-
Notifications
You must be signed in to change notification settings - Fork 18
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Added module for cache and kubernetes (#8)
Co-authored-by: daphney Igwe <daphney.igwe@deimos.co.za>
- Loading branch information
Showing
13 changed files
with
956 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
*.tfvars | ||
*providers.tf | ||
*.tfstate* | ||
.terraform/ | ||
**/inspec.lock | ||
|
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
locals { | ||
node_pool_name = var.runner_node_pool_name != null ? var.runner_node_pool_name : "gitlab-runner-${random_id.random_suffix.hex}" | ||
|
||
runner_node_roles = distinct(concat([ | ||
"roles/logging.logWriter", | ||
"roles/monitoring.metricWriter", | ||
"roles/monitoring.viewer" | ||
], var.additional_node_service_account_roles)) | ||
|
||
cred_file = "/secrets/gcs_cred" | ||
cache_secret_name = "google-application-credentials" | ||
cache_type = "gcs" | ||
cache_location = var.cache_location != null ? var.cache_location : var.region | ||
cache_service_account_email = var.cache_create_service_account == true ? "${google_service_account.cache_admin[0].email}" : var.cache_service_account.email | ||
cache_service_account_name = var.cache_create_service_account == true ? "${google_service_account.cache_admin[0].name}" : var.cache_service_account.name | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,199 @@ | ||
|
||
#--------------------------- | ||
# get cluster information | ||
#--------------------------- | ||
|
||
data "google_container_cluster" "this_cluster" { | ||
name = var.cluster_name | ||
location = var.cluster_location | ||
} | ||
|
||
#-------------------------------------------------------------------- | ||
# create service account for cluster nodes and assign them IAM roles | ||
#-------------------------------------------------------------------- | ||
|
||
resource "google_service_account" "runner_nodes" { | ||
account_id = "${var.prefix}-nodes-${random_id.random_suffix.hex}" | ||
display_name = "GitLab CI Runner" | ||
} | ||
|
||
resource "google_project_iam_member" "this" { | ||
for_each = toset(local.runner_node_roles) | ||
project = var.project | ||
role = each.value | ||
member = "serviceAccount:${google_service_account.runner_nodes.email}" | ||
} | ||
|
||
|
||
#-------------------------------- | ||
# create runner node pool | ||
#-------------------------------- | ||
|
||
resource "random_id" "random_suffix" { | ||
byte_length = 4 | ||
} | ||
|
||
resource "google_container_node_pool" "gitlab_runner_pool" { | ||
name = local.node_pool_name | ||
cluster = data.google_container_cluster.this_cluster.id | ||
initial_node_count = var.initial_node_count | ||
node_locations = var.runner_node_pool_zones | ||
|
||
autoscaling { | ||
min_node_count = var.runner_node_pool_min_node_count | ||
max_node_count = var.runner_node_pool_max_node_count | ||
} | ||
|
||
node_config { | ||
image_type = var.runner_node_pool_image_type | ||
disk_size_gb = var.runner_node_pool_disk_size_gb | ||
disk_type = var.runner_node_pool_disk_type | ||
machine_type = var.runner_node_pool_machine_type | ||
labels = var.runner_node_pool_node_labels | ||
service_account = google_service_account.runner_nodes.email | ||
taint = var.runner_node_pool_node_taints | ||
|
||
oauth_scopes = var.runner_node_pool_oauth_scopes | ||
} | ||
} | ||
|
||
|
||
#------------------------------------------------ | ||
# create service account for cache | ||
#------------------------------------------------------- | ||
resource "google_service_account" "cache_admin" { | ||
count = var.cache_create_service_account == true ? 1 : 0 | ||
account_id = "${var.prefix}-cache-${random_id.random_suffix.hex}" | ||
display_name = "GitLab CI Worker" | ||
} | ||
|
||
#---------------------------------------------------------- | ||
# create gcs bucket for distribute caching with the runners | ||
#----------------------------------------------------------- | ||
|
||
module "cache" { | ||
source = "../cache" | ||
bucket_location = local.cache_location | ||
bucket_labels = var.cache_labels | ||
bucket_storage_class = var.cache_storage_class | ||
bucket_versioning = var.cache_bucket_versioning | ||
bucket_expiration_days = var.cache_expiration_days | ||
prefix = var.prefix | ||
runner_service_account_email = local.cache_service_account_email | ||
} | ||
|
||
|
||
#-------------------------------------------------------- | ||
# create kubernetes secret from service account cred file | ||
#-------------------------------------------------------- | ||
|
||
resource "google_service_account_key" "cache_admin" { | ||
# count = local.count | ||
service_account_id = local.cache_service_account_name | ||
} | ||
|
||
|
||
resource "kubernetes_namespace" "runner_namespace" { | ||
metadata { | ||
name = var.runner_namespace | ||
} | ||
|
||
depends_on = [ | ||
google_container_node_pool.gitlab_runner_pool | ||
] | ||
} | ||
|
||
resource "kubernetes_secret" "cache_secret" { | ||
# count = local.count | ||
metadata { | ||
name = local.cache_secret_name | ||
namespace = kubernetes_namespace.runner_namespace.metadata[0].name | ||
} | ||
|
||
binary_data = { | ||
gcs_cred = google_service_account_key.cache_admin.private_key | ||
} | ||
|
||
depends_on = [ | ||
google_container_node_pool.gitlab_runner_pool, | ||
kubernetes_namespace.runner_namespace | ||
] | ||
} | ||
|
||
|
||
#---------------------------------------------------------------------- | ||
# set up gitlab runner using the deimos kubernetes gitlab runner module | ||
#----------------------------------------------------------------------- | ||
module "kubernetes_gitlab_runner" { | ||
source = "DeimosCloud/gitlab-runner/kubernetes" | ||
version = "~>1.3.0" | ||
|
||
release_name = var.runner_release_name | ||
chart_version = var.chart_version | ||
namespace = var.runner_namespace | ||
|
||
gitlab_url = var.gitlab_url | ||
concurrent = var.concurrent | ||
replicas = var.replicas | ||
|
||
runner_name = var.runner_name | ||
runner_token = var.runner_token | ||
runner_tags = var.runner_tags | ||
runner_registration_token = var.runner_registration_token | ||
runner_locked = var.runner_locked | ||
runner_image = var.runner_image | ||
run_untagged_jobs = var.run_untagged_jobs | ||
unregister_runners = var.unregister_runners | ||
|
||
manager_node_selectors = var.runner_node_pool_node_labels | ||
manager_node_tolerations = var.manager_node_tolerations | ||
manager_pod_annotations = var.manager_pod_annotations | ||
manager_pod_labels = var.manager_pod_labels | ||
|
||
build_job_node_selectors = var.build_job_node_selectors | ||
build_job_node_tolerations = var.build_job_node_tolerations | ||
build_job_secret_volumes = var.build_job_secret_volumes | ||
build_job_mount_docker_socket = var.build_job_mount_docker_socket | ||
build_job_run_container_as_user = var.build_job_run_container_as_user | ||
|
||
docker_fs_group = var.docker_fs_group | ||
|
||
image_pull_secrets = var.image_pull_secrets | ||
create_service_account = var.runner_create_service_account | ||
service_account_clusterwide_access = var.runner_service_account_clusterwide_access | ||
|
||
cache = { | ||
type = local.cache_type | ||
path = var.cache_path | ||
shared = var.cache_shared | ||
gcs = { | ||
CredentialsFile = local.cred_file | ||
BucketName = "${module.cache.cache_bucket_name}" | ||
} | ||
s3 = {} | ||
azure = {} | ||
} | ||
|
||
additional_secrets = var.additional_secrets | ||
|
||
values_file = var.values_file | ||
|
||
values = { | ||
metrics = { | ||
enabled = var.enable_prometheus_exporter | ||
service_monitor = { | ||
enabled = var.enable_target_auto_detection | ||
} | ||
} | ||
service = { | ||
enabled = var.enable_metrics_service | ||
} | ||
runner = { | ||
protected = var.runner_protected | ||
} | ||
} | ||
|
||
depends_on = [ | ||
google_container_node_pool.gitlab_runner_pool | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# output "runner_name" { | ||
# value = module.kubernetes_gitlab_runner.runner_name | ||
# description = "name of the gitlab runner" | ||
# } | ||
|
||
output "node_pool_name" { | ||
value = google_container_node_pool.gitlab_runner_pool.name | ||
description = "name of the node pool where the runner pods are created" | ||
} | ||
|
||
output "cache_bucket_name" { | ||
value = module.cache[0].cache_bucket_name | ||
description = "name of the gcs bucket used a s runner cache" | ||
} | ||
|
||
output "namespace" { | ||
value = module.kubernetes_gitlab_runner.namespace | ||
description = "namespace in which the runners were created" | ||
} |
Oops, something went wrong.