(any)	{}	no
controller_priority_class_name	Set the controller pod priorityClassName.	string	""	no
controller_repository	The repository/image of the controller container.	string	"summerwind/actions-runner-controller"	no
controller_resources	Set the controller pod resources.	map(any)	{ "limits": { "cpu": "100m", "memory": "128Mi" }, "requests": { "cpu": "100m", "memory": "128Mi" } }	no
controller_security_context	Set the security context for each container in the controller pod.	map(any)	{}	no
controller_service_annotation	Set annotations for the provisioned webhook service resource.	map(any)	{}	no
controller_service_port	Set controller service ports.	string	"443"	no
controller_service_type	Set controller service type.	string	"ClusterIP"	no
controller_tolerations	Set the controller pod tolerations.	list(any)	[]	no
dind_sidecar_image_tag	The tag of the dind sidecar container.	string	"dind"	no
dind_sidecar_repository	The repository/image of the dind sidecar container.	string	"docker"	no
docker_registry_mirror	The default Docker Registry Mirror used by runners.	string	""	no
github_app_id	GitHub App ID. This can't be set at the same time as github_token	string	""	no
github_app_installation_id	GitHub App Installation ID. This can't be set at the same time as github_token	string	""	no
github_app_private_key	The multiline string of your GitHub App's private key. This can't be set at the same time as github_token	string	""	no
github_enterprise_url	The URL of your GitHub Enterprise server, if you're using one.	string	""	no
github_org_runners	Github organization for deploying org runner	list(object({ name = string # Organization Name group = optional(string) # Runner group needs to be created first replicas = number label = string tolerations = optional(list(any)) affinity = optional(any) resources = optional(map(any)) }))	[]	no
github_token	Your chosen GitHub PAT token. This can't be set at the same time as github_app_*	string	""	no
image_pull_policy	The pull policy of the controller image.	string	"IfNotPresent"	no
image_pull_secrets	Specifies the secret to be used when pulling the controller pod containers.	list(any)	[]	no
leader_election_id	Set the election ID for the controller group.	string	"actions-runner-controller"	no
log_level	Set the log level of the controller container.	string	""	no
max_history	Max History for Helm.	number	20	no
metrics_proxy_enabled	Deploy kube-rbac-proxy container in controller pod.	bool	true	no
metrics_proxy_image_repository	The repository/image of the kube-proxy container.	string	"quay.io/brancz/kube-rbac-proxy"	no
metrics_proxy_image_tag	The tag of the kube-proxy container.	string	"v0.13.0"	no
metrics_service_annotation	Set annotations for the provisioned metrics service resource.	map(string)	{}	no
metrics_service_monitor_enabled	Whether to deploy serviceMonitor kind for for use with prometheus-operator CRDs.	bool	false	no
metrics_service_monitor_labels	Set labels to apply to ServiceMonitor resources.	map(string)	{}	no
metrics_service_port	Set port of metrics service.	string	"8443"	no
oidc_provider_arn	OIDC Provider ARN for IRSA	string	""	no
release_name	Helm release name.	string	"actions-runner-controller"	no
replicas	Set the number of controller pods.	number	1	no
role_name	Name of the iam role to be created.	string	""	no
role_policy_arns	ARNs of any policies to attach to the IAM role	map(string)	{}	no
runner_image_pull_secrets	Specifies the secret to be used when pulling the runner pod containers.	list(any)	[]	no
runner_image_tag	The tag of the actions runner container.	string	"latest"	no
runner_repository	The repository/image of the actions runner container.	string	"summerwind/actions-runner"	no
scope_single_namespace_enabled	Limit the controller to watch a single namespace.	bool	false	no
scope_watch_namespace	Tells the controller and the GitHub webhook server which namespace to watch if scope.singleNamespace is true.	string	""	no
service_account_annotations	Annotations to add to the service account.	map(string)	{}	no
service_account_created	Specifies whether a service account should be created.	bool	true	no
service_account_name	The name of the service account to use.	string	"actions-runner-controller"	no
sync_period	Set the period in which the controler reconciles the desired runners count.	string	"10m"	no
webhook_ingress_class_name	Ingress Class name for the Github Webhook Server	string	""	no
webhook_server_affinity	Set environment variables for the githubWebhookServer container.	any	{}	no
webhook_server_enabled	Whether to deploy the webhook server pod.	bool	false	no
webhook_server_image_pull_secrets	Specifies the secret to be used when pulling the githubWebhookServer pod containers.	list(any)	[]	no
webhook_server_ingress_annotations	Set annotations for the githubWebhookServer ingress kind.	map(string)	{}	no
webhook_server_ingress_enabled	Whether to deploy an ingress kind for the githubWebhookServer.	bool	false	no
webhook_server_ingress_hosts	Set hosts for the githubWebhookServer ingress kind.	list(any)	[]	no
webhook_server_ingress_tls	Set tls configuration for the githubWebhookServer ingress kind.	list(any)	[]	no
webhook_server_log_level	Set the log level of the githubWebhookServer container.	string	""	no
webhook_server_node_selector	Set the githubWebhookServer pod nodeSelector.	map(any)	{}	no
webhook_server_pod_annotations	Set annotations for the githubWebhookServer pod.	map(string)	{}	no
webhook_server_pod_disruption_budget	Pod disruption budget for webhook server	any	{ "enabled": true, "minAvailable": 1 }	no
webhook_server_pod_labels	Set labels for the githubWebhookServer pod.	map(string)	{}	no
webhook_server_pod_security_context	Set the security context to githubWebhookServer pod.	map(any)	{}	no
webhook_server_priority_class_name	Set the githubWebhookServer pod priorityClassName.	string	""	no
webhook_server_replicas	Set the number of webhook server pods.	number	1	no
webhook_server_resources	Set the githubWebhookServer pod resources.	map(any)	{ "limits": { "cpu": "100m", "memory": "128Mi" }, "requests": { "cpu": "100m", "memory": "128Mi" } }	no
webhook_server_secret_created	Whether to deploy the webhook hook secret.	bool	false	no
webhook_server_secret_enabled	Whether to enable the webhook hook secret.	bool	false	no
webhook_server_secret_name	Set the name of the webhook hook secret.	string	"github-webhook-server"	no
webhook_server_secret_token	Set the webhook secret token value.	string	""	no
webhook_server_security_context	Set the security context for each container in the githubWebhookServer pod.	map(any)	{}	no
webhook_server_service_account_annotations	Set annotations for the githubWebhookServer service account.	map(string)	{}	no
webhook_server_service_account_created	Whether to deploy the githubWebhookServer under a service account.	bool	true	no
webhook_server_service_account_name	The name of the githubWebhookServer service account to use.	string	""	no
webhook_server_service_annotations	Set annotations for the githubWebhookServer service.	map(string)	{}	no
webhook_server_service_node_port	Set githubWebhookServer service nodePort.	string	""	no
webhook_server_service_port	Set githubWebhookServer service port.	string	"80"	no
webhook_server_service_type	Set githubWebhookServer service type.	string	"ClusterIP"	no
webhook_server_sync_period	Set the period in which the controller reconciles the resources.	string	"10m"	no
webhook_server_tolerations	Set the githubWebhookServer pod tolerations.	list(any)	[]	no

Outputs

Name	Description
helm_release	Output of the helm release
org_runners	Output of Github Org Runners

Requirements

Name	Version
terraform	>= 1.3
helm	>= 2.6

Providers

No providers.

Modules

Name	Source	Version
action_runner_scale_set	./modules/gha-runner-scale-set	n/a
action_runner_scale_set_controller	./modules/gha-runner-scale-set-controller	n/a

Resources

No resources.

Inputs

Name	Description	Type	Default	Required
action_runner_scale_set_chart_version	ARC Scale set chart version	string	"0.6.1"	no
action_runner_scale_set_controller_chart_version	ARC Controller chart version	string	"0.6.1"	no
auth_method	values for auth method	string	"github-app"	no
controller_helm_release_name	Helm release name for the controller	string	"gha-controller"	no
github_app_id	GitHub App ID. This can't be set at the same time as github_token	string	""	no
github_app_installation_id	GitHub App Installation ID. This can't be set at the same time as github_token	string	""	no
github_app_private_key	The multiline string of your GitHub App's private key. This can't be set at the same time as github_token	string	""	no
github_config_url	githubConfigUrl is the GitHub url for where you want to configure runners	string	n/a	yes
github_token	Enterprise Runners' pat token of an enterprise admin user	string	""	no
k8s_cluster_ca_certificate	Kubernetes cluster CA certificate	string	n/a	yes
k8s_host	Kubernetes host	string	n/a	yes
k8s_token	Kubernetes token	string	n/a	yes
max_runners	Maximum number of runners to scale to	number	3	no
min_runners	Minimum number of runners to scale to	number	1	no
runner_group	Name of the runner group	string	n/a	yes
runner_scale_set_name	Name of the scale set	string	n/a	yes
scale_set_release_name	Helm release name for the scale set	string	"gha-scale-set"	no

Outputs

No outputs.